Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e35392e302f32342d3234203d3e203137343531.roa
File:                     3138322e3235332e35392e302f32342d3234203d3e203137343531.roa (raw, json)
Hash identifier:          6ARU/VRMVPKqoYBmmPTHUZ3Txe5+++xtVnhqClizvIY=
Subject key identifier:   9D:14:39:46:96:85:59:1D:7D:29:77:CF:B8:ED:89:EB:12:F1:5A:01
Certificate issuer:       /CN=AC555447BA62C39107F16BF572F82A417F728DBF
Certificate serial:       65271275499EDAF13D196D9053B4B58AE0551649
Authority key identifier: AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e35392e302f32342d3234203d3e203137343531.roa
Signing time:             Thu 30 Sep 2021 00:00:00 +0000
ROA not before:           Wed 29 Sep 2021 23:55:00 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     17451
IP address blocks:        182.253.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:27:12:75:49:9e:da:f1:3d:19:6d:90:53:b4:b5:8a:e0:55:16:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC555447BA62C39107F16BF572F82A417F728DBF
        Validity
            Not Before: Sep 29 23:55:00 2021 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=3082010A0282010100F22A764A4E1E96F14E382E26D66481ED5D3E28F35A5CBAFD5F7ED7D856EE42985996ADF9B54ACBC3F95D3F9D1592DFD9F4B0870510098DF3027DE466FE6ED22904D561756719A49D0539C9DEB7CBDDA35853CEC8368560AD2EE2CB14F4B0B6BF5E3A5604B6C7F6AEA709DA1B2A477BC5B09161C94F2776EF49B8802B395CD2D8AD78DAC124D61E0E7849E51D9C295F3326193CC34EDDAFF2CC96C7D404F6B2C81C46DAFBF7E4C38976B384B1526A4B65975E302311683A0B1C1D0E56A3542B7490A04A0A5CC4FB9378D47581B6A4EA962E5B080116251DE491567AC018CBD9E59FFDA2F7F281D099A629B4A902359816F40A448DCE30FBB73356C9BE74CE896D0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2a:76:4a:4e:1e:96:f1:4e:38:2e:26:d6:64:
                    81:ed:5d:3e:28:f3:5a:5c:ba:fd:5f:7e:d7:d8:56:
                    ee:42:98:59:96:ad:f9:b5:4a:cb:c3:f9:5d:3f:9d:
                    15:92:df:d9:f4:b0:87:05:10:09:8d:f3:02:7d:e4:
                    66:fe:6e:d2:29:04:d5:61:75:67:19:a4:9d:05:39:
                    c9:de:b7:cb:dd:a3:58:53:ce:c8:36:85:60:ad:2e:
                    e2:cb:14:f4:b0:b6:bf:5e:3a:56:04:b6:c7:f6:ae:
                    a7:09:da:1b:2a:47:7b:c5:b0:91:61:c9:4f:27:76:
                    ef:49:b8:80:2b:39:5c:d2:d8:ad:78:da:c1:24:d6:
                    1e:0e:78:49:e5:1d:9c:29:5f:33:26:19:3c:c3:4e:
                    dd:af:f2:cc:96:c7:d4:04:f6:b2:c8:1c:46:da:fb:
                    f7:e4:c3:89:76:b3:84:b1:52:6a:4b:65:97:5e:30:
                    23:11:68:3a:0b:1c:1d:0e:56:a3:54:2b:74:90:a0:
                    4a:0a:5c:c4:fb:93:78:d4:75:81:b6:a4:ea:96:2e:
                    5b:08:01:16:25:1d:e4:91:56:7a:c0:18:cb:d9:e5:
                    9f:fd:a2:f7:f2:81:d0:99:a6:29:b4:a9:02:35:98:
                    16:f4:0a:44:8d:ce:30:fb:b7:33:56:c9:be:74:ce:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:14:39:46:96:85:59:1D:7D:29:77:CF:B8:ED:89:EB:12:F1:5A:01
            X509v3 Authority Key Identifier:
                keyid:AC:55:54:47:BA:62:C3:91:07:F1:6B:F5:72:F8:2A:41:7F:72:8D:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/AC555447BA62C39107F16BF572F82A417F728DBF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AC555447BA62C39107F16BF572F82A417F728DBF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3993f350-b756-4916-8d84-484f025dffcc/0/3138322e3235332e35392e302f32342d3234203d3e203137343531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.253.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:e5:c1:01:61:f6:44:e6:76:69:03:bd:fb:54:37:4b:14:67:
         0f:7a:15:8b:13:d9:6c:1f:22:9a:78:da:aa:ea:90:cf:ef:a6:
         b0:e1:52:69:bb:33:76:ef:ba:0e:16:c4:79:45:88:eb:68:ea:
         a6:6c:ec:3b:8d:ba:c8:32:1e:18:85:3c:2d:51:60:91:bb:da:
         50:76:2e:64:5a:61:9e:19:a3:a0:28:43:0b:aa:46:62:3f:a3:
         e9:32:55:eb:81:a1:e5:39:93:92:37:03:73:6d:33:71:33:54:
         6b:ce:c7:2d:c6:ab:4e:ee:f3:a9:94:91:e4:9d:3c:07:9e:c6:
         f5:3f:13:88:33:df:33:88:b8:64:5b:d7:d3:d3:cd:d3:de:b6:
         dd:cd:88:9d:75:c3:de:6e:24:86:e3:70:a3:42:38:61:f0:25:
         95:f8:b7:d5:83:6e:3a:93:7c:49:0f:41:7e:e7:66:fd:df:44:
         45:2b:b9:13:15:b5:80:05:8d:64:1e:03:24:ea:a9:7c:4b:eb:
         9f:89:a0:e4:c0:b1:6a:34:14:9f:83:95:5e:e7:3d:e9:d8:aa:
         f1:da:1e:46:be:cd:46:6c:c5:eb:65:ab:4e:63:ad:a2:34:91:
         a4:ee:71:70:48:fb:91:42:55:e2:8f:b2:e1:f2:dd:c6:d0:e4:
         53:34:f1:19
-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIUZScSdUme2vE9GW2QU7S1iuBVFkkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJBNDE3
RjcyOERCRjAeFw0yMTA5MjkyMzU1MDBaFw0yMjA5MzAwMDAwMDBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRjIyQTc2NEE0RTFFOTZGMTRF
MzgyRTI2RDY2NDgxRUQ1RDNFMjhGMzVBNUNCQUZENUY3RUQ3RDg1NkVFNDI5ODU5
OTZBREY5QjU0QUNCQzNGOTVEM0Y5RDE1OTJERkQ5RjRCMDg3MDUxMDA5OERGMzAy
N0RFNDY2RkU2RUQyMjkwNEQ1NjE3NTY3MTlBNDlEMDUzOUM5REVCN0NCRERBMzU4
NTNDRUM4MzY4NTYwQUQyRUUyQ0IxNEY0QjBCNkJGNUUzQTU2MDRCNkM3RjZBRUE3
MDlEQTFCMkE0NzdCQzVCMDkxNjFDOTRGMjc3NkVGNDlCODgwMkIzOTVDRDJEOEFE
NzhEQUMxMjRENjFFMEU3ODQ5RTUxRDlDMjk1RjMzMjYxOTNDQzM0RUREQUZGMkND
OTZDN0Q0MDRGNkIyQzgxQzQ2REFGQkY3RTRDMzg5NzZCMzg0QjE1MjZBNEI2NTk3
NUUzMDIzMTE2ODNBMEIxQzFEMEU1NkEzNTQyQjc0OTBBMDRBMEE1Q0M0RkI5Mzc4
RDQ3NTgxQjZBNEVBOTYyRTVCMDgwMTE2MjUxREU0OTE1NjdBQzAxOENCRDlFNTlG
RkRBMkY3RjI4MUQwOTlBNjI5QjRBOTAyMzU5ODE2RjQwQTQ0OERDRTMwRkJCNzMz
NTZDOUJFNzRDRTg5NkQwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA8ip2Sk4elvFOOC4m1mSB7V0+KPNaXLr9X37X2FbuQphZlq35tUrL
w/ldP50Vkt/Z9LCHBRAJjfMCfeRm/m7SKQTVYXVnGaSdBTnJ3rfL3aNYU87INoVg
rS7iyxT0sLa/XjpWBLbH9q6nCdobKkd7xbCRYclPJ3bvSbiAKzlc0titeNrBJNYe
DnhJ5R2cKV8zJhk8w07dr/LMlsfUBPayyBxG2vv35MOJdrOEsVJqS2WXXjAjEWg6
CxwdDlajVCt0kKBKClzE+5N41HWBtqTqli5bCAEWJR3kkVZ6wBjL2eWf/aL38oHQ
maYptKkCNZgW9ApEjc4w+7czVsm+dM6JbQIDAQABo4ICMjCCAi4wHQYDVR0OBBYE
FJ0UOUaWhVkdfSl3z7jtiesS8VoBMB8GA1UdIwQYMBaAFKxVVEe6YsORB/Fr9XL4
KkF/co2/MA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMzk5M2YzNTAtYjc1Ni00OTE2LThk
ODQtNDg0ZjAyNWRmZmNjLzAvQUM1NTU0NDdCQTYyQzM5MTA3RjE2QkY1NzJGODJB
NDE3RjcyOERCRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0FDNTU1NDQ3
QkE2MkMzOTEwN0YxNkJGNTcyRjgyQTQxN0Y3MjhEQkYuY2VyMIGiBggrBgEFBQcB
CwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8zOTkzZjM1MC1iNzU2LTQ5MTYtOGQ4NC00ODRmMDI1ZGZmY2MvMC8z
MTM4MzIyZTMyMzUzMzJlMzUzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzcz
NDM1MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAC2/TswDQYJKoZIhvcNAQELBQADggEBACDlwQFh9kTm
dmkDvftUN0sUZw96FYsT2WwfIpp42qrqkM/vprDhUmm7M3bvug4WxHlFiOto6qZs
7DuNusgyHhiFPC1RYJG72lB2LmRaYZ4Zo6AoQwuqRmI/o+kyVeuBoeU5k5I3A3Nt
M3EzVGvOxy3Gq07u86mUkeSdPAeexvU/E4gz3zOIuGRb19PTzdPett3NiJ11w95u
JIbjcKNCOGHwJZX4t9WDbjqTfEkPQX7nZv3fREUruRMVtYAFjWQeAyTqqXxL65+J
oOTAsWo0FJ+DlV7nPenYqvHaHka+zUZsxetlq05jraI0kaTucXBI+5FCVeKPsuHy
3cbQ5FM08Rk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:00 2023 by rpki-client on console-ams.rpki-client.org