Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/32372e3132332e3232302e302f32342d3234203d3e203538333639.roa
File:                     32372e3132332e3232302e302f32342d3234203d3e203538333639.roa (raw, json)
Hash identifier:          vo8y4ceXpRESjeODtYTcVmUIMpau+BZrcvTyN3P26vU=
Subject key identifier:   99:9A:56:B5:52:16:0D:9A:7E:46:CB:A7:E2:21:7A:31:03:77:B8:04
Certificate issuer:       /CN=A095A9A71806956C905D5CF7CB797843D22D04B8
Certificate serial:       58C7DD7680D0BC680AE0D4E4FD22051B4F4BBE21
Authority key identifier: A0:95:A9:A7:18:06:95:6C:90:5D:5C:F7:CB:79:78:43:D2:2D:04:B8
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/32372e3132332e3232302e302f32342d3234203d3e203538333639.roa
Signing time:             Mon 31 Jul 2023 00:07:31 +0000
ROA not before:           Mon 31 Jul 2023 00:02:31 +0000
ROA not after:            Mon 29 Jul 2024 00:07:31 +0000
asID:                     58369
IP address blocks:        27.123.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.crl
                          rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c7:dd:76:80:d0:bc:68:0a:e0:d4:e4:fd:22:05:1b:4f:4b:be:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A095A9A71806956C905D5CF7CB797843D22D04B8
        Validity
            Not Before: Jul 31 00:02:31 2023 GMT
            Not After : Jul 29 00:07:31 2024 GMT
        Subject: CN=999A56B552160D9A7E46CBA7E2217A310377B804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:e6:d0:18:3d:80:08:92:71:07:63:94:5b:
                    c5:25:63:d5:64:71:29:88:d6:d6:50:89:f8:91:87:
                    e0:bc:ce:b1:4f:d8:14:41:46:eb:85:ca:fb:50:d3:
                    45:fa:6c:99:f4:62:0d:32:ea:02:d9:f9:0a:44:f1:
                    ba:9d:f1:6c:55:cb:81:fb:06:7c:30:20:70:32:b0:
                    33:61:31:60:f2:fe:61:5f:8c:a0:a4:0b:33:5f:fc:
                    3c:1a:02:b4:11:b3:ac:4d:7e:eb:a8:e9:97:9b:4c:
                    35:b5:9c:38:82:01:16:6d:b8:0d:9a:60:38:71:d1:
                    79:02:42:ed:42:a1:3e:37:c7:21:7a:35:60:7b:50:
                    63:82:ff:2a:b2:6a:96:5d:eb:af:77:c3:df:7e:34:
                    b0:45:6a:46:bf:21:9b:8d:5e:a6:42:60:b3:f2:08:
                    75:b2:87:f7:cc:b5:8e:15:23:58:37:b1:ce:e6:7c:
                    7e:39:75:1f:15:38:f5:0c:0d:9a:a2:a3:73:f6:73:
                    71:b6:f4:81:84:e5:cd:73:af:1d:11:2e:e6:83:00:
                    d8:63:df:d0:33:e9:c4:d2:d2:81:7c:63:9c:aa:52:
                    03:ee:a2:b0:1b:d3:00:1a:76:d7:57:59:aa:02:60:
                    cb:86:85:5e:2e:c8:50:ac:e8:b7:03:e1:1a:eb:90:
                    bf:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:9A:56:B5:52:16:0D:9A:7E:46:CB:A7:E2:21:7A:31:03:77:B8:04
            X509v3 Authority Key Identifier:
                keyid:A0:95:A9:A7:18:06:95:6C:90:5D:5C:F7:CB:79:78:43:D2:2D:04:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/A095A9A71806956C905D5CF7CB797843D22D04B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A095A9A71806956C905D5CF7CB797843D22D04B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/16a81182-7ceb-465c-a5b5-a14ec739bf99/0/32372e3132332e3232302e302f32342d3234203d3e203538333639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.123.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a7:15:06:81:61:84:04:e8:95:d0:61:50:c2:58:b6:e4:7c:
         27:e4:36:e4:39:4d:aa:a8:01:44:7b:5c:90:0a:c4:bc:96:22:
         e5:1f:2e:af:5f:90:5c:01:94:8c:29:a0:27:1a:a9:e5:64:0c:
         c0:df:4b:6e:dc:40:0d:01:10:81:49:d6:d3:ad:cd:cd:c3:b9:
         80:9e:11:22:4e:c9:bf:0f:c3:0e:00:55:88:59:cb:8a:0a:36:
         1f:75:fa:ab:13:ba:89:c3:7a:f2:dc:7f:43:6f:96:50:75:6e:
         5a:80:f8:9e:40:d6:6d:0f:39:ae:09:07:21:1f:db:74:d0:a6:
         60:1b:bf:bc:4b:3f:57:6a:6d:a3:b8:f8:bb:20:19:7d:c4:b3:
         0d:08:05:cb:33:45:30:4c:74:e6:63:88:fd:d5:c7:18:64:ee:
         d9:09:f0:13:7b:f9:3b:04:fb:d5:8a:3c:47:2a:95:31:50:34:
         9d:5e:9f:6d:7f:fc:ff:b1:dc:5a:6f:d1:cf:76:58:8f:01:fa:
         eb:f8:6b:be:40:45:d8:ab:2c:f6:dd:68:aa:92:04:49:f5:b9:
         da:e6:6c:2b:1e:92:c5:6f:b8:0f:20:8c:46:13:16:20:3a:ab:
         ca:51:c9:5e:99:3a:87:e6:fc:e3:69:16:2c:a4:d1:78:05:d1:
         63:9a:6b:23
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUWMfddoDQvGgK4NTk/SIFG09LviEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTA5NUE5QTcxODA2OTU2QzkwNUQ1Q0Y3Q0I3OTc4NDNE
MjJEMDRCODAeFw0yMzA3MzEwMDAyMzFaFw0yNDA3MjkwMDA3MzFaMDMxMTAvBgNV
BAMTKDk5OUE1NkI1NTIxNjBEOUE3RTQ2Q0JBN0UyMjE3QTMxMDM3N0I4MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7R+bQGD2ACJJxB2OUW8UlY9Vk
cSmI1tZQifiRh+C8zrFP2BRBRuuFyvtQ00X6bJn0Yg0y6gLZ+QpE8bqd8WxVy4H7
BnwwIHAysDNhMWDy/mFfjKCkCzNf/DwaArQRs6xNfuuo6ZebTDW1nDiCARZtuA2a
YDhx0XkCQu1CoT43xyF6NWB7UGOC/yqyapZd6693w99+NLBFaka/IZuNXqZCYLPy
CHWyh/fMtY4VI1g3sc7mfH45dR8VOPUMDZqio3P2c3G29IGE5c1zrx0RLuaDANhj
39Az6cTS0oF8Y5yqUgPuorAb0wAadtdXWaoCYMuGhV4uyFCs6LcD4RrrkL+3AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUmZpWtVIWDZp+Rsun4iF6MQN3uAQwHwYDVR0j
BBgwFoAUoJWppxgGlWyQXVz3y3l4Q9ItBLgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
NmE4MTE4Mi03Y2ViLTQ2NWMtYTViNS1hMTRlYzczOWJmOTkvMC9BMDk1QTlBNzE4
MDY5NTZDOTA1RDVDRjdDQjc5Nzg0M0QyMkQwNEI4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQTA5NUE5QTcxODA2OTU2QzkwNUQ1Q0Y3Q0I3OTc4NDNEMjJE
MDRCOC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE2YTgxMTgyLTdjZWItNDY1Yy1h
NWI1LWExNGVjNzM5YmY5OS8wLzMyMzcyZTMxMzIzMzJlMzIzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzODMzMzYzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEABt73DANBgkqhkiG
9w0BAQsFAAOCAQEAKKcVBoFhhAToldBhUMJYtuR8J+Q25DlNqqgBRHtckArEvJYi
5R8ur1+QXAGUjCmgJxqp5WQMwN9LbtxADQEQgUnW063NzcO5gJ4RIk7Jvw/DDgBV
iFnLigo2H3X6qxO6icN68tx/Q2+WUHVuWoD4nkDWbQ85rgkHIR/bdNCmYBu/vEs/
V2pto7j4uyAZfcSzDQgFyzNFMEx05mOI/dXHGGTu2QnwE3v5OwT71Yo8RyqVMVA0
nV6fbX/8/7HcWm/Rz3ZYjwH66/hrvkBF2Kss9t1oqpIESfW52uZsKx6SxW+4DyCM
RhMWIDqrylHJXpk6h+b842kWLKTReAXRY5prIw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:32:00 2024 by rpki-client on console-fra.rpki-client.org