Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e39382e302f32342d3234203d3e203137343531.roa
File:                     3138322e3235332e39382e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          H+TCE6jlDw8jZ8SygTMePt2Yfx0q3V3m9cb0dO5Yi24=
Subject key identifier:   86:16:1D:A3:E9:E8:A3:D1:1A:9E:E4:35:84:55:EF:80:58:0C:24:D9
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       4486A25821AA1A168B90D2880F547194D1099555
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e39382e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:21 +0000
ROA not before:           Wed 29 Sep 2021 23:56:21 +0000
ROA not after:            Fri 30 Sep 2022 00:01:21 +0000
asID:                     17451
IP address blocks:        182.253.98.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:86:a2:58:21:aa:1a:16:8b:90:d2:88:0f:54:71:94:d1:09:95:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:21 2021 GMT
            Not After : Sep 30 00:01:21 2022 GMT
        Subject: CN=3082010A0282010100B5E7AB8D4A1F7288F8904B3379736C9F391AA3687E709A3804B6D0C7465E002A20242108F83ECEBACB39E51F226A2C37C986DB28C10180210F9DBAEFA7F5A25EA0A06EBA1568587820C5D0651C9DD4C299150640AD7C2148803333F9FD8DE930045904EF0D853C16EBCA8BFE31E3C4A50EF503A18108938E44BC34200D34BC4D29831A0AACEDE49DA2BF98DA7A567977D21F1C4F1544BE4319B37E1610E068801FA78C6C6856B09CE8ECA3DCC2A970E3B4AF8A71F20279DDB76055873E2AB735A1F391C8E7E2EFD6C3925218DC12695A6AE8DBA6744A38919E793C3814A3EF5A1EA2906F851986B48CB51B5549670FF4D5CBDCD5491A0929DEF13A420AAD1BED0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e7:ab:8d:4a:1f:72:88:f8:90:4b:33:79:73:
                    6c:9f:39:1a:a3:68:7e:70:9a:38:04:b6:d0:c7:46:
                    5e:00:2a:20:24:21:08:f8:3e:ce:ba:cb:39:e5:1f:
                    22:6a:2c:37:c9:86:db:28:c1:01:80:21:0f:9d:ba:
                    ef:a7:f5:a2:5e:a0:a0:6e:ba:15:68:58:78:20:c5:
                    d0:65:1c:9d:d4:c2:99:15:06:40:ad:7c:21:48:80:
                    33:33:f9:fd:8d:e9:30:04:59:04:ef:0d:85:3c:16:
                    eb:ca:8b:fe:31:e3:c4:a5:0e:f5:03:a1:81:08:93:
                    8e:44:bc:34:20:0d:34:bc:4d:29:83:1a:0a:ac:ed:
                    e4:9d:a2:bf:98:da:7a:56:79:77:d2:1f:1c:4f:15:
                    44:be:43:19:b3:7e:16:10:e0:68:80:1f:a7:8c:6c:
                    68:56:b0:9c:e8:ec:a3:dc:c2:a9:70:e3:b4:af:8a:
                    71:f2:02:79:dd:b7:60:55:87:3e:2a:b7:35:a1:f3:
                    91:c8:e7:e2:ef:d6:c3:92:52:18:dc:12:69:5a:6a:
                    e8:db:a6:74:4a:38:91:9e:79:3c:38:14:a3:ef:5a:
                    1e:a2:90:6f:85:19:86:b4:8c:b5:1b:55:49:67:0f:
                    f4:d5:cb:dc:d5:49:1a:09:29:de:f1:3a:42:0a:ad:
                    1b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:16:1D:A3:E9:E8:A3:D1:1A:9E:E4:35:84:55:EF:80:58:0C:24:D9
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e39382e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3e:77:51:9a:49:86:f2:8d:ca:b9:5f:85:b5:cd:70:25:ee:
         1d:2a:c1:c6:c2:89:20:4c:5c:b0:41:23:af:96:f3:66:f4:89:
         ca:6f:a6:b8:f3:24:28:01:ae:5c:9d:87:47:4c:fb:51:10:96:
         cb:cf:81:75:88:dd:c5:a2:84:e9:a3:4d:06:f1:d3:36:23:d5:
         0b:7d:21:34:8d:b4:6c:c9:49:a8:0b:8b:8f:14:bf:d8:52:cb:
         c6:49:68:1e:8f:e3:cd:d4:7c:30:4f:1c:0e:cd:b2:7f:59:bd:
         b7:66:46:a1:ab:a1:45:f4:46:44:b1:6e:10:6a:dc:1a:6b:62:
         61:d4:95:9b:f5:c7:cf:48:40:ea:f7:f7:61:87:db:76:14:60:
         c5:7a:43:86:da:f7:21:56:79:84:e9:69:14:9e:d6:6a:86:77:
         7e:2b:79:86:bd:c1:b7:0a:c2:e1:78:ba:ca:c1:4e:9c:43:a8:
         d9:e6:99:2f:57:f2:de:6d:fe:af:1f:4d:2e:39:22:33:6f:2c:
         b1:81:8e:7d:be:fb:a9:ef:fa:0e:0c:3b:f7:3e:c4:ea:36:45:
         d2:36:4f:24:f0:c1:f3:fa:6d:27:c3:1b:d2:d7:80:69:a6:6d:
         03:3a:60:17:65:a3:f8:29:5d:79:d1:a7:eb:ba:2a:49:b0:a1:
         d4:c9:08:6a
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIURIaiWCGqGhaLkNKID1RxlNEJlVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MjFaFw0yMjA5MzAwMDAxMjFaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjVFN0FCOEQ0QTFGNzI4OEY4
OTA0QjMzNzk3MzZDOUYzOTFBQTM2ODdFNzA5QTM4MDRCNkQwQzc0NjVFMDAyQTIw
MjQyMTA4RjgzRUNFQkFDQjM5RTUxRjIyNkEyQzM3Qzk4NkRCMjhDMTAxODAyMTBG
OURCQUVGQTdGNUEyNUVBMEEwNkVCQTE1Njg1ODc4MjBDNUQwNjUxQzlERDRDMjk5
MTUwNjQwQUQ3QzIxNDg4MDMzMzNGOUZEOERFOTMwMDQ1OTA0RUYwRDg1M0MxNkVC
Q0E4QkZFMzFFM0M0QTUwRUY1MDNBMTgxMDg5MzhFNDRCQzM0MjAwRDM0QkM0RDI5
ODMxQTBBQUNFREU0OURBMkJGOThEQTdBNTY3OTc3RDIxRjFDNEYxNTQ0QkU0MzE5
QjM3RTE2MTBFMDY4ODAxRkE3OEM2QzY4NTZCMDlDRThFQ0EzRENDMkE5NzBFM0I0
QUY4QTcxRjIwMjc5RERCNzYwNTU4NzNFMkFCNzM1QTFGMzkxQzhFN0UyRUZENkMz
OTI1MjE4REMxMjY5NUE2QUU4REJBNjc0NEEzODkxOUU3OTNDMzgxNEEzRUY1QTFF
QTI5MDZGODUxOTg2QjQ4Q0I1MUI1NTQ5NjcwRkY0RDVDQkRDRDU0OTFBMDkyOURF
RjEzQTQyMEFBRDFCRUQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAteerjUofcoj4kEszeXNsnzkao2h+cJo4BLbQx0ZeACogJCEI+D7O
uss55R8iaiw3yYbbKMEBgCEPnbrvp/WiXqCgbroVaFh4IMXQZRyd1MKZFQZArXwh
SIAzM/n9jekwBFkE7w2FPBbryov+MePEpQ71A6GBCJOORLw0IA00vE0pgxoKrO3k
naK/mNp6Vnl30h8cTxVEvkMZs34WEOBogB+njGxoVrCc6Oyj3MKpcOO0r4px8gJ5
3bdgVYc+Krc1ofORyOfi79bDklIY3BJpWmro26Z0SjiRnnk8OBSj71oeopBvhRmG
tIy1G1VJZw/01cvc1UkaCSne8TpCCq0b7QIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FIYWHaPp6KPRGp7kNYRV74BYDCTZMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTM4MzIyZTMyMzUzMzJlMzkzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC2/WIwDQYJKoZIhvcNAQELBQADggEBAAE+d1GaSYby
jcq5X4W1zXAl7h0qwcbCiSBMXLBBI6+W82b0icpvprjzJCgBrlydh0dM+1EQlsvP
gXWI3cWihOmjTQbx0zYj1Qt9ITSNtGzJSagLi48Uv9hSy8ZJaB6P483UfDBPHA7N
sn9ZvbdmRqGroUX0RkSxbhBq3BprYmHUlZv1x89IQOr392GH23YUYMV6Q4ba9yFW
eYTpaRSe1mqGd34reYa9wbcKwuF4usrBTpxDqNnmmS9X8t5t/q8fTS45IjNvLLGB
jn2++6nv+g4MO/c+xOo2RdI2TyTwwfP6bSfDG9LXgGmmbQM6YBdlo/gpXXnRp+u6
KkmwodTJCGo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org