Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2d2a5b51-bc00-4d6b-8761-c7d0d3f6de12/0/3130332e3131382e3132352e302f32342d3234203d3e20313337333736.roa
File:                     3130332e3131382e3132352e302f32342d3234203d3e20313337333736.roa (raw, json)
Hash identifier:          CrYqBptFG8w99r06dfv4UG9pCbKVtAi9ieVkvBowPcU=
Subject key identifier:   4F:6B:AD:D6:53:C5:B5:6A:5B:09:E3:44:B6:D0:3C:FF:1A:E3:43:8C
Certificate issuer:       /CN=8C5FA2EBD7AF40393883FB08E71BDF41AAE20F57
Certificate serial:       29BE7CB0DDE189210C36E2D627890D69FF91B085
Authority key identifier: 8C:5F:A2:EB:D7:AF:40:39:38:83:FB:08:E7:1B:DF:41:AA:E2:0F:57
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8C5FA2EBD7AF40393883FB08E71BDF41AAE20F57.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2d2a5b51-bc00-4d6b-8761-c7d0d3f6de12/0/3130332e3131382e3132352e302f32342d3234203d3e20313337333736.roa
Signing time:             Fri 11 Feb 2022 09:25:45 +0000
ROA not before:           Fri 11 Feb 2022 09:20:45 +0000
ROA not after:            Sat 11 Feb 2023 09:25:45 +0000
asID:                     137376
IP address blocks:        103.118.125.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:be:7c:b0:dd:e1:89:21:0c:36:e2:d6:27:89:0d:69:ff:91:b0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8C5FA2EBD7AF40393883FB08E71BDF41AAE20F57
        Validity
            Not Before: Feb 11 09:20:45 2022 GMT
            Not After : Feb 11 09:25:45 2023 GMT
        Subject: CN=3082010A0282010100B5351B1EE30D5136E31114A967A39C10BDEDDCAFABF9F41EA7BA9908DDF33006D8392760483387F6EB0BD798BE5A4ACA04428B64803ABCB074132836CA133AFCD71076E6051B83F7BD8B4F5BE9DD8C40C6580621128B87DA944DC6E815091D66419AEE9B545199700A7EBEC2281E1AF03848913FC9F7405450FCFB863C5FC7B1CD55C3A7846F7736015A25EC11F1D13EAD639FB955C86FCFDD4E724BA28E1A8FF4D8896A360B19657DB0577B63228DCD31A597D7ED8E68E6CF1FB6A34A33EAB13AE5433DB275119E0D5C1BFB05CE7CC28AD610F76E5978B14AEE66A82A45E032DB40450E741B5C2F2EEC4B277896C9AF6D52824535F158E4A1EE9797623588E10203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:35:1b:1e:e3:0d:51:36:e3:11:14:a9:67:a3:
                    9c:10:bd:ed:dc:af:ab:f9:f4:1e:a7:ba:99:08:dd:
                    f3:30:06:d8:39:27:60:48:33:87:f6:eb:0b:d7:98:
                    be:5a:4a:ca:04:42:8b:64:80:3a:bc:b0:74:13:28:
                    36:ca:13:3a:fc:d7:10:76:e6:05:1b:83:f7:bd:8b:
                    4f:5b:e9:dd:8c:40:c6:58:06:21:12:8b:87:da:94:
                    4d:c6:e8:15:09:1d:66:41:9a:ee:9b:54:51:99:70:
                    0a:7e:be:c2:28:1e:1a:f0:38:48:91:3f:c9:f7:40:
                    54:50:fc:fb:86:3c:5f:c7:b1:cd:55:c3:a7:84:6f:
                    77:36:01:5a:25:ec:11:f1:d1:3e:ad:63:9f:b9:55:
                    c8:6f:cf:dd:4e:72:4b:a2:8e:1a:8f:f4:d8:89:6a:
                    36:0b:19:65:7d:b0:57:7b:63:22:8d:cd:31:a5:97:
                    d7:ed:8e:68:e6:cf:1f:b6:a3:4a:33:ea:b1:3a:e5:
                    43:3d:b2:75:11:9e:0d:5c:1b:fb:05:ce:7c:c2:8a:
                    d6:10:f7:6e:59:78:b1:4a:ee:66:a8:2a:45:e0:32:
                    db:40:45:0e:74:1b:5c:2f:2e:ec:4b:27:78:96:c9:
                    af:6d:52:82:45:35:f1:58:e4:a1:ee:97:97:62:35:
                    88:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:6B:AD:D6:53:C5:B5:6A:5B:09:E3:44:B6:D0:3C:FF:1A:E3:43:8C
            X509v3 Authority Key Identifier:
                keyid:8C:5F:A2:EB:D7:AF:40:39:38:83:FB:08:E7:1B:DF:41:AA:E2:0F:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2d2a5b51-bc00-4d6b-8761-c7d0d3f6de12/0/8C5FA2EBD7AF40393883FB08E71BDF41AAE20F57.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8C5FA2EBD7AF40393883FB08E71BDF41AAE20F57.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2d2a5b51-bc00-4d6b-8761-c7d0d3f6de12/0/3130332e3131382e3132352e302f32342d3234203d3e20313337333736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.118.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c8:1f:a9:49:ce:b7:9f:d4:46:81:d6:65:75:ea:d1:67:28:
         d9:e4:3c:3b:cf:cc:27:35:30:ba:3c:69:d6:75:c3:2e:0c:7e:
         39:84:1c:e2:7b:0c:4f:f8:ee:78:89:fc:a1:91:66:4d:03:6d:
         76:29:be:fa:7b:4f:8f:36:b2:84:b5:99:55:fe:d5:28:fc:29:
         0e:ab:f2:dd:c0:91:93:fa:26:55:98:c1:53:f0:02:6d:e2:d6:
         d1:bb:70:1b:94:8a:c5:44:0e:f9:55:18:d2:22:c1:c6:9e:9f:
         45:15:d5:cf:2d:83:08:23:be:8c:d2:8b:51:c5:c5:ae:f9:63:
         0d:5d:5b:0c:74:78:8c:dd:b6:80:50:c7:50:42:aa:ca:3e:8f:
         20:7e:45:ad:b5:ce:21:47:3b:90:94:87:11:3c:58:b8:8a:9e:
         60:01:0f:98:aa:19:3b:b6:9d:0a:21:8a:f7:0c:08:7a:ca:51:
         86:a6:e0:6f:bd:98:3b:ef:4f:57:19:a4:19:c0:54:9a:f0:78:
         2f:6c:ce:8c:a9:94:31:a2:96:fe:7e:85:97:2e:5e:f9:1e:fe:
         a5:fb:11:36:3e:8c:65:43:25:b2:f3:85:ed:fa:eb:b9:28:b9:
         d2:4d:25:e3:33:67:8c:59:2d:08:8b:26:cf:24:44:b1:57:b4:
         9f:a0:71:3c
-----BEGIN CERTIFICATE-----
MIIHKDCCBhCgAwIBAgIUKb58sN3hiSEMNuLWJ4kNaf+RsIUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEM1RkEyRUJEN0FGNDAzOTM4ODNGQjA4RTcxQkRGNDFB
QUUyMEY1NzAeFw0yMjAyMTEwOTIwNDVaFw0yMzAyMTEwOTI1NDVaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjUzNTFCMUVFMzBENTEzNkUz
MTExNEE5NjdBMzlDMTBCREVERENBRkFCRjlGNDFFQTdCQTk5MDhEREYzMzAwNkQ4
MzkyNzYwNDgzMzg3RjZFQjBCRDc5OEJFNUE0QUNBMDQ0MjhCNjQ4MDNBQkNCMDc0
MTMyODM2Q0ExMzNBRkNENzEwNzZFNjA1MUI4M0Y3QkQ4QjRGNUJFOUREOEM0MEM2
NTgwNjIxMTI4Qjg3REE5NDREQzZFODE1MDkxRDY2NDE5QUVFOUI1NDUxOTk3MDBB
N0VCRUMyMjgxRTFBRjAzODQ4OTEzRkM5Rjc0MDU0NTBGQ0ZCODYzQzVGQzdCMUNE
NTVDM0E3ODQ2Rjc3MzYwMTVBMjVFQzExRjFEMTNFQUQ2MzlGQjk1NUM4NkZDRkRE
NEU3MjRCQTI4RTFBOEZGNEQ4ODk2QTM2MEIxOTY1N0RCMDU3N0I2MzIyOERDRDMx
QTU5N0Q3RUQ4RTY4RTZDRjFGQjZBMzRBMzNFQUIxM0FFNTQzM0RCMjc1MTE5RTBE
NUMxQkZCMDVDRTdDQzI4QUQ2MTBGNzZFNTk3OEIxNEFFRTY2QTgyQTQ1RTAzMkRC
NDA0NTBFNzQxQjVDMkYyRUVDNEIyNzc4OTZDOUFGNkQ1MjgyNDUzNUYxNThFNEEx
RUU5Nzk3NjIzNTg4RTEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAtTUbHuMNUTbjERSpZ6OcEL3t3K+r+fQep7qZCN3zMAbYOSdgSDOH
9usL15i+WkrKBEKLZIA6vLB0Eyg2yhM6/NcQduYFG4P3vYtPW+ndjEDGWAYhEouH
2pRNxugVCR1mQZrum1RRmXAKfr7CKB4a8DhIkT/J90BUUPz7hjxfx7HNVcOnhG93
NgFaJewR8dE+rWOfuVXIb8/dTnJLoo4aj/TYiWo2CxllfbBXe2Mijc0xpZfX7Y5o
5s8ftqNKM+qxOuVDPbJ1EZ4NXBv7Bc58worWEPduWXixSu5mqCpF4DLbQEUOdBtc
Ly7sSyd4lsmvbVKCRTXxWOSh7peXYjWI4QIDAQABo4ICNjCCAjIwHQYDVR0OBBYE
FE9rrdZTxbVqWwnjRLbQPP8a40OMMB8GA1UdIwQYMBaAFIxfouvXr0A5OIP7COcb
30Gq4g9XMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMmQyYTViNTEtYmMwMC00ZDZiLTg3
NjEtYzdkMGQzZjZkZTEyLzAvOEM1RkEyRUJEN0FGNDAzOTM4ODNGQjA4RTcxQkRG
NDFBQUUyMEY1Ny5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yLzhDNUZBMkVC
RDdBRjQwMzkzODgzRkIwOEU3MUJERjQxQUFFMjBGNTcuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8yZDJhNWI1MS1iYzAwLTRkNmItODc2MS1jN2QwZDNmNmRlMTIvMC8z
MTMwMzMyZTMxMzEzODJlMzEzMjM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEz
MzM3MzMzNzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAZ3Z9MA0GCSqGSIb3DQEBCwUAA4IBAQA4yB+p
Sc63n9RGgdZlderRZyjZ5Dw7z8wnNTC6PGnWdcMuDH45hBziewxP+O54ifyhkWZN
A212Kb76e0+PNrKEtZlV/tUo/CkOq/LdwJGT+iZVmMFT8AJt4tbRu3AblIrFRA75
VRjSIsHGnp9FFdXPLYMII76M0otRxcWu+WMNXVsMdHiM3baAUMdQQqrKPo8gfkWt
tc4hRzuQlIcRPFi4ip5gAQ+Yqhk7tp0KIYr3DAh6ylGGpuBvvZg7709XGaQZwFSa
8HgvbM6MqZQxopb+foWXLl75Hv6l+xE2PoxlQyWy84Xt+uu5KLnSTSXjM2eMWS0I
iybPJESxV7SfoHE8
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:59 2023 by rpki-client on console-ams.rpki-client.org