Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e34302e302f32342d3234203d3e203137343531.roa
File:                     3230322e3136392e34302e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          RRmPNhTU4PelLTEztlb1+r8A3kEpFZRJ0CHzX4WUvvY=
Subject key identifier:   D3:1A:70:20:88:F0:A9:AE:9D:07:0C:D9:BF:C2:18:7D:29:36:97:18
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       68FA46AF08232424932AE8C1A91115FE1092CC23
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e34302e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:01 +0000
ROA not before:           Wed 29 Sep 2021 23:55:01 +0000
ROA not after:            Fri 30 Sep 2022 00:00:01 +0000
asID:                     17451
IP address blocks:        202.169.40.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:fa:46:af:08:23:24:24:93:2a:e8:c1:a9:11:15:fe:10:92:cc:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:01 2021 GMT
            Not After : Sep 30 00:00:01 2022 GMT
        Subject: CN=3082010A028201010097A0B1B5B4F02880F22BD38252963D9D0D872B64DDD0B1B8F1EA6E4A4DEF6E60FBC80F860672C1BEFD0AC05F3EC95A4DD504DE3920160AD4BE588EE3B596D3AA95B12B4A411CA6B69F7C86A0633B73989C6EB06B2D81265612D3035734F514A0D4C8A42A0428EF14D8C02D3208F5AFCA3E682B71FCFF1FD44C047DB06855DCFCA3C2DF0DCB067590B527EB5AE1B52BA795FC2D519791F7A7EB44F3706AD6F1A5B1F284C59DF718EDAC3B815802E123FDD3C81DD88AA79D237261917E607EC9ACEF33C7636D033F7D8325177BB0F86D05E3ECD8BEE7D98F177F301558B49F9D9602F23A957C3A40FC953B73891CF2129C6345FE3B72F403105351334019DCB67D0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a0:b1:b5:b4:f0:28:80:f2:2b:d3:82:52:96:
                    3d:9d:0d:87:2b:64:dd:d0:b1:b8:f1:ea:6e:4a:4d:
                    ef:6e:60:fb:c8:0f:86:06:72:c1:be:fd:0a:c0:5f:
                    3e:c9:5a:4d:d5:04:de:39:20:16:0a:d4:be:58:8e:
                    e3:b5:96:d3:aa:95:b1:2b:4a:41:1c:a6:b6:9f:7c:
                    86:a0:63:3b:73:98:9c:6e:b0:6b:2d:81:26:56:12:
                    d3:03:57:34:f5:14:a0:d4:c8:a4:2a:04:28:ef:14:
                    d8:c0:2d:32:08:f5:af:ca:3e:68:2b:71:fc:ff:1f:
                    d4:4c:04:7d:b0:68:55:dc:fc:a3:c2:df:0d:cb:06:
                    75:90:b5:27:eb:5a:e1:b5:2b:a7:95:fc:2d:51:97:
                    91:f7:a7:eb:44:f3:70:6a:d6:f1:a5:b1:f2:84:c5:
                    9d:f7:18:ed:ac:3b:81:58:02:e1:23:fd:d3:c8:1d:
                    d8:8a:a7:9d:23:72:61:91:7e:60:7e:c9:ac:ef:33:
                    c7:63:6d:03:3f:7d:83:25:17:7b:b0:f8:6d:05:e3:
                    ec:d8:be:e7:d9:8f:17:7f:30:15:58:b4:9f:9d:96:
                    02:f2:3a:95:7c:3a:40:fc:95:3b:73:89:1c:f2:12:
                    9c:63:45:fe:3b:72:f4:03:10:53:51:33:40:19:dc:
                    b6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1A:70:20:88:F0:A9:AE:9D:07:0C:D9:BF:C2:18:7D:29:36:97:18
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3230322e3136392e34302e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:78:ee:f5:97:8e:7f:14:32:9d:e3:3e:e3:e1:4d:64:7c:f9:
         57:67:1c:ba:69:53:8f:c6:2d:26:b4:ef:8a:ae:b0:d5:49:00:
         ac:ca:a7:51:16:43:2d:c7:6d:3e:67:36:96:df:79:7a:1e:98:
         85:d2:97:c9:e8:2f:83:f2:e4:20:66:8d:74:8b:02:01:82:4d:
         39:01:c8:01:14:6e:82:c3:d2:02:84:d8:89:34:78:67:e2:9a:
         28:f4:d1:80:2a:6b:3f:5a:54:50:29:3a:f4:e7:f8:81:76:86:
         6b:df:8b:73:8f:c0:34:18:98:b8:46:2e:84:a9:6c:e5:20:81:
         fc:d2:97:af:99:cc:88:05:ab:b0:db:6e:17:d5:b3:9b:70:a7:
         88:73:c0:6f:fb:41:64:7e:d5:ee:77:72:47:50:73:d6:6a:5d:
         df:59:66:cb:20:0c:af:97:c1:da:89:af:fe:85:94:63:be:63:
         7f:69:79:81:b0:f5:c8:b5:68:c5:9c:70:6b:79:5e:cd:91:b1:
         fe:a3:e6:16:da:02:0c:68:25:84:d8:8b:58:08:1f:c2:12:04:
         76:5d:b2:bd:00:07:8b:20:a8:1c:62:36:6c:29:51:08:1e:e9:
         22:d2:4f:c1:d9:3f:27:96:b7:2e:a4:02:30:48:ba:5d:80:5b:
         de:3a:5f:8c
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUaPpGrwgjJCSTKujBqREV/hCSzCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MDFaFw0yMjA5MzAwMDAwMDFaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwOTdBMEIxQjVCNEYwMjg4MEYy
MkJEMzgyNTI5NjNEOUQwRDg3MkI2NERERDBCMUI4RjFFQTZFNEE0REVGNkU2MEZC
QzgwRjg2MDY3MkMxQkVGRDBBQzA1RjNFQzk1QTRERDUwNERFMzkyMDE2MEFENEJF
NTg4RUUzQjU5NkQzQUE5NUIxMkI0QTQxMUNBNkI2OUY3Qzg2QTA2MzNCNzM5ODlD
NkVCMDZCMkQ4MTI2NTYxMkQzMDM1NzM0RjUxNEEwRDRDOEE0MkEwNDI4RUYxNEQ4
QzAyRDMyMDhGNUFGQ0EzRTY4MkI3MUZDRkYxRkQ0NEMwNDdEQjA2ODU1RENGQ0Ez
QzJERjBEQ0IwNjc1OTBCNTI3RUI1QUUxQjUyQkE3OTVGQzJENTE5NzkxRjdBN0VC
NDRGMzcwNkFENkYxQTVCMUYyODRDNTlERjcxOEVEQUMzQjgxNTgwMkUxMjNGREQz
QzgxREQ4OEFBNzlEMjM3MjYxOTE3RTYwN0VDOUFDRUYzM0M3NjM2RDAzM0Y3RDgz
MjUxNzdCQjBGODZEMDVFM0VDRDhCRUU3RDk4RjE3N0YzMDE1NThCNDlGOUQ5NjAy
RjIzQTk1N0MzQTQwRkM5NTNCNzM4OTFDRjIxMjlDNjM0NUZFM0I3MkY0MDMxMDUz
NTEzMzQwMTlEQ0I2N0QwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAl6CxtbTwKIDyK9OCUpY9nQ2HK2Td0LG48epuSk3vbmD7yA+GBnLB
vv0KwF8+yVpN1QTeOSAWCtS+WI7jtZbTqpWxK0pBHKa2n3yGoGM7c5icbrBrLYEm
VhLTA1c09RSg1MikKgQo7xTYwC0yCPWvyj5oK3H8/x/UTAR9sGhV3Pyjwt8NywZ1
kLUn61rhtSunlfwtUZeR96frRPNwatbxpbHyhMWd9xjtrDuBWALhI/3TyB3Yiqed
I3JhkX5gfsms7zPHY20DP32DJRd7sPhtBePs2L7n2Y8XfzAVWLSfnZYC8jqVfDpA
/JU7c4kc8hKcY0X+O3L0AxBTUTNAGdy2fQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FNMacCCI8KmunQcM2b/CGH0pNpcYMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjMwMzIyZTMxMzYzOTJlMzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBADKqSgwDQYJKoZIhvcNAQELBQADggEBAFB47vWXjn8U
Mp3jPuPhTWR8+VdnHLppU4/GLSa074qusNVJAKzKp1EWQy3HbT5nNpbfeXoemIXS
l8noL4Py5CBmjXSLAgGCTTkByAEUboLD0gKE2Ik0eGfimij00YAqaz9aVFApOvTn
+IF2hmvfi3OPwDQYmLhGLoSpbOUggfzSl6+ZzIgFq7DbbhfVs5twp4hzwG/7QWR+
1e53ckdQc9ZqXd9ZZssgDK+XwdqJr/6FlGO+Y39peYGw9ci1aMWccGt5Xs2Rsf6j
5hbaAgxoJYTYi1gIH8ISBHZdsr0AB4sgqBxiNmwpUQge6SLST8HZPyeWty6kAjBI
ul2AW946X4w=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org