Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/3136302e32302e33392e302f32342d3234203d3e20313532373637.roa
File:                     3136302e32302e33392e302f32342d3234203d3e20313532373637.roa (raw, json)
Hash identifier:          r+NcYn+t5rMmjNx2JWkC72GwMhJHESlVZs6P4b6ukaU=
Subject key identifier:   CC:3E:E2:D1:C6:F3:A4:34:97:A2:E3:0B:97:F7:66:82:EB:CA:8D:99
Certificate issuer:       /CN=BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244
Certificate serial:       1BF9D13450AF986BFD8C3FD7A8018E2DEED7140A
Authority key identifier: BC:A0:C1:EF:5A:4A:B3:AE:F4:25:E1:5A:B8:9A:19:CD:E5:68:82:44
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/3136302e32302e33392e302f32342d3234203d3e20313532373637.roa
Signing time:             Sat 15 Jun 2024 08:53:46 +0000
ROA not before:           Sat 15 Jun 2024 08:48:46 +0000
ROA not after:            Sat 14 Jun 2025 08:53:46 +0000
asID:                     152767
IP address blocks:        160.20.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.crl
                          rsync://repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 19:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f9:d1:34:50:af:98:6b:fd:8c:3f:d7:a8:01:8e:2d:ee:d7:14:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244
        Validity
            Not Before: Jun 15 08:48:46 2024 GMT
            Not After : Jun 14 08:53:46 2025 GMT
        Subject: CN=CC3EE2D1C6F3A43497A2E30B97F76682EBCA8D99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:96:26:1a:8e:94:b0:bb:52:85:34:2b:3e:d9:
                    82:98:20:98:25:37:60:cb:aa:2f:6d:08:5d:61:10:
                    6e:a8:65:b3:49:e8:a9:9c:30:7d:1d:00:59:51:f1:
                    ec:95:9f:f9:f4:d1:c0:a4:65:d0:b4:78:1a:56:ee:
                    c4:f1:02:48:d6:c5:2f:a8:2b:49:4a:e8:f5:64:b6:
                    c7:d3:34:8b:ee:88:3b:02:5a:04:72:e7:9f:dc:7d:
                    08:0a:65:74:58:6b:82:54:8e:9f:bb:b8:26:37:7b:
                    32:42:89:d7:3b:99:19:63:75:00:0c:d2:ac:be:2c:
                    75:22:40:cd:96:7d:ad:d3:05:34:69:c3:80:95:00:
                    db:67:e5:65:b2:9f:57:f0:ec:d5:80:8e:48:a5:86:
                    41:ed:59:dc:c1:19:d2:07:69:95:e6:10:c7:c7:24:
                    40:b7:3a:91:3e:d2:29:ce:f8:67:2e:e2:b1:39:9a:
                    fd:a3:32:a6:c9:eb:c8:97:12:24:6d:4c:da:6c:7c:
                    e3:2b:e9:3b:b2:f0:38:34:8c:1f:9b:03:75:c8:70:
                    8f:f8:04:12:7e:b5:a5:d6:0f:44:29:d7:b2:91:f6:
                    17:2f:47:fd:81:72:5c:45:0f:62:78:dc:f5:9b:d3:
                    e2:a1:38:0e:f3:3f:5d:19:49:0a:ca:47:05:57:db:
                    90:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:3E:E2:D1:C6:F3:A4:34:97:A2:E3:0B:97:F7:66:82:EB:CA:8D:99
            X509v3 Authority Key Identifier:
                keyid:BC:A0:C1:EF:5A:4A:B3:AE:F4:25:E1:5A:B8:9A:19:CD:E5:68:82:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/BCA0C1EF5A4AB3AEF425E15AB89A19CDE5688244.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/dfe7dacc-2b45-4141-9775-f1bb9f052396/0/3136302e32302e33392e302f32342d3234203d3e20313532373637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a8:8f:62:fd:cf:bc:8a:cf:df:55:fa:bc:d0:05:5a:05:98:
         3c:50:94:7d:2a:2b:7a:f8:3a:4c:59:6c:64:86:ce:c6:81:bf:
         e9:3d:08:e6:2c:81:a8:78:bd:29:00:99:a8:03:2d:5a:95:94:
         ab:be:72:4f:13:98:7a:6f:e3:0f:17:c3:dc:c1:e3:e3:89:01:
         d2:c6:dd:ad:ec:cd:a6:51:db:5d:b7:42:0d:43:d6:cb:15:50:
         f4:2d:8f:cf:46:ab:25:7e:41:bd:a3:ca:5f:ea:ef:93:47:0d:
         5d:62:a5:82:a3:b8:b9:47:8f:86:27:5e:77:6e:54:d3:be:75:
         07:ab:3f:8f:bd:b3:a5:fe:64:aa:08:32:a6:c6:d4:0e:21:a6:
         7c:d3:6b:e4:e7:05:4d:b5:00:71:d1:2c:51:fc:0d:10:32:3e:
         6c:a8:7e:6f:40:dc:7b:75:49:bd:14:ea:dc:f0:11:d8:de:8a:
         75:bc:5c:45:70:59:a0:4d:7f:3a:81:ea:c3:b2:a6:b2:5e:f4:
         74:75:78:74:5b:9e:83:f9:16:ac:30:fd:21:c3:89:72:51:14:
         5f:16:0d:3b:41:28:85:73:9d:b8:6f:09:5c:f2:b4:fa:09:a0:
         4f:cf:dd:e5:37:f0:ec:39:0d:55:3f:1d:88:cf:7e:0a:6d:4a:
         ae:b6:f4:ca
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUG/nRNFCvmGv9jD/XqAGOLe7XFAowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkNBMEMxRUY1QTRBQjNBRUY0MjVFMTVBQjg5QTE5Q0RF
NTY4ODI0NDAeFw0yNDA2MTUwODQ4NDZaFw0yNTA2MTQwODUzNDZaMDMxMTAvBgNV
BAMTKENDM0VFMkQxQzZGM0E0MzQ5N0EyRTMwQjk3Rjc2NjgyRUJDQThEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcliYajpSwu1KFNCs+2YKYIJgl
N2DLqi9tCF1hEG6oZbNJ6KmcMH0dAFlR8eyVn/n00cCkZdC0eBpW7sTxAkjWxS+o
K0lK6PVktsfTNIvuiDsCWgRy55/cfQgKZXRYa4JUjp+7uCY3ezJCidc7mRljdQAM
0qy+LHUiQM2Wfa3TBTRpw4CVANtn5WWyn1fw7NWAjkilhkHtWdzBGdIHaZXmEMfH
JEC3OpE+0inO+Gcu4rE5mv2jMqbJ68iXEiRtTNpsfOMr6Tuy8Dg0jB+bA3XIcI/4
BBJ+taXWD0Qp17KR9hcvR/2BclxFD2J43PWb0+KhOA7zP10ZSQrKRwVX25DZAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUzD7i0cbzpDSXouMLl/dmguvKjZkwHwYDVR0j
BBgwFoAUvKDB71pKs670JeFauJoZzeVogkQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
ZmU3ZGFjYy0yYjQ1LTQxNDEtOTc3NS1mMWJiOWYwNTIzOTYvMC9CQ0EwQzFFRjVB
NEFCM0FFRjQyNUUxNUFCODlBMTlDREU1Njg4MjQ0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvQkNBMEMxRUY1QTRBQjNBRUY0MjVFMTVBQjg5QTE5Q0RFNTY4
ODI0NC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2RmZTdkYWNjLTJiNDUtNDE0MS05
Nzc1LWYxYmI5ZjA1MjM5Ni8wLzMxMzYzMDJlMzIzMDJlMzMzOTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzUzMjM3MzYzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKAUJzANBgkqhkiG
9w0BAQsFAAOCAQEAJ6iPYv3PvIrP31X6vNAFWgWYPFCUfSorevg6TFlsZIbOxoG/
6T0I5iyBqHi9KQCZqAMtWpWUq75yTxOYem/jDxfD3MHj44kB0sbdrezNplHbXbdC
DUPWyxVQ9C2Pz0arJX5BvaPKX+rvk0cNXWKlgqO4uUePhided25U0751B6s/j72z
pf5kqggypsbUDiGmfNNr5OcFTbUAcdEsUfwNEDI+bKh+b0Dce3VJvRTq3PAR2N6K
dbxcRXBZoE1/OoHqw7Kmsl70dHV4dFueg/kWrDD9IcOJclEUXxYNO0EohXOduG8J
XPK0+gmgT8/d5Tfw7DkNVT8diM9+Cm1Krrb0yg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:55:29 2024 by rpki-client on console-fra.rpki-client.org