Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a31333a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a31333a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          LvDiGxdzLzewzWLCdabrpVdgb6DBk6yHgM4JnW7HU/0=
Subject key identifier:   28:E9:7A:4A:9B:18:D9:DD:F0:1F:FB:43:6A:31:D5:D2:1D:68:F5:D2
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       1F04F0699F9A5E314C68DF2652AF6ACAC12C5599
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a31333a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:05 +0000
ROA not before:           Wed 29 Sep 2021 23:55:05 +0000
ROA not after:            Fri 30 Sep 2022 00:00:05 +0000
asID:                     17451
IP address blocks:        2404:8000:13::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:04:f0:69:9f:9a:5e:31:4c:68:df:26:52:af:6a:ca:c1:2c:55:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:05 2021 GMT
            Not After : Sep 30 00:00:05 2022 GMT
        Subject: CN=3082010A0282010100AAE534CAFFDF200669B050AB4D63405E55E0FE9794CD7D192D0104EDF85698E323D931DAFFF5C88BD5E0E38D2D0EACCDD941A7D53C0FEE4EFCD35C4A77FEC47B53B4DF0E0FDD8497CB4994980A126FA67BAFA2907C81B7AFD5394AE5C296453E64515A8C7DABC7040A60EAC4F3E456AD7BE3DCFC5977A31B3197FDD218EBB16898922DC1F6E1514C41D1F1C81BCFE7D655C4E2E1F8BB0D81E2FBEBBBEE551DB1340F11FB14C8518929E4D8D1EEABF8E9E35365DAFAEEAAA1BCA505A09F842A425363F79AB0767D06B7354730C482A5472D5F33F5BD9FF120871F834251E5ADF2F18277683DF419778BD1DAD831E371E6E518A3A4C6BB290F780142E5512516350203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e5:34:ca:ff:df:20:06:69:b0:50:ab:4d:63:
                    40:5e:55:e0:fe:97:94:cd:7d:19:2d:01:04:ed:f8:
                    56:98:e3:23:d9:31:da:ff:f5:c8:8b:d5:e0:e3:8d:
                    2d:0e:ac:cd:d9:41:a7:d5:3c:0f:ee:4e:fc:d3:5c:
                    4a:77:fe:c4:7b:53:b4:df:0e:0f:dd:84:97:cb:49:
                    94:98:0a:12:6f:a6:7b:af:a2:90:7c:81:b7:af:d5:
                    39:4a:e5:c2:96:45:3e:64:51:5a:8c:7d:ab:c7:04:
                    0a:60:ea:c4:f3:e4:56:ad:7b:e3:dc:fc:59:77:a3:
                    1b:31:97:fd:d2:18:eb:b1:68:98:92:2d:c1:f6:e1:
                    51:4c:41:d1:f1:c8:1b:cf:e7:d6:55:c4:e2:e1:f8:
                    bb:0d:81:e2:fb:eb:bb:ee:55:1d:b1:34:0f:11:fb:
                    14:c8:51:89:29:e4:d8:d1:ee:ab:f8:e9:e3:53:65:
                    da:fa:ee:aa:a1:bc:a5:05:a0:9f:84:2a:42:53:63:
                    f7:9a:b0:76:7d:06:b7:35:47:30:c4:82:a5:47:2d:
                    5f:33:f5:bd:9f:f1:20:87:1f:83:42:51:e5:ad:f2:
                    f1:82:77:68:3d:f4:19:77:8b:d1:da:d8:31:e3:71:
                    e6:e5:18:a3:a4:c6:bb:29:0f:78:01:42:e5:51:25:
                    16:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E9:7A:4A:9B:18:D9:DD:F0:1F:FB:43:6A:31:D5:D2:1D:68:F5:D2
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a31333a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:4c:e0:77:82:bb:ff:c7:58:1c:18:eb:fa:e9:e5:04:31:f8:
         ed:d7:7e:e8:b7:55:f8:69:22:64:bc:93:0d:b4:42:db:56:4e:
         a6:35:8a:9b:ba:90:bd:9b:b3:eb:01:53:06:ce:c9:ff:98:3b:
         6a:7c:11:44:18:10:2b:8d:e5:a6:0f:38:dc:13:d9:81:22:71:
         ca:cf:2b:4b:61:38:13:25:ba:d6:64:8b:b6:39:39:16:de:70:
         c4:3d:18:38:38:4a:86:72:b7:8b:2c:6f:13:3f:93:d1:56:bf:
         38:d2:5c:4c:70:dd:7c:a0:6e:46:76:43:ad:11:97:10:98:75:
         6d:0b:59:9c:a6:28:48:f6:4c:e9:ca:9d:9a:df:95:a5:40:5c:
         2e:5d:a9:d9:18:be:83:c6:f8:94:c7:5b:98:ff:0b:93:34:87:
         fa:76:31:9a:88:53:fb:a1:bb:cf:da:f9:26:0b:f6:83:80:c7:
         4c:62:89:bf:ec:f4:8e:e5:0e:f6:1b:8a:06:3d:12:48:c6:c2:
         df:5b:99:79:b3:c0:56:e8:c9:4c:9f:ba:12:11:c3:98:02:b7:
         df:12:88:1d:a7:8d:45:e7:e1:ef:a1:26:c3:28:54:94:5a:9d:
         ed:97:c4:d2:fe:1a:07:dd:d3:37:54:f6:e3:6f:34:59:ff:15:
         78:57:0b:5d
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUHwTwaZ+aXjFMaN8mUq9qysEsVZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MDVaFw0yMjA5MzAwMDAwMDVaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQUFFNTM0Q0FGRkRGMjAwNjY5
QjA1MEFCNEQ2MzQwNUU1NUUwRkU5Nzk0Q0Q3RDE5MkQwMTA0RURGODU2OThFMzIz
RDkzMURBRkZGNUM4OEJENUUwRTM4RDJEMEVBQ0NERDk0MUE3RDUzQzBGRUU0RUZD
RDM1QzRBNzdGRUM0N0I1M0I0REYwRTBGREQ4NDk3Q0I0OTk0OTgwQTEyNkZBNjdC
QUZBMjkwN0M4MUI3QUZENTM5NEFFNUMyOTY0NTNFNjQ1MTVBOEM3REFCQzcwNDBB
NjBFQUM0RjNFNDU2QUQ3QkUzRENGQzU5NzdBMzFCMzE5N0ZERDIxOEVCQjE2ODk4
OTIyREMxRjZFMTUxNEM0MUQxRjFDODFCQ0ZFN0Q2NTVDNEUyRTFGOEJCMEQ4MUUy
RkJFQkJCRUU1NTFEQjEzNDBGMTFGQjE0Qzg1MTg5MjlFNEQ4RDFFRUFCRjhFOUUz
NTM2NURBRkFFRUFBQTFCQ0E1MDVBMDlGODQyQTQyNTM2M0Y3OUFCMDc2N0QwNkI3
MzU0NzMwQzQ4MkE1NDcyRDVGMzNGNUJEOUZGMTIwODcxRjgzNDI1MUU1QURGMkYx
ODI3NzY4M0RGNDE5Nzc4QkQxREFEODMxRTM3MUU2RTUxOEEzQTRDNkJCMjkwRjc4
MDE0MkU1NTEyNTE2MzUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAquU0yv/fIAZpsFCrTWNAXlXg/peUzX0ZLQEE7fhWmOMj2THa//XI
i9Xg440tDqzN2UGn1TwP7k7801xKd/7Ee1O03w4P3YSXy0mUmAoSb6Z7r6KQfIG3
r9U5SuXClkU+ZFFajH2rxwQKYOrE8+RWrXvj3PxZd6MbMZf90hjrsWiYki3B9uFR
TEHR8cgbz+fWVcTi4fi7DYHi++u77lUdsTQPEfsUyFGJKeTY0e6r+OnjU2Xa+u6q
obylBaCfhCpCU2P3mrB2fQa3NUcwxIKlRy1fM/W9n/Eghx+DQlHlrfLxgndoPfQZ
d4vR2tgx43Hm5RijpMa7KQ94AULlUSUWNQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FCjpekqbGNnd8B/7Q2ox1dIdaPXSMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTMxMzMzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAATMA0GCSqGSIb3DQEBCwUAA4IBAQA2
TOB3grv/x1gcGOv66eUEMfjt137ot1X4aSJkvJMNtELbVk6mNYqbupC9m7PrAVMG
zsn/mDtqfBFEGBArjeWmDzjcE9mBInHKzytLYTgTJbrWZIu2OTkW3nDEPRg4OEqG
creLLG8TP5PRVr840lxMcN18oG5GdkOtEZcQmHVtC1mcpihI9kzpyp2a35WlQFwu
XanZGL6DxviUx1uY/wuTNIf6djGaiFP7obvP2vkmC/aDgMdMYom/7PSO5Q72G4oG
PRJIxsLfW5l5s8BW6MlMn7oSEcOYArffEogdp41F5+HvoSbDKFSUWp3tl8TS/hoH
3dM3VPbjbzRZ/xV4Vwtd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:38 2024 by rpki-client on console-ams.rpki-client.org