Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131342e302f32332d3233203d3e203137343531.roa
File:                     3131382e39392e3131342e302f32332d3233203d3e203137343531.roa (raw, json)
Hash identifier:          +YqU4RkxUoDt8/5NoMyclIp6K/Kg09vTDJnqLT61C5o=
Subject key identifier:   54:EB:ED:F5:82:92:25:41:D4:38:59:21:F9:CF:32:8E:1A:31:B1:2E
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       0D8D1A1DC5EE4B9FE96454EFD2E1D1CFAFB5D97E
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131342e302f32332d3233203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:36 +0000
ROA not before:           Wed 29 Sep 2021 23:55:36 +0000
ROA not after:            Fri 30 Sep 2022 00:00:36 +0000
asID:                     17451
IP address blocks:        118.99.114.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:8d:1a:1d:c5:ee:4b:9f:e9:64:54:ef:d2:e1:d1:cf:af:b5:d9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:36 2021 GMT
            Not After : Sep 30 00:00:36 2022 GMT
        Subject: CN=3082010A0282010100B4982537E412756BF120C47645A9CDDE421B6553E25C755DD3DE4D1D06CB63B17FF2FA6A433453E08E917B1505E8BCC046F85DAF5B01A4CB25D014E45B4E9D526DCA4B9ECCF6CE3A13C215A5531454452C34A13EC9B61D0FFBFE765E69A074417F68F1043C901D16F45F30F64847A9D30786EEB05D57F341CCD3B0E1CD84BC8D064A2A89309C52321705F580090E70A13494A8FA9B7CA636A9119E61958684EC8FD8D5ECDF4E5D8CBB8D2706837991F443D35A94F9D1FF9F20006D885CBD6030FD595D6933EB1394692D3410EC14C7B65B2C26A3A1021E5B3FAB09CD34CB952974474BF040CB08709685AF8275C73B26DF8060E402955BDFAA3A53FF5929C7370203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:98:25:37:e4:12:75:6b:f1:20:c4:76:45:a9:
                    cd:de:42:1b:65:53:e2:5c:75:5d:d3:de:4d:1d:06:
                    cb:63:b1:7f:f2:fa:6a:43:34:53:e0:8e:91:7b:15:
                    05:e8:bc:c0:46:f8:5d:af:5b:01:a4:cb:25:d0:14:
                    e4:5b:4e:9d:52:6d:ca:4b:9e:cc:f6:ce:3a:13:c2:
                    15:a5:53:14:54:45:2c:34:a1:3e:c9:b6:1d:0f:fb:
                    fe:76:5e:69:a0:74:41:7f:68:f1:04:3c:90:1d:16:
                    f4:5f:30:f6:48:47:a9:d3:07:86:ee:b0:5d:57:f3:
                    41:cc:d3:b0:e1:cd:84:bc:8d:06:4a:2a:89:30:9c:
                    52:32:17:05:f5:80:09:0e:70:a1:34:94:a8:fa:9b:
                    7c:a6:36:a9:11:9e:61:95:86:84:ec:8f:d8:d5:ec:
                    df:4e:5d:8c:bb:8d:27:06:83:79:91:f4:43:d3:5a:
                    94:f9:d1:ff:9f:20:00:6d:88:5c:bd:60:30:fd:59:
                    5d:69:33:eb:13:94:69:2d:34:10:ec:14:c7:b6:5b:
                    2c:26:a3:a1:02:1e:5b:3f:ab:09:cd:34:cb:95:29:
                    74:47:4b:f0:40:cb:08:70:96:85:af:82:75:c7:3b:
                    26:df:80:60:e4:02:95:5b:df:aa:3a:53:ff:59:29:
                    c7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:EB:ED:F5:82:92:25:41:D4:38:59:21:F9:CF:32:8E:1A:31:B1:2E
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3131382e39392e3131342e302f32332d3233203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.99.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:8f:a7:06:f3:a3:7f:45:6f:be:a5:f7:6f:26:6c:23:b6:42:
         fd:c9:6d:bc:7f:17:79:d4:eb:74:47:ef:90:11:3c:1a:a8:73:
         0f:cb:d4:78:6e:3e:40:22:9d:9d:88:de:37:1e:c9:a9:44:86:
         57:59:af:ab:cf:da:41:0a:20:1d:7e:9c:7c:7f:f1:e0:e0:1a:
         3d:33:01:c3:0f:e3:62:0a:62:0a:6b:8b:8b:54:9e:df:65:7e:
         e0:5e:c6:50:92:3c:50:a1:34:67:1f:b7:84:37:d6:95:28:eb:
         48:b6:56:56:8f:2e:b4:b0:8e:46:54:32:3d:24:06:40:eb:97:
         bf:5f:c7:85:19:50:71:c3:06:a5:6a:73:c5:60:ac:b8:bc:4e:
         50:c2:42:1d:5a:8a:16:24:a1:85:44:7b:9d:82:51:1c:87:29:
         cb:92:32:de:2e:fa:50:b6:e3:92:bf:c0:39:5f:80:79:1c:07:
         df:52:fa:85:ea:ea:ba:c2:9e:1d:88:f3:94:52:44:e1:f3:b4:
         a3:57:a9:f7:37:c6:6b:8f:21:92:4b:7f:ca:39:72:d4:ed:88:
         d3:20:12:d1:21:2d:54:99:4e:28:05:cf:14:9b:fe:d2:04:d3:
         46:62:8d:87:e2:69:b1:91:c9:64:f9:19:24:60:09:29:f8:a7:
         d1:a1:44:02
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUDY0aHcXuS5/pZFTv0uHRz6+12X4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MzZaFw0yMjA5MzAwMDAwMzZaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQjQ5ODI1MzdFNDEyNzU2QkYx
MjBDNDc2NDVBOUNEREU0MjFCNjU1M0UyNUM3NTVERDNERTREMUQwNkNCNjNCMTdG
RjJGQTZBNDMzNDUzRTA4RTkxN0IxNTA1RThCQ0MwNDZGODVEQUY1QjAxQTRDQjI1
RDAxNEU0NUI0RTlENTI2RENBNEI5RUNDRjZDRTNBMTNDMjE1QTU1MzE0NTQ0NTJD
MzRBMTNFQzlCNjFEMEZGQkZFNzY1RTY5QTA3NDQxN0Y2OEYxMDQzQzkwMUQxNkY0
NUYzMEY2NDg0N0E5RDMwNzg2RUVCMDVENTdGMzQxQ0NEM0IwRTFDRDg0QkM4RDA2
NEEyQTg5MzA5QzUyMzIxNzA1RjU4MDA5MEU3MEExMzQ5NEE4RkE5QjdDQTYzNkE5
MTE5RTYxOTU4Njg0RUM4RkQ4RDVFQ0RGNEU1RDhDQkI4RDI3MDY4Mzc5OTFGNDQz
RDM1QTk0RjlEMUZGOUYyMDAwNkQ4ODVDQkQ2MDMwRkQ1OTVENjkzM0VCMTM5NDY5
MkQzNDEwRUMxNEM3QjY1QjJDMjZBM0ExMDIxRTVCM0ZBQjA5Q0QzNENCOTUyOTc0
NDc0QkYwNDBDQjA4NzA5Njg1QUY4Mjc1QzczQjI2REY4MDYwRTQwMjk1NUJERkFB
M0E1M0ZGNTkyOUM3MzcwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAtJglN+QSdWvxIMR2RanN3kIbZVPiXHVd095NHQbLY7F/8vpqQzRT
4I6RexUF6LzARvhdr1sBpMsl0BTkW06dUm3KS57M9s46E8IVpVMUVEUsNKE+ybYd
D/v+dl5poHRBf2jxBDyQHRb0XzD2SEep0weG7rBdV/NBzNOw4c2EvI0GSiqJMJxS
MhcF9YAJDnChNJSo+pt8pjapEZ5hlYaE7I/Y1ezfTl2Mu40nBoN5kfRD01qU+dH/
nyAAbYhcvWAw/VldaTPrE5RpLTQQ7BTHtlssJqOhAh5bP6sJzTTLlSl0R0vwQMsI
cJaFr4J1xzsm34Bg5AKVW9+qOlP/WSnHNwIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FFTr7fWCkiVB1DhZIfnPMo4aMbEuMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTMxMzgyZTM5MzkyZTMxMzEzNDJlMzAyZjMyMzMyZDMyMzMyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAF2Y3IwDQYJKoZIhvcNAQELBQADggEBAH6Ppwbzo39F
b76l928mbCO2Qv3Jbbx/F3nU63RH75ARPBqocw/L1HhuPkAinZ2I3jceyalEhldZ
r6vP2kEKIB1+nHx/8eDgGj0zAcMP42IKYgpri4tUnt9lfuBexlCSPFChNGcft4Q3
1pUo60i2VlaPLrSwjkZUMj0kBkDrl79fx4UZUHHDBqVqc8VgrLi8TlDCQh1aihYk
oYVEe52CURyHKcuSMt4u+lC245K/wDlfgHkcB99S+oXq6rrCnh2I85RSROHztKNX
qfc3xmuPIZJLf8o5ctTtiNMgEtEhLVSZTigFzxSb/tIE00ZijYfiabGRyWT5GSRg
CSn4p9GhRAI=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org