Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/3133372e35392e3132342e302f32322d3234203d3e20313333383030.roa
File:                     3133372e35392e3132342e302f32322d3234203d3e20313333383030.roa (raw, json)
Hash identifier:          cdOVl8puvPfZyNPK99F34j3qm11NnvvIqiUH2UropLI=
Subject key identifier:   8D:85:76:94:69:DA:5B:F7:FC:B4:1A:95:4A:BB:38:FB:E5:0F:8A:AC
Certificate issuer:       /CN=ACCECE368F04142505940FF29F4DD361EEF4DFBA
Certificate serial:       21897AA7E292EE62E1E8B0622CE775989E95BB70
Authority key identifier: AC:CE:CE:36:8F:04:14:25:05:94:0F:F2:9F:4D:D3:61:EE:F4:DF:BA
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ACCECE368F04142505940FF29F4DD361EEF4DFBA.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/3133372e35392e3132342e302f32322d3234203d3e20313333383030.roa
Signing time:             Thu 10 Aug 2023 09:00:01 +0000
ROA not before:           Thu 10 Aug 2023 08:55:01 +0000
ROA not after:            Thu 08 Aug 2024 09:00:01 +0000
asID:                     133800
IP address blocks:        137.59.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/ACCECE368F04142505940FF29F4DD361EEF4DFBA.crl
                          rsync://repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/ACCECE368F04142505940FF29F4DD361EEF4DFBA.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ACCECE368F04142505940FF29F4DD361EEF4DFBA.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 13:36:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:89:7a:a7:e2:92:ee:62:e1:e8:b0:62:2c:e7:75:98:9e:95:bb:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ACCECE368F04142505940FF29F4DD361EEF4DFBA
        Validity
            Not Before: Aug 10 08:55:01 2023 GMT
            Not After : Aug  8 09:00:01 2024 GMT
        Subject: CN=8D85769469DA5BF7FCB41A954ABB38FBE50F8AAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d6:43:4e:a2:de:ec:f9:fa:f3:87:3d:be:f7:
                    27:6f:46:77:52:19:95:83:62:35:2f:a7:35:f6:e3:
                    99:ef:44:4d:cd:ed:81:4f:87:e8:1a:96:e3:0f:cb:
                    6e:63:2a:96:c8:42:23:84:13:2a:ba:d8:b9:a9:c1:
                    1f:57:83:cc:1a:7a:bd:a2:a3:62:c3:d3:7f:58:cb:
                    8c:96:9e:58:d5:3f:99:32:d0:03:83:30:02:67:fb:
                    d6:3c:ff:7e:45:6b:d5:4b:b1:2a:ff:64:11:d1:10:
                    25:ee:dd:ff:0c:ab:cb:e1:48:8a:39:17:8a:38:be:
                    8c:57:ee:f7:2a:ae:6d:ac:94:6f:27:da:49:12:c3:
                    3f:65:8b:45:3c:ab:f3:61:75:9d:b2:f4:c8:62:77:
                    f2:86:b4:ab:3b:02:c8:a9:c6:0c:2a:a0:a8:8e:37:
                    ab:89:0e:2d:c2:0a:94:59:14:9c:fd:a5:a2:25:28:
                    36:f0:e6:9d:25:b0:93:14:34:2c:08:76:8f:8d:0a:
                    82:3d:0d:64:36:b0:22:81:39:d1:dd:aa:0f:ae:68:
                    c2:bd:50:e8:2e:d3:25:02:e8:77:ab:04:42:ff:92:
                    ee:ed:5d:c3:78:7b:60:50:8d:f6:24:26:49:a9:40:
                    a3:1e:d5:22:03:f4:b1:0f:96:77:aa:8b:40:41:76:
                    87:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:85:76:94:69:DA:5B:F7:FC:B4:1A:95:4A:BB:38:FB:E5:0F:8A:AC
            X509v3 Authority Key Identifier:
                keyid:AC:CE:CE:36:8F:04:14:25:05:94:0F:F2:9F:4D:D3:61:EE:F4:DF:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/ACCECE368F04142505940FF29F4DD361EEF4DFBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ACCECE368F04142505940FF29F4DD361EEF4DFBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/544cb8d8-1505-4682-9ddb-fcd86200b966/0/3133372e35392e3132342e302f32322d3234203d3e20313333383030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.59.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:95:6e:a5:2f:10:9f:ec:b9:fb:ac:01:c5:28:d7:fd:a7:71:
         ca:e8:47:07:bd:16:9b:f8:43:77:d9:2f:06:0e:25:91:2e:8a:
         65:75:02:24:23:99:12:90:71:92:67:86:49:22:fa:11:a0:e5:
         93:73:a9:b6:0f:22:d3:bf:94:c9:fc:d5:89:4c:21:f1:28:2f:
         5a:be:49:7c:1a:cd:d8:fa:aa:d6:16:78:67:05:25:ef:d7:41:
         5f:71:82:97:22:52:5e:08:68:e7:22:3a:a4:45:45:0b:11:fe:
         0e:0f:bf:23:64:8e:b3:99:8f:df:8d:9a:f2:62:7b:a4:e1:03:
         d6:ae:24:34:ac:8f:9d:85:bc:67:62:ef:3a:95:8c:03:62:38:
         ec:7d:fa:54:ea:5c:c2:01:72:b3:50:44:3e:7a:bd:59:40:f6:
         4e:77:a6:67:91:75:15:47:11:83:69:8f:ae:72:e9:74:a9:f7:
         9f:23:00:f4:0c:86:c2:01:b8:fa:d8:b8:e3:b2:cf:55:d4:7b:
         67:de:38:cd:c5:05:c6:2e:25:2f:a1:b1:c6:81:2d:dc:73:96:
         dd:28:76:30:ff:0d:06:fb:a3:e8:4f:0c:0a:2f:76:94:0f:e7:
         cc:47:2a:99:ff:65:06:95:43:4a:48:7f:48:e3:25:9d:8d:52:
         9a:cb:ae:04
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUIYl6p+KS7mLh6LBiLOd1mJ6Vu3AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUNDRUNFMzY4RjA0MTQyNTA1OTQwRkYyOUY0REQzNjFF
RUY0REZCQTAeFw0yMzA4MTAwODU1MDFaFw0yNDA4MDgwOTAwMDFaMDMxMTAvBgNV
BAMTKDhEODU3Njk0NjlEQTVCRjdGQ0I0MUE5NTRBQkIzOEZCRTUwRjhBQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv1kNOot7s+frzhz2+9ydvRndS
GZWDYjUvpzX245nvRE3N7YFPh+galuMPy25jKpbIQiOEEyq62LmpwR9Xg8waer2i
o2LD039Yy4yWnljVP5ky0AODMAJn+9Y8/35Fa9VLsSr/ZBHRECXu3f8Mq8vhSIo5
F4o4voxX7vcqrm2slG8n2kkSwz9li0U8q/NhdZ2y9Mhid/KGtKs7AsipxgwqoKiO
N6uJDi3CCpRZFJz9paIlKDbw5p0lsJMUNCwIdo+NCoI9DWQ2sCKBOdHdqg+uaMK9
UOgu0yUC6HerBEL/ku7tXcN4e2BQjfYkJkmpQKMe1SID9LEPlneqi0BBdoeNAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUjYV2lGnaW/f8tBqVSrs4++UPiqwwHwYDVR0j
BBgwFoAUrM7ONo8EFCUFlA/yn03TYe7037owDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
NDRjYjhkOC0xNTA1LTQ2ODItOWRkYi1mY2Q4NjIwMGI5NjYvMC9BQ0NFQ0UzNjhG
MDQxNDI1MDU5NDBGRjI5RjRERDM2MUVFRjRERkJBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQUNDRUNFMzY4RjA0MTQyNTA1OTQwRkYyOUY0REQzNjFFRUY0
REZCQS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzU0NGNiOGQ4LTE1MDUtNDY4Mi05
ZGRiLWZjZDg2MjAwYjk2Ni8wLzMxMzMzNzJlMzUzOTJlMzEzMjM0MmUzMDJmMzIz
MjJkMzIzNDIwM2QzZTIwMzEzMzMzMzgzMDMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCiTt8MA0GCSqG
SIb3DQEBCwUAA4IBAQCFlW6lLxCf7Ln7rAHFKNf9p3HK6EcHvRab+EN32S8GDiWR
LopldQIkI5kSkHGSZ4ZJIvoRoOWTc6m2DyLTv5TJ/NWJTCHxKC9avkl8Gs3Y+qrW
FnhnBSXv10FfcYKXIlJeCGjnIjqkRUULEf4OD78jZI6zmY/fjZryYnuk4QPWriQ0
rI+dhbxnYu86lYwDYjjsffpU6lzCAXKzUEQ+er1ZQPZOd6ZnkXUVRxGDaY+ucul0
qfefIwD0DIbCAbj62Ljjss9V1Htn3jjNxQXGLiUvobHGgS3cc5bdKHYw/w0G+6Po
TwwKL3aUD+fMRyqZ/2UGlUNKSH9I4yWdjVKay64E
-----END CERTIFICATE-----
Generated at Wed Mar 27 07:57:35 2024 by rpki-client on console-ams.rpki-client.org