Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131382e302f32342d3234203d3e203137343531.roa
File:                     3131382e39392e3131382e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          VMeVDJUA0lzA6yIP+gsGfsMbKfRPscAvJ5+3iOCzsAw=
Subject key identifier:   5B:32:CC:C2:45:87:5F:9E:E5:B3:5A:53:72:B6:CA:EF:D1:C2:E6:97
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       7600507153C2D9370FD9E4F9417339A91D48737C
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131382e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:04 +0000
ROA not before:           Wed 29 Sep 2021 23:56:04 +0000
ROA not after:            Fri 30 Sep 2022 00:01:04 +0000
asID:                     17451
IP address blocks:        118.99.118.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:00:50:71:53:c2:d9:37:0f:d9:e4:f9:41:73:39:a9:1d:48:73:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:04 2021 GMT
            Not After : Sep 30 00:01:04 2022 GMT
        Subject: CN=3082010A0282010100C1ABDE3B4AA8546E8BE6EDC75A75E599074BDED7EDC6328C1BE0E266CCFE1CA88FD0425CA8AAD0305638FC040C53344B6E849296A38299F2815EE545378C93FD45C969D1D1D5F67A2070EAF86EA9271CBAE4367C74070FEF8D3066490ECA3D24B89E5610224EACB181CD6737618B8727111A3A4A8E918E5A295D5072D904B340B09EC45011637D4BF18B56705C9FD07940D6FC7D9D34E28F6573AA10CA5C88B4852C6F3210D5B2EB412C6A0BCDE333D4AF087C1FAD6FEF04CBABF31686DA2A3FB5774DA54306D64EBCD072BA3E272DE91CE1C513359015BA4EB3B74E29FB168F970E3A07ABFB8F0D66387BAFF8666C712C2A194BD472BCB68BBB1BB4109BFC190203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ab:de:3b:4a:a8:54:6e:8b:e6:ed:c7:5a:75:
                    e5:99:07:4b:de:d7:ed:c6:32:8c:1b:e0:e2:66:cc:
                    fe:1c:a8:8f:d0:42:5c:a8:aa:d0:30:56:38:fc:04:
                    0c:53:34:4b:6e:84:92:96:a3:82:99:f2:81:5e:e5:
                    45:37:8c:93:fd:45:c9:69:d1:d1:d5:f6:7a:20:70:
                    ea:f8:6e:a9:27:1c:ba:e4:36:7c:74:07:0f:ef:8d:
                    30:66:49:0e:ca:3d:24:b8:9e:56:10:22:4e:ac:b1:
                    81:cd:67:37:61:8b:87:27:11:1a:3a:4a:8e:91:8e:
                    5a:29:5d:50:72:d9:04:b3:40:b0:9e:c4:50:11:63:
                    7d:4b:f1:8b:56:70:5c:9f:d0:79:40:d6:fc:7d:9d:
                    34:e2:8f:65:73:aa:10:ca:5c:88:b4:85:2c:6f:32:
                    10:d5:b2:eb:41:2c:6a:0b:cd:e3:33:d4:af:08:7c:
                    1f:ad:6f:ef:04:cb:ab:f3:16:86:da:2a:3f:b5:77:
                    4d:a5:43:06:d6:4e:bc:d0:72:ba:3e:27:2d:e9:1c:
                    e1:c5:13:35:90:15:ba:4e:b3:b7:4e:29:fb:16:8f:
                    97:0e:3a:07:ab:fb:8f:0d:66:38:7b:af:f8:66:6c:
                    71:2c:2a:19:4b:d4:72:bc:b6:8b:bb:1b:b4:10:9b:
                    fc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:32:CC:C2:45:87:5F:9E:E5:B3:5A:53:72:B6:CA:EF:D1:C2:E6:97
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131382e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.99.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ce:34:34:2c:e2:75:7b:df:ee:58:9a:d2:2a:7a:2f:47:b3:
         98:56:61:d1:6a:6a:b1:93:06:43:5e:35:4c:d7:93:4f:bc:20:
         2b:a4:d3:48:90:33:31:c1:06:35:13:03:4d:f1:24:b1:8d:4a:
         7f:d9:17:b2:e8:c8:a2:c7:3a:ad:a9:da:0d:d1:01:07:ec:98:
         0e:5a:1a:46:5e:7f:3c:26:c4:a4:7d:c4:5a:7c:48:78:f2:d0:
         53:64:44:0d:c8:4e:c3:51:ff:c5:2b:11:9b:b7:35:14:49:ec:
         90:55:35:2c:5f:77:35:11:bd:17:19:93:d7:5f:53:cd:57:4c:
         16:23:c4:87:ef:e8:4e:30:2b:38:2c:52:bf:8e:ac:85:d2:79:
         00:13:02:96:1b:5c:56:31:18:0e:4f:0b:e9:8d:2b:88:df:72:
         f3:63:82:37:38:f1:1b:c8:11:ac:3d:fa:7c:96:58:9b:6c:fc:
         ef:93:95:43:17:a6:6d:2c:05:6b:4f:6c:51:92:af:f5:35:03:
         8f:ba:1c:eb:02:30:6d:ba:e3:50:9b:1a:22:a2:a0:be:cf:a7:
         0f:9b:4e:9e:ff:ef:52:ab:03:81:d7:70:4d:6f:97:52:b9:bc:
         43:70:e9:f8:d5:25:d9:37:a0:4e:1f:c5:6f:a0:19:b2:d3:65:
         7b:f8:29:7a
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUdgBQcVPC2TcP2eT5QXM5qR1Ic3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MDRaFw0yMjA5MzAwMDAxMDRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzFBQkRFM0I0QUE4NTQ2RThC
RTZFREM3NUE3NUU1OTkwNzRCREVEN0VEQzYzMjhDMUJFMEUyNjZDQ0ZFMUNBODhG
RDA0MjVDQThBQUQwMzA1NjM4RkMwNDBDNTMzNDRCNkU4NDkyOTZBMzgyOTlGMjgx
NUVFNTQ1Mzc4QzkzRkQ0NUM5NjlEMUQxRDVGNjdBMjA3MEVBRjg2RUE5MjcxQ0JB
RTQzNjdDNzQwNzBGRUY4RDMwNjY0OTBFQ0EzRDI0Qjg5RTU2MTAyMjRFQUNCMTgx
Q0Q2NzM3NjE4Qjg3MjcxMTFBM0E0QThFOTE4RTVBMjk1RDUwNzJEOTA0QjM0MEIw
OUVDNDUwMTE2MzdENEJGMThCNTY3MDVDOUZEMDc5NDBENkZDN0Q5RDM0RTI4RjY1
NzNBQTEwQ0E1Qzg4QjQ4NTJDNkYzMjEwRDVCMkVCNDEyQzZBMEJDREUzMzNENEFG
MDg3QzFGQUQ2RkVGMDRDQkFCRjMxNjg2REEyQTNGQjU3NzREQTU0MzA2RDY0RUJD
RDA3MkJBM0UyNzJERTkxQ0UxQzUxMzM1OTAxNUJBNEVCM0I3NEUyOUZCMTY4Rjk3
MEUzQTA3QUJGQjhGMEQ2NjM4N0JBRkY4NjY2QzcxMkMyQTE5NEJENDcyQkNCNjhC
QkIxQkI0MTA5QkZDMTkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwaveO0qoVG6L5u3HWnXlmQdL3tftxjKMG+DiZsz+HKiP0EJcqKrQ
MFY4/AQMUzRLboSSlqOCmfKBXuVFN4yT/UXJadHR1fZ6IHDq+G6pJxy65DZ8dAcP
740wZkkOyj0kuJ5WECJOrLGBzWc3YYuHJxEaOkqOkY5aKV1QctkEs0CwnsRQEWN9
S/GLVnBcn9B5QNb8fZ004o9lc6oQylyItIUsbzIQ1bLrQSxqC83jM9SvCHwfrW/v
BMur8xaG2io/tXdNpUMG1k680HK6Pict6RzhxRM1kBW6TrO3Tin7Fo+XDjoHq/uP
DWY4e6/4ZmxxLCoZS9RyvLaLuxu0EJv8GQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FFsyzMJFh1+e5bNaU3K2yu/RwuaXMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzgyZTM5MzkyZTMxMzEzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB2Y3YwDQYJKoZIhvcNAQELBQADggEBAEfONDQs4nV7
3+5YmtIqei9Hs5hWYdFqarGTBkNeNUzXk0+8ICuk00iQMzHBBjUTA03xJLGNSn/Z
F7LoyKLHOq2p2g3RAQfsmA5aGkZefzwmxKR9xFp8SHjy0FNkRA3ITsNR/8UrEZu3
NRRJ7JBVNSxfdzURvRcZk9dfU81XTBYjxIfv6E4wKzgsUr+OrIXSeQATApYbXFYx
GA5PC+mNK4jfcvNjgjc48RvIEaw9+nyWWJts/O+TlUMXpm0sBWtPbFGSr/U1A4+6
HOsCMG2641CbGiKioL7Ppw+bTp7/71KrA4HXcE1vl1K5vENw6fjVJdk3oE4fxW+g
GbLTZXv4KXo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org