Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132362e302f32342d3234203d3e203137343531.roa
File:                     3131382e39392e3132362e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          VK/ssFA8quDQEHUzRpUpkCjlBdTOxF3sp4WLSwsLXqc=
Subject key identifier:   EF:7D:0A:87:C2:5A:65:60:3A:E8:AB:22:8E:C2:A0:58:24:3C:86:47
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       3B0E03D10063DE2FCBC66888BA69FE0F8B1C7C5E
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132362e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:34 +0000
ROA not before:           Wed 29 Sep 2021 23:55:34 +0000
ROA not after:            Fri 30 Sep 2022 00:00:34 +0000
asID:                     17451
IP address blocks:        118.99.126.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:0e:03:d1:00:63:de:2f:cb:c6:68:88:ba:69:fe:0f:8b:1c:7c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:34 2021 GMT
            Not After : Sep 30 00:00:34 2022 GMT
        Subject: CN=3082010A0282010100D2951D313993978C57F64A0465230798F8017C36A8DBBEFC08ECE6C4A8A1E52FE37C70D62A13499FCEA32AA98F27C39D91BEEF969C2AA065E2AD3E2D7CCE205EEA7B069F63512083BCC5DE345797D580A82889A93A2A81C2DF966A16CEA43237979D1190F6B0CA6C118915DC3317FEF9DD8F95783CC1C67844D26B907B3287269539C556D5D07A2AB498B528B8098FC30C19ACF283FCFE547BC5FDA3A9FB31F9054E6CB48E6643758BA74442520CB19D6D4D7162113880D0C9002199A1FC4932672146D6D71F27453FB636FA76F66971D82FFB89A5BCFADAFBB7D7E35D94FD017C879949782DA20C0F0273EA8BE86EDB289608C1BD6749843312F419555132990203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:95:1d:31:39:93:97:8c:57:f6:4a:04:65:23:
                    07:98:f8:01:7c:36:a8:db:be:fc:08:ec:e6:c4:a8:
                    a1:e5:2f:e3:7c:70:d6:2a:13:49:9f:ce:a3:2a:a9:
                    8f:27:c3:9d:91:be:ef:96:9c:2a:a0:65:e2:ad:3e:
                    2d:7c:ce:20:5e:ea:7b:06:9f:63:51:20:83:bc:c5:
                    de:34:57:97:d5:80:a8:28:89:a9:3a:2a:81:c2:df:
                    96:6a:16:ce:a4:32:37:97:9d:11:90:f6:b0:ca:6c:
                    11:89:15:dc:33:17:fe:f9:dd:8f:95:78:3c:c1:c6:
                    78:44:d2:6b:90:7b:32:87:26:95:39:c5:56:d5:d0:
                    7a:2a:b4:98:b5:28:b8:09:8f:c3:0c:19:ac:f2:83:
                    fc:fe:54:7b:c5:fd:a3:a9:fb:31:f9:05:4e:6c:b4:
                    8e:66:43:75:8b:a7:44:42:52:0c:b1:9d:6d:4d:71:
                    62:11:38:80:d0:c9:00:21:99:a1:fc:49:32:67:21:
                    46:d6:d7:1f:27:45:3f:b6:36:fa:76:f6:69:71:d8:
                    2f:fb:89:a5:bc:fa:da:fb:b7:d7:e3:5d:94:fd:01:
                    7c:87:99:49:78:2d:a2:0c:0f:02:73:ea:8b:e8:6e:
                    db:28:96:08:c1:bd:67:49:84:33:12:f4:19:55:51:
                    32:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7D:0A:87:C2:5A:65:60:3A:E8:AB:22:8E:C2:A0:58:24:3C:86:47
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3132362e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.99.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:ab:63:c7:26:8c:d9:cb:d2:40:8c:b6:97:b6:35:70:06:ac:
         61:5a:9e:cb:1f:c3:0a:7f:84:2f:d1:0f:34:fb:12:47:0b:a5:
         ac:f1:7c:a7:ad:9a:81:36:f1:82:7c:48:94:3e:57:ff:70:1d:
         dd:7e:e5:43:1b:8e:0a:70:a5:4b:d2:59:99:a0:ea:dc:a0:7b:
         25:3a:a7:b3:dc:5b:2f:3a:e9:1c:fb:35:3b:ca:8d:70:1e:33:
         ef:f9:55:30:24:8c:c0:fc:47:9e:ae:a3:c2:ea:0f:77:17:54:
         57:35:26:2f:d5:8a:7a:91:48:15:2a:a7:33:30:72:50:0c:d2:
         bc:9e:f8:e0:bd:03:23:1b:44:f2:71:71:4b:a2:ac:7a:97:f9:
         3b:4e:70:d8:a4:29:00:b0:25:c0:b3:dc:c4:f0:47:61:67:2f:
         93:ff:4f:e6:cc:25:56:95:2c:e7:26:ab:da:64:47:87:cc:89:
         3f:0a:db:85:db:11:31:8b:20:3f:f9:09:1b:09:84:9d:f9:63:
         9d:c9:47:f6:ac:d2:c3:1b:92:d1:8f:a0:96:53:e4:cb:d4:ae:
         03:8c:db:ef:d5:49:e9:39:36:64:13:b8:f1:bf:e4:b5:50:9c:
         e9:0a:24:2f:46:5f:77:16:45:b8:61:d7:2f:10:ae:37:d7:aa:
         e2:9d:96:f0
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUOw4D0QBj3i/LxmiIumn+D4scfF4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MzRaFw0yMjA5MzAwMDAwMzRaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRDI5NTFEMzEzOTkzOTc4QzU3
RjY0QTA0NjUyMzA3OThGODAxN0MzNkE4REJCRUZDMDhFQ0U2QzRBOEExRTUyRkUz
N0M3MEQ2MkExMzQ5OUZDRUEzMkFBOThGMjdDMzlEOTFCRUVGOTY5QzJBQTA2NUUy
QUQzRTJEN0NDRTIwNUVFQTdCMDY5RjYzNTEyMDgzQkNDNURFMzQ1Nzk3RDU4MEE4
Mjg4OUE5M0EyQTgxQzJERjk2NkExNkNFQTQzMjM3OTc5RDExOTBGNkIwQ0E2QzEx
ODkxNURDMzMxN0ZFRjlERDhGOTU3ODNDQzFDNjc4NDREMjZCOTA3QjMyODcyNjk1
MzlDNTU2RDVEMDdBMkFCNDk4QjUyOEI4MDk4RkMzMEMxOUFDRjI4M0ZDRkU1NDdC
QzVGREEzQTlGQjMxRjkwNTRFNkNCNDhFNjY0Mzc1OEJBNzQ0NDI1MjBDQjE5RDZE
NEQ3MTYyMTEzODgwRDBDOTAwMjE5OUExRkM0OTMyNjcyMTQ2RDZENzFGMjc0NTNG
QjYzNkZBNzZGNjY5NzFEODJGRkI4OUE1QkNGQURBRkJCN0Q3RTM1RDk0RkQwMTdD
ODc5OTQ5NzgyREEyMEMwRjAyNzNFQThCRTg2RURCMjg5NjA4QzFCRDY3NDk4NDMz
MTJGNDE5NTU1MTMyOTkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0pUdMTmTl4xX9koEZSMHmPgBfDao2778COzmxKih5S/jfHDWKhNJ
n86jKqmPJ8Odkb7vlpwqoGXirT4tfM4gXup7Bp9jUSCDvMXeNFeX1YCoKImpOiqB
wt+WahbOpDI3l50RkPawymwRiRXcMxf++d2PlXg8wcZ4RNJrkHsyhyaVOcVW1dB6
KrSYtSi4CY/DDBms8oP8/lR7xf2jqfsx+QVObLSOZkN1i6dEQlIMsZ1tTXFiETiA
0MkAIZmh/EkyZyFG1tcfJ0U/tjb6dvZpcdgv+4mlvPra+7fX412U/QF8h5lJeC2i
DA8Cc+qL6G7bKJYIwb1nSYQzEvQZVVEymQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FO99CofCWmVgOuirIo7CoFgkPIZHMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzgyZTM5MzkyZTMxMzIzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB2Y34wDQYJKoZIhvcNAQELBQADggEBAJ6rY8cmjNnL
0kCMtpe2NXAGrGFanssfwwp/hC/RDzT7EkcLpazxfKetmoE28YJ8SJQ+V/9wHd1+
5UMbjgpwpUvSWZmg6tygeyU6p7PcWy866Rz7NTvKjXAeM+/5VTAkjMD8R56uo8Lq
D3cXVFc1Ji/VinqRSBUqpzMwclAM0rye+OC9AyMbRPJxcUuirHqX+TtOcNikKQCw
JcCz3MTwR2FnL5P/T+bMJVaVLOcmq9pkR4fMiT8K24XbETGLID/5CRsJhJ35Y53J
R/as0sMbktGPoJZT5MvUrgOM2+/VSek5NmQTuPG/5LVQnOkKJC9GX3cWRbhh1y8Q
rjfXquKdlvA=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org