Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/33362e35302e3235332e302f32342d3234203d3e20313338383239.roa
File:                     33362e35302e3235332e302f32342d3234203d3e20313338383239.roa (raw, json)
Hash identifier:          8AUr4mOVJqGBjwK1rn+UvsQ+pWx3xgyqIsLbsdWst9A=
Subject key identifier:   1A:D1:29:66:EB:03:53:DB:BF:88:51:34:E3:7F:1F:28:D1:51:C3:14
Certificate issuer:       /CN=37A94886A0E275DC8F922930328C955CC4307FF1
Certificate serial:       175AC3488A0DD3C40CC1C5B7FAD1D534324E06D7
Authority key identifier: 37:A9:48:86:A0:E2:75:DC:8F:92:29:30:32:8C:95:5C:C4:30:7F:F1
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/37A94886A0E275DC8F922930328C955CC4307FF1.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/33362e35302e3235332e302f32342d3234203d3e20313338383239.roa
Signing time:             Sun 31 Mar 2024 04:47:45 +0000
ROA not before:           Sun 31 Mar 2024 04:42:45 +0000
ROA not after:            Sun 30 Mar 2025 04:47:45 +0000
asID:                     138829
IP address blocks:        36.50.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/37A94886A0E275DC8F922930328C955CC4307FF1.crl
                          rsync://repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/37A94886A0E275DC8F922930328C955CC4307FF1.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/37A94886A0E275DC8F922930328C955CC4307FF1.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 10:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:5a:c3:48:8a:0d:d3:c4:0c:c1:c5:b7:fa:d1:d5:34:32:4e:06:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37A94886A0E275DC8F922930328C955CC4307FF1
        Validity
            Not Before: Mar 31 04:42:45 2024 GMT
            Not After : Mar 30 04:47:45 2025 GMT
        Subject: CN=1AD12966EB0353DBBF885134E37F1F28D151C314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:01:3c:a7:3d:f0:4c:15:8e:61:e2:b5:17:8e:
                    8b:c8:74:27:d0:86:2e:10:56:1d:a7:f7:c4:eb:31:
                    6b:29:21:6c:58:d5:40:49:eb:d6:e1:6c:c0:68:b2:
                    da:65:a1:ff:e9:ec:e9:f3:cb:30:26:ea:8f:8c:0a:
                    1a:55:63:30:df:18:75:ad:b3:ff:b1:77:06:fd:b6:
                    ec:ed:61:8c:5e:87:d7:18:60:53:69:19:5c:03:f7:
                    b3:c8:01:b4:16:e6:44:bd:6a:16:1d:10:5e:cb:60:
                    43:32:b0:da:24:57:d8:7b:28:a0:a5:dc:76:e1:14:
                    8f:83:06:2e:6a:69:e5:f5:df:b2:23:b5:43:aa:d6:
                    37:39:14:bf:ef:a5:8e:d5:9d:03:5d:ef:e7:1c:11:
                    e3:7b:f0:08:40:83:48:d0:9f:ab:b7:c6:bb:7c:1f:
                    84:49:e5:22:98:49:cc:89:2d:dd:3a:32:e9:f3:4d:
                    28:47:5f:24:3c:25:70:b6:0b:5d:77:81:c7:eb:62:
                    6e:22:27:b8:48:f9:83:aa:60:15:96:18:05:c1:a9:
                    e4:02:ce:13:ec:a5:57:e9:7a:6f:8b:b5:58:16:f7:
                    ac:41:84:e4:03:1b:80:12:33:fd:28:0d:b2:11:27:
                    7e:c4:1a:44:2c:d9:5c:50:02:8f:ae:ff:9d:38:df:
                    64:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D1:29:66:EB:03:53:DB:BF:88:51:34:E3:7F:1F:28:D1:51:C3:14
            X509v3 Authority Key Identifier:
                keyid:37:A9:48:86:A0:E2:75:DC:8F:92:29:30:32:8C:95:5C:C4:30:7F:F1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/37A94886A0E275DC8F922930328C955CC4307FF1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/37A94886A0E275DC8F922930328C955CC4307FF1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/00a6feaa-6b4f-47cf-9e3c-00aeac67a32a/1/33362e35302e3235332e302f32342d3234203d3e20313338383239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:b7:fc:fd:9f:b7:41:be:e4:ed:f4:34:6e:ed:d0:fc:dc:58:
         51:f0:ad:45:12:2a:2f:f5:a8:03:fd:b8:e1:4b:33:e3:89:19:
         13:4d:d6:94:df:4a:e9:67:0c:c3:5e:7e:11:dc:65:ba:12:59:
         31:a0:fc:f5:76:0a:b8:e8:7b:17:59:cf:bf:b2:11:57:8a:5a:
         bf:a6:bf:61:0c:44:1c:41:a5:b5:44:f0:8a:bd:52:ab:8c:10:
         03:54:fc:5b:a8:bc:19:97:55:f8:de:f5:aa:44:5c:02:bd:72:
         9c:0f:81:c8:39:a9:2d:62:c3:cb:84:be:b5:ca:5d:e2:7e:33:
         dd:3d:25:ea:54:de:a1:24:1a:85:b7:d5:0d:85:d6:3e:15:15:
         bb:f6:06:de:ca:8e:20:a8:8e:39:f2:21:29:1b:38:e3:1b:37:
         8f:8d:50:4f:76:e4:c2:ba:2b:08:e0:76:57:42:2c:3c:cf:7d:
         5a:46:83:ae:3c:d4:29:17:71:7f:5d:d3:52:13:14:93:28:53:
         57:7b:51:97:56:7d:a8:83:80:7f:cc:d5:b1:eb:67:2d:43:fe:
         25:75:b0:64:36:03:9c:dd:05:3d:57:77:76:ca:13:72:c9:59:
         7a:18:21:e3:4e:77:24:91:24:93:31:15:c6:ba:e3:eb:64:85:
         1b:5e:f7:ac
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUF1rDSIoN08QMwcW3+tHVNDJOBtcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzdBOTQ4ODZBMEUyNzVEQzhGOTIyOTMwMzI4Qzk1NUND
NDMwN0ZGMTAeFw0yNDAzMzEwNDQyNDVaFw0yNTAzMzAwNDQ3NDVaMDMxMTAvBgNV
BAMTKDFBRDEyOTY2RUIwMzUzREJCRjg4NTEzNEUzN0YxRjI4RDE1MUMzMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEATynPfBMFY5h4rUXjovIdCfQ
hi4QVh2n98TrMWspIWxY1UBJ69bhbMBostplof/p7OnzyzAm6o+MChpVYzDfGHWt
s/+xdwb9tuztYYxeh9cYYFNpGVwD97PIAbQW5kS9ahYdEF7LYEMysNokV9h7KKCl
3HbhFI+DBi5qaeX137IjtUOq1jc5FL/vpY7VnQNd7+ccEeN78AhAg0jQn6u3xrt8
H4RJ5SKYScyJLd06MunzTShHXyQ8JXC2C113gcfrYm4iJ7hI+YOqYBWWGAXBqeQC
zhPspVfpem+LtVgW96xBhOQDG4ASM/0oDbIRJ37EGkQs2VxQAo+u/50432QTAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUGtEpZusDU9u/iFE0438fKNFRwxQwHwYDVR0j
BBgwFoAUN6lIhqDiddyPkikwMoyVXMQwf/EwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
MGE2ZmVhYS02YjRmLTQ3Y2YtOWUzYy0wMGFlYWM2N2EzMmEvMS8zN0E5NDg4NkEw
RTI3NURDOEY5MjI5MzAzMjhDOTU1Q0M0MzA3RkYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzdBOTQ4ODZBMEUyNzVEQzhGOTIyOTMwMzI4Qzk1NUNDNDMw
N0ZGMS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzAwYTZmZWFhLTZiNGYtNDdjZi05
ZTNjLTAwYWVhYzY3YTMyYS8xLzMzMzYyZTM1MzAyZTMyMzUzMzJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzODM4MzIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACQy/TANBgkqhkiG
9w0BAQsFAAOCAQEAMLf8/Z+3Qb7k7fQ0bu3Q/NxYUfCtRRIqL/WoA/244Usz44kZ
E03WlN9K6WcMw15+EdxluhJZMaD89XYKuOh7F1nPv7IRV4pav6a/YQxEHEGltUTw
ir1Sq4wQA1T8W6i8GZdV+N71qkRcAr1ynA+ByDmpLWLDy4S+tcpd4n4z3T0l6lTe
oSQahbfVDYXWPhUVu/YG3sqOIKiOOfIhKRs44xs3j41QT3bkwrorCOB2V0IsPM99
WkaDrjzUKRdxf13TUhMUkyhTV3tRl1Z9qIOAf8zVsetnLUP+JXWwZDYDnN0FPVd3
dsoTcslZehgh4053JJEkkzEVxrrj62SFG173rA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 03:50:40 2024 by rpki-client on console-fra.rpki-client.org