Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137372e302f32342d3234203d3e203633383539.roa
File:                     3135382e3134302e3137372e302f32342d3234203d3e203633383539.roa (raw, json)
Hash identifier:          IZCpIK8qZn/sd2wCyPaanMg8KXQ9JqRo9saYUdP/gxE=
Subject key identifier:   8C:57:ED:95:93:36:07:EF:9C:89:6E:F8:C9:37:52:72:79:9A:D6:77
Certificate issuer:       /CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
Certificate serial:       10B50C5C4E63267DD13E09EE7311E2B9C0098C89
Authority key identifier: 7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137372e302f32342d3234203d3e203633383539.roa
Signing time:             Sun 10 Sep 2023 10:00:07 +0000
ROA not before:           Sun 10 Sep 2023 09:55:07 +0000
ROA not after:            Sun 08 Sep 2024 10:00:07 +0000
asID:                     63859
IP address blocks:        158.140.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 15:39:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b5:0c:5c:4e:63:26:7d:d1:3e:09:ee:73:11:e2:b9:c0:09:8c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
        Validity
            Not Before: Sep 10 09:55:07 2023 GMT
            Not After : Sep  8 10:00:07 2024 GMT
        Subject: CN=8C57ED95933607EF9C896EF8C9375272799AD677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0f:83:24:dd:13:3f:2f:b1:5c:0e:12:56:bc:
                    bc:44:fc:b6:01:05:29:41:fb:3f:32:e7:d0:63:d7:
                    6b:1c:57:1d:6d:34:ab:4a:6f:4f:d7:a5:d5:f2:d1:
                    44:fc:db:34:c6:b6:8d:9e:d2:9c:31:5d:bc:a8:0f:
                    9e:68:1f:b7:4c:04:ed:3e:92:75:06:c9:d7:33:9a:
                    5d:fe:e9:9f:a0:84:3d:21:a7:e9:b1:8f:12:b9:d5:
                    24:69:ef:dc:44:bd:59:74:2d:4e:75:ab:70:db:35:
                    45:42:e1:df:c8:b3:cc:72:3d:81:25:33:6c:a3:1f:
                    e7:27:c8:f4:95:70:c7:63:db:c2:77:2d:1f:bd:0f:
                    d0:fc:55:a1:f6:83:0d:9c:5c:ce:0f:02:ca:6e:54:
                    ee:2a:41:4e:77:ba:51:5f:34:2f:72:eb:07:c2:f8:
                    d1:8e:25:d9:e3:62:13:54:f6:40:38:eb:3c:b1:8a:
                    5f:8a:c4:4a:56:19:cc:24:ae:28:37:7d:c8:6b:56:
                    09:28:0f:bc:10:7d:d2:e8:22:c8:a9:d7:b4:f7:b2:
                    c9:6b:eb:b2:2b:99:2b:fc:08:c4:d6:9c:0d:22:5e:
                    06:c5:16:1f:6a:77:72:99:4d:ce:8f:c9:e5:2b:2f:
                    d7:d1:19:1d:d6:05:34:b6:aa:61:73:e2:97:29:e4:
                    a0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:57:ED:95:93:36:07:EF:9C:89:6E:F8:C9:37:52:72:79:9A:D6:77
            X509v3 Authority Key Identifier:
                keyid:7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137372e302f32342d3234203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2d:06:b0:56:8d:98:c8:d6:88:30:13:10:b7:31:ab:fa:9f:
         17:a5:03:d3:22:d4:f5:59:e3:09:f5:b1:b4:e5:80:09:5d:d7:
         6b:f9:1a:cb:43:f3:6c:19:30:93:37:bc:e9:6d:9b:f7:b3:a7:
         f0:f2:e0:cd:e4:2c:a5:ba:cf:2b:03:1e:52:80:63:7b:c1:d2:
         d0:0a:55:59:fe:79:31:f7:21:cd:4f:9c:01:61:b5:dc:61:22:
         a7:ca:64:e7:34:6e:e5:71:44:ef:c3:4a:cc:91:11:ad:fc:0c:
         bd:c9:47:bc:4f:4f:c0:cf:1b:93:82:32:38:bf:8c:71:4d:6f:
         f0:a2:22:1c:d0:27:dd:dc:47:8a:99:94:39:5b:45:00:33:54:
         27:16:33:a6:88:03:d7:2e:fe:ce:8a:75:36:cd:1b:2b:81:16:
         f4:ca:d4:9a:3a:2b:99:ca:fe:f1:10:59:26:89:68:9c:33:90:
         b9:a1:bd:ef:50:ff:d2:07:e6:61:00:26:79:51:f5:91:9d:ba:
         a7:f6:91:38:ab:6a:e3:df:54:9f:6c:62:c1:d9:e3:8c:49:f4:
         bc:b5:e9:02:03:87:74:a1:b8:74:2f:a4:0b:ed:43:72:a5:d6:
         52:48:21:84:94:ed:fa:e3:fc:b7:9d:17:14:29:6f:23:d4:1e:
         00:4d:97:9d
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUELUMXE5jJn3RPgnucxHiucAJjIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0
NzBFOEZDRjAeFw0yMzA5MTAwOTU1MDdaFw0yNDA5MDgxMDAwMDdaMDMxMTAvBgNV
BAMTKDhDNTdFRDk1OTMzNjA3RUY5Qzg5NkVGOEM5Mzc1MjcyNzk5QUQ2NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuD4Mk3RM/L7FcDhJWvLxE/LYB
BSlB+z8y59Bj12scVx1tNKtKb0/XpdXy0UT82zTGto2e0pwxXbyoD55oH7dMBO0+
knUGydczml3+6Z+ghD0hp+mxjxK51SRp79xEvVl0LU51q3DbNUVC4d/Is8xyPYEl
M2yjH+cnyPSVcMdj28J3LR+9D9D8VaH2gw2cXM4PAspuVO4qQU53ulFfNC9y6wfC
+NGOJdnjYhNU9kA46zyxil+KxEpWGcwkrig3fchrVgkoD7wQfdLoIsip17T3sslr
67IrmSv8CMTWnA0iXgbFFh9qd3KZTc6PyeUrL9fRGR3WBTS2qmFz4pcp5KCnAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUjFftlZM2B++ciW74yTdScnma1ncwHwYDVR0j
BBgwFoAUfQyIbPuvBiQCnMrleCTDz0cOj88wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMS83RDBDODg2Q0ZC
QUYwNjI0MDI5Q0NBRTU3ODI0QzNDRjQ3MEU4RkNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0NzBF
OEZDRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8xLzMxMzUzODJlMzEzNDMwMmUzMTM3MzcyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzNjMzMzgzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnoyxMA0GCSqG
SIb3DQEBCwUAA4IBAQAwLQawVo2YyNaIMBMQtzGr+p8XpQPTItT1WeMJ9bG05YAJ
Xddr+RrLQ/NsGTCTN7zpbZv3s6fw8uDN5Cylus8rAx5SgGN7wdLQClVZ/nkx9yHN
T5wBYbXcYSKnymTnNG7lcUTvw0rMkRGt/Ay9yUe8T0/AzxuTgjI4v4xxTW/woiIc
0Cfd3EeKmZQ5W0UAM1QnFjOmiAPXLv7OinU2zRsrgRb0ytSaOiuZyv7xEFkmiWic
M5C5ob3vUP/SB+ZhACZ5UfWRnbqn9pE4q2rj31SfbGLB2eOMSfS8tekCA4d0obh0
L6QL7UNypdZSSCGElO364/y3nRcUKW8j1B4ATZed
-----END CERTIFICATE-----
Generated at Wed Mar 27 20:56:58 2024 by rpki-client on console-ams.rpki-client.org