Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e36362e302f32342d3234203d3e203137343531.roa
File:                     3138322e3235332e36362e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          V2cUA+x8/NKQZjsGxcI9kAp8MrzVJKw8OcjHs0wrY10=
Subject key identifier:   59:C5:F6:33:C6:CB:71:66:90:D9:C2:89:77:A1:01:64:94:AA:41:41
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       3C5F1B5868BD9CCBAAC83A80C1007DE98D89AA37
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e36362e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:15 +0000
ROA not before:           Wed 29 Sep 2021 23:56:15 +0000
ROA not after:            Fri 30 Sep 2022 00:01:15 +0000
asID:                     17451
IP address blocks:        182.253.66.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:5f:1b:58:68:bd:9c:cb:aa:c8:3a:80:c1:00:7d:e9:8d:89:aa:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:15 2021 GMT
            Not After : Sep 30 00:01:15 2022 GMT
        Subject: CN=3082010A0282010100C80543FD648DCDFB2A28696E3C2189A3DDEF038C1602910383759682FD27B2EC7A8ED9B267FDB47E2B3C9BF38A5B5BEBF8C859DC761385E90911F61919EB67C18E5AAD3C1DEF563181261B3ED9FDE9C1E516D79B8B2C7BBA4CAD7B1B2E3518501B8665FF75BB0ABF126BAE56BEE95415EE567BDAE5D0619667DFAB6921C2EAB9AE379C0948D6CC727C803B2089A3AF28E0158C9010A6A60A72C2CD22BAEAB897AEE3966647EC51F2F4495950F941B1D07E3C8CA5C89F882F3234445A2AD74AD300EFC0BE92E32386FC31F452D87CB360B687481EA64BA28AAB74FEF00EF157EC01BD0DEB2AA051AE3EFD64331525CD48DAF7B74148E152FAED03685D86AEFAFD0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:05:43:fd:64:8d:cd:fb:2a:28:69:6e:3c:21:
                    89:a3:dd:ef:03:8c:16:02:91:03:83:75:96:82:fd:
                    27:b2:ec:7a:8e:d9:b2:67:fd:b4:7e:2b:3c:9b:f3:
                    8a:5b:5b:eb:f8:c8:59:dc:76:13:85:e9:09:11:f6:
                    19:19:eb:67:c1:8e:5a:ad:3c:1d:ef:56:31:81:26:
                    1b:3e:d9:fd:e9:c1:e5:16:d7:9b:8b:2c:7b:ba:4c:
                    ad:7b:1b:2e:35:18:50:1b:86:65:ff:75:bb:0a:bf:
                    12:6b:ae:56:be:e9:54:15:ee:56:7b:da:e5:d0:61:
                    96:67:df:ab:69:21:c2:ea:b9:ae:37:9c:09:48:d6:
                    cc:72:7c:80:3b:20:89:a3:af:28:e0:15:8c:90:10:
                    a6:a6:0a:72:c2:cd:22:ba:ea:b8:97:ae:e3:96:66:
                    47:ec:51:f2:f4:49:59:50:f9:41:b1:d0:7e:3c:8c:
                    a5:c8:9f:88:2f:32:34:44:5a:2a:d7:4a:d3:00:ef:
                    c0:be:92:e3:23:86:fc:31:f4:52:d8:7c:b3:60:b6:
                    87:48:1e:a6:4b:a2:8a:ab:74:fe:f0:0e:f1:57:ec:
                    01:bd:0d:eb:2a:a0:51:ae:3e:fd:64:33:15:25:cd:
                    48:da:f7:b7:41:48:e1:52:fa:ed:03:68:5d:86:ae:
                    fa:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C5:F6:33:C6:CB:71:66:90:D9:C2:89:77:A1:01:64:94:AA:41:41
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e36362e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e6:a2:f9:00:27:32:c5:d9:45:fd:1c:f2:4d:19:9c:26:e5:
         5a:87:8c:c4:71:06:a3:02:c1:4a:af:a1:86:73:9f:49:64:29:
         e3:f1:40:2f:34:97:4c:3d:94:10:55:22:71:c0:c7:f1:48:49:
         b8:4b:12:00:f0:0c:4b:e0:25:85:58:ea:15:0e:2a:f6:24:61:
         61:ed:7b:04:98:0e:5c:c0:f8:e0:ab:da:49:34:ba:47:47:e8:
         24:d9:bc:e6:cf:3e:35:83:fe:33:b9:20:01:e5:31:b8:a2:28:
         49:80:4b:0a:d3:2c:27:c5:50:5e:b5:42:10:d4:d0:ff:d9:f6:
         07:89:59:36:fa:7b:3e:03:60:dd:91:88:32:60:0e:17:a5:c7:
         d2:23:df:89:73:ab:0e:15:3f:24:9c:4e:9f:4f:55:54:ee:ea:
         8c:9b:00:92:2f:e8:73:d4:d8:24:aa:b7:cd:53:43:94:48:04:
         7a:fb:68:12:ba:b4:85:51:a7:f5:b0:61:e9:96:b2:47:9c:1d:
         53:93:fd:cc:42:2a:39:4d:c8:49:38:53:1e:a3:fb:6d:70:f1:
         ab:63:ff:5a:c4:65:d5:80:26:22:9a:34:0e:29:da:a3:79:e2:
         bc:9d:a2:55:79:ae:83:c8:cb:25:22:8c:ce:70:2f:e1:38:0e:
         ea:48:2b:96
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUPF8bWGi9nMuqyDqAwQB96Y2JqjcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MTVaFw0yMjA5MzAwMDAxMTVaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzgwNTQzRkQ2NDhEQ0RGQjJB
Mjg2OTZFM0MyMTg5QTNEREVGMDM4QzE2MDI5MTAzODM3NTk2ODJGRDI3QjJFQzdB
OEVEOUIyNjdGREI0N0UyQjNDOUJGMzhBNUI1QkVCRjhDODU5REM3NjEzODVFOTA5
MTFGNjE5MTlFQjY3QzE4RTVBQUQzQzFERUY1NjMxODEyNjFCM0VEOUZERTlDMUU1
MTZENzlCOEIyQzdCQkE0Q0FEN0IxQjJFMzUxODUwMUI4NjY1RkY3NUJCMEFCRjEy
NkJBRTU2QkVFOTU0MTVFRTU2N0JEQUU1RDA2MTk2NjdERkFCNjkyMUMyRUFCOUFF
Mzc5QzA5NDhENkNDNzI3QzgwM0IyMDg5QTNBRjI4RTAxNThDOTAxMEE2QTYwQTcy
QzJDRDIyQkFFQUI4OTdBRUUzOTY2NjQ3RUM1MUYyRjQ0OTU5NTBGOTQxQjFEMDdF
M0M4Q0E1Qzg5Rjg4MkYzMjM0NDQ1QTJBRDc0QUQzMDBFRkMwQkU5MkUzMjM4NkZD
MzFGNDUyRDg3Q0IzNjBCNjg3NDgxRUE2NEJBMjhBQUI3NEZFRjAwRUYxNTdFQzAx
QkQwREVCMkFBMDUxQUUzRUZENjQzMzE1MjVDRDQ4REFGN0I3NDE0OEUxNTJGQUVE
MDM2ODVEODZBRUZBRkQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyAVD/WSNzfsqKGluPCGJo93vA4wWApEDg3WWgv0nsux6jtmyZ/20
fis8m/OKW1vr+MhZ3HYThekJEfYZGetnwY5arTwd71YxgSYbPtn96cHlFtebiyx7
ukytexsuNRhQG4Zl/3W7Cr8Sa65WvulUFe5We9rl0GGWZ9+raSHC6rmuN5wJSNbM
cnyAOyCJo68o4BWMkBCmpgpyws0iuuq4l67jlmZH7FHy9ElZUPlBsdB+PIylyJ+I
LzI0RFoq10rTAO/AvpLjI4b8MfRS2HyzYLaHSB6mS6KKq3T+8A7xV+wBvQ3rKqBR
rj79ZDMVJc1I2ve3QUjhUvrtA2hdhq76/QIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FFnF9jPGy3FmkNnCiXehAWSUqkFBMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTM4MzIyZTMyMzUzMzJlMzYzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC2/UIwDQYJKoZIhvcNAQELBQADggEBAEDmovkAJzLF
2UX9HPJNGZwm5VqHjMRxBqMCwUqvoYZzn0lkKePxQC80l0w9lBBVInHAx/FISbhL
EgDwDEvgJYVY6hUOKvYkYWHtewSYDlzA+OCr2kk0ukdH6CTZvObPPjWD/jO5IAHl
MbiiKEmASwrTLCfFUF61QhDU0P/Z9geJWTb6ez4DYN2RiDJgDhelx9Ij34lzqw4V
PyScTp9PVVTu6oybAJIv6HPU2CSqt81TQ5RIBHr7aBK6tIVRp/WwYemWskecHVOT
/cxCKjlNyEk4Ux6j+21w8atj/1rEZdWAJiKaNA4p2qN54rydolV5roPIyyUijM5w
L+E4DupIK5Y=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org