Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3131352e3137382e3133382e302f32332d3234203d3e20313331373336.roa
File:                     3131352e3137382e3133382e302f32332d3234203d3e20313331373336.roa (raw, json)
Hash identifier:          PRmo3bdfEQM2L2ewkMBNVELBZoZwqPo9CQqxeOq9YSo=
Subject key identifier:   8F:4A:01:65:6A:0D:6A:1D:8C:1A:F8:56:A3:27:18:32:51:54:95:9F
Certificate issuer:       /CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
Certificate serial:       43D8E6FB4C92434FDBCD0ADC83CA808A69853439
Authority key identifier: 09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3131352e3137382e3133382e302f32332d3234203d3e20313331373336.roa
Signing time:             Fri 04 Mar 2022 07:45:24 +0000
ROA not before:           Fri 04 Mar 2022 07:40:24 +0000
ROA not after:            Sat 04 Mar 2023 07:45:24 +0000
asID:                     131736
IP address blocks:        115.178.138.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d8:e6:fb:4c:92:43:4f:db:cd:0a:dc:83:ca:80:8a:69:85:34:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
        Validity
            Not Before: Mar  4 07:40:24 2022 GMT
            Not After : Mar  4 07:45:24 2023 GMT
        Subject: CN=3082010A0282010100B399A7D26E7911B4C0C93B8D7F7F2A7C5343753EADE24A398FF0C7BE0120051855A42BD20FFDD4CFAB772379114F186374AF23569BC4C603F63E1DCB6D363EC21509FE07068297D9B0C8E1449F0FF08A42AEBC9251093B568B9EF2FBE76299DA90DF5CE15996CE60DDD8DED57C6B19E272039B4594425CFEABD5E68D4B162ED183A35BC37183B05543075A116347351D6F9187D14F50505B232B5EBA7844357DDCEFC1E5F3DBB43AFF438EA1F5C00B1741B902167168EFE30536427719C33B38B228F9DFD87FF7156BEC49E357667613C09DC15EE17D473BF8A90E17BC446368F1DEE6DD9124DDDE5B9B2285D16530631F333B689A28FE802A504861957849690203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:99:a7:d2:6e:79:11:b4:c0:c9:3b:8d:7f:7f:
                    2a:7c:53:43:75:3e:ad:e2:4a:39:8f:f0:c7:be:01:
                    20:05:18:55:a4:2b:d2:0f:fd:d4:cf:ab:77:23:79:
                    11:4f:18:63:74:af:23:56:9b:c4:c6:03:f6:3e:1d:
                    cb:6d:36:3e:c2:15:09:fe:07:06:82:97:d9:b0:c8:
                    e1:44:9f:0f:f0:8a:42:ae:bc:92:51:09:3b:56:8b:
                    9e:f2:fb:e7:62:99:da:90:df:5c:e1:59:96:ce:60:
                    dd:d8:de:d5:7c:6b:19:e2:72:03:9b:45:94:42:5c:
                    fe:ab:d5:e6:8d:4b:16:2e:d1:83:a3:5b:c3:71:83:
                    b0:55:43:07:5a:11:63:47:35:1d:6f:91:87:d1:4f:
                    50:50:5b:23:2b:5e:ba:78:44:35:7d:dc:ef:c1:e5:
                    f3:db:b4:3a:ff:43:8e:a1:f5:c0:0b:17:41:b9:02:
                    16:71:68:ef:e3:05:36:42:77:19:c3:3b:38:b2:28:
                    f9:df:d8:7f:f7:15:6b:ec:49:e3:57:66:76:13:c0:
                    9d:c1:5e:e1:7d:47:3b:f8:a9:0e:17:bc:44:63:68:
                    f1:de:e6:dd:91:24:dd:de:5b:9b:22:85:d1:65:30:
                    63:1f:33:3b:68:9a:28:fe:80:2a:50:48:61:95:78:
                    49:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4A:01:65:6A:0D:6A:1D:8C:1A:F8:56:A3:27:18:32:51:54:95:9F
            X509v3 Authority Key Identifier:
                keyid:09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3131352e3137382e3133382e302f32332d3234203d3e20313331373336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.178.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:c7:aa:8e:81:ab:32:6e:40:b0:39:6a:bf:55:d4:4b:dd:c6:
         f5:32:e1:04:57:cd:ac:b9:d5:a4:c6:a0:ff:7c:09:ac:8a:46:
         10:0f:09:da:2e:65:73:3a:b2:5e:02:50:9c:e1:d2:07:91:3f:
         85:1e:f6:4c:80:36:ec:c6:2d:da:ed:63:01:44:12:05:cc:d3:
         39:9d:ea:b4:76:ee:02:b3:cc:13:9a:a7:0f:dd:46:ae:91:02:
         dc:c7:75:0e:97:98:b7:2e:8b:da:23:aa:05:62:b9:2b:9c:e9:
         38:d0:30:c2:d0:36:ef:c9:31:18:7d:ac:4d:cd:16:ab:fd:16:
         93:9c:db:8b:52:56:09:e3:ac:a8:aa:07:14:84:58:b7:8a:34:
         87:d6:47:2e:44:6c:5d:b6:17:43:06:40:2d:fc:90:40:10:76:
         b1:31:1c:ee:8f:b2:99:13:0b:cb:a9:5c:9a:9a:bf:33:8e:07:
         e9:39:0a:4f:30:fc:47:b1:29:70:cf:8d:de:ee:ec:1e:a6:22:
         a7:c0:39:07:9e:8b:13:d1:cb:b9:70:78:c5:22:97:c0:4f:2b:
         43:87:fb:97:08:61:31:d9:15:a8:f9:0d:c3:19:ec:b9:6e:48:
         66:32:2c:10:57:b1:ae:ad:44:3d:3e:21:d1:2c:58:33:9f:d9:
         8b:ba:d9:5b
-----BEGIN CERTIFICATE-----
MIIHKDCCBhCgAwIBAgIUQ9jm+0ySQ0/bzQrcg8qAimmFNDkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3
NjNDRjM2MTAeFw0yMjAzMDQwNzQwMjRaFw0yMzAzMDQwNzQ1MjRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjM5OUE3RDI2RTc5MTFCNEMw
QzkzQjhEN0Y3RjJBN0M1MzQzNzUzRUFERTI0QTM5OEZGMEM3QkUwMTIwMDUxODU1
QTQyQkQyMEZGREQ0Q0ZBQjc3MjM3OTExNEYxODYzNzRBRjIzNTY5QkM0QzYwM0Y2
M0UxRENCNkQzNjNFQzIxNTA5RkUwNzA2ODI5N0Q5QjBDOEUxNDQ5RjBGRjA4QTQy
QUVCQzkyNTEwOTNCNTY4QjlFRjJGQkU3NjI5OURBOTBERjVDRTE1OTk2Q0U2MERE
RDhERUQ1N0M2QjE5RTI3MjAzOUI0NTk0NDI1Q0ZFQUJENUU2OEQ0QjE2MkVEMTgz
QTM1QkMzNzE4M0IwNTU0MzA3NUExMTYzNDczNTFENkY5MTg3RDE0RjUwNTA1QjIz
MkI1RUJBNzg0NDM1N0REQ0VGQzFFNUYzREJCNDNBRkY0MzhFQTFGNUMwMEIxNzQx
QjkwMjE2NzE2OEVGRTMwNTM2NDI3NzE5QzMzQjM4QjIyOEY5REZEODdGRjcxNTZC
RUM0OUUzNTc2Njc2MTNDMDlEQzE1RUUxN0Q0NzNCRjhBOTBFMTdCQzQ0NjM2OEYx
REVFNkREOTEyNEREREU1QjlCMjI4NUQxNjUzMDYzMUYzMzNCNjg5QTI4RkU4MDJB
NTA0ODYxOTU3ODQ5NjkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAs5mn0m55EbTAyTuNf38qfFNDdT6t4ko5j/DHvgEgBRhVpCvSD/3U
z6t3I3kRTxhjdK8jVpvExgP2Ph3LbTY+whUJ/gcGgpfZsMjhRJ8P8IpCrrySUQk7
Voue8vvnYpnakN9c4VmWzmDd2N7VfGsZ4nIDm0WUQlz+q9XmjUsWLtGDo1vDcYOw
VUMHWhFjRzUdb5GH0U9QUFsjK166eEQ1fdzvweXz27Q6/0OOofXACxdBuQIWcWjv
4wU2QncZwzs4sij539h/9xVr7EnjV2Z2E8CdwV7hfUc7+KkOF7xEY2jx3ubdkSTd
3lubIoXRZTBjHzM7aJoo/oAqUEhhlXhJaQIDAQABo4ICNjCCAjIwHQYDVR0OBBYE
FI9KAWVqDWodjBr4VqMnGDJRVJWfMB8GA1UdIwQYMBaAFAmm8fpPxTLWtOE0Yvwj
TJx2PPNhMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vZjM0ZWNjNDAtNmI4NC00OWU4LWI2
MGItNmU5OTA0MTI4Y2E4LzAvMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRD
OUM3NjNDRjM2MS5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yLzA5QTZGMUZB
NEZDNTMyRDZCNEUxMzQ2MkZDMjM0QzlDNzYzQ0YzNjEuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby9mMzRlY2M0MC02Yjg0LTQ5ZTgtYjYwYi02ZTk5MDQxMjhjYTgvMC8z
MTMxMzUyZTMxMzczODJlMzEzMzM4MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzEz
MzMxMzczMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBc7KKMA0GCSqGSIb3DQEBCwUAA4IBAQAqx6qO
gasybkCwOWq/VdRL3cb1MuEEV82sudWkxqD/fAmsikYQDwnaLmVzOrJeAlCc4dIH
kT+FHvZMgDbsxi3a7WMBRBIFzNM5neq0du4Cs8wTmqcP3UaukQLcx3UOl5i3Lova
I6oFYrkrnOk40DDC0DbvyTEYfaxNzRar/RaTnNuLUlYJ46yoqgcUhFi3ijSH1kcu
RGxdthdDBkAt/JBAEHaxMRzuj7KZEwvLqVyamr8zjgfpOQpPMPxHsSlwz43e7uwe
piKnwDkHnosT0cu5cHjFIpfATytDh/uXCGEx2RWo+Q3DGey5bkhmMiwQV7GurUQ9
PiHRLFgzn9mLutlb
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:16 2024 by rpki-client on console-fra.rpki-client.org