Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/3135372e32302e3232312e302f32342d3234203d3e20313532343236.roa
File:                     3135372e32302e3232312e302f32342d3234203d3e20313532343236.roa (raw, json)
Hash identifier:          WKbSsEFKUM6urV5y7RsRiFoe4FzUWljoOdLzRJqzQNM=
Subject key identifier:   8B:CF:0D:1D:06:58:18:2D:EF:F7:5A:12:47:B5:EB:16:6A:34:7D:3D
Certificate issuer:       /CN=41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4
Certificate serial:       09690983BF5D2EA6EA7BD981DCECE9EC3C755C02
Authority key identifier: 41:A4:79:AD:6B:97:4B:50:B9:9A:0D:FC:BE:24:FF:8A:AC:44:18:D4
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/3135372e32302e3232312e302f32342d3234203d3e20313532343236.roa
Signing time:             Thu 21 Mar 2024 13:48:46 +0000
ROA not before:           Thu 21 Mar 2024 13:43:46 +0000
ROA not after:            Thu 20 Mar 2025 13:48:46 +0000
asID:                     152426
IP address blocks:        157.20.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.crl
                          rsync://repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 18:41:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:69:09:83:bf:5d:2e:a6:ea:7b:d9:81:dc:ec:e9:ec:3c:75:5c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4
        Validity
            Not Before: Mar 21 13:43:46 2024 GMT
            Not After : Mar 20 13:48:46 2025 GMT
        Subject: CN=8BCF0D1D0658182DEFF75A1247B5EB166A347D3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:08:0e:df:bf:15:bd:1c:d0:86:bd:f8:6f:
                    03:6d:b1:b0:8e:1f:2c:19:4f:b3:49:b1:f2:6f:e0:
                    64:aa:5e:37:83:16:f8:1c:ff:11:3d:78:d0:7d:71:
                    fe:b9:8e:b0:c5:17:82:d6:3a:a8:0d:f7:1a:68:80:
                    c8:df:77:da:12:3d:1b:c3:0f:4a:23:9c:d4:f8:27:
                    b9:c4:3a:22:ef:23:22:8c:89:44:f6:67:8b:ed:4c:
                    77:a7:2f:2c:34:4a:36:e5:18:ca:99:25:1c:24:c5:
                    0d:e4:da:0a:ce:af:1e:1d:db:cd:e4:63:38:6f:3c:
                    5f:18:79:58:be:3e:e5:47:39:a2:9b:fa:cf:31:e5:
                    f7:2e:2c:3d:14:eb:3c:bb:93:3e:77:db:50:70:b8:
                    aa:cf:9c:f8:f1:4e:08:36:4e:cc:0c:1e:e2:5e:77:
                    5a:a1:68:a2:27:d5:ea:b9:34:f8:29:3c:1d:7d:5a:
                    64:2c:c4:86:e7:98:9b:7a:10:7a:ef:00:64:74:14:
                    8b:52:cc:72:64:36:0d:b2:7f:48:18:d9:40:86:27:
                    9a:82:d8:b3:1b:ad:39:6e:af:30:89:04:b1:0e:39:
                    7d:0d:40:2b:a6:86:7c:e0:25:66:30:21:7a:e1:17:
                    71:e3:3d:6d:e4:ba:07:80:e8:74:24:f5:6b:76:f1:
                    34:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CF:0D:1D:06:58:18:2D:EF:F7:5A:12:47:B5:EB:16:6A:34:7D:3D
            X509v3 Authority Key Identifier:
                keyid:41:A4:79:AD:6B:97:4B:50:B9:9A:0D:FC:BE:24:FF:8A:AC:44:18:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/41A479AD6B974B50B99A0DFCBE24FF8AAC4418D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/0edd4ccb-42e3-4b72-9193-e918e7b3067d/0/3135372e32302e3232312e302f32342d3234203d3e20313532343236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ee:a9:61:1d:15:16:7f:06:e3:1d:f3:db:4a:73:3b:79:07:
         da:1b:ed:36:bf:1e:60:bc:1f:1a:45:0c:3e:c2:62:f7:58:7e:
         45:99:21:f1:a0:a8:a1:11:8b:df:4a:4b:e7:f4:28:19:39:f3:
         47:64:4d:ee:c0:ca:0e:23:0d:14:5d:92:d5:17:ce:cb:f2:4f:
         d3:4e:8a:f9:2c:d9:93:01:56:a6:e2:d4:ff:76:49:4d:9a:8e:
         bf:8c:4c:12:2b:5b:af:9f:62:02:b2:78:94:a3:46:f4:24:02:
         d3:69:c7:4d:38:56:12:82:a0:c5:6f:7b:08:12:42:4c:ed:eb:
         92:1f:ba:d2:f6:14:70:f3:4a:ef:09:f2:c0:93:61:b4:24:b8:
         ca:1b:dd:dd:46:17:c0:1c:6f:4f:18:2a:d2:1c:18:26:53:2f:
         5b:f5:69:87:af:fc:2e:0b:0f:81:63:c6:12:cf:61:0b:c9:70:
         31:0e:f6:dd:3d:a5:cb:04:46:d7:0d:8b:8d:2a:4e:e2:6b:72:
         d0:b4:b8:4c:8b:8a:9d:26:dc:05:23:a7:31:da:4f:7d:59:cf:
         00:d6:43:42:63:0e:45:67:63:59:aa:0f:2e:23:49:53:99:17:
         78:a7:26:20:47:3f:a4:8e:a5:c3:ae:ca:2b:8f:88:f4:c7:74:
         96:b3:24:58
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUCWkJg79dLqbqe9mB3Ozp7Dx1XAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFBNDc5QUQ2Qjk3NEI1MEI5OUEwREZDQkUyNEZGOEFB
QzQ0MThENDAeFw0yNDAzMjExMzQzNDZaFw0yNTAzMjAxMzQ4NDZaMDMxMTAvBgNV
BAMTKDhCQ0YwRDFEMDY1ODE4MkRFRkY3NUExMjQ3QjVFQjE2NkEzNDdEM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCggO378VvRzQhr34bwNtsbCO
HywZT7NJsfJv4GSqXjeDFvgc/xE9eNB9cf65jrDFF4LWOqgN9xpogMjfd9oSPRvD
D0ojnNT4J7nEOiLvIyKMiUT2Z4vtTHenLyw0SjblGMqZJRwkxQ3k2grOrx4d283k
YzhvPF8YeVi+PuVHOaKb+s8x5fcuLD0U6zy7kz5321BwuKrPnPjxTgg2TswMHuJe
d1qhaKIn1eq5NPgpPB19WmQsxIbnmJt6EHrvAGR0FItSzHJkNg2yf0gY2UCGJ5qC
2LMbrTlurzCJBLEOOX0NQCumhnzgJWYwIXrhF3HjPW3kugeA6HQk9Wt28TRPAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUi88NHQZYGC3v91oSR7XrFmo0fT0wHwYDVR0j
BBgwFoAUQaR5rWuXS1C5mg38viT/iqxEGNQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
ZWRkNGNjYi00MmUzLTRiNzItOTE5My1lOTE4ZTdiMzA2N2QvMC80MUE0NzlBRDZC
OTc0QjUwQjk5QTBERkNCRTI0RkY4QUFDNDQxOEQ0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvNDFBNDc5QUQ2Qjk3NEI1MEI5OUEwREZDQkUyNEZGOEFBQzQ0
MThENC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzBlZGQ0Y2NiLTQyZTMtNGI3Mi05
MTkzLWU5MThlN2IzMDY3ZC8wLzMxMzUzNzJlMzIzMDJlMzIzMjMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNTMyMzQzMjM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRTdMA0GCSqG
SIb3DQEBCwUAA4IBAQAl7qlhHRUWfwbjHfPbSnM7eQfaG+02vx5gvB8aRQw+wmL3
WH5FmSHxoKihEYvfSkvn9CgZOfNHZE3uwMoOIw0UXZLVF87L8k/TTor5LNmTAVam
4tT/dklNmo6/jEwSK1uvn2ICsniUo0b0JALTacdNOFYSgqDFb3sIEkJM7euSH7rS
9hRw80rvCfLAk2G0JLjKG93dRhfAHG9PGCrSHBgmUy9b9WmHr/wuCw+BY8YSz2EL
yXAxDvbdPaXLBEbXDYuNKk7ia3LQtLhMi4qdJtwFI6cx2k99Wc8A1kNCYw5FZ2NZ
qg8uI0lTmRd4pyYgRz+kjqXDrsorj4j0x3SWsyRY
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:55:28 2024 by rpki-client on console-fra.rpki-client.org