Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a64343a3a2f34382d3438203d3e203137343531.roa
File:                     323430343a383030303a64343a3a2f34382d3438203d3e203137343531.roa (raw, json)
Hash identifier:          EZeOziU7Al+lFllVkPe8U6crE0A9xKG5IX7MrZp1QVs=
Subject key identifier:   EC:34:CF:FD:8A:44:3F:0F:D4:45:22:79:4B:0F:E2:57:16:1C:F4:52
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       520A5A619566755F36EE53E479A875DC62550336
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a64343a3a2f34382d3438203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:56 +0000
ROA not before:           Wed 29 Sep 2021 23:55:56 +0000
ROA not after:            Fri 30 Sep 2022 00:00:56 +0000
asID:                     17451
IP address blocks:        2404:8000:d4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:0a:5a:61:95:66:75:5f:36:ee:53:e4:79:a8:75:dc:62:55:03:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:56 2021 GMT
            Not After : Sep 30 00:00:56 2022 GMT
        Subject: CN=3082010A0282010100A748CE59A90D613757CB1BEB493207977A8887F6D09D650E9CA857A85B41888AD014E6E6B0CE1BCDBA968EBECC58691AA7CFAF1D25F2A6DC7FF12CF2954A9E6B70169FF6E93DCAA06A2E7B05CA8E9CD305B1F2FC7E60BE0FB8A03DE3FA8157EB2ABBECA78CD7B8ABC7D922151B95735749BAF7C7F678D6D13D0DB1C88986CB9C6CBC82D94FFCD648CA315B5BA9FE6544335EE47E41F759C2C9E00207D736945AE9FCDA9A95B719E93889EF51D07A9A6B8C6C229EDCBE43CFB91F055D3FA94ED36B77CF567A22387134860E898DBAB48D017B15D4931A9488434608CDCA77E06EEEAFAB00BE7A793367E97E77EAC03350E4CE34095A3F0B04CB17992796D5A35F0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:48:ce:59:a9:0d:61:37:57:cb:1b:eb:49:32:
                    07:97:7a:88:87:f6:d0:9d:65:0e:9c:a8:57:a8:5b:
                    41:88:8a:d0:14:e6:e6:b0:ce:1b:cd:ba:96:8e:be:
                    cc:58:69:1a:a7:cf:af:1d:25:f2:a6:dc:7f:f1:2c:
                    f2:95:4a:9e:6b:70:16:9f:f6:e9:3d:ca:a0:6a:2e:
                    7b:05:ca:8e:9c:d3:05:b1:f2:fc:7e:60:be:0f:b8:
                    a0:3d:e3:fa:81:57:eb:2a:bb:ec:a7:8c:d7:b8:ab:
                    c7:d9:22:15:1b:95:73:57:49:ba:f7:c7:f6:78:d6:
                    d1:3d:0d:b1:c8:89:86:cb:9c:6c:bc:82:d9:4f:fc:
                    d6:48:ca:31:5b:5b:a9:fe:65:44:33:5e:e4:7e:41:
                    f7:59:c2:c9:e0:02:07:d7:36:94:5a:e9:fc:da:9a:
                    95:b7:19:e9:38:89:ef:51:d0:7a:9a:6b:8c:6c:22:
                    9e:dc:be:43:cf:b9:1f:05:5d:3f:a9:4e:d3:6b:77:
                    cf:56:7a:22:38:71:34:86:0e:89:8d:ba:b4:8d:01:
                    7b:15:d4:93:1a:94:88:43:46:08:cd:ca:77:e0:6e:
                    ee:af:ab:00:be:7a:79:33:67:e9:7e:77:ea:c0:33:
                    50:e4:ce:34:09:5a:3f:0b:04:cb:17:99:27:96:d5:
                    a3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:34:CF:FD:8A:44:3F:0F:D4:45:22:79:4B:0F:E2:57:16:1C:F4:52
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/323430343a383030303a64343a3a2f34382d3438203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:8000:d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:c6:37:46:ec:33:0d:bd:7d:80:c9:a7:17:a7:8e:0b:d9:a2:
         70:df:e0:42:65:78:9c:82:62:79:b2:73:ae:ec:3d:4e:4f:77:
         95:fe:18:cf:47:3b:a7:f3:70:c1:b0:e5:f8:7a:fe:94:3f:7e:
         24:59:e2:7b:44:b3:c9:36:78:b4:4f:a1:d3:ae:7f:fb:cc:a0:
         6f:07:13:d4:8d:25:d5:a2:fb:69:fd:60:d6:5f:b8:7e:89:54:
         c1:7e:b5:7a:d7:b1:e7:a3:7d:7a:ce:c8:8f:7d:16:35:1a:6c:
         08:3d:84:21:30:96:5e:4f:5b:97:51:8b:90:5d:54:f6:94:8d:
         63:49:02:0a:33:d1:8d:ef:b3:ee:97:c0:9d:8b:c4:d4:4d:e6:
         6b:8d:5e:f4:66:a3:72:d0:4c:82:e1:91:44:83:3c:7c:85:46:
         2b:11:69:3e:eb:a3:23:0b:16:1e:b2:f6:e1:35:98:5d:06:dc:
         71:b5:ed:15:d9:8a:52:47:fe:38:25:ce:bb:36:2e:aa:39:98:
         c2:7e:95:8f:3f:50:1c:ad:02:2c:ee:6c:b0:d3:0f:e9:ff:68:
         8f:e7:03:04:eb:a4:45:8a:30:32:53:a3:17:e2:9e:71:ba:4e:
         e8:99:25:58:5b:74:e1:a5:f1:f7:71:60:a8:1f:ef:54:eb:68:
         bd:f2:2d:e4
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUUgpaYZVmdV827lPkeah13GJVAzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NTZaFw0yMjA5MzAwMDAwNTZaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQTc0OENFNTlBOTBENjEzNzU3
Q0IxQkVCNDkzMjA3OTc3QTg4ODdGNkQwOUQ2NTBFOUNBODU3QTg1QjQxODg4QUQw
MTRFNkU2QjBDRTFCQ0RCQTk2OEVCRUNDNTg2OTFBQTdDRkFGMUQyNUYyQTZEQzdG
RjEyQ0YyOTU0QTlFNkI3MDE2OUZGNkU5M0RDQUEwNkEyRTdCMDVDQThFOUNEMzA1
QjFGMkZDN0U2MEJFMEZCOEEwM0RFM0ZBODE1N0VCMkFCQkVDQTc4Q0Q3QjhBQkM3
RDkyMjE1MUI5NTczNTc0OUJBRjdDN0Y2NzhENkQxM0QwREIxQzg4OTg2Q0I5QzZD
QkM4MkQ5NEZGQ0Q2NDhDQTMxNUI1QkE5RkU2NTQ0MzM1RUU0N0U0MUY3NTlDMkM5
RTAwMjA3RDczNjk0NUFFOUZDREE5QTk1QjcxOUU5Mzg4OUVGNTFEMDdBOUE2QjhD
NkMyMjlFRENCRTQzQ0ZCOTFGMDU1RDNGQTk0RUQzNkI3N0NGNTY3QTIyMzg3MTM0
ODYwRTg5OERCQUI0OEQwMTdCMTVENDkzMUE5NDg4NDM0NjA4Q0RDQTc3RTA2RUVF
QUZBQjAwQkU3QTc5MzM2N0U5N0U3N0VBQzAzMzUwRTRDRTM0MDk1QTNGMEIwNENC
MTc5OTI3OTZENUEzNUYwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAp0jOWakNYTdXyxvrSTIHl3qIh/bQnWUOnKhXqFtBiIrQFObmsM4b
zbqWjr7MWGkap8+vHSXyptx/8SzylUqea3AWn/bpPcqgai57BcqOnNMFsfL8fmC+
D7igPeP6gVfrKrvsp4zXuKvH2SIVG5VzV0m698f2eNbRPQ2xyImGy5xsvILZT/zW
SMoxW1up/mVEM17kfkH3WcLJ4AIH1zaUWun82pqVtxnpOInvUdB6mmuMbCKe3L5D
z7kfBV0/qU7Ta3fPVnoiOHE0hg6Jjbq0jQF7FdSTGpSIQ0YIzcp34G7ur6sAvnp5
M2fpfnfqwDNQ5M40CVo/CwTLF5knltWjXwIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FOw0z/2KRD8P1EUieUsP4lcWHPRSMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MjM0MzAzNDNhMzgzMDMwMzAzYTY0MzQzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MTM3MzQzNTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJASAAADUMA0GCSqGSIb3DQEBCwUAA4IBAQAD
xjdG7DMNvX2AyacXp44L2aJw3+BCZXicgmJ5snOu7D1OT3eV/hjPRzun83DBsOX4
ev6UP34kWeJ7RLPJNni0T6HTrn/7zKBvBxPUjSXVovtp/WDWX7h+iVTBfrV617Hn
o316zsiPfRY1GmwIPYQhMJZeT1uXUYuQXVT2lI1jSQIKM9GN77Pul8Cdi8TUTeZr
jV70ZqNy0EyC4ZFEgzx8hUYrEWk+66MjCxYesvbhNZhdBtxxte0V2YpSR/44Jc67
Ni6qOZjCfpWPP1AcrQIs7myw0w/p/2iP5wME66RFijAyU6MX4p5xuk7omSVYW3Th
pfH3cWCoH+9U62i98i3k
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:39 2024 by rpki-client on console-ams.rpki-client.org