Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/3136302e31392e38382e302f32342d3234203d3e20313437303838.roa
File:                     3136302e31392e38382e302f32342d3234203d3e20313437303838.roa (raw, json)
Hash identifier:          PiWVlKjUs0amBWCdvxLs5cX1/7M8WB7XrVQaBgAMMxY=
Subject key identifier:   36:B2:E0:3B:07:91:B5:15:D8:DE:5A:9E:AB:A3:52:EC:5A:49:72:A7
Certificate issuer:       /CN=95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689
Certificate serial:       5B03EB2A594E0FA8B38F0C92AAD97F3FB41463D8
Authority key identifier: 95:FA:C3:8A:5C:B2:CE:A3:E5:FF:E2:49:56:26:A7:BE:A3:28:D6:89
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/3136302e31392e38382e302f32342d3234203d3e20313437303838.roa
Signing time:             Thu 06 Jun 2024 07:26:36 +0000
ROA not before:           Thu 06 Jun 2024 07:21:36 +0000
ROA not after:            Thu 05 Jun 2025 07:26:36 +0000
asID:                     147088
IP address blocks:        160.19.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.crl
                          rsync://repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 23:47:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:03:eb:2a:59:4e:0f:a8:b3:8f:0c:92:aa:d9:7f:3f:b4:14:63:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689
        Validity
            Not Before: Jun  6 07:21:36 2024 GMT
            Not After : Jun  5 07:26:36 2025 GMT
        Subject: CN=36B2E03B0791B515D8DE5A9EABA352EC5A4972A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ec:82:15:7d:f6:ad:bf:6b:8d:e0:7c:59:2a:
                    e0:1b:c0:5c:21:a4:c4:7a:c4:d2:f4:a7:ec:d9:3e:
                    bd:c5:87:62:fd:a9:ed:79:b7:ff:5c:78:dd:de:c2:
                    dd:74:3b:30:07:99:86:e4:58:af:3f:45:6b:7b:8d:
                    f8:83:35:40:a6:ed:83:80:14:59:78:9e:10:93:db:
                    ec:2f:9c:c2:e9:f0:7a:bf:d7:90:6e:ea:26:90:ef:
                    58:19:1c:24:22:9e:77:3c:ff:d5:a4:17:a8:7f:cf:
                    5b:85:7f:52:6b:d6:09:7c:79:01:d4:42:d0:5b:38:
                    a9:8f:ce:82:13:51:0d:bd:50:a2:bc:2a:13:a7:f6:
                    e7:8a:1f:29:63:d4:36:cd:2c:0c:d5:a1:f2:3b:b6:
                    b6:5f:34:ed:3b:73:d7:0f:6d:9d:1c:a7:e9:1e:38:
                    2c:f6:6a:be:2c:20:6d:43:78:d1:f8:ff:86:5c:4d:
                    c9:e7:25:7e:9d:ef:2d:59:7d:1c:87:e5:47:4b:77:
                    4c:b9:ac:c1:46:cd:fa:a2:c3:9a:e2:e1:ab:36:01:
                    c1:72:bf:95:c9:85:ee:9e:b7:2e:c6:16:65:21:3f:
                    2c:dc:56:37:40:af:85:8f:c1:5d:4d:dc:80:27:5e:
                    86:ea:48:d3:da:46:b7:aa:72:58:7e:15:cb:ca:a7:
                    f6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B2:E0:3B:07:91:B5:15:D8:DE:5A:9E:AB:A3:52:EC:5A:49:72:A7
            X509v3 Authority Key Identifier:
                keyid:95:FA:C3:8A:5C:B2:CE:A3:E5:FF:E2:49:56:26:A7:BE:A3:28:D6:89

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/95FAC38A5CB2CEA3E5FFE2495626A7BEA328D689.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/84da415b-5f17-4602-9bd9-fd84ac2cae86/0/3136302e31392e38382e302f32342d3234203d3e20313437303838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:33:69:1f:6b:24:09:c7:1e:df:81:b8:a2:ff:8c:c7:f7:a7:
         0f:8b:7b:8d:d4:cf:fe:0c:d7:02:d9:a8:32:74:fc:77:be:dc:
         90:3a:92:1f:ca:e0:69:d8:98:d3:c2:9b:7d:d9:a7:a0:b6:d6:
         60:ba:3e:9f:9a:de:d6:46:03:00:17:e3:c9:ae:1f:11:45:37:
         94:48:0f:3c:7b:23:8e:25:aa:42:ac:ac:3d:f7:77:49:84:a7:
         e2:7e:da:0b:38:48:3d:86:3b:42:b6:5f:e1:af:bb:cb:35:b1:
         dc:1a:f6:90:bc:b5:b8:a5:66:99:4c:b9:c5:92:17:48:c7:49:
         b2:b9:a1:4c:53:b7:82:68:b5:c5:7f:24:81:a5:db:b9:8c:6f:
         41:b4:f2:50:63:c5:6a:ef:36:88:b2:f3:06:e9:c0:ef:ad:ae:
         5a:4b:8f:98:1e:a4:86:09:db:5b:7c:11:3b:56:97:de:96:91:
         b1:0a:52:e7:e5:a5:d4:8a:36:81:3f:5f:81:4f:dd:13:a6:85:
         62:50:aa:30:1e:4f:2a:88:68:53:ea:91:13:8e:86:92:58:d1:
         b5:0f:56:98:7d:15:5b:4e:2b:2b:dd:fd:d1:46:29:51:d3:cb:
         f8:37:9f:70:fb:ca:39:6a:c6:41:7f:6e:08:5a:dd:8e:72:54:
         40:49:69:20
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUWwPrKllOD6izjwySqtl/P7QUY9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTVGQUMzOEE1Q0IyQ0VBM0U1RkZFMjQ5NTYyNkE3QkVB
MzI4RDY4OTAeFw0yNDA2MDYwNzIxMzZaFw0yNTA2MDUwNzI2MzZaMDMxMTAvBgNV
BAMTKDM2QjJFMDNCMDc5MUI1MTVEOERFNUE5RUFCQTM1MkVDNUE0OTcyQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW7IIVffatv2uN4HxZKuAbwFwh
pMR6xNL0p+zZPr3Fh2L9qe15t/9ceN3ewt10OzAHmYbkWK8/RWt7jfiDNUCm7YOA
FFl4nhCT2+wvnMLp8Hq/15Bu6iaQ71gZHCQinnc8/9WkF6h/z1uFf1Jr1gl8eQHU
QtBbOKmPzoITUQ29UKK8KhOn9ueKHylj1DbNLAzVofI7trZfNO07c9cPbZ0cp+ke
OCz2ar4sIG1DeNH4/4ZcTcnnJX6d7y1ZfRyH5UdLd0y5rMFGzfqiw5ri4as2AcFy
v5XJhe6ety7GFmUhPyzcVjdAr4WPwV1N3IAnXobqSNPaRreqclh+FcvKp/ZfAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUNrLgOweRtRXY3lqeq6NS7FpJcqcwHwYDVR0j
BBgwFoAUlfrDilyyzqPl/+JJVianvqMo1okwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
NGRhNDE1Yi01ZjE3LTQ2MDItOWJkOS1mZDg0YWMyY2FlODYvMC85NUZBQzM4QTVD
QjJDRUEzRTVGRkUyNDk1NjI2QTdCRUEzMjhENjg5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvOTVGQUMzOEE1Q0IyQ0VBM0U1RkZFMjQ5NTYyNkE3QkVBMzI4
RDY4OS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzg0ZGE0MTViLTVmMTctNDYwMi05
YmQ5LWZkODRhYzJjYWU4Ni8wLzMxMzYzMDJlMzEzOTJlMzgzODJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzQzNzMwMzgzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKATWDANBgkqhkiG
9w0BAQsFAAOCAQEAbTNpH2skCcce34G4ov+Mx/enD4t7jdTP/gzXAtmoMnT8d77c
kDqSH8rgadiY08KbfdmnoLbWYLo+n5re1kYDABfjya4fEUU3lEgPPHsjjiWqQqys
Pfd3SYSn4n7aCzhIPYY7QrZf4a+7yzWx3Br2kLy1uKVmmUy5xZIXSMdJsrmhTFO3
gmi1xX8kgaXbuYxvQbTyUGPFau82iLLzBunA762uWkuPmB6khgnbW3wRO1aX3paR
sQpS5+Wl1Io2gT9fgU/dE6aFYlCqMB5PKohoU+qRE46GkljRtQ9WmH0VW04rK939
0UYpUdPL+DefcPvKOWrGQX9uCFrdjnJUQElpIA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 18:47:51 2024 by rpki-client on console-fra.rpki-client.org