Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e33352e302f32342d3234203d3e203137343531.roa
File:                     3138322e3235332e33352e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          Kt2I0r3xeKc8F1e3QgLUnwwthxswCI5uWoFd0f+rg/k=
Subject key identifier:   49:8E:B0:1C:A6:A1:74:AF:BE:38:7D:09:96:84:A0:5B:6D:C5:30:C8
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       7484FF6D8361CDCA0F53A3484B26BDE8CEB6D9E3
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e33352e302f32342d3234203d3e203137343531.roa
Signing time:             Fri 21 Jan 2022 18:00:08 +0000
ROA not before:           Fri 21 Jan 2022 17:55:08 +0000
ROA not after:            Sat 21 Jan 2023 18:00:08 +0000
asID:                     17451
IP address blocks:        182.253.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:84:ff:6d:83:61:cd:ca:0f:53:a3:48:4b:26:bd:e8:ce:b6:d9:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Jan 21 17:55:08 2022 GMT
            Not After : Jan 21 18:00:08 2023 GMT
        Subject: CN=3082010A0282010100B5E2330D2F0900BFD08F743C687B0EB8B9C754BC67BEDC7A3699BCCF839C1CD24A39AE0FC0A7EE5363DC2725DEF0CEF98A5CA23895F73C5B554946EC172375C420ACE3C2C0CC2B135F3972A07C410B4D41EAD7B6C670D30DA742B8677D20AEC1D9821C1FCA0E5D72557E42359A7D46A9F25F837D6CFEF9A47D3EFD881E29AFC24EEAC88AE786116BB9B241B76539E45562E0486EBF4271F42CE30418DCDD8C34ADE73903D97BD8D1C19203056D0940318F6FA8F649D7CECAE41FBAB565266FC8E41EC5F70BD53D9707EFBFFA71D3339E36881D060E9A909EA92CE0261CD7B7FA879091B1814EB82550101B99CA48422BE6FF32436B84BD3CD402E038A09A96390203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:33:0d:2f:09:00:bf:d0:8f:74:3c:68:7b:
                    0e:b8:b9:c7:54:bc:67:be:dc:7a:36:99:bc:cf:83:
                    9c:1c:d2:4a:39:ae:0f:c0:a7:ee:53:63:dc:27:25:
                    de:f0:ce:f9:8a:5c:a2:38:95:f7:3c:5b:55:49:46:
                    ec:17:23:75:c4:20:ac:e3:c2:c0:cc:2b:13:5f:39:
                    72:a0:7c:41:0b:4d:41:ea:d7:b6:c6:70:d3:0d:a7:
                    42:b8:67:7d:20:ae:c1:d9:82:1c:1f:ca:0e:5d:72:
                    55:7e:42:35:9a:7d:46:a9:f2:5f:83:7d:6c:fe:f9:
                    a4:7d:3e:fd:88:1e:29:af:c2:4e:ea:c8:8a:e7:86:
                    11:6b:b9:b2:41:b7:65:39:e4:55:62:e0:48:6e:bf:
                    42:71:f4:2c:e3:04:18:dc:dd:8c:34:ad:e7:39:03:
                    d9:7b:d8:d1:c1:92:03:05:6d:09:40:31:8f:6f:a8:
                    f6:49:d7:ce:ca:e4:1f:ba:b5:65:26:6f:c8:e4:1e:
                    c5:f7:0b:d5:3d:97:07:ef:bf:fa:71:d3:33:9e:36:
                    88:1d:06:0e:9a:90:9e:a9:2c:e0:26:1c:d7:b7:fa:
                    87:90:91:b1:81:4e:b8:25:50:10:1b:99:ca:48:42:
                    2b:e6:ff:32:43:6b:84:bd:3c:d4:02:e0:38:a0:9a:
                    96:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:8E:B0:1C:A6:A1:74:AF:BE:38:7D:09:96:84:A0:5B:6D:C5:30:C8
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e33352e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:de:45:ca:75:fe:96:5c:63:b2:fb:1f:d9:e1:c3:20:89:37:
         c4:50:7a:c7:fb:7c:a6:fe:ff:3b:0c:2a:c3:bc:3b:96:5a:b5:
         32:cb:41:0a:f3:42:f2:8c:c7:82:ea:f1:0b:95:19:49:ae:a7:
         1a:52:0d:6a:45:ff:78:e7:7d:44:1a:22:e4:7c:5c:ad:7a:36:
         c1:fe:35:49:e1:a4:ef:1c:b5:57:7d:c3:ae:ab:0c:a8:c1:38:
         b9:fd:ca:93:0e:56:e9:27:97:d1:70:0a:16:ef:d2:df:e0:41:
         e5:29:3c:d0:61:1d:a2:0a:22:97:ab:0a:a8:3a:48:65:57:db:
         17:89:9e:2d:d5:c6:19:4b:64:7a:00:af:30:c4:92:fb:90:c0:
         19:c8:ad:0b:3a:c0:e4:bf:2d:b4:b6:39:44:e1:1d:d8:63:2d:
         a1:49:62:d2:26:e9:c9:f7:78:f7:29:49:7f:a2:0a:c8:de:ff:
         f1:04:ea:74:20:e1:76:2a:6f:f4:4e:0d:63:36:4f:6c:66:63:
         2c:ee:6e:07:90:b3:d6:f3:32:88:dc:96:fc:21:77:96:16:ee:
         82:32:30:94:37:95:1a:d8:61:48:d1:4e:3b:90:b6:30:03:2e:
         0c:f3:56:64:f8:6f:b2:1f:01:b4:1f:1a:b7:d8:81:4b:49:d2:
         b4:ee:79:73
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUdIT/bYNhzcoPU6NISya96M622eMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMjAxMjExNzU1MDhaFw0yMzAxMjExODAwMDhaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjVFMjMzMEQyRjA5MDBCRkQw
OEY3NDNDNjg3QjBFQjhCOUM3NTRCQzY3QkVEQzdBMzY5OUJDQ0Y4MzlDMUNEMjRB
MzlBRTBGQzBBN0VFNTM2M0RDMjcyNURFRjBDRUY5OEE1Q0EyMzg5NUY3M0M1QjU1
NDk0NkVDMTcyMzc1QzQyMEFDRTNDMkMwQ0MyQjEzNUYzOTcyQTA3QzQxMEI0RDQx
RUFEN0I2QzY3MEQzMERBNzQyQjg2NzdEMjBBRUMxRDk4MjFDMUZDQTBFNUQ3MjU1
N0U0MjM1OUE3RDQ2QTlGMjVGODM3RDZDRkVGOUE0N0QzRUZEODgxRTI5QUZDMjRF
RUFDODhBRTc4NjExNkJCOUIyNDFCNzY1MzlFNDU1NjJFMDQ4NkVCRjQyNzFGNDJD
RTMwNDE4RENERDhDMzRBREU3MzkwM0Q5N0JEOEQxQzE5MjAzMDU2RDA5NDAzMThG
NkZBOEY2NDlEN0NFQ0FFNDFGQkFCNTY1MjY2RkM4RTQxRUM1RjcwQkQ1M0Q5NzA3
RUZCRkZBNzFEMzMzOUUzNjg4MUQwNjBFOUE5MDlFQTkyQ0UwMjYxQ0Q3QjdGQTg3
OTA5MUIxODE0RUI4MjU1MDEwMUI5OUNBNDg0MjJCRTZGRjMyNDM2Qjg0QkQzQ0Q0
MDJFMDM4QTA5QTk2MzkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAteIzDS8JAL/Qj3Q8aHsOuLnHVLxnvtx6Npm8z4OcHNJKOa4PwKfu
U2PcJyXe8M75ilyiOJX3PFtVSUbsFyN1xCCs48LAzCsTXzlyoHxBC01B6te2xnDT
DadCuGd9IK7B2YIcH8oOXXJVfkI1mn1GqfJfg31s/vmkfT79iB4pr8JO6siK54YR
a7myQbdlOeRVYuBIbr9CcfQs4wQY3N2MNK3nOQPZe9jRwZIDBW0JQDGPb6j2SdfO
yuQfurVlJm/I5B7F9wvVPZcH77/6cdMznjaIHQYOmpCeqSzgJhzXt/qHkJGxgU64
JVAQG5nKSEIr5v8yQ2uEvTzUAuA4oJqWOQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FEmOsBymoXSvvjh9CZaEoFttxTDIMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTM4MzIyZTMyMzUzMzJlMzMzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC2/SMwDQYJKoZIhvcNAQELBQADggEBABPeRcp1/pZc
Y7L7H9nhwyCJN8RQesf7fKb+/zsMKsO8O5ZatTLLQQrzQvKMx4Lq8QuVGUmupxpS
DWpF/3jnfUQaIuR8XK16NsH+NUnhpO8ctVd9w66rDKjBOLn9ypMOVuknl9FwChbv
0t/gQeUpPNBhHaIKIperCqg6SGVX2xeJni3VxhlLZHoArzDEkvuQwBnIrQs6wOS/
LbS2OUThHdhjLaFJYtIm6cn3ePcpSX+iCsje//EE6nQg4XYqb/RODWM2T2xmYyzu
bgeQs9bzMojclvwhd5YW7oIyMJQ3lRrYYUjRTjuQtjADLgzzVmT4b7IfAbQfGrfY
gUtJ0rTueXM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:45 2023 by rpki-client on console-fra.rpki-client.org