Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131332e302f32342d3234203d3e203137343531.roa
File:                     3131382e39392e3131332e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          CaMggc4fuoZftxe0Em7Lp3U7ESBu4um81vY6gG6vHhQ=
Subject key identifier:   04:5F:74:64:76:02:50:28:5B:6D:45:7F:49:27:36:7A:72:9C:06:73
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       426D7959BFA992A3918C3445A62C17C1C1BA3AA3
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131332e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:01:00 +0000
ROA not before:           Wed 29 Sep 2021 23:56:00 +0000
ROA not after:            Fri 30 Sep 2022 00:01:00 +0000
asID:                     17451
IP address blocks:        118.99.113.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:6d:79:59:bf:a9:92:a3:91:8c:34:45:a6:2c:17:c1:c1:ba:3a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:56:00 2021 GMT
            Not After : Sep 30 00:01:00 2022 GMT
        Subject: CN=3082010A0282010100D7EED9865D9DE752A9382CEB5D17F7F5304AF1D92359B00CEEA14F1D2B42DD864FFE2B9222620E77180D2AF89CF772C3B0AB22883925C13B200366E731B04EAD42492A1E65DFFD8C12F4D3C0C87EFD8CE7D64454E0B4A538A0F964F3FACF79D5421F34FEA84221A149DCA325150E76B74DE8081AAB8F603B39A789FD4BD1B49505F5E0CCCD00734D66FC132AF8A336148C086E5918B2AFF96C9BAA3BF6761032C1B43BB8A426481914187ED0ED5D84838B0CA716169016E098011767A32A6726C3F2123019D94D4F68F0C0B68C8E120D68FAFC52F0590D4C3EB6C5B06581580FE2BD31BC5723A61F819417F90E1EDD3747716733F22366184F0E0B8036AC2A3F0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ee:d9:86:5d:9d:e7:52:a9:38:2c:eb:5d:17:
                    f7:f5:30:4a:f1:d9:23:59:b0:0c:ee:a1:4f:1d:2b:
                    42:dd:86:4f:fe:2b:92:22:62:0e:77:18:0d:2a:f8:
                    9c:f7:72:c3:b0:ab:22:88:39:25:c1:3b:20:03:66:
                    e7:31:b0:4e:ad:42:49:2a:1e:65:df:fd:8c:12:f4:
                    d3:c0:c8:7e:fd:8c:e7:d6:44:54:e0:b4:a5:38:a0:
                    f9:64:f3:fa:cf:79:d5:42:1f:34:fe:a8:42:21:a1:
                    49:dc:a3:25:15:0e:76:b7:4d:e8:08:1a:ab:8f:60:
                    3b:39:a7:89:fd:4b:d1:b4:95:05:f5:e0:cc:cd:00:
                    73:4d:66:fc:13:2a:f8:a3:36:14:8c:08:6e:59:18:
                    b2:af:f9:6c:9b:aa:3b:f6:76:10:32:c1:b4:3b:b8:
                    a4:26:48:19:14:18:7e:d0:ed:5d:84:83:8b:0c:a7:
                    16:16:90:16:e0:98:01:17:67:a3:2a:67:26:c3:f2:
                    12:30:19:d9:4d:4f:68:f0:c0:b6:8c:8e:12:0d:68:
                    fa:fc:52:f0:59:0d:4c:3e:b6:c5:b0:65:81:58:0f:
                    e2:bd:31:bc:57:23:a6:1f:81:94:17:f9:0e:1e:dd:
                    37:47:71:67:33:f2:23:66:18:4f:0e:0b:80:36:ac:
                    2a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5F:74:64:76:02:50:28:5B:6D:45:7F:49:27:36:7A:72:9C:06:73
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131332e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.99.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:79:c9:d4:94:d5:39:3e:f9:7c:25:4e:0a:c2:d0:15:39:d8:
         15:26:58:1d:c7:0e:b2:66:b6:ae:f9:ff:02:b6:1d:4f:1f:fa:
         ed:11:f7:4c:bd:f5:e4:9a:56:8b:2d:e4:05:c2:06:65:03:24:
         d2:d2:e1:ef:85:1d:1b:3b:3f:4b:11:e6:d8:6e:a8:9a:d8:60:
         a9:4b:fe:95:ae:e2:24:8c:d3:9a:e3:6a:fc:95:da:02:8e:ec:
         30:47:8c:f0:3f:d6:84:94:f3:4e:34:f5:06:09:18:9d:ec:37:
         c2:cd:7a:13:1b:d9:ca:7f:5a:9c:d8:c3:e5:e8:cb:8c:50:05:
         87:a3:1c:9f:d0:c5:2e:c3:4c:2a:25:68:b1:6f:5c:76:71:c5:
         41:c5:60:67:e2:2c:a8:77:60:79:d1:1a:f6:d0:70:6f:73:53:
         a3:02:9f:b4:26:27:ee:29:be:09:f1:e3:cb:33:a2:d2:21:f9:
         53:4f:ca:40:e0:db:15:07:47:55:53:04:c2:5f:5c:2c:8c:ff:
         b8:10:0c:09:68:61:6e:1b:bd:48:44:62:48:4e:f1:9d:e9:f1:
         2e:7b:58:80:2b:d8:90:44:d6:5e:38:3b:0c:31:fe:ec:8b:ea:
         9d:4a:45:42:03:49:57:d7:82:a6:d7:08:b4:35:f1:73:87:77:
         3b:81:54:35
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUQm15Wb+pkqORjDRFpiwXwcG6OqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU2MDBaFw0yMjA5MzAwMDAxMDBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRDdFRUQ5ODY1RDlERTc1MkE5
MzgyQ0VCNUQxN0Y3RjUzMDRBRjFEOTIzNTlCMDBDRUVBMTRGMUQyQjQyREQ4NjRG
RkUyQjkyMjI2MjBFNzcxODBEMkFGODlDRjc3MkMzQjBBQjIyODgzOTI1QzEzQjIw
MDM2NkU3MzFCMDRFQUQ0MjQ5MkExRTY1REZGRDhDMTJGNEQzQzBDODdFRkQ4Q0U3
RDY0NDU0RTBCNEE1MzhBMEY5NjRGM0ZBQ0Y3OUQ1NDIxRjM0RkVBODQyMjFBMTQ5
RENBMzI1MTUwRTc2Qjc0REU4MDgxQUFCOEY2MDNCMzlBNzg5RkQ0QkQxQjQ5NTA1
RjVFMENDQ0QwMDczNEQ2NkZDMTMyQUY4QTMzNjE0OEMwODZFNTkxOEIyQUZGOTZD
OUJBQTNCRjY3NjEwMzJDMUI0M0JCOEE0MjY0ODE5MTQxODdFRDBFRDVEODQ4MzhC
MENBNzE2MTY5MDE2RTA5ODAxMTc2N0EzMkE2NzI2QzNGMjEyMzAxOUQ5NEQ0RjY4
RjBDMEI2OEM4RTEyMEQ2OEZBRkM1MkYwNTkwRDRDM0VCNkM1QjA2NTgxNTgwRkUy
QkQzMUJDNTcyM0E2MUY4MTk0MTdGOTBFMUVERDM3NDc3MTY3MzNGMjIzNjYxODRG
MEUwQjgwMzZBQzJBM0YwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA1+7Zhl2d51KpOCzrXRf39TBK8dkjWbAM7qFPHStC3YZP/iuSImIO
dxgNKvic93LDsKsiiDklwTsgA2bnMbBOrUJJKh5l3/2MEvTTwMh+/Yzn1kRU4LSl
OKD5ZPP6z3nVQh80/qhCIaFJ3KMlFQ52t03oCBqrj2A7OaeJ/UvRtJUF9eDMzQBz
TWb8Eyr4ozYUjAhuWRiyr/lsm6o79nYQMsG0O7ikJkgZFBh+0O1dhIOLDKcWFpAW
4JgBF2ejKmcmw/ISMBnZTU9o8MC2jI4SDWj6/FLwWQ1MPrbFsGWBWA/ivTG8VyOm
H4GUF/kOHt03R3FnM/IjZhhPDguANqwqPwIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FARfdGR2AlAoW21Ff0knNnpynAZzMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzgyZTM5MzkyZTMxMzEzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAB2Y3EwDQYJKoZIhvcNAQELBQADggEBAHZ5ydSU1Tk+
+XwlTgrC0BU52BUmWB3HDrJmtq75/wK2HU8f+u0R90y99eSaVost5AXCBmUDJNLS
4e+FHRs7P0sR5thuqJrYYKlL/pWu4iSM05rjavyV2gKO7DBHjPA/1oSU80409QYJ
GJ3sN8LNehMb2cp/WpzYw+Xoy4xQBYejHJ/QxS7DTColaLFvXHZxxUHFYGfiLKh3
YHnRGvbQcG9zU6MCn7QmJ+4pvgnx48szotIh+VNPykDg2xUHR1VTBMJfXCyM/7gQ
DAloYW4bvUhEYkhO8Z3p8S57WIAr2JBE1l44Owwx/uyL6p1KRUIDSVfXgqbXCLQ1
8XOHdzuBVDU=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org