Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132332e302f32342d3234203d3e203137343531.roa
File:                     3131382e39392e3132332e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          uqNkLLVdu02j6opaPWEsN2yCt/Lh9IgWBC5sibrByGQ=
Subject key identifier:   F7:15:7F:85:B6:D5:10:4D:CA:8F:1E:87:92:4F:7B:E8:7E:5D:01:E3
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       13EE123B27C5F1AC9F3625B34D3AD1AD4E27D8E4
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132332e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:40 +0000
ROA not before:           Wed 29 Sep 2021 23:55:40 +0000
ROA not after:            Fri 30 Sep 2022 00:00:40 +0000
asID:                     17451
IP address blocks:        118.99.123.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ee:12:3b:27:c5:f1:ac:9f:36:25:b3:4d:3a:d1:ad:4e:27:d8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:40 2021 GMT
            Not After : Sep 30 00:00:40 2022 GMT
        Subject: CN=3082010A0282010100E2D05297C0926F9A640E5BE52D8FF38AED33DE11275ACEEE730D08BFA9F4E53B41CA157BDF14F431845DECD31FCB60CF49F35FC11735D291BCA809597A057016787BBE0D1687D579CA4F474C80EAB1BDBF06E79AF20B86A693BDED87DE0F4630FD1FFB0FC3E695ECF54CC02ECA260486CB6872C1BB0149DB80B31319E81875FBBBA845B0876A5FC61A07FD3963882C7735382D0E69E84B5067BDA92EB7C238D13BDFDF557DFB0EC39484C1688EE2F4133A0269CAA84E66632C843D1A80AAADB42C9B3D60B14BB27F4E91EDE2CC1B9B0A5CE5DDF6A7F6753701DD60867123AEA35ADAE5E8B161190B9434D197F381F3457096C09ADD9CF5F75F87E4312174E0A90203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d0:52:97:c0:92:6f:9a:64:0e:5b:e5:2d:8f:
                    f3:8a:ed:33:de:11:27:5a:ce:ee:73:0d:08:bf:a9:
                    f4:e5:3b:41:ca:15:7b:df:14:f4:31:84:5d:ec:d3:
                    1f:cb:60:cf:49:f3:5f:c1:17:35:d2:91:bc:a8:09:
                    59:7a:05:70:16:78:7b:be:0d:16:87:d5:79:ca:4f:
                    47:4c:80:ea:b1:bd:bf:06:e7:9a:f2:0b:86:a6:93:
                    bd:ed:87:de:0f:46:30:fd:1f:fb:0f:c3:e6:95:ec:
                    f5:4c:c0:2e:ca:26:04:86:cb:68:72:c1:bb:01:49:
                    db:80:b3:13:19:e8:18:75:fb:bb:a8:45:b0:87:6a:
                    5f:c6:1a:07:fd:39:63:88:2c:77:35:38:2d:0e:69:
                    e8:4b:50:67:bd:a9:2e:b7:c2:38:d1:3b:df:df:55:
                    7d:fb:0e:c3:94:84:c1:68:8e:e2:f4:13:3a:02:69:
                    ca:a8:4e:66:63:2c:84:3d:1a:80:aa:ad:b4:2c:9b:
                    3d:60:b1:4b:b2:7f:4e:91:ed:e2:cc:1b:9b:0a:5c:
                    e5:dd:f6:a7:f6:75:37:01:dd:60:86:71:23:ae:a3:
                    5a:da:e5:e8:b1:61:19:0b:94:34:d1:97:f3:81:f3:
                    45:70:96:c0:9a:dd:9c:f5:f7:5f:87:e4:31:21:74:
                    e0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:15:7F:85:B6:D5:10:4D:CA:8F:1E:87:92:4F:7B:E8:7E:5D:01:E3
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132332e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.99.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:24:01:a1:b9:88:1f:d3:c4:c6:e2:00:0b:9f:ff:ca:4b:6d:
         db:b1:ea:82:7b:f6:a0:2f:16:82:1d:4f:35:4f:49:94:aa:57:
         5c:f2:59:ff:b6:7b:42:ec:d6:a0:10:a1:61:8b:25:8d:00:9c:
         2c:d9:ee:b8:3d:5e:21:54:d4:03:f0:c0:e3:02:e2:01:05:2c:
         6c:dd:9f:b5:a1:ff:f7:49:18:6d:28:6a:d7:0c:b2:5b:b7:43:
         21:2c:0a:b8:a8:06:3c:92:2c:52:de:d8:70:4a:35:c4:49:9e:
         76:80:4a:fb:02:0b:de:25:c6:68:a1:17:6b:8f:d6:1c:08:32:
         26:8f:b6:61:d9:7f:36:9b:5b:ec:84:f2:76:77:71:aa:d2:3b:
         70:13:5c:1c:e4:1a:f2:3c:cd:58:41:a9:62:ad:a6:e9:0e:f0:
         56:f3:da:25:74:2d:01:f1:75:d3:cd:20:82:ab:d6:f0:b9:f1:
         7b:47:7f:98:59:c7:d5:8f:57:0b:bc:3e:85:ba:e0:53:69:e8:
         3e:4a:78:cf:7c:d7:4e:56:f1:14:14:29:09:22:5f:9e:63:21:
         d5:e6:c7:a4:d4:65:94:9a:1b:9a:48:62:d4:ef:49:d0:a1:86:
         63:b8:b7:ff:f4:29:eb:53:75:36:21:a8:33:bb:49:79:a6:bb:
         99:88:53:2a
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUE+4SOyfF8ayfNiWzTTrRrU4n2OQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1NDBaFw0yMjA5MzAwMDAwNDBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRTJEMDUyOTdDMDkyNkY5QTY0
MEU1QkU1MkQ4RkYzOEFFRDMzREUxMTI3NUFDRUVFNzMwRDA4QkZBOUY0RTUzQjQx
Q0ExNTdCREYxNEY0MzE4NDVERUNEMzFGQ0I2MENGNDlGMzVGQzExNzM1RDI5MUJD
QTgwOTU5N0EwNTcwMTY3ODdCQkUwRDE2ODdENTc5Q0E0RjQ3NEM4MEVBQjFCREJG
MDZFNzlBRjIwQjg2QTY5M0JERUQ4N0RFMEY0NjMwRkQxRkZCMEZDM0U2OTVFQ0Y1
NENDMDJFQ0EyNjA0ODZDQjY4NzJDMUJCMDE0OURCODBCMzEzMTlFODE4NzVGQkJC
QTg0NUIwODc2QTVGQzYxQTA3RkQzOTYzODgyQzc3MzUzODJEMEU2OUU4NEI1MDY3
QkRBOTJFQjdDMjM4RDEzQkRGREY1NTdERkIwRUMzOTQ4NEMxNjg4RUUyRjQxMzNB
MDI2OUNBQTg0RTY2NjMyQzg0M0QxQTgwQUFBREI0MkM5QjNENjBCMTRCQjI3RjRF
OTFFREUyQ0MxQjlCMEE1Q0U1RERGNkE3RjY3NTM3MDFERDYwODY3MTIzQUVBMzVB
REFFNUU4QjE2MTE5MEI5NDM0RDE5N0YzODFGMzQ1NzA5NkMwOUFERDlDRjVGNzVG
ODdFNDMxMjE3NEUwQTkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA4tBSl8CSb5pkDlvlLY/ziu0z3hEnWs7ucw0Iv6n05TtByhV73xT0
MYRd7NMfy2DPSfNfwRc10pG8qAlZegVwFnh7vg0Wh9V5yk9HTIDqsb2/Buea8guG
ppO97YfeD0Yw/R/7D8Pmlez1TMAuyiYEhstocsG7AUnbgLMTGegYdfu7qEWwh2pf
xhoH/TljiCx3NTgtDmnoS1Bnvakut8I40Tvf31V9+w7DlITBaI7i9BM6AmnKqE5m
YyyEPRqAqq20LJs9YLFLsn9Oke3izBubClzl3fan9nU3Ad1ghnEjrqNa2uXosWEZ
C5Q00ZfzgfNFcJbAmt2c9fdfh+QxIXTgqQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FPcVf4W21RBNyo8eh5JPe+h+XQHjMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzgyZTM5MzkyZTMxMzIzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB2Y3swDQYJKoZIhvcNAQELBQADggEBAEUkAaG5iB/T
xMbiAAuf/8pLbdux6oJ79qAvFoIdTzVPSZSqV1zyWf+2e0Ls1qAQoWGLJY0AnCzZ
7rg9XiFU1APwwOMC4gEFLGzdn7Wh//dJGG0oatcMslu3QyEsCrioBjySLFLe2HBK
NcRJnnaASvsCC94lxmihF2uP1hwIMiaPtmHZfzabW+yE8nZ3carSO3ATXBzkGvI8
zVhBqWKtpukO8Fbz2iV0LQHxddPNIIKr1vC58XtHf5hZx9WPVwu8PoW64FNp6D5K
eM98105W8RQUKQkiX55jIdXmx6TUZZSaG5pIYtTvSdChhmO4t//0KetTdTYhqDO7
SXmmu5mIUyo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:45 2023 by rpki-client on console-fra.rpki-client.org