Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e34312e302f32342d3234203d3e203137343531.roa
File:                     3138322e3235332e34312e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          o52mv+VTEfEaDV3z65xnqso7EHabk283F1XbUDN8p5A=
Subject key identifier:   37:07:A8:5A:A2:B6:86:FB:26:36:C8:B8:21:BB:2A:FA:EE:55:0F:B9
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       1F922CA54732CE8CCEA10E5BEAB1D9DF04931C
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e34312e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 27 Jan 2022 03:00:30 +0000
ROA not before:           Thu 27 Jan 2022 02:55:30 +0000
ROA not after:            Fri 27 Jan 2023 03:00:30 +0000
asID:                     17451
IP address blocks:        182.253.41.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:92:2c:a5:47:32:ce:8c:ce:a1:0e:5b:ea:b1:d9:df:04:93:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Jan 27 02:55:30 2022 GMT
            Not After : Jan 27 03:00:30 2023 GMT
        Subject: CN=3082010A0282010100CC18925AA9AF90795D0AEEA35D7C42E00AC6AFD6F430D97817A4C3FD68E7B81B2F6ADDD62343D8D8A4FF31C3AC0C7A472266CF283B796DACE106C186162B509A0EEEBF0AB3E919CF3CBAC32E8DFF4B272DF6CB5DCEF31FBC1929499EE3C78570290D5BDBF9E6F28DDEF07F0534A098845DC510DEA4BA21166234F92965BA3F912E74EA544840BF44E43DA2BF3BBFA41B48553954DFD695979163EC570712347D604E93943FD3759AE7AD7495F05DA8B12DA018E5852D2100AE1D66CB82CD0260D353A357FCC891BCD50015187511E752FEF5E2970AC2C864C052B5B1EBB3CBDD5171125A410804E9EA4CD45088CE68943896DFAF54B2C141F154E2FCD9E69D870203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:18:92:5a:a9:af:90:79:5d:0a:ee:a3:5d:7c:
                    42:e0:0a:c6:af:d6:f4:30:d9:78:17:a4:c3:fd:68:
                    e7:b8:1b:2f:6a:dd:d6:23:43:d8:d8:a4:ff:31:c3:
                    ac:0c:7a:47:22:66:cf:28:3b:79:6d:ac:e1:06:c1:
                    86:16:2b:50:9a:0e:ee:bf:0a:b3:e9:19:cf:3c:ba:
                    c3:2e:8d:ff:4b:27:2d:f6:cb:5d:ce:f3:1f:bc:19:
                    29:49:9e:e3:c7:85:70:29:0d:5b:db:f9:e6:f2:8d:
                    de:f0:7f:05:34:a0:98:84:5d:c5:10:de:a4:ba:21:
                    16:62:34:f9:29:65:ba:3f:91:2e:74:ea:54:48:40:
                    bf:44:e4:3d:a2:bf:3b:bf:a4:1b:48:55:39:54:df:
                    d6:95:97:91:63:ec:57:07:12:34:7d:60:4e:93:94:
                    3f:d3:75:9a:e7:ad:74:95:f0:5d:a8:b1:2d:a0:18:
                    e5:85:2d:21:00:ae:1d:66:cb:82:cd:02:60:d3:53:
                    a3:57:fc:c8:91:bc:d5:00:15:18:75:11:e7:52:fe:
                    f5:e2:97:0a:c2:c8:64:c0:52:b5:b1:eb:b3:cb:dd:
                    51:71:12:5a:41:08:04:e9:ea:4c:d4:50:88:ce:68:
                    94:38:96:df:af:54:b2:c1:41:f1:54:e2:fc:d9:e6:
                    9d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:07:A8:5A:A2:B6:86:FB:26:36:C8:B8:21:BB:2A:FA:EE:55:0F:B9
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e34312e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:2a:f1:b2:57:6d:26:f1:75:32:05:82:32:54:54:82:a3:89:
         27:dc:df:61:72:94:4a:87:62:d7:43:ad:aa:4e:33:70:f8:b6:
         e6:77:e9:31:eb:7f:6a:39:ce:a1:f3:9c:6f:aa:55:0e:de:81:
         75:7a:cf:a7:b5:5c:fe:14:c9:31:20:bc:d9:f8:61:4d:8d:d3:
         4e:c0:7c:96:61:19:b6:e5:da:93:32:fd:8a:aa:ff:18:42:39:
         b3:7a:d1:45:0f:09:38:10:ff:89:09:3d:a5:3d:d3:83:0f:c5:
         67:c8:36:97:99:ae:47:d9:49:70:58:9d:92:1c:99:e7:75:00:
         03:4c:fa:ab:a6:c6:f5:10:4f:67:05:dc:23:d3:04:99:34:b1:
         c2:a7:b5:19:05:d8:27:00:89:c3:e0:f1:df:17:09:df:e4:3a:
         d0:38:61:6e:e7:c2:11:bd:4a:24:c8:f1:22:25:95:bf:ea:30:
         1e:eb:fa:10:88:38:f0:f1:45:a6:1e:38:e3:d8:12:81:9d:54:
         ac:b9:13:90:5d:02:76:08:d9:01:62:77:71:80:a4:75:96:07:
         12:60:b9:c1:b6:3f:7f:73:bb:36:cf:e0:a3:74:2b:0f:74:c7:
         83:92:83:7d:3c:a1:de:d6:db:5e:e8:c2:12:40:ad:ec:26:6c:
         31:a8:6e:72
-----BEGIN CERTIFICATE-----
MIIHIzCCBgugAwIBAgITH5IspUcyzozOoQ5b6rHZ3wSTHDANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhBQzU1NTQ0N0JBNjJDMzkxMDdGMTZCRjU3MkY4MkE0MTdG
NzI4REJGMB4XDTIyMDEyNzAyNTUzMFoXDTIzMDEyNzAzMDAzMFowggItMYICKTCC
AiUGA1UEAxOCAhwzMDgyMDEwQTAyODIwMTAxMDBDQzE4OTI1QUE5QUY5MDc5NUQw
QUVFQTM1RDdDNDJFMDBBQzZBRkQ2RjQzMEQ5NzgxN0E0QzNGRDY4RTdCODFCMkY2
QURERDYyMzQzRDhEOEE0RkYzMUMzQUMwQzdBNDcyMjY2Q0YyODNCNzk2REFDRTEw
NkMxODYxNjJCNTA5QTBFRUVCRjBBQjNFOTE5Q0YzQ0JBQzMyRThERkY0QjI3MkRG
NkNCNURDRUYzMUZCQzE5Mjk0OTlFRTNDNzg1NzAyOTBENUJEQkY5RTZGMjhEREVG
MDdGMDUzNEEwOTg4NDVEQzUxMERFQTRCQTIxMTY2MjM0RjkyOTY1QkEzRjkxMkU3
NEVBNTQ0ODQwQkY0NEU0M0RBMkJGM0JCRkE0MUI0ODU1Mzk1NERGRDY5NTk3OTE2
M0VDNTcwNzEyMzQ3RDYwNEU5Mzk0M0ZEMzc1OUFFN0FENzQ5NUYwNURBOEIxMkRB
MDE4RTU4NTJEMjEwMEFFMUQ2NkNCODJDRDAyNjBEMzUzQTM1N0ZDQzg5MUJDRDUw
MDE1MTg3NTExRTc1MkZFRjVFMjk3MEFDMkM4NjRDMDUyQjVCMUVCQjNDQkRENTE3
MTEyNUE0MTA4MDRFOUVBNENENDUwODhDRTY4OTQzODk2REZBRjU0QjJDMTQxRjE1
NEUyRkNEOUU2OUQ4NzAyMDMwMTAwMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDMGJJaqa+QeV0K7qNdfELgCsav1vQw2XgXpMP9aOe4Gy9q3dYjQ9jY
pP8xw6wMekciZs8oO3ltrOEGwYYWK1CaDu6/CrPpGc88usMujf9LJy32y13O8x+8
GSlJnuPHhXApDVvb+ebyjd7wfwU0oJiEXcUQ3qS6IRZiNPkpZbo/kS506lRIQL9E
5D2ivzu/pBtIVTlU39aVl5Fj7FcHEjR9YE6TlD/TdZrnrXSV8F2osS2gGOWFLSEA
rh1my4LNAmDTU6NX/MiRvNUAFRh1EedS/vXilwrCyGTAUrWx67PL3VFxElpBCATp
6kzUUIjOaJQ4lt+vVLLBQfFU4vzZ5p2HAgMBAAGjggIyMIICLjAdBgNVHQ4EFgQU
NweoWqK2hvsmNsi4Ibsq+u5VD7kwHwYDVR0jBBgwFoAUrFVUR7piw5EH8Wv1cvgq
QX9yjb8wDgYDVR0PAQH/BAQDAgeAMIGFBgNVHR8EfjB8MHqgeKB2hnRyc3luYzov
L3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4
NC00ODRmMDI1ZGZmY2MvMC9BQzU1NTQ0N0JBNjJDMzkxMDdGMTZCRjU3MkY4MkE0
MTdGNzI4REJGLmNybDB0BggrBgEFBQcBAQRoMGYwZAYIKwYBBQUHMAKGWHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL0lETklDLUlELzIvQUM1NTU0NDdC
QTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3RjcyOERCRi5jZXIwgaIGCCsGAQUFBwEL
BIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5l
dC9yZXBvLzM5OTNmMzUwLWI3NTYtNDkxNi04ZDg0LTQ4NGYwMjVkZmZjYy8wLzMx
MzgzMjJlMzIzNTMzMmUzNDMxMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0
MzUzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEALb9KTANBgkqhkiG9w0BAQsFAAOCAQEAQSrxsldtJvF1
MgWCMlRUgqOJJ9zfYXKUSodi10Otqk4zcPi25nfpMet/ajnOofOcb6pVDt6BdXrP
p7Vc/hTJMSC82fhhTY3TTsB8lmEZtuXakzL9iqr/GEI5s3rRRQ8JOBD/iQk9pT3T
gw/FZ8g2l5muR9lJcFidkhyZ53UAA0z6q6bG9RBPZwXcI9MEmTSxwqe1GQXYJwCJ
w+Dx3xcJ3+Q60DhhbufCEb1KJMjxIiWVv+owHuv6EIg48PFFph4449gSgZ1UrLkT
kF0CdgjZAWJ3cYCkdZYHEmC5wbY/f3O7Ns/go3QrD3THg5KDfTyh3tbbXujCEkCt
7CZsMahucg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:03 2024 by rpki-client on console-fra.rpki-client.org