Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e31372e302f32342d3234203d3e203338343832.roa
File:                     3138322e3235332e31372e302f32342d3234203d3e203338343832.roa (raw, json)
Hash identifier:          Pvjbq7g6nNPCTZn25tehcHJC7BnQbDrueG4tR4tUXtA=
Subject key identifier:   D3:D6:AC:22:2A:E0:BF:FA:9D:57:D5:19:B3:0F:6B:7A:54:57:73:94
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       57BBCFC442F5C491D03E18C0A218E431B98A4CBE
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e31372e302f32342d3234203d3e203338343832.roa
Signing time:             Mon 27 Dec 2021 04:15:49 +0000
ROA not before:           Mon 27 Dec 2021 04:10:49 +0000
ROA not after:            Tue 27 Dec 2022 04:15:49 +0000
asID:                     38482
IP address blocks:        182.253.17.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:bb:cf:c4:42:f5:c4:91:d0:3e:18:c0:a2:18:e4:31:b9:8a:4c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Dec 27 04:10:49 2021 GMT
            Not After : Dec 27 04:15:49 2022 GMT
        Subject: CN=3082010A0282010100EA531BEA31D9E279C9058815FE8D5562C980B26236F6A63320FE6415A7CBEA22593AA28657171C2FA3D08E925783E08980CBDB597AE5BF56D280E94E5D7DB77B4AB2FCEBF202370A8BF123A35A0025287B8D667EAEFD45034577FB007AD4E459A168533D02570969D41F88C30E431E34957DD0E89F95875D82F5C8D99A00B0C233D82D3F4EB5F4805A0804168AFB7C6F999496A3AF2CFE5ADFCC6F7DF5EF56A91CB3299E167DD3BD0E227D91DE59CC6F9B58844DC79D1601C5D47C4BD0A0A93FC97839DC030C2126D9EBA7ABA4B46CDBD1AD9514D588A4BADC159E9CB5BD8ADD8A088A44B8899D69A4BF20286E9EA0EE4D56DB51CDA7716CC6DE3DC49842798D0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:53:1b:ea:31:d9:e2:79:c9:05:88:15:fe:8d:
                    55:62:c9:80:b2:62:36:f6:a6:33:20:fe:64:15:a7:
                    cb:ea:22:59:3a:a2:86:57:17:1c:2f:a3:d0:8e:92:
                    57:83:e0:89:80:cb:db:59:7a:e5:bf:56:d2:80:e9:
                    4e:5d:7d:b7:7b:4a:b2:fc:eb:f2:02:37:0a:8b:f1:
                    23:a3:5a:00:25:28:7b:8d:66:7e:ae:fd:45:03:45:
                    77:fb:00:7a:d4:e4:59:a1:68:53:3d:02:57:09:69:
                    d4:1f:88:c3:0e:43:1e:34:95:7d:d0:e8:9f:95:87:
                    5d:82:f5:c8:d9:9a:00:b0:c2:33:d8:2d:3f:4e:b5:
                    f4:80:5a:08:04:16:8a:fb:7c:6f:99:94:96:a3:af:
                    2c:fe:5a:df:cc:6f:7d:f5:ef:56:a9:1c:b3:29:9e:
                    16:7d:d3:bd:0e:22:7d:91:de:59:cc:6f:9b:58:84:
                    4d:c7:9d:16:01:c5:d4:7c:4b:d0:a0:a9:3f:c9:78:
                    39:dc:03:0c:21:26:d9:eb:a7:ab:a4:b4:6c:db:d1:
                    ad:95:14:d5:88:a4:ba:dc:15:9e:9c:b5:bd:8a:dd:
                    8a:08:8a:44:b8:89:9d:69:a4:bf:20:28:6e:9e:a0:
                    ee:4d:56:db:51:cd:a7:71:6c:c6:de:3d:c4:98:42:
                    79:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D6:AC:22:2A:E0:BF:FA:9D:57:D5:19:B3:0F:6B:7A:54:57:73:94
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e31372e302f32342d3234203d3e203338343832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:6a:ff:21:ed:cf:7e:15:c6:e8:df:e7:d2:7b:e2:be:79:63:
         06:0b:d9:d0:f4:4c:ad:ca:07:5a:4e:84:81:97:20:fc:17:fc:
         ff:b8:bc:85:30:11:a0:34:6c:e4:9c:06:02:9a:8b:13:67:1b:
         ce:fa:a5:ca:73:53:d9:ef:cf:87:68:23:18:b6:0c:f0:8c:12:
         e5:c5:f5:43:4d:e4:b1:dc:6a:b4:f9:71:d9:96:72:b4:6d:13:
         9c:16:20:4c:13:c9:4f:e2:be:e2:b7:68:20:ff:0f:69:0c:49:
         8c:1e:59:c0:f8:3f:b3:0e:59:99:ed:7e:8c:f8:63:44:3d:0f:
         cc:0f:7b:09:c5:4f:4a:42:9f:76:9e:27:05:0b:51:54:8c:3b:
         5f:7e:8b:02:6c:3c:5b:07:6a:03:40:a8:d5:da:93:17:cb:49:
         c9:4e:b0:8f:d0:90:9d:85:7e:1c:95:39:e8:58:66:27:03:0e:
         77:44:af:e9:6d:e1:64:c6:ad:0a:f4:9b:82:62:f0:a6:61:a7:
         09:78:6b:56:50:2c:b9:d4:ff:16:3a:b2:4f:24:47:27:03:65:
         e8:df:e8:78:0f:f6:6b:b1:a9:ea:a4:5d:04:56:53:6a:9a:be:
         49:55:f4:fc:a9:10:7a:a2:b5:ce:8e:ea:79:32:a8:77:98:2a:
         9a:e4:3b:73
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUV7vPxEL1xJHQPhjAohjkMbmKTL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTEyMjcwNDEwNDlaFw0yMjEyMjcwNDE1NDlaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRUE1MzFCRUEzMUQ5RTI3OUM5
MDU4ODE1RkU4RDU1NjJDOTgwQjI2MjM2RjZBNjMzMjBGRTY0MTVBN0NCRUEyMjU5
M0FBMjg2NTcxNzFDMkZBM0QwOEU5MjU3ODNFMDg5ODBDQkRCNTk3QUU1QkY1NkQy
ODBFOTRFNUQ3REI3N0I0QUIyRkNFQkYyMDIzNzBBOEJGMTIzQTM1QTAwMjUyODdC
OEQ2NjdFQUVGRDQ1MDM0NTc3RkIwMDdBRDRFNDU5QTE2ODUzM0QwMjU3MDk2OUQ0
MUY4OEMzMEU0MzFFMzQ5NTdERDBFODlGOTU4NzVEODJGNUM4RDk5QTAwQjBDMjMz
RDgyRDNGNEVCNUY0ODA1QTA4MDQxNjhBRkI3QzZGOTk5NDk2QTNBRjJDRkU1QURG
Q0M2RjdERjVFRjU2QTkxQ0IzMjk5RTE2N0REM0JEMEUyMjdEOTFERTU5Q0M2RjlC
NTg4NDREQzc5RDE2MDFDNUQ0N0M0QkQwQTBBOTNGQzk3ODM5REMwMzBDMjEyNkQ5
RUJBN0FCQTRCNDZDREJEMUFEOTUxNEQ1ODhBNEJBREMxNTlFOUNCNUJEOEFERDhB
MDg4QTQ0Qjg4OTlENjlBNEJGMjAyODZFOUVBMEVFNEQ1NkRCNTFDREE3NzE2Q0M2
REUzREM0OTg0Mjc5OEQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA6lMb6jHZ4nnJBYgV/o1VYsmAsmI29qYzIP5kFafL6iJZOqKGVxcc
L6PQjpJXg+CJgMvbWXrlv1bSgOlOXX23e0qy/OvyAjcKi/Ejo1oAJSh7jWZ+rv1F
A0V3+wB61ORZoWhTPQJXCWnUH4jDDkMeNJV90OiflYddgvXI2ZoAsMIz2C0/TrX0
gFoIBBaK+3xvmZSWo68s/lrfzG999e9WqRyzKZ4WfdO9DiJ9kd5ZzG+bWIRNx50W
AcXUfEvQoKk/yXg53AMMISbZ66erpLRs29GtlRTViKS63BWenLW9it2KCIpEuImd
aaS/IChunqDuTVbbUc2ncWzG3j3EmEJ5jQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FNPWrCIq4L/6nVfVGbMPa3pUV3OUMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTM4MzIyZTMyMzUzMzJlMzEzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzgz
NDM4MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC2/REwDQYJKoZIhvcNAQELBQADggEBABZq/yHtz34V
xujf59J74r55YwYL2dD0TK3KB1pOhIGXIPwX/P+4vIUwEaA0bOScBgKaixNnG876
pcpzU9nvz4doIxi2DPCMEuXF9UNN5LHcarT5cdmWcrRtE5wWIEwTyU/ivuK3aCD/
D2kMSYweWcD4P7MOWZntfoz4Y0Q9D8wPewnFT0pCn3aeJwULUVSMO19+iwJsPFsH
agNAqNXakxfLSclOsI/QkJ2FfhyVOehYZicDDndEr+lt4WTGrQr0m4Ji8KZhpwl4
a1ZQLLnU/xY6sk8kRycDZejf6HgP9muxqeqkXQRWU2qavklV9PypEHqitc6O6nky
qHeYKprkO3M=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org