Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137362e302f32342d3234203d3e203633383539.roa
File:                     3135382e3134302e3137362e302f32342d3234203d3e203633383539.roa (raw, json)
Hash identifier:          SLWW4Nv2vOtLLzjQZtXdoGLIueH+u/PNGyYI43292sY=
Subject key identifier:   3C:C4:76:26:A1:DA:1B:EE:97:0F:03:82:07:C1:0D:C6:C1:30:9F:9E
Certificate issuer:       /CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
Certificate serial:       55695702B9F1A4CC59E8F8A5FDCE6232B19D5F81
Authority key identifier: 7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137362e302f32342d3234203d3e203633383539.roa
Signing time:             Sun 11 Aug 2024 11:00:02 +0000
ROA not before:           Sun 11 Aug 2024 10:55:02 +0000
ROA not after:            Sun 10 Aug 2025 11:00:02 +0000
asID:                     63859
IP address blocks:        158.140.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 14:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:69:57:02:b9:f1:a4:cc:59:e8:f8:a5:fd:ce:62:32:b1:9d:5f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
        Validity
            Not Before: Aug 11 10:55:02 2024 GMT
            Not After : Aug 10 11:00:02 2025 GMT
        Subject: CN=3CC47626A1DA1BEE970F038207C10DC6C1309F9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:94:8a:3c:68:21:e0:a0:a2:ef:47:4e:ac:
                    59:ec:8c:a3:19:b8:83:00:2e:d8:b6:26:7d:ff:2c:
                    67:69:f1:0b:18:81:63:ce:da:62:3b:9d:20:3f:65:
                    d3:0d:ff:44:11:93:32:de:d7:e4:03:31:a5:21:db:
                    7b:a2:ca:7e:c0:42:3d:76:62:16:e0:2a:24:f3:b0:
                    64:11:5b:40:15:35:3a:f0:38:5e:a5:9d:4b:8c:c7:
                    20:06:7a:e6:4e:2b:da:20:48:f3:1a:89:12:59:a9:
                    5b:e3:88:e2:3e:24:d9:f2:ba:38:18:b0:e5:1c:85:
                    a0:59:94:dd:e2:97:8f:79:dc:36:01:55:6f:06:56:
                    f4:ec:27:ae:08:5a:52:6f:1d:da:90:ba:bd:1e:86:
                    9c:cf:d9:9c:62:be:d5:a1:53:e5:9e:a1:3c:f7:b3:
                    ec:ff:d6:bb:4f:ad:83:83:d1:53:c9:72:5d:85:03:
                    8d:bc:6d:e3:83:48:14:52:39:17:19:07:7b:a5:60:
                    54:89:27:b1:e0:26:98:03:89:97:91:43:ea:3f:d0:
                    2c:60:fc:54:b4:02:6a:e3:7b:9c:2b:69:97:b6:ed:
                    5a:1f:a9:97:fa:b2:c2:8e:df:2e:46:c6:b1:fd:b3:
                    06:80:2a:c5:8d:d6:20:d4:12:01:ea:e3:79:3f:f3:
                    4f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C4:76:26:A1:DA:1B:EE:97:0F:03:82:07:C1:0D:C6:C1:30:9F:9E
            X509v3 Authority Key Identifier:
                keyid:7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3137362e302f32342d3234203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:fa:e0:a3:f0:f2:09:4f:3b:28:b6:f1:2c:ad:19:14:5d:1c:
         8d:e1:c4:3a:f2:b0:c2:66:1b:86:5e:e7:cb:3a:45:67:c7:43:
         e2:a4:10:56:62:ae:e7:db:bd:2b:74:5b:d0:14:ba:d1:fd:d4:
         ae:a6:6a:44:1f:29:a2:76:08:c5:a1:ae:59:29:74:e8:6b:f2:
         bf:2e:13:91:7b:f0:c5:12:1d:85:b2:6f:59:d4:fa:67:bd:fe:
         73:bc:6c:f9:45:68:b6:de:8e:8a:e0:df:68:15:98:0e:0f:80:
         84:76:86:62:4f:a5:df:02:5a:6a:a2:d5:73:07:bf:c0:fa:76:
         6d:ab:f7:eb:f4:35:4a:00:1a:97:5b:29:4c:9e:61:27:b9:ed:
         81:91:18:3e:34:5f:5c:73:5c:b4:82:e3:2b:e8:24:02:4a:3b:
         0a:a6:61:a1:0f:74:71:57:0f:68:fe:1f:bf:a7:61:23:ae:cc:
         17:9b:f1:93:a2:ad:6b:2e:ca:c0:1b:0f:a6:bd:03:16:53:f6:
         34:c3:5d:14:5b:53:01:59:93:b3:a9:84:4d:a0:49:01:a3:a3:
         d6:a0:45:52:5c:af:b1:d2:4f:82:7a:8e:1d:46:41:85:57:9c:
         ae:f7:03:92:6e:8c:6a:bc:ee:68:36:cc:48:26:88:63:fa:3b:
         ef:04:6b:6e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUVWlXArnxpMxZ6Pil/c5iMrGdX4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0
NzBFOEZDRjAeFw0yNDA4MTExMDU1MDJaFw0yNTA4MTAxMTAwMDJaMDMxMTAvBgNV
BAMTKDNDQzQ3NjI2QTFEQTFCRUU5NzBGMDM4MjA3QzEwREM2QzEzMDlGOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqepSKPGgh4KCi70dOrFnsjKMZ
uIMALti2Jn3/LGdp8QsYgWPO2mI7nSA/ZdMN/0QRkzLe1+QDMaUh23uiyn7AQj12
YhbgKiTzsGQRW0AVNTrwOF6lnUuMxyAGeuZOK9ogSPMaiRJZqVvjiOI+JNnyujgY
sOUchaBZlN3il4953DYBVW8GVvTsJ64IWlJvHdqQur0ehpzP2ZxivtWhU+WeoTz3
s+z/1rtPrYOD0VPJcl2FA428beODSBRSORcZB3ulYFSJJ7HgJpgDiZeRQ+o/0Cxg
/FS0Amrje5wraZe27VofqZf6ssKO3y5GxrH9swaAKsWN1iDUEgHq43k/80+TAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUPMR2JqHaG+6XDwOCB8ENxsEwn54wHwYDVR0j
BBgwFoAUfQyIbPuvBiQCnMrleCTDz0cOj88wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMS83RDBDODg2Q0ZC
QUYwNjI0MDI5Q0NBRTU3ODI0QzNDRjQ3MEU4RkNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0NzBF
OEZDRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8xLzMxMzUzODJlMzEzNDMwMmUzMTM3MzYyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzNjMzMzgzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnoywMA0GCSqG
SIb3DQEBCwUAA4IBAQBX+uCj8PIJTzsotvEsrRkUXRyN4cQ68rDCZhuGXufLOkVn
x0PipBBWYq7n270rdFvQFLrR/dSupmpEHymidgjFoa5ZKXToa/K/LhORe/DFEh2F
sm9Z1Ppnvf5zvGz5RWi23o6K4N9oFZgOD4CEdoZiT6XfAlpqotVzB7/A+nZtq/fr
9DVKABqXWylMnmEnue2BkRg+NF9cc1y0guMr6CQCSjsKpmGhD3RxVw9o/h+/p2Ej
rswXm/GToq1rLsrAGw+mvQMWU/Y0w10UW1MBWZOzqYRNoEkBo6PWoEVSXK+x0k+C
eo4dRkGFV5yu9wOSboxqvO5oNsxIJohj+jvvBGtu
-----END CERTIFICATE-----
Generated at Wed Nov 20 15:56:07 2024 by rpki-client on console-ams.rpki-client.org