Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa
File:                     3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa (raw, json)
Hash identifier:          asoPLu9V+iajuD4OAyPiWOp6+oD9RPHcHL3okHsdrAI=
Subject key identifier:   24:42:58:82:96:45:59:8E:95:95:76:FE:73:0F:F0:F0:7D:C0:74:A1
Certificate issuer:       /CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
Certificate serial:       6C0E49EB3D7741DFD4E792299E7B2868F24A2CF2
Authority key identifier: 7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa
Signing time:             Fri 24 Nov 2023 06:00:02 +0000
ROA not before:           Fri 24 Nov 2023 05:55:02 +0000
ROA not after:            Fri 22 Nov 2024 06:00:02 +0000
asID:                     63859
IP address blocks:        158.140.160.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 15:39:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:0e:49:eb:3d:77:41:df:d4:e7:92:29:9e:7b:28:68:f2:4a:2c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
        Validity
            Not Before: Nov 24 05:55:02 2023 GMT
            Not After : Nov 22 06:00:02 2024 GMT
        Subject: CN=244258829645598E959576FE730FF0F07DC074A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:49:d5:5f:39:ee:d2:e0:c4:dd:c9:dd:78:f3:
                    a3:a1:ff:95:9b:f2:97:40:0d:a1:cd:91:45:83:98:
                    36:fd:99:7f:d9:3e:95:bf:94:8c:21:96:1d:ff:ed:
                    f0:db:ce:53:1d:f0:0e:0c:e0:35:7b:3d:56:54:da:
                    64:62:5a:7b:25:6e:3a:99:31:3e:77:23:ed:4c:6d:
                    7e:9e:71:b0:ee:ea:89:1f:82:73:2c:2a:17:4a:d5:
                    f0:1f:58:e0:d8:67:84:52:f9:9a:52:88:5f:90:3e:
                    93:e2:94:b1:65:7a:9d:94:e6:a3:63:5f:38:4e:41:
                    4a:f8:8a:41:9b:17:0e:ca:ce:61:a4:52:2e:09:f1:
                    29:c6:3b:db:f9:bf:18:ad:4f:2e:2c:73:41:a2:53:
                    3a:f1:0b:a2:32:e9:3e:b9:b6:02:87:65:62:7f:0a:
                    ad:6a:f3:02:7f:be:eb:a6:60:97:42:fb:01:23:df:
                    50:42:18:a6:0f:d0:f4:03:fb:0d:d4:07:38:36:bb:
                    2b:43:05:1c:90:23:50:c8:9a:98:f5:41:f5:11:e7:
                    dd:39:43:75:c5:ee:5b:96:0c:d8:14:b5:4f:5e:ba:
                    b7:0d:74:02:f4:92:33:8e:32:83:46:6b:ca:42:fb:
                    83:b5:80:87:5d:9e:24:ea:c8:5d:0d:42:20:b8:b0:
                    d7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:42:58:82:96:45:59:8E:95:95:76:FE:73:0F:F0:F0:7D:C0:74:A1
            X509v3 Authority Key Identifier:
                keyid:7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:f7:71:cb:e4:15:86:a2:e0:56:42:54:7c:57:01:91:c0:7a:
         bc:f9:cb:7d:43:9f:18:11:51:36:2a:c7:4d:ec:81:7b:fc:f4:
         59:dd:b3:53:71:e8:8b:f4:4b:e6:18:97:2c:b0:9c:ea:a8:6c:
         c9:74:3c:47:07:3c:19:51:88:69:3d:dd:d9:d8:0b:f7:d0:c7:
         0b:9f:b7:3d:fe:06:f9:39:94:9d:93:b2:ff:ce:e3:86:95:ec:
         00:ba:83:44:1f:b3:fb:f6:da:0c:9f:e6:71:e4:da:9d:9c:42:
         10:25:2d:b3:4c:cb:98:c2:b9:0d:b5:4d:9b:14:25:64:5d:71:
         3f:74:88:f7:5e:f9:6a:ac:49:ea:36:44:95:c6:9d:c0:1d:d0:
         4f:6f:df:84:bb:8a:05:09:28:bb:51:b4:d5:d5:52:2e:83:fe:
         87:c5:2a:90:93:4d:e1:8a:cd:d8:62:de:9f:32:93:0c:bc:43:
         75:f0:22:d1:8c:e2:16:52:43:fc:b5:0e:bb:78:0d:e9:cf:bf:
         96:cc:cb:fd:fa:aa:9f:90:3c:cf:9a:e4:1d:00:e1:0b:aa:06:
         cd:35:27:14:1d:83:25:d6:64:54:b3:0f:da:08:c5:8d:03:67:
         4f:a3:59:2d:3e:81:17:20:af:30:58:38:bc:c6:86:c0:71:45:
         80:c6:21:bf
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUbA5J6z13Qd/U55IpnnsoaPJKLPIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0
NzBFOEZDRjAeFw0yMzExMjQwNTU1MDJaFw0yNDExMjIwNjAwMDJaMDMxMTAvBgNV
BAMTKDI0NDI1ODgyOTY0NTU5OEU5NTk1NzZGRTczMEZGMEYwN0RDMDc0QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLSdVfOe7S4MTdyd1486Oh/5Wb
8pdADaHNkUWDmDb9mX/ZPpW/lIwhlh3/7fDbzlMd8A4M4DV7PVZU2mRiWnslbjqZ
MT53I+1MbX6ecbDu6okfgnMsKhdK1fAfWODYZ4RS+ZpSiF+QPpPilLFlep2U5qNj
XzhOQUr4ikGbFw7KzmGkUi4J8SnGO9v5vxitTy4sc0GiUzrxC6Iy6T65tgKHZWJ/
Cq1q8wJ/vuumYJdC+wEj31BCGKYP0PQD+w3UBzg2uytDBRyQI1DImpj1QfUR5905
Q3XF7luWDNgUtU9eurcNdAL0kjOOMoNGa8pC+4O1gIddniTqyF0NQiC4sNdzAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUJEJYgpZFWY6VlXb+cw/w8H3AdKEwHwYDVR0j
BBgwFoAUfQyIbPuvBiQCnMrleCTDz0cOj88wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMS83RDBDODg2Q0ZC
QUYwNjI0MDI5Q0NBRTU3ODI0QzNDRjQ3MEU4RkNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0NzBF
OEZDRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8xLzMxMzUzODJlMzEzNDMwMmUzMTM2MzAyZTMwMmYz
MjMwMmQzMjMwMjAzZDNlMjAzNjMzMzgzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnoygMA0GCSqG
SIb3DQEBCwUAA4IBAQAE93HL5BWGouBWQlR8VwGRwHq8+ct9Q58YEVE2KsdN7IF7
/PRZ3bNTceiL9EvmGJcssJzqqGzJdDxHBzwZUYhpPd3Z2Av30McLn7c9/gb5OZSd
k7L/zuOGlewAuoNEH7P79toMn+Zx5NqdnEIQJS2zTMuYwrkNtU2bFCVkXXE/dIj3
XvlqrEnqNkSVxp3AHdBPb9+Eu4oFCSi7UbTV1VIug/6HxSqQk03his3YYt6fMpMM
vEN18CLRjOIWUkP8tQ67eA3pz7+WzMv9+qqfkDzPmuQdAOELqgbNNScUHYMl1mRU
sw/aCMWNA2dPo1ktPoEXIK8wWDi8xobAcUWAxiG/
-----END CERTIFICATE-----
Generated at Wed Mar 27 20:56:58 2024 by rpki-client on console-ams.rpki-client.org