Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61613a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a61613a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          vBVguzZQ3ZzN4Zgb8Z2n6+Zg85OdPKBV1H0SQ/glwtc=
Subject key identifier:   30:F7:9D:82:FC:CF:EA:9D:44:1F:CD:4A:68:F2:26:A7:34:F5:AC:2F
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       1C1201B78700AF1063FC92DB0C4C9DD6B0CEB140
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61613a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:02 +0000
ROA not before:           Wed 29 Sep 2021 23:55:02 +0000
ROA not after:            Fri 30 Sep 2022 00:00:02 +0000
asID:                     17451
IP address blocks:        2404:8000:aa::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:12:01:b7:87:00:af:10:63:fc:92:db:0c:4c:9d:d6:b0:ce:b1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:02 2021 GMT
            Not After : Sep 30 00:00:02 2022 GMT
        Subject: CN=3082010A0282010100CBCD5488D68AE407206D735795A210AC5A3463A8AEF081FD2547031BBD6003E8E9772722475BE4B369F3FB389D1FD7E1793D3D73D4E039EDFD1135476861000EDB348168FC00AA2601A8F829B7D63FAB3A0C628D25294008E9DEE1E5EE2D2554567682C2357A6481A94543FE9A74FC5A587C866A8533A81A1C52FD3CC3CCA663D946B82467B00B05119042D36C8D085AEB970D46DFB48E93A69D1BDFB60C2FEFD51A3F8567EBC343EE6C62ACB1F6750EF4B7BB24B48624A3C880DBDB83D2BF1C187C4B3876314354A8F1C8E4FDBA6E3BF098D4F5C88C5D6D3B4C6B1E93E2A7DC2C4952DD5F9ACC1666F1365A0E1BDEC1C81D06699ECB7C2E703886D3FC98F2830203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:cd:54:88:d6:8a:e4:07:20:6d:73:57:95:a2:
                    10:ac:5a:34:63:a8:ae:f0:81:fd:25:47:03:1b:bd:
                    60:03:e8:e9:77:27:22:47:5b:e4:b3:69:f3:fb:38:
                    9d:1f:d7:e1:79:3d:3d:73:d4:e0:39:ed:fd:11:35:
                    47:68:61:00:0e:db:34:81:68:fc:00:aa:26:01:a8:
                    f8:29:b7:d6:3f:ab:3a:0c:62:8d:25:29:40:08:e9:
                    de:e1:e5:ee:2d:25:54:56:76:82:c2:35:7a:64:81:
                    a9:45:43:fe:9a:74:fc:5a:58:7c:86:6a:85:33:a8:
                    1a:1c:52:fd:3c:c3:cc:a6:63:d9:46:b8:24:67:b0:
                    0b:05:11:90:42:d3:6c:8d:08:5a:eb:97:0d:46:df:
                    b4:8e:93:a6:9d:1b:df:b6:0c:2f:ef:d5:1a:3f:85:
                    67:eb:c3:43:ee:6c:62:ac:b1:f6:75:0e:f4:b7:bb:
                    24:b4:86:24:a3:c8:80:db:db:83:d2:bf:1c:18:7c:
                    4b:38:76:31:43:54:a8:f1:c8:e4:fd:ba:6e:3b:f0:
                    98:d4:f5:c8:8c:5d:6d:3b:4c:6b:1e:93:e2:a7:dc:
                    2c:49:52:dd:5f:9a:cc:16:66:f1:36:5a:0e:1b:de:
                    c1:c8:1d:06:69:9e:cb:7c:2e:70:38:86:d3:fc:98:
                    f2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F7:9D:82:FC:CF:EA:9D:44:1F:CD:4A:68:F2:26:A7:34:F5:AC:2F
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a61613a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:aa::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:b3:1c:8d:6c:c4:f5:ad:a4:16:95:fe:b5:75:c4:d7:4a:a8:
         c2:0c:eb:df:69:9b:c7:6b:e4:70:ce:33:f6:90:49:e3:a0:cf:
         b5:ef:4b:0e:b9:1b:6e:e6:1c:4f:3d:35:eb:68:ad:df:74:df:
         0b:58:3b:12:a4:23:b5:6e:bd:d3:b7:46:0c:0f:8b:2b:f8:81:
         ab:f7:dc:73:b0:52:d0:93:a8:22:30:a2:19:14:fb:93:85:52:
         4e:3f:05:8a:1a:68:08:5f:35:26:e3:e8:b6:8e:82:2e:38:4f:
         42:fa:b0:49:23:22:c4:00:df:70:30:c2:ba:f3:71:1d:7d:91:
         0c:4f:7d:62:d5:94:3f:34:79:ac:da:b5:fd:41:b2:f8:3e:8b:
         09:39:4a:20:7b:f3:67:2b:4d:8f:4d:25:7e:36:f0:3e:fa:77:
         5f:18:e4:a2:fe:5b:41:f8:18:41:1d:9e:b2:0d:5b:9e:3b:7b:
         4a:de:c6:a8:4d:61:57:e0:f6:85:bf:4b:28:33:f8:6f:f7:37:
         e2:a1:84:9f:02:d3:76:6d:e2:ed:36:ea:62:27:5d:77:95:26:
         99:ae:95:c6:44:e5:c3:a1:23:50:41:81:b0:7c:9c:fd:f4:ff:
         c9:65:3d:80:0c:d5:43:9f:49:6a:d2:37:fb:1f:aa:ad:8c:d3:
         6b:1f:8b:5b
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUHBIBt4cArxBj/JLbDEyd1rDOsUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MDJaFw0yMjA5MzAwMDAwMDJaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQ0JDRDU0ODhENjhBRTQwNzIw
NkQ3MzU3OTVBMjEwQUM1QTM0NjNBOEFFRjA4MUZEMjU0NzAzMUJCRDYwMDNFOEU5
NzcyNzIyNDc1QkU0QjM2OUYzRkIzODlEMUZEN0UxNzkzRDNENzNENEUwMzlFREZE
MTEzNTQ3Njg2MTAwMEVEQjM0ODE2OEZDMDBBQTI2MDFBOEY4MjlCN0Q2M0ZBQjNB
MEM2MjhEMjUyOTQwMDhFOURFRTFFNUVFMkQyNTU0NTY3NjgyQzIzNTdBNjQ4MUE5
NDU0M0ZFOUE3NEZDNUE1ODdDODY2QTg1MzNBODFBMUM1MkZEM0NDM0NDQTY2M0Q5
NDZCODI0NjdCMDBCMDUxMTkwNDJEMzZDOEQwODVBRUI5NzBENDZERkI0OEU5M0E2
OUQxQkRGQjYwQzJGRUZENTFBM0Y4NTY3RUJDMzQzRUU2QzYyQUNCMUY2NzUwRUY0
QjdCQjI0QjQ4NjI0QTNDODgwREJEQjgzRDJCRjFDMTg3QzRCMzg3NjMxNDM1NEE4
RjFDOEU0RkRCQTZFM0JGMDk4RDRGNUM4OEM1RDZEM0I0QzZCMUU5M0UyQTdEQzJD
NDk1MkRENUY5QUNDMTY2NkYxMzY1QTBFMUJERUMxQzgxRDA2Njk5RUNCN0MyRTcw
Mzg4NkQzRkM5OEYyODMwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAy81UiNaK5AcgbXNXlaIQrFo0Y6iu8IH9JUcDG71gA+jpdyciR1vk
s2nz+zidH9fheT09c9TgOe39ETVHaGEADts0gWj8AKomAaj4KbfWP6s6DGKNJSlA
COne4eXuLSVUVnaCwjV6ZIGpRUP+mnT8Wlh8hmqFM6gaHFL9PMPMpmPZRrgkZ7AL
BRGQQtNsjQha65cNRt+0jpOmnRvftgwv79UaP4Vn68ND7mxirLH2dQ70t7sktIYk
o8iA29uD0r8cGHxLOHYxQ1So8cjk/bpuO/CY1PXIjF1tO0xrHpPip9wsSVLdX5rM
FmbxNloOG97ByB0GaZ7LfC5wOIbT/JjygwIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FDD3nYL8z+qdRB/NSmjyJqc09awvMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYxNjEzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAACqMA0GCSqGSIb3DQEBCwUAA4IBAQCA
sxyNbMT1raQWlf61dcTXSqjCDOvfaZvHa+RwzjP2kEnjoM+170sOuRtu5hxPPTXr
aK3fdN8LWDsSpCO1br3Tt0YMD4sr+IGr99xzsFLQk6giMKIZFPuThVJOPwWKGmgI
XzUm4+i2joIuOE9C+rBJIyLEAN9wMMK683EdfZEMT31i1ZQ/NHms2rX9QbL4PosJ
OUoge/NnK02PTSV+NvA++ndfGOSi/ltB+BhBHZ6yDVueO3tK3saoTWFX4PaFv0so
M/hv9zfioYSfAtN2beLtNupiJ113lSaZrpXGROXDoSNQQYGwfJz99P/JZT2ADNVD
n0lq0jf7H6qtjNNrH4tb
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:06 2024 by rpki-client on console-fra.rpki-client.org