Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/3135372e32302e3132362e302f32332d3234203d3e20313532343130.roa
File:                     3135372e32302e3132362e302f32332d3234203d3e20313532343130.roa (raw, json)
Hash identifier:          GL8AMlujo4AkVOx8qStsJ350J7+imQl7NqV6QHZ7vWQ=
Subject key identifier:   82:FB:93:C4:ED:71:E7:1A:96:C7:48:27:D6:81:D9:90:66:7D:2F:00
Certificate issuer:       /CN=FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623
Certificate serial:       660C6A7D5C637D20E3586744221EDD9ED1AA413A
Authority key identifier: FD:7C:5A:44:A3:CA:AF:7C:D1:40:CF:D1:C6:16:22:BA:5E:A2:E6:23
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/3135372e32302e3132362e302f32332d3234203d3e20313532343130.roa
Signing time:             Thu 28 Mar 2024 03:42:04 +0000
ROA not before:           Thu 28 Mar 2024 03:37:04 +0000
ROA not after:            Thu 27 Mar 2025 03:42:04 +0000
asID:                     152410
IP address blocks:        157.20.126.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.crl
                          rsync://repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 14:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:0c:6a:7d:5c:63:7d:20:e3:58:67:44:22:1e:dd:9e:d1:aa:41:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623
        Validity
            Not Before: Mar 28 03:37:04 2024 GMT
            Not After : Mar 27 03:42:04 2025 GMT
        Subject: CN=82FB93C4ED71E71A96C74827D681D990667D2F00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:73:ad:f2:fc:16:cf:aa:68:29:6c:3f:00:4d:
                    7c:37:ed:83:76:42:31:ba:a8:b0:b1:61:e7:cf:89:
                    97:1f:52:44:43:0c:f4:27:47:25:3f:df:51:6d:44:
                    df:96:8c:46:cf:35:7a:c6:e7:19:de:c4:93:17:14:
                    c4:73:91:b6:d0:f7:13:b8:2a:83:2b:de:00:79:57:
                    f7:47:dd:ca:6a:04:f5:9d:3f:bd:ab:8c:b6:98:66:
                    f0:74:7f:aa:e0:2e:af:15:e9:84:94:15:d0:86:38:
                    d1:9d:50:1a:12:8f:d5:82:5f:00:c1:44:29:05:c1:
                    29:ec:1d:58:e0:42:3f:0d:ac:ed:89:2b:0f:da:4d:
                    97:1a:05:61:db:47:be:82:a0:b5:3b:9b:2a:b7:cc:
                    48:53:72:c4:c9:0b:9a:bd:e6:8c:ac:5e:d8:ee:47:
                    9b:b5:94:aa:c0:0b:a2:9b:ca:93:5d:af:83:c3:c1:
                    a7:6f:40:06:b0:05:cc:05:78:3e:56:7b:01:d5:68:
                    2d:6d:4b:db:95:fa:23:33:f9:1e:d6:85:d9:54:48:
                    40:8f:e3:b7:58:2e:59:a4:64:8d:f4:8b:63:ea:08:
                    e1:58:f0:d8:8d:b3:e2:1c:c0:b5:05:0f:a2:ab:0e:
                    6b:dc:96:03:75:a3:62:80:8a:98:41:18:5c:49:b6:
                    31:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:FB:93:C4:ED:71:E7:1A:96:C7:48:27:D6:81:D9:90:66:7D:2F:00
            X509v3 Authority Key Identifier:
                keyid:FD:7C:5A:44:A3:CA:AF:7C:D1:40:CF:D1:C6:16:22:BA:5E:A2:E6:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/FD7C5A44A3CAAF7CD140CFD1C61622BA5EA2E623.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/a0f78bd4-c19b-4d40-aa54-ed8d7bc772ca/0/3135372e32302e3132362e302f32332d3234203d3e20313532343130.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:13:ab:f6:9c:5b:29:f4:f0:6d:14:58:b3:b0:12:3f:8b:34:
         75:04:a4:81:35:04:59:5a:15:4d:04:28:26:9d:14:8d:04:99:
         4b:48:f6:f4:1d:0a:b8:46:82:60:98:ff:e4:f5:65:0f:7b:b7:
         ad:a6:65:0c:62:af:70:63:aa:c0:22:b8:51:9d:58:32:fd:68:
         3e:46:f8:42:ad:76:42:8b:72:33:bc:8c:6d:ef:65:34:b5:5f:
         07:94:e1:ec:ad:6b:0e:7d:32:de:59:83:5b:65:cd:7f:3b:36:
         17:1e:d0:9c:6b:da:9b:6c:6e:05:d2:46:33:d9:87:f6:3d:09:
         9d:96:c4:10:28:01:3f:c4:59:f7:7b:81:76:6f:fd:89:39:90:
         81:8e:af:e1:ee:8a:1c:ac:68:c4:72:9c:97:df:69:89:7b:16:
         36:4f:12:e1:45:53:f1:d9:9d:65:82:35:a1:76:6e:24:51:bb:
         59:84:5a:64:dd:56:bc:34:ab:9c:7f:ae:02:6a:fd:9b:cc:0e:
         fb:32:5c:d9:90:60:09:20:d3:57:40:42:dc:d5:6f:79:8e:2d:
         5f:31:26:60:aa:34:17:5a:9d:2f:3d:2a:0a:41:2c:4c:ce:be:
         9a:a2:a6:fb:2c:70:1e:7b:ac:d2:b1:7c:37:e6:a4:55:ce:ac:
         06:03:c9:17
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUZgxqfVxjfSDjWGdEIh7dntGqQTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkQ3QzVBNDRBM0NBQUY3Q0QxNDBDRkQxQzYxNjIyQkE1
RUEyRTYyMzAeFw0yNDAzMjgwMzM3MDRaFw0yNTAzMjcwMzQyMDRaMDMxMTAvBgNV
BAMTKDgyRkI5M0M0RUQ3MUU3MUE5NkM3NDgyN0Q2ODFEOTkwNjY3RDJGMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOc63y/BbPqmgpbD8ATXw37YN2
QjG6qLCxYefPiZcfUkRDDPQnRyU/31FtRN+WjEbPNXrG5xnexJMXFMRzkbbQ9xO4
KoMr3gB5V/dH3cpqBPWdP72rjLaYZvB0f6rgLq8V6YSUFdCGONGdUBoSj9WCXwDB
RCkFwSnsHVjgQj8NrO2JKw/aTZcaBWHbR76CoLU7myq3zEhTcsTJC5q95oysXtju
R5u1lKrAC6KbypNdr4PDwadvQAawBcwFeD5WewHVaC1tS9uV+iMz+R7WhdlUSECP
47dYLlmkZI30i2PqCOFY8NiNs+IcwLUFD6KrDmvclgN1o2KAiphBGFxJtjGjAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUgvuTxO1x5xqWx0gn1oHZkGZ9LwAwHwYDVR0j
BBgwFoAU/XxaRKPKr3zRQM/RxhYiul6i5iMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
MGY3OGJkNC1jMTliLTRkNDAtYWE1NC1lZDhkN2JjNzcyY2EvMC9GRDdDNUE0NEEz
Q0FBRjdDRDE0MENGRDFDNjE2MjJCQTVFQTJFNjIzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvRkQ3QzVBNDRBM0NBQUY3Q0QxNDBDRkQxQzYxNjIyQkE1RUEy
RTYyMy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2EwZjc4YmQ0LWMxOWItNGQ0MC1h
YTU0LWVkOGQ3YmM3NzJjYS8wLzMxMzUzNzJlMzIzMDJlMzEzMjM2MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzNTMyMzQzMTMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRR+MA0GCSqG
SIb3DQEBCwUAA4IBAQBWE6v2nFsp9PBtFFizsBI/izR1BKSBNQRZWhVNBCgmnRSN
BJlLSPb0HQq4RoJgmP/k9WUPe7etpmUMYq9wY6rAIrhRnVgy/Wg+RvhCrXZCi3Iz
vIxt72U0tV8HlOHsrWsOfTLeWYNbZc1/OzYXHtCca9qbbG4F0kYz2Yf2PQmdlsQQ
KAE/xFn3e4F2b/2JOZCBjq/h7oocrGjEcpyX32mJexY2TxLhRVPx2Z1lgjWhdm4k
UbtZhFpk3Va8NKucf64Cav2bzA77MlzZkGAJINNXQELc1W95ji1fMSZgqjQXWp0v
PSoKQSxMzr6aoqb7LHAee6zSsXw35qRVzqwGA8kX
-----END CERTIFICATE-----
Generated at Wed Nov 20 18:42:09 2024 by rpki-client on console-fra.rpki-client.org