Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61383a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a61383a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          f6n8TUWeweGodKT7cOIjcjjF+m034e2nJg80yPKEfAg=
Subject key identifier:   9F:0A:ED:86:FA:0F:EE:37:ED:58:A0:74:25:28:CC:72:2B:03:56:98
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       18D056534F44FA3F122D710696A8A58158693257
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61383a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:22 +0000
ROA not before:           Wed 29 Sep 2021 23:55:22 +0000
ROA not after:            Fri 30 Sep 2022 00:00:22 +0000
asID:                     17451
IP address blocks:        2404:8000:a8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d0:56:53:4f:44:fa:3f:12:2d:71:06:96:a8:a5:81:58:69:32:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:22 2021 GMT
            Not After : Sep 30 00:00:22 2022 GMT
        Subject: CN=3082010A0282010100A36299C4AB7F59D5E0DDDA4A95DD76978B64E126F147F204233C0A9874FF595E7E8C67B28EC98BD05A8828014E03C7D77EA1B2B767BFF9A3AA4CFF1E5B937D52CBF4A56E0F0BC939516D5531909E0B2DA807482C6DA2F9539517FD3EFDE91EDE9F44EBA036C258550CDE1E0B37A3EE69BF258A9C89B0240C05401EF1E424E6895D33C41596CD8CB1ACFF0B2541665FED0E84891109D06EF7157DB5B1BA1F92F835D66CC210E0F808156AD230177F442FB8163575E1615D423FD833D2ABB7B8E44906599F40E393113EC693BCEDDD60F3064A29C4898437BF832DDF38B206F2EAD6CF8C786894124732AEB18A4A01248ADDFE04C9A043418D5FFFEE9EF180E1B10203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:62:99:c4:ab:7f:59:d5:e0:dd:da:4a:95:dd:
                    76:97:8b:64:e1:26:f1:47:f2:04:23:3c:0a:98:74:
                    ff:59:5e:7e:8c:67:b2:8e:c9:8b:d0:5a:88:28:01:
                    4e:03:c7:d7:7e:a1:b2:b7:67:bf:f9:a3:aa:4c:ff:
                    1e:5b:93:7d:52:cb:f4:a5:6e:0f:0b:c9:39:51:6d:
                    55:31:90:9e:0b:2d:a8:07:48:2c:6d:a2:f9:53:95:
                    17:fd:3e:fd:e9:1e:de:9f:44:eb:a0:36:c2:58:55:
                    0c:de:1e:0b:37:a3:ee:69:bf:25:8a:9c:89:b0:24:
                    0c:05:40:1e:f1:e4:24:e6:89:5d:33:c4:15:96:cd:
                    8c:b1:ac:ff:0b:25:41:66:5f:ed:0e:84:89:11:09:
                    d0:6e:f7:15:7d:b5:b1:ba:1f:92:f8:35:d6:6c:c2:
                    10:e0:f8:08:15:6a:d2:30:17:7f:44:2f:b8:16:35:
                    75:e1:61:5d:42:3f:d8:33:d2:ab:b7:b8:e4:49:06:
                    59:9f:40:e3:93:11:3e:c6:93:bc:ed:dd:60:f3:06:
                    4a:29:c4:89:84:37:bf:83:2d:df:38:b2:06:f2:ea:
                    d6:cf:8c:78:68:94:12:47:32:ae:b1:8a:4a:01:24:
                    8a:dd:fe:04:c9:a0:43:41:8d:5f:ff:ee:9e:f1:80:
                    e1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:0A:ED:86:FA:0F:EE:37:ED:58:A0:74:25:28:CC:72:2B:03:56:98
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61383a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:e2:9f:ed:4e:37:c0:a7:8d:0b:3a:f9:3e:1c:7d:fb:92:bd:
         8b:48:0e:99:73:61:ef:03:d3:bf:79:79:67:09:14:92:ac:45:
         36:93:7d:b9:9d:50:15:fd:b9:25:94:7d:16:7c:c0:31:26:ad:
         8f:a9:69:f1:4b:cb:79:6d:ed:17:f3:f0:21:74:e4:54:88:f5:
         b6:9a:05:d2:0f:8c:16:44:50:cf:b4:3a:cb:6f:29:d9:2c:ac:
         67:a1:0f:49:9e:d4:cb:2e:cc:2d:f2:c9:a3:f3:0b:eb:75:21:
         e4:7f:80:fc:97:46:29:2b:a9:ee:a9:59:e3:c5:82:b8:77:86:
         ef:13:92:1b:24:ab:ad:40:04:9e:cf:19:c2:88:eb:50:05:9f:
         95:6a:9f:39:df:db:f1:6b:25:e9:bf:bc:c3:59:06:71:33:f8:
         0d:33:c0:5a:d4:a2:76:8a:88:de:fd:db:f2:0b:ba:b8:69:cb:
         18:83:60:db:a1:04:56:4d:56:0c:d7:34:33:f6:72:f3:7f:d7:
         0d:60:f5:09:7d:33:ad:a9:15:13:ef:dd:79:5d:00:2e:13:5a:
         42:43:e4:49:90:1c:5b:2d:9e:bd:0d:f2:24:9a:6a:c9:ae:77:
         6f:3c:5a:ac:92:a1:af:a5:10:8d:59:5c:b7:ec:ba:38:61:de:
         ff:11:39:13
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUGNBWU09E+j8SLXEGlqilgVhpMlcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MjJaFw0yMjA5MzAwMDAwMjJaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQTM2Mjk5QzRBQjdGNTlENUUw
REREQTRBOTVERDc2OTc4QjY0RTEyNkYxNDdGMjA0MjMzQzBBOTg3NEZGNTk1RTdF
OEM2N0IyOEVDOThCRDA1QTg4MjgwMTRFMDNDN0Q3N0VBMUIyQjc2N0JGRjlBM0FB
NENGRjFFNUI5MzdENTJDQkY0QTU2RTBGMEJDOTM5NTE2RDU1MzE5MDlFMEIyREE4
MDc0ODJDNkRBMkY5NTM5NTE3RkQzRUZERTkxRURFOUY0NEVCQTAzNkMyNTg1NTBD
REUxRTBCMzdBM0VFNjlCRjI1OEE5Qzg5QjAyNDBDMDU0MDFFRjFFNDI0RTY4OTVE
MzNDNDE1OTZDRDhDQjFBQ0ZGMEIyNTQxNjY1RkVEMEU4NDg5MTEwOUQwNkVGNzE1
N0RCNUIxQkExRjkyRjgzNUQ2NkNDMjEwRTBGODA4MTU2QUQyMzAxNzdGNDQyRkI4
MTYzNTc1RTE2MTVENDIzRkQ4MzNEMkFCQjdCOEU0NDkwNjU5OUY0MEUzOTMxMTNF
QzY5M0JDRURERDYwRjMwNjRBMjlDNDg5ODQzN0JGODMyRERGMzhCMjA2RjJFQUQ2
Q0Y4Qzc4Njg5NDEyNDczMkFFQjE4QTRBMDEyNDhBRERGRTA0QzlBMDQzNDE4RDVG
RkZFRTlFRjE4MEUxQjEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAo2KZxKt/WdXg3dpKld12l4tk4SbxR/IEIzwKmHT/WV5+jGeyjsmL
0FqIKAFOA8fXfqGyt2e/+aOqTP8eW5N9Usv0pW4PC8k5UW1VMZCeCy2oB0gsbaL5
U5UX/T796R7en0TroDbCWFUM3h4LN6Puab8lipyJsCQMBUAe8eQk5oldM8QVls2M
saz/CyVBZl/tDoSJEQnQbvcVfbWxuh+S+DXWbMIQ4PgIFWrSMBd/RC+4FjV14WFd
Qj/YM9Krt7jkSQZZn0DjkxE+xpO87d1g8wZKKcSJhDe/gy3fOLIG8urWz4x4aJQS
RzKusYpKASSK3f4EyaBDQY1f/+6e8YDhsQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FJ8K7Yb6D+437VigdCUozHIrA1aYMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYxMzgzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAACoMA0GCSqGSIb3DQEBCwUAA4IBAQAL
4p/tTjfAp40LOvk+HH37kr2LSA6Zc2HvA9O/eXlnCRSSrEU2k325nVAV/bkllH0W
fMAxJq2PqWnxS8t5be0X8/AhdORUiPW2mgXSD4wWRFDPtDrLbynZLKxnoQ9JntTL
Lswt8smj8wvrdSHkf4D8l0YpK6nuqVnjxYK4d4bvE5IbJKutQASezxnCiOtQBZ+V
ap8539vxayXpv7zDWQZxM/gNM8Ba1KJ2ioje/dvyC7q4acsYg2DboQRWTVYM1zQz
9nLzf9cNYPUJfTOtqRUT7915XQAuE1pCQ+RJkBxbLZ69DfIkmmrJrndvPFqskqGv
pRCNWVy37Lo4Yd7/ETkT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:39 2024 by rpki-client on console-ams.rpki-client.org