Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/3131362e3139372e3132392e302f32342d3234203d3e203538333639.roa
File:                     3131362e3139372e3132392e302f32342d3234203d3e203538333639.roa (raw, json)
Hash identifier:          mdNMcJaJF3e4vSabIawm/1ZK2+cfWzrFkbacs1/nzeQ=
Subject key identifier:   56:6B:E8:27:FB:B8:0F:44:45:7A:B0:67:6C:A6:D9:2C:53:1B:A3:F3
Certificate issuer:       /CN=A095A9A71806956C905D5CF7CB797843D22D04B8
Certificate serial:       5B6FB10658F0CACCCCA456D1FF1B864A5DD057DB
Authority key identifier: A0:95:A9:A7:18:06:95:6C:90:5D:5C:F7:CB:79:78:43:D2:2D:04:B8
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/3131362e3139372e3132392e302f32342d3234203d3e203538333639.roa
Signing time:             Mon 31 Jul 2023 00:07:31 +0000
ROA not before:           Mon 31 Jul 2023 00:02:31 +0000
ROA not after:            Mon 29 Jul 2024 00:07:31 +0000
asID:                     58369
IP address blocks:        116.197.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.crl
                          rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:6f:b1:06:58:f0:ca:cc:cc:a4:56:d1:ff:1b:86:4a:5d:d0:57:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A095A9A71806956C905D5CF7CB797843D22D04B8
        Validity
            Not Before: Jul 31 00:02:31 2023 GMT
            Not After : Jul 29 00:07:31 2024 GMT
        Subject: CN=566BE827FBB80F44457AB0676CA6D92C531BA3F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:69:9a:fe:27:a3:5f:9e:30:82:d4:46:8a:e8:
                    8a:c0:f8:72:5f:27:ad:83:d6:e7:a1:1e:7e:cf:9b:
                    3a:76:49:92:7b:e5:0e:e2:5a:aa:7f:bb:1d:55:c5:
                    6a:92:74:99:ce:b4:6d:a4:db:24:3d:69:0a:f5:27:
                    b3:f2:be:ee:70:83:f4:f8:45:5d:c7:ea:74:45:e4:
                    ed:4a:32:a1:5b:70:4b:7d:53:8f:e9:99:4e:13:58:
                    56:ef:39:22:b2:c5:6d:30:a9:b0:8e:08:e9:fc:55:
                    2f:2c:c1:8d:05:d7:3e:d6:0c:72:cc:07:4b:26:4a:
                    22:0b:b7:4f:16:7d:44:b6:be:a3:21:18:1b:a1:17:
                    08:21:38:d4:58:df:b8:0b:3e:5d:e9:53:a6:ca:01:
                    bc:7b:1f:2a:09:bb:25:3a:fa:14:64:87:f2:9c:23:
                    8a:2a:49:89:a8:3b:90:55:fe:43:18:41:83:14:31:
                    1a:c0:f1:f5:22:78:e8:d4:16:d0:36:5c:84:f4:27:
                    03:a9:4e:aa:82:82:ec:50:c3:0f:0e:a4:e8:04:f9:
                    45:4d:18:3e:25:eb:b0:b8:ae:5b:15:97:fd:12:cb:
                    87:f4:f5:13:d6:95:90:dd:1a:96:ce:20:7a:0d:58:
                    43:61:a1:53:dd:1f:3a:eb:46:22:d9:6d:a4:cf:69:
                    68:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6B:E8:27:FB:B8:0F:44:45:7A:B0:67:6C:A6:D9:2C:53:1B:A3:F3
            X509v3 Authority Key Identifier:
                keyid:A0:95:A9:A7:18:06:95:6C:90:5D:5C:F7:CB:79:78:43:D2:2D:04:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/3131362e3139372e3132392e302f32342d3234203d3e203538333639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.197.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:1d:df:80:cd:f7:3f:b2:2f:e7:1f:b7:e2:30:36:44:f2:a0:
         94:a2:68:37:5b:77:3e:4d:be:f6:36:3a:3e:23:95:a0:1d:1a:
         83:c6:ee:02:9b:49:69:dd:ab:27:1a:b7:95:c0:13:11:87:7c:
         26:61:5d:b1:dd:1b:05:84:52:96:c9:44:b6:6e:1e:d4:93:fb:
         75:7a:8d:90:4e:e8:30:32:03:14:9e:85:a2:77:c2:1b:9f:fa:
         08:50:8a:35:c5:e3:85:00:e1:45:23:02:f3:e0:98:20:fb:40:
         f0:24:bb:ea:2d:fc:44:ed:de:46:63:48:52:40:77:20:dc:8f:
         af:7e:e1:2d:ec:03:ef:80:3d:b6:88:d4:b4:8a:b5:4e:46:8c:
         5d:80:31:0a:91:92:22:1e:ef:74:10:d6:bc:26:0d:3c:7e:4c:
         5d:f9:62:67:58:f6:17:ef:48:1c:55:d3:3b:c2:8a:b1:67:02:
         fa:de:5e:69:ae:59:78:1a:d5:88:31:6b:2f:f0:56:ce:48:58:
         ff:ea:51:4e:11:29:6f:34:e7:6a:46:62:45:e3:c6:76:77:17:
         aa:3c:f2:21:b8:1f:f4:75:47:55:95:a8:76:64:e3:d2:61:30:
         45:65:94:26:84:d3:62:2c:4b:36:76:e7:41:f0:cf:26:cb:02:
         fb:9b:d7:0a
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUW2+xBljwyszMpFbR/xuGSl3QV9swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTA5NUE5QTcxODA2OTU2QzkwNUQ1Q0Y3Q0I3OTc4NDNE
MjJEMDRCODAeFw0yMzA3MzEwMDAyMzFaFw0yNDA3MjkwMDA3MzFaMDMxMTAvBgNV
BAMTKDU2NkJFODI3RkJCODBGNDQ0NTdBQjA2NzZDQTZEOTJDNTMxQkEzRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaaZr+J6NfnjCC1EaK6IrA+HJf
J62D1uehHn7Pmzp2SZJ75Q7iWqp/ux1VxWqSdJnOtG2k2yQ9aQr1J7Pyvu5wg/T4
RV3H6nRF5O1KMqFbcEt9U4/pmU4TWFbvOSKyxW0wqbCOCOn8VS8swY0F1z7WDHLM
B0smSiILt08WfUS2vqMhGBuhFwghONRY37gLPl3pU6bKAbx7HyoJuyU6+hRkh/Kc
I4oqSYmoO5BV/kMYQYMUMRrA8fUieOjUFtA2XIT0JwOpTqqCguxQww8OpOgE+UVN
GD4l67C4rlsVl/0Sy4f09RPWlZDdGpbOIHoNWENhoVPdHzrrRiLZbaTPaWiDAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUVmvoJ/u4D0RFerBnbKbZLFMbo/MwHwYDVR0j
BBgwFoAUoJWppxgGlWyQXVz3y3l4Q9ItBLgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
NmE4MTE4Mi03Y2ViLTQ2NWMtYTViNS1hMTRlYzczOWJmOTkvMC9BMDk1QTlBNzE4
MDY5NTZDOTA1RDVDRjdDQjc5Nzg0M0QyMkQwNEI4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQTA5NUE5QTcxODA2OTU2QzkwNUQ1Q0Y3Q0I3OTc4NDNEMjJE
MDRCOC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE2YTgxMTgyLTdjZWItNDY1Yy1h
NWI1LWExNGVjNzM5YmY5OS8wLzMxMzEzNjJlMzEzOTM3MmUzMTMyMzkyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzNTM4MzMzNjM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAdMWBMA0GCSqG
SIb3DQEBCwUAA4IBAQBmHd+Azfc/si/nH7fiMDZE8qCUomg3W3c+Tb72Njo+I5Wg
HRqDxu4Cm0lp3asnGreVwBMRh3wmYV2x3RsFhFKWyUS2bh7Uk/t1eo2QTugwMgMU
noWid8Ibn/oIUIo1xeOFAOFFIwLz4Jgg+0DwJLvqLfxE7d5GY0hSQHcg3I+vfuEt
7APvgD22iNS0irVORoxdgDEKkZIiHu90ENa8Jg08fkxd+WJnWPYX70gcVdM7woqx
ZwL63l5prll4GtWIMWsv8FbOSFj/6lFOESlvNOdqRmJF48Z2dxeqPPIhuB/0dUdV
lah2ZOPSYTBFZZQmhNNiLEs2dudB8M8mywL7m9cK
-----END CERTIFICATE-----
Generated at Tue Mar 26 18:22:28 2024 by rpki-client on console-fra.rpki-client.org