Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137332e302f32342d3234203d3e203633383539.roa
File:                     3135382e3134302e3137332e302f32342d3234203d3e203633383539.roa (raw, json)
Hash identifier:          ETICm5KmAngm0lkubBheZM1zxm2uSl0eev5hX90keNk=
Subject key identifier:   99:14:A1:89:C1:19:7F:9C:AA:C8:12:E4:1F:CB:14:38:FE:27:C0:2E
Certificate issuer:       /CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
Certificate serial:       71607D151D54D241D7E0B55A9FB408F6F7F46F45
Authority key identifier: 7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137332e302f32342d3234203d3e203633383539.roa
Signing time:             Sun 10 Sep 2023 10:00:06 +0000
ROA not before:           Sun 10 Sep 2023 09:55:06 +0000
ROA not after:            Sun 08 Sep 2024 10:00:06 +0000
asID:                     63859
IP address blocks:        158.140.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 15:39:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:60:7d:15:1d:54:d2:41:d7:e0:b5:5a:9f:b4:08:f6:f7:f4:6f:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
        Validity
            Not Before: Sep 10 09:55:06 2023 GMT
            Not After : Sep  8 10:00:06 2024 GMT
        Subject: CN=9914A189C1197F9CAAC812E41FCB1438FE27C02E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:51:51:8b:5b:c8:4b:e4:a4:ab:cc:e4:33:cf:
                    b6:c6:7b:b0:e5:8a:c8:ef:8d:39:32:ba:63:39:6a:
                    78:3c:c6:18:ae:8f:4e:89:20:10:16:e4:37:70:21:
                    5b:7c:b6:90:2c:f2:1b:5c:a0:b8:2a:8c:a6:32:7d:
                    1d:68:61:86:f1:5b:ca:80:11:aa:cc:6a:a3:dd:55:
                    bb:4f:0d:97:8a:ff:d3:b1:5e:ba:20:42:8c:f9:2d:
                    47:7f:f5:b4:90:21:07:7a:d0:1f:18:67:af:29:c2:
                    c8:52:74:2b:b0:d0:2d:f5:f4:08:c8:82:2b:37:2f:
                    10:9c:2f:d0:2a:cd:4b:12:d0:f4:86:f4:e3:a2:08:
                    ef:2a:42:eb:2c:12:72:3f:88:0d:c2:d5:ac:e3:a4:
                    71:eb:4b:50:1a:9c:e4:47:7f:af:6c:e4:9b:63:d4:
                    4a:c5:01:8c:56:14:8b:07:ab:02:87:23:40:94:8c:
                    ce:df:df:5d:f4:f9:fe:19:1e:81:35:52:34:12:90:
                    36:08:63:a9:46:f6:1a:b7:32:73:5b:67:6e:74:39:
                    8e:23:e5:79:f3:d6:55:83:85:54:5a:ce:40:c6:4a:
                    59:ce:7a:21:5f:22:3b:8c:f6:83:55:02:db:c9:a3:
                    4c:4c:ac:75:4c:14:6e:d3:68:f7:bf:bb:fd:95:a1:
                    a6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:14:A1:89:C1:19:7F:9C:AA:C8:12:E4:1F:CB:14:38:FE:27:C0:2E
            X509v3 Authority Key Identifier:
                keyid:7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137332e302f32342d3234203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:6b:07:42:00:1e:54:e8:20:18:0f:ad:83:7c:7d:06:7f:59:
         ea:e6:7a:07:6d:79:a8:a3:16:e1:99:41:36:f6:6a:94:c3:f8:
         ae:13:15:aa:83:3c:88:cb:a9:c1:c9:f9:15:e1:b9:bc:be:a3:
         c6:da:6a:ad:71:4c:8f:21:16:b4:7a:9d:69:bf:2f:80:41:6a:
         2f:d7:95:50:26:23:e4:32:6b:04:64:e2:e1:82:a3:0e:a2:22:
         b9:b0:fe:72:65:4b:c7:a8:a4:35:93:6c:03:3f:d6:18:d3:b4:
         d5:45:d4:01:f8:5f:0f:43:01:b0:99:cd:9c:be:80:35:10:29:
         94:ea:a3:1b:c0:12:32:89:a2:a9:d8:74:23:cd:05:03:32:07:
         85:97:02:1d:9d:cd:41:3c:17:b2:48:53:ae:56:2e:1d:6a:3a:
         20:ca:bd:a4:33:f4:af:41:83:bd:4e:17:1c:c1:ea:c2:cf:8d:
         c9:4a:43:43:2a:d8:7d:95:4c:c6:69:fa:83:8a:94:31:ef:5d:
         c6:00:80:5d:55:50:2a:d8:2d:60:b8:19:a0:29:5c:8d:b3:ab:
         1c:04:e5:8e:a8:28:70:ac:d1:cf:a9:e9:36:9d:6f:8b:ad:7b:
         62:a1:a6:55:55:22:76:bb:20:d5:31:0a:bc:52:69:e4:68:fa:
         bd:d4:0c:56
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUcWB9FR1U0kHX4LVan7QI9vf0b0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0
NzBFOEZDRjAeFw0yMzA5MTAwOTU1MDZaFw0yNDA5MDgxMDAwMDZaMDMxMTAvBgNV
BAMTKDk5MTRBMTg5QzExOTdGOUNBQUM4MTJFNDFGQ0IxNDM4RkUyN0MwMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZUVGLW8hL5KSrzOQzz7bGe7Dl
isjvjTkyumM5ang8xhiuj06JIBAW5DdwIVt8tpAs8htcoLgqjKYyfR1oYYbxW8qA
EarMaqPdVbtPDZeK/9OxXrogQoz5LUd/9bSQIQd60B8YZ68pwshSdCuw0C319AjI
gis3LxCcL9AqzUsS0PSG9OOiCO8qQussEnI/iA3C1azjpHHrS1AanORHf69s5Jtj
1ErFAYxWFIsHqwKHI0CUjM7f3130+f4ZHoE1UjQSkDYIY6lG9hq3MnNbZ250OY4j
5Xnz1lWDhVRazkDGSlnOeiFfIjuM9oNVAtvJo0xMrHVMFG7TaPe/u/2VoabnAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUmRShicEZf5yqyBLkH8sUOP4nwC4wHwYDVR0j
BBgwFoAUfQyIbPuvBiQCnMrleCTDz0cOj88wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMS83RDBDODg2Q0ZC
QUYwNjI0MDI5Q0NBRTU3ODI0QzNDRjQ3MEU4RkNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0NzBF
OEZDRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8xLzMxMzUzODJlMzEzNDMwMmUzMTM3MzMyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzNjMzMzgzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnoytMA0GCSqG
SIb3DQEBCwUAA4IBAQCtawdCAB5U6CAYD62DfH0Gf1nq5noHbXmooxbhmUE29mqU
w/iuExWqgzyIy6nByfkV4bm8vqPG2mqtcUyPIRa0ep1pvy+AQWov15VQJiPkMmsE
ZOLhgqMOoiK5sP5yZUvHqKQ1k2wDP9YY07TVRdQB+F8PQwGwmc2cvoA1ECmU6qMb
wBIyiaKp2HQjzQUDMgeFlwIdnc1BPBeySFOuVi4dajogyr2kM/SvQYO9ThccwerC
z43JSkNDKth9lUzGafqDipQx713GAIBdVVAq2C1guBmgKVyNs6scBOWOqChwrNHP
qek2nW+LrXtioaZVVSJ2uyDVMQq8UmnkaPq91AxW
-----END CERTIFICATE-----
Generated at Wed Mar 27 18:48:29 2024 by rpki-client on console-fra.rpki-client.org