Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/36302e3235332e39362e302f31392d3234203d3e203338313434.roa
File:                     36302e3235332e39362e302f31392d3234203d3e203338313434.roa (raw, json)
Hash identifier:          Qw+QQXeY4ygHVGUJMQ05GH+K/HnAhSZIrw89V5Vsm4Q=
Subject key identifier:   C3:16:59:7A:9D:B8:DE:2A:01:D3:56:30:20:E1:09:BF:A2:CE:2D:F5
Certificate issuer:       /CN=253E2BB4DE467AF08F191AF7632EE3BD058DA101
Certificate serial:       731F97B97168783117F024A4453AA50B7BB5C381
Authority key identifier: 25:3E:2B:B4:DE:46:7A:F0:8F:19:1A:F7:63:2E:E3:BD:05:8D:A1:01
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/253E2BB4DE467AF08F191AF7632EE3BD058DA101.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/36302e3235332e39362e302f31392d3234203d3e203338313434.roa
Signing time:             Mon 01 Jul 2024 01:05:28 +0000
ROA not before:           Mon 01 Jul 2024 01:00:28 +0000
ROA not after:            Mon 30 Jun 2025 01:05:28 +0000
asID:                     38144
IP address blocks:        60.253.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/253E2BB4DE467AF08F191AF7632EE3BD058DA101.crl
                          rsync://repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/253E2BB4DE467AF08F191AF7632EE3BD058DA101.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/253E2BB4DE467AF08F191AF7632EE3BD058DA101.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 11:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:1f:97:b9:71:68:78:31:17:f0:24:a4:45:3a:a5:0b:7b:b5:c3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253E2BB4DE467AF08F191AF7632EE3BD058DA101
        Validity
            Not Before: Jul  1 01:00:28 2024 GMT
            Not After : Jun 30 01:05:28 2025 GMT
        Subject: CN=C316597A9DB8DE2A01D3563020E109BFA2CE2DF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:26:69:e6:1a:b5:9a:97:99:61:6a:19:8c:dc:
                    44:16:c7:15:97:04:94:6f:b1:d8:9a:2f:33:60:b7:
                    71:0e:98:e8:48:1a:82:44:8d:4c:5e:4c:12:6a:84:
                    74:8e:b1:e9:5b:27:0c:e8:24:8b:fc:fa:d8:5b:b6:
                    0a:48:66:a5:88:bc:c9:0e:e5:11:5a:62:f2:7b:90:
                    ab:31:2d:01:51:e0:c4:e2:d9:69:69:b7:e6:d6:6a:
                    36:44:c9:d7:24:9c:b2:d8:ba:e2:96:4a:c7:52:8c:
                    96:66:a6:63:88:40:31:15:37:74:4c:20:21:36:b7:
                    2b:75:9f:6c:4a:8b:8c:b3:7c:05:84:ab:de:ec:39:
                    d5:81:04:45:9e:ab:d6:7a:9e:4e:d4:5c:d7:7a:e6:
                    d8:69:4b:2d:58:dc:f4:da:9f:66:97:08:3c:e6:5f:
                    c0:35:5c:54:17:13:45:f1:1b:b5:cd:8f:c0:53:82:
                    2f:79:63:3c:30:98:8b:24:ba:33:0d:9f:2f:07:42:
                    ef:0e:9c:ae:20:15:41:36:af:63:46:b2:ab:cc:12:
                    31:f0:16:66:18:2b:cc:47:00:63:09:0c:be:cb:aa:
                    dc:e1:bd:bf:2c:2d:23:a5:04:ef:4d:45:a1:63:07:
                    83:d2:a3:65:a7:ba:2e:3a:13:60:59:78:1c:b7:fb:
                    bb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:16:59:7A:9D:B8:DE:2A:01:D3:56:30:20:E1:09:BF:A2:CE:2D:F5
            X509v3 Authority Key Identifier:
                keyid:25:3E:2B:B4:DE:46:7A:F0:8F:19:1A:F7:63:2E:E3:BD:05:8D:A1:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/253E2BB4DE467AF08F191AF7632EE3BD058DA101.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/253E2BB4DE467AF08F191AF7632EE3BD058DA101.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2cd7536d-9e10-4d49-b6ca-041cc9a5914e/0/36302e3235332e39362e302f31392d3234203d3e203338313434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  60.253.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a9:e7:5e:60:f1:32:85:00:55:d2:2e:3b:fc:ee:d4:7f:82:b2:
         0f:55:1c:b0:09:ef:01:16:4c:32:63:d6:dc:6c:21:5c:61:97:
         bd:c2:dd:ed:ef:f8:36:93:cd:70:6f:17:bb:8e:cb:f4:f1:5f:
         b5:03:6b:14:35:3a:d8:b7:a3:5f:ef:74:06:d2:dd:d5:ff:78:
         ff:68:4e:60:e6:3c:02:0b:8f:15:c0:df:bd:c9:1c:f1:5c:35:
         ac:03:0c:1a:55:ad:6a:d9:f4:38:fd:94:09:d9:10:d5:45:c5:
         be:8f:3b:88:5d:21:be:93:7b:65:29:76:84:41:1a:7a:f1:5a:
         37:96:01:ec:c6:1b:38:1b:4e:bb:19:31:56:87:2d:fb:0e:f6:
         f3:65:71:27:e3:0b:74:1f:25:d2:64:99:00:ab:69:2d:bb:3d:
         32:3d:a8:2f:4e:a7:b9:d1:cb:94:5e:08:f7:8d:20:d6:5d:34:
         33:bf:48:91:df:59:10:de:f3:3c:d3:43:be:d1:37:38:5a:fe:
         73:4c:a9:70:65:98:46:44:c4:8e:21:4a:bd:a5:45:b5:0b:47:
         59:11:e1:c9:11:32:dc:ec:4f:80:82:5f:e1:fa:f8:1d:fe:cb:
         f1:19:5f:01:8e:53:52:36:59:2a:1d:be:c1:a3:28:a5:ce:56:
         76:86:3c:a7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUcx+XuXFoeDEX8CSkRTqlC3u1w4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjUzRTJCQjRERTQ2N0FGMDhGMTkxQUY3NjMyRUUzQkQw
NThEQTEwMTAeFw0yNDA3MDEwMTAwMjhaFw0yNTA2MzAwMTA1MjhaMDMxMTAvBgNV
BAMTKEMzMTY1OTdBOURCOERFMkEwMUQzNTYzMDIwRTEwOUJGQTJDRTJERjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClJmnmGrWal5lhahmM3EQWxxWX
BJRvsdiaLzNgt3EOmOhIGoJEjUxeTBJqhHSOselbJwzoJIv8+thbtgpIZqWIvMkO
5RFaYvJ7kKsxLQFR4MTi2Wlpt+bWajZEydcknLLYuuKWSsdSjJZmpmOIQDEVN3RM
ICE2tyt1n2xKi4yzfAWEq97sOdWBBEWeq9Z6nk7UXNd65thpSy1Y3PTan2aXCDzm
X8A1XFQXE0XxG7XNj8BTgi95YzwwmIskujMNny8HQu8OnK4gFUE2r2NGsqvMEjHw
FmYYK8xHAGMJDL7Lqtzhvb8sLSOlBO9NRaFjB4PSo2Wnui46E2BZeBy3+7tnAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUwxZZep243ioB01YwIOEJv6LOLfUwHwYDVR0j
BBgwFoAUJT4rtN5GevCPGRr3Yy7jvQWNoQEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
Y2Q3NTM2ZC05ZTEwLTRkNDktYjZjYS0wNDFjYzlhNTkxNGUvMC8yNTNFMkJCNERF
NDY3QUYwOEYxOTFBRjc2MzJFRTNCRDA1OERBMTAxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjUzRTJCQjRERTQ2N0FGMDhGMTkxQUY3NjMyRUUzQkQwNThE
QTEwMS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJjZDc1MzZkLTllMTAtNGQ0OS1i
NmNhLTA0MWNjOWE1OTE0ZS8wLzM2MzAyZTMyMzUzMzJlMzkzNjJlMzAyZjMxMzky
ZDMyMzQyMDNkM2UyMDMzMzgzMTM0MzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAU8/WAwDQYJKoZIhvcN
AQELBQADggEBAKnnXmDxMoUAVdIuO/zu1H+Csg9VHLAJ7wEWTDJj1txsIVxhl73C
3e3v+DaTzXBvF7uOy/TxX7UDaxQ1Oti3o1/vdAbS3dX/eP9oTmDmPAILjxXA373J
HPFcNawDDBpVrWrZ9Dj9lAnZENVFxb6PO4hdIb6Te2UpdoRBGnrxWjeWAezGGzgb
TrsZMVaHLfsO9vNlcSfjC3QfJdJkmQCraS27PTI9qC9Op7nRy5ReCPeNINZdNDO/
SJHfWRDe8zzTQ77RNzha/nNMqXBlmEZExI4hSr2lRbULR1kR4ckRMtzsT4CCX+H6
+B3+y/EZXwGOU1I2WSodvsGjKKXOVnaGPKc=
-----END CERTIFICATE-----
Generated at Mon Nov 25 10:49:15 2024 by rpki-client on console-fra.rpki-client.org