Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/3137352e34352e3138372e302f32342d3234203d3e203436303139.roa
File:                     3137352e34352e3138372e302f32342d3234203d3e203436303139.roa (raw, json)
Hash identifier:          M3fuQHtjdLgrcRYUvZ8ftseQoV1+kdI5pfyXgu6wTEU=
Subject key identifier:   85:71:F4:89:44:19:96:A8:B2:CA:FB:9C:42:7E:28:38:48:F7:CF:6D
Certificate issuer:       /CN=9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5
Certificate serial:       0245D706E72137FA1985996C65B8EB154D31671B
Authority key identifier: 9F:56:EC:50:DA:14:D1:3D:14:9F:51:45:D6:2A:FC:5A:3F:0B:70:B5
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/3137352e34352e3138372e302f32342d3234203d3e203436303139.roa
Signing time:             Mon 31 Jul 2023 00:02:31 +0000
ROA not before:           Sun 30 Jul 2023 23:57:31 +0000
ROA not after:            Mon 29 Jul 2024 00:02:31 +0000
asID:                     46019
IP address blocks:        175.45.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.crl
                          rsync://repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:45:d7:06:e7:21:37:fa:19:85:99:6c:65:b8:eb:15:4d:31:67:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5
        Validity
            Not Before: Jul 30 23:57:31 2023 GMT
            Not After : Jul 29 00:02:31 2024 GMT
        Subject: CN=8571F489441996A8B2CAFB9C427E283848F7CF6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ed:84:77:2e:34:55:64:74:b6:d1:6d:40:88:
                    58:4a:6e:c4:f9:6e:f9:73:92:de:2e:35:c5:50:28:
                    aa:76:77:d1:11:ec:3a:73:56:31:1a:a1:b7:84:84:
                    1e:f5:c6:7f:14:45:73:91:54:09:c6:99:be:f9:cb:
                    0a:7a:ab:d7:28:cc:b8:e4:ce:51:8f:95:12:27:c9:
                    79:9e:6e:2c:8d:0a:f8:24:1b:41:b5:5e:19:98:10:
                    7f:79:b8:10:2b:dc:24:b7:1c:a9:fc:ec:38:f0:ae:
                    a8:4a:42:4d:27:27:a6:95:8e:33:0c:77:52:18:39:
                    c1:07:7b:74:44:72:81:cf:e1:26:7a:b6:f6:ce:75:
                    51:07:6e:80:27:eb:5e:96:09:10:78:e1:c6:80:fc:
                    2f:32:26:db:5b:37:fd:30:0e:99:bb:a7:f9:ec:01:
                    66:de:91:d7:7f:dd:10:18:34:fb:78:13:02:77:64:
                    60:c4:36:05:7f:2f:80:82:c6:22:a8:7f:5d:01:1b:
                    d1:e1:2f:ca:70:7f:76:e7:58:3d:e2:a0:cc:11:ea:
                    76:b9:2c:8d:41:51:d4:0c:65:8f:67:69:6b:7f:7c:
                    24:59:8a:48:2d:f2:9d:9f:15:7f:1b:ea:27:b9:7d:
                    fc:67:54:fd:eb:28:cd:26:b3:33:05:fe:72:c0:9e:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:71:F4:89:44:19:96:A8:B2:CA:FB:9C:42:7E:28:38:48:F7:CF:6D
            X509v3 Authority Key Identifier:
                keyid:9F:56:EC:50:DA:14:D1:3D:14:9F:51:45:D6:2A:FC:5A:3F:0B:70:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9F56EC50DA14D13D149F5145D62AFC5A3F0B70B5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2bf71c91-1624-4fc0-8c63-2efafd46fbc1/0/3137352e34352e3138372e302f32342d3234203d3e203436303139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.45.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:04:14:a5:09:f6:66:78:bc:eb:a2:f6:6f:fa:90:4a:56:
         bd:5b:9e:86:bf:ba:b4:44:31:8f:cb:b5:05:c9:37:ee:b2:96:
         85:28:2f:d5:09:3d:5e:77:5f:1b:24:f8:ac:d8:dd:15:0b:f9:
         cb:8e:00:3b:c3:69:11:d2:bf:02:db:4d:bd:bc:a0:c5:ad:e4:
         96:84:f8:81:50:bf:92:38:21:98:05:99:5e:4e:6a:fd:5d:bd:
         d3:8a:b6:e0:5a:2e:8c:25:a6:58:b0:1d:44:15:80:2d:46:fa:
         64:d5:81:81:1a:6a:10:16:c3:8d:25:a2:2d:ab:ff:e5:61:1f:
         af:84:c9:5a:51:90:d0:fe:49:29:60:54:f9:8f:82:2a:59:85:
         fe:b5:ea:fc:6c:93:47:b8:2b:8f:67:d0:dd:e6:92:54:46:43:
         12:4d:17:99:3a:a8:07:a7:fc:fe:99:2a:dd:92:aa:60:4b:d0:
         72:59:3b:85:59:cc:4b:62:76:f3:e5:64:08:37:7b:c9:53:66:
         ad:f1:7c:42:2c:6f:53:ae:c1:bb:ac:c7:99:b4:8b:c0:94:3e:
         53:04:16:54:df:75:74:6e:30:42:12:ad:de:19:aa:66:44:37:
         ec:88:49:07:cf:3e:2d:9a:79:3b:5c:82:5c:5e:f3:7d:ba:c6:
         3b:23:11:8d
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUAkXXBuchN/oZhZlsZbjrFU0xZxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUY1NkVDNTBEQTE0RDEzRDE0OUY1MTQ1RDYyQUZDNUEz
RjBCNzBCNTAeFw0yMzA3MzAyMzU3MzFaFw0yNDA3MjkwMDAyMzFaMDMxMTAvBgNV
BAMTKDg1NzFGNDg5NDQxOTk2QThCMkNBRkI5QzQyN0UyODM4NDhGN0NGNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF7YR3LjRVZHS20W1AiFhKbsT5
bvlzkt4uNcVQKKp2d9ER7DpzVjEaobeEhB71xn8URXORVAnGmb75ywp6q9cozLjk
zlGPlRInyXmebiyNCvgkG0G1XhmYEH95uBAr3CS3HKn87DjwrqhKQk0nJ6aVjjMM
d1IYOcEHe3REcoHP4SZ6tvbOdVEHboAn616WCRB44caA/C8yJttbN/0wDpm7p/ns
AWbekdd/3RAYNPt4EwJ3ZGDENgV/L4CCxiKof10BG9HhL8pwf3bnWD3ioMwR6na5
LI1BUdQMZY9naWt/fCRZikgt8p2fFX8b6ie5ffxnVP3rKM0mszMF/nLAnof3AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUhXH0iUQZlqiyyvucQn4oOEj3z20wHwYDVR0j
BBgwFoAUn1bsUNoU0T0Un1FF1ir8Wj8LcLUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
YmY3MWM5MS0xNjI0LTRmYzAtOGM2My0yZWZhZmQ0NmZiYzEvMC85RjU2RUM1MERB
MTREMTNEMTQ5RjUxNDVENjJBRkM1QTNGMEI3MEI1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUY1NkVDNTBEQTE0RDEzRDE0OUY1MTQ1RDYyQUZDNUEzRjBC
NzBCNS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJiZjcxYzkxLTE2MjQtNGZjMC04
YzYzLTJlZmFmZDQ2ZmJjMS8wLzMxMzczNTJlMzQzNTJlMzEzODM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzNjMwMzEzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAK8tuzANBgkqhkiG
9w0BAQsFAAOCAQEATkAEFKUJ9mZ4vOui9m/6kEpWvVuehr+6tEQxj8u1Bck37rKW
hSgv1Qk9XndfGyT4rNjdFQv5y44AO8NpEdK/AttNvbygxa3kloT4gVC/kjghmAWZ
Xk5q/V2904q24FoujCWmWLAdRBWALUb6ZNWBgRpqEBbDjSWiLav/5WEfr4TJWlGQ
0P5JKWBU+Y+CKlmF/rXq/GyTR7grj2fQ3eaSVEZDEk0XmTqoB6f8/pkq3ZKqYEvQ
clk7hVnMS2J28+VkCDd7yVNmrfF8QixvU67Bu6zHmbSLwJQ+UwQWVN91dG4wQhKt
3hmqZkQ37IhJB88+LZp5O1yCXF7zfbrGOyMRjQ==
-----END CERTIFICATE-----
Generated at Wed Mar 27 05:20:14 2024 by rpki-client on console-fra.rpki-client.org