Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62363a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a62363a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          +mhwiu9nD1OYqAnpsRrYyFexF4iAqUSlkxowoP7UwPU=
Subject key identifier:   CD:20:00:AD:4B:EF:13:00:FA:3B:14:F1:09:F4:31:82:6B:92:DB:90
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       23AF098AACDB94614C2B9C8B6DBFA7462EB48983
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62363a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:58 +0000
ROA not before:           Wed 29 Sep 2021 23:55:58 +0000
ROA not after:            Fri 30 Sep 2022 00:00:58 +0000
asID:                     17451
IP address blocks:        2404:8000:b6::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:af:09:8a:ac:db:94:61:4c:2b:9c:8b:6d:bf:a7:46:2e:b4:89:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:58 2021 GMT
            Not After : Sep 30 00:00:58 2022 GMT
        Subject: CN=3082010A0282010100AA8758DB240E97C3FE17F1401187F36F82EB6569C803086CFB90736769D7362A727CDB2CF7A4228FBB1F4F92A90624E15C60A5B1A94881343B31258BCD28E421F193254D87FB5C8504CBF15FE1BC8C148CB7C2A7D5E653362240253A503E058FB22F56A4E898907D8E623840C1D476E7398A7067B04170DAA8C8178A4665A338294E187F41798FD382D93F00BEE96C75C29279ECACD4BAE7B65ADC612FA246E53F822D886CD25CD8B281467FB01E77411A72246E76CA12B9834900A5FA9BFC89E537A7D07C5FF326365BCC3E9CC8266F6F72D30517B345120826C2B4E8AA4056FB758EA909E2304BF22091A3613145F1882312695F4B875B4AEDE1EF4C4ADB030203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:58:db:24:0e:97:c3:fe:17:f1:40:11:87:
                    f3:6f:82:eb:65:69:c8:03:08:6c:fb:90:73:67:69:
                    d7:36:2a:72:7c:db:2c:f7:a4:22:8f:bb:1f:4f:92:
                    a9:06:24:e1:5c:60:a5:b1:a9:48:81:34:3b:31:25:
                    8b:cd:28:e4:21:f1:93:25:4d:87:fb:5c:85:04:cb:
                    f1:5f:e1:bc:8c:14:8c:b7:c2:a7:d5:e6:53:36:22:
                    40:25:3a:50:3e:05:8f:b2:2f:56:a4:e8:98:90:7d:
                    8e:62:38:40:c1:d4:76:e7:39:8a:70:67:b0:41:70:
                    da:a8:c8:17:8a:46:65:a3:38:29:4e:18:7f:41:79:
                    8f:d3:82:d9:3f:00:be:e9:6c:75:c2:92:79:ec:ac:
                    d4:ba:e7:b6:5a:dc:61:2f:a2:46:e5:3f:82:2d:88:
                    6c:d2:5c:d8:b2:81:46:7f:b0:1e:77:41:1a:72:24:
                    6e:76:ca:12:b9:83:49:00:a5:fa:9b:fc:89:e5:37:
                    a7:d0:7c:5f:f3:26:36:5b:cc:3e:9c:c8:26:6f:6f:
                    72:d3:05:17:b3:45:12:08:26:c2:b4:e8:aa:40:56:
                    fb:75:8e:a9:09:e2:30:4b:f2:20:91:a3:61:31:45:
                    f1:88:23:12:69:5f:4b:87:5b:4a:ed:e1:ef:4c:4a:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:20:00:AD:4B:EF:13:00:FA:3B:14:F1:09:F4:31:82:6B:92:DB:90
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a62363a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:b6::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:ae:e3:61:6c:16:20:50:1e:8d:13:b5:12:12:22:95:b0:63:
         97:ba:6e:31:9a:d8:bc:59:68:31:4c:79:11:45:10:ab:08:8f:
         30:db:94:c8:8b:98:c3:74:d5:72:76:4e:dd:2f:18:2b:55:f0:
         85:c6:ba:b4:aa:98:ca:77:af:1d:4f:01:3e:bd:1f:43:8a:70:
         60:c9:24:93:6f:bb:0b:7c:e9:45:4b:db:5c:e6:70:a5:65:67:
         5b:71:c4:41:65:bd:86:5b:19:b5:6e:f7:f0:f6:21:26:0b:34:
         44:b0:d3:a5:f1:a3:ba:0e:a1:9f:da:4c:66:80:61:42:39:1d:
         96:c4:10:20:8c:34:84:2c:3a:3f:4e:de:d6:41:1b:b4:f3:05:
         c1:0c:fe:f8:31:aa:ef:56:c8:03:20:6c:98:80:f7:f7:47:87:
         e7:55:2f:c9:e2:4f:db:e8:99:18:bc:7a:d2:2b:42:3e:13:51:
         15:8a:2d:0b:3b:de:30:e9:37:45:68:0f:66:b4:c2:9f:c4:fe:
         3d:31:d4:43:33:65:81:b9:e8:3f:3e:60:2b:52:74:df:33:4e:
         e1:28:13:37:c9:5d:38:b8:7b:89:f1:a7:7d:43:35:65:cc:76:
         78:e8:0e:2c:a8:37:55:6a:22:e0:6d:ae:0a:9e:ff:7f:20:9b:
         70:c3:9f:92
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUI68JiqzblGFMK5yLbb+nRi60iYMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NThaFw0yMjA5MzAwMDAwNThaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQUE4NzU4REIyNDBFOTdDM0ZF
MTdGMTQwMTE4N0YzNkY4MkVCNjU2OUM4MDMwODZDRkI5MDczNjc2OUQ3MzYyQTcy
N0NEQjJDRjdBNDIyOEZCQjFGNEY5MkE5MDYyNEUxNUM2MEE1QjFBOTQ4ODEzNDNC
MzEyNThCQ0QyOEU0MjFGMTkzMjU0RDg3RkI1Qzg1MDRDQkYxNUZFMUJDOEMxNDhD
QjdDMkE3RDVFNjUzMzYyMjQwMjUzQTUwM0UwNThGQjIyRjU2QTRFODk4OTA3RDhF
NjIzODQwQzFENDc2RTczOThBNzA2N0IwNDE3MERBQThDODE3OEE0NjY1QTMzODI5
NEUxODdGNDE3OThGRDM4MkQ5M0YwMEJFRTk2Qzc1QzI5Mjc5RUNBQ0Q0QkFFN0I2
NUFEQzYxMkZBMjQ2RTUzRjgyMkQ4ODZDRDI1Q0Q4QjI4MTQ2N0ZCMDFFNzc0MTFB
NzIyNDZFNzZDQTEyQjk4MzQ5MDBBNUZBOUJGQzg5RTUzN0E3RDA3QzVGRjMyNjM2
NUJDQzNFOUNDODI2NkY2RjcyRDMwNTE3QjM0NTEyMDgyNkMyQjRFOEFBNDA1NkZC
NzU4RUE5MDlFMjMwNEJGMjIwOTFBMzYxMzE0NUYxODgyMzEyNjk1RjRCODc1QjRB
RURFMUVGNEM0QURCMDMwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqodY2yQOl8P+F/FAEYfzb4LrZWnIAwhs+5BzZ2nXNipyfNss96Qi
j7sfT5KpBiThXGClsalIgTQ7MSWLzSjkIfGTJU2H+1yFBMvxX+G8jBSMt8Kn1eZT
NiJAJTpQPgWPsi9WpOiYkH2OYjhAwdR25zmKcGewQXDaqMgXikZlozgpThh/QXmP
04LZPwC+6Wx1wpJ57KzUuue2WtxhL6JG5T+CLYhs0lzYsoFGf7Aed0EaciRudsoS
uYNJAKX6m/yJ5Ten0Hxf8yY2W8w+nMgmb29y0wUXs0USCCbCtOiqQFb7dY6pCeIw
S/IgkaNhMUXxiCMSaV9Lh1tK7eHvTErbAwIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FM0gAK1L7xMA+jsU8Qn0MYJrktuQMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTYyMzYzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAAC2MA0GCSqGSIb3DQEBCwUAA4IBAQCD
ruNhbBYgUB6NE7USEiKVsGOXum4xmti8WWgxTHkRRRCrCI8w25TIi5jDdNVydk7d
LxgrVfCFxrq0qpjKd68dTwE+vR9DinBgySSTb7sLfOlFS9tc5nClZWdbccRBZb2G
Wxm1bvfw9iEmCzREsNOl8aO6DqGf2kxmgGFCOR2WxBAgjDSELDo/Tt7WQRu08wXB
DP74MarvVsgDIGyYgPf3R4fnVS/J4k/b6JkYvHrSK0I+E1EVii0LO94w6TdFaA9m
tMKfxP49MdRDM2WBueg/PmArUnTfM07hKBM3yV04uHuJ8ad9QzVlzHZ46A4sqDdV
aiLgba4Knv9/IJtww5+S
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:06 2024 by rpki-client on console-fra.rpki-client.org