Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3132302e38392e39342e302f32332d3234203d3e203536323333.roa
File:                     3132302e38392e39342e302f32332d3234203d3e203536323333.roa (raw, json)
Hash identifier:          PoMZTlZydznYr0ZXVgAd9iW0robKI4CkTF3H25W8cJ4=
Subject key identifier:   35:9F:6D:71:6D:17:63:5D:1D:9F:04:F9:5F:55:AC:30:65:00:1C:CF
Certificate issuer:       /CN=DF1CEA0313DA7500D70AE089169B4BBEE54CA859
Certificate serial:       4DF74D45AFB011607C22CCA68B8EBDF29B594EE4
Authority key identifier: DF:1C:EA:03:13:DA:75:00:D7:0A:E0:89:16:9B:4B:BE:E5:4C:A8:59
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3132302e38392e39342e302f32332d3234203d3e203536323333.roa
Signing time:             Mon 07 Aug 2023 11:00:01 +0000
ROA not before:           Mon 07 Aug 2023 10:55:01 +0000
ROA not after:            Mon 05 Aug 2024 11:00:01 +0000
asID:                     56233
IP address blocks:        120.89.94.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.crl
                          rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:f7:4d:45:af:b0:11:60:7c:22:cc:a6:8b:8e:bd:f2:9b:59:4e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DF1CEA0313DA7500D70AE089169B4BBEE54CA859
        Validity
            Not Before: Aug  7 10:55:01 2023 GMT
            Not After : Aug  5 11:00:01 2024 GMT
        Subject: CN=359F6D716D17635D1D9F04F95F55AC3065001CCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:db:ce:18:7a:75:9f:bd:f3:d6:33:37:f3:37:
                    ca:ea:dd:33:07:2b:ec:7e:6d:35:7f:c8:1f:03:05:
                    bb:78:44:8d:d7:72:20:65:2e:02:e3:84:76:25:07:
                    a2:82:18:1b:a2:06:eb:c1:98:f4:48:d1:47:fa:9a:
                    ef:b7:2d:0c:2f:a5:08:2c:a4:e0:bb:3b:e6:ed:5d:
                    50:d3:98:0a:47:7e:e8:7b:32:0f:f4:eb:84:c5:ec:
                    3d:05:3a:68:21:55:77:19:0d:a4:50:2f:e3:bf:85:
                    e1:e9:b1:4e:65:5e:52:58:ef:94:18:bb:00:1a:c4:
                    9e:08:98:5d:73:20:fa:e1:7b:bb:08:b0:28:4d:39:
                    2b:4d:69:22:74:cb:6b:7e:1e:a0:a7:03:f6:c3:41:
                    aa:59:ab:4d:f2:5f:a7:48:f0:ef:8b:93:a6:b3:5b:
                    65:5a:0d:f0:28:93:7b:f7:23:38:dc:91:cd:6f:fd:
                    77:73:f2:45:fe:30:90:23:99:58:96:fa:4b:60:1e:
                    e1:76:9b:14:df:0a:94:73:a8:cc:1a:ae:f7:41:44:
                    b1:0f:37:be:c3:2d:fd:e0:7f:82:a8:f4:c2:b6:91:
                    1d:68:c8:1d:b3:8e:fa:53:68:6f:b5:2e:ec:18:99:
                    82:d8:70:d1:9e:01:2e:62:c8:f3:8f:5d:59:97:e2:
                    31:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9F:6D:71:6D:17:63:5D:1D:9F:04:F9:5F:55:AC:30:65:00:1C:CF
            X509v3 Authority Key Identifier:
                keyid:DF:1C:EA:03:13:DA:75:00:D7:0A:E0:89:16:9B:4B:BE:E5:4C:A8:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3132302e38392e39342e302f32332d3234203d3e203536323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.89.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:09:2b:a2:02:e9:6e:1e:3e:0b:11:29:cc:1c:eb:b3:c4:ce:
         fb:25:eb:37:aa:28:63:b6:03:04:5e:45:5d:1a:6f:fa:49:cc:
         75:46:06:5f:1a:5a:06:0c:0d:d9:e7:a3:09:86:b9:96:d4:be:
         87:11:49:86:5f:fe:8a:a1:6f:ef:d1:54:04:3a:53:cf:41:11:
         38:73:7e:44:60:d1:70:3c:fa:89:02:bf:c8:e1:f2:b8:7c:b2:
         bf:2e:b4:bf:a6:50:f4:4a:10:fb:63:a1:70:4c:0e:e6:fa:79:
         0f:77:d4:9f:22:fe:0a:d8:7e:15:a1:1c:19:86:3c:95:c8:58:
         16:f9:e6:09:97:18:59:12:4c:09:90:f4:11:76:8c:ac:b3:3b:
         7e:4a:6d:0c:77:7d:47:62:98:24:b3:a4:09:7b:f0:01:e7:90:
         02:16:27:7a:d6:cf:0a:42:37:dd:2e:04:e1:4e:18:0d:ab:17:
         cb:80:14:d9:74:a0:3a:80:46:f4:0a:3a:b3:f4:b4:d7:f3:f9:
         f7:20:0e:f6:f8:30:11:99:d1:a8:3c:c2:6a:92:22:f1:6b:a2:
         36:29:74:53:0d:3b:ed:ef:5a:c6:c9:05:f6:93:4f:0c:2f:21:
         e5:31:3b:72:c3:5f:74:19:00:b4:f3:60:32:f3:0a:55:c2:b8:
         8c:9e:18:65
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUTfdNRa+wEWB8Isymi4698ptZTuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREYxQ0VBMDMxM0RBNzUwMEQ3MEFFMDg5MTY5QjRCQkVF
NTRDQTg1OTAeFw0yMzA4MDcxMDU1MDFaFw0yNDA4MDUxMTAwMDFaMDMxMTAvBgNV
BAMTKDM1OUY2RDcxNkQxNzYzNUQxRDlGMDRGOTVGNTVBQzMwNjUwMDFDQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB284YenWfvfPWMzfzN8rq3TMH
K+x+bTV/yB8DBbt4RI3XciBlLgLjhHYlB6KCGBuiBuvBmPRI0Uf6mu+3LQwvpQgs
pOC7O+btXVDTmApHfuh7Mg/064TF7D0FOmghVXcZDaRQL+O/heHpsU5lXlJY75QY
uwAaxJ4ImF1zIPrhe7sIsChNOStNaSJ0y2t+HqCnA/bDQapZq03yX6dI8O+Lk6az
W2VaDfAok3v3Izjckc1v/Xdz8kX+MJAjmViW+ktgHuF2mxTfCpRzqMwarvdBRLEP
N77DLf3gf4Ko9MK2kR1oyB2zjvpTaG+1LuwYmYLYcNGeAS5iyPOPXVmX4jF5AgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUNZ9tcW0XY10dnwT5X1WsMGUAHM8wHwYDVR0j
BBgwFoAU3xzqAxPadQDXCuCJFptLvuVMqFkwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
NGZkNGJjMi00MWQ0LTQyZTYtYTdmZi01OTQ5Mzg4NTEyNmEvMC9ERjFDRUEwMzEz
REE3NTAwRDcwQUUwODkxNjlCNEJCRUU1NENBODU5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREYxQ0VBMDMxM0RBNzUwMEQ3MEFFMDg5MTY5QjRCQkVFNTRD
QTg1OS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzA0ZmQ0YmMyLTQxZDQtNDJlNi1h
N2ZmLTU5NDkzODg1MTI2YS8wLzMxMzIzMDJlMzgzOTJlMzkzNDJlMzAyZjMyMzMy
ZDMyMzQyMDNkM2UyMDM1MzYzMjMzMzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAF4WV4wDQYJKoZIhvcN
AQELBQADggEBAAIJK6IC6W4ePgsRKcwc67PEzvsl6zeqKGO2AwReRV0ab/pJzHVG
Bl8aWgYMDdnnowmGuZbUvocRSYZf/oqhb+/RVAQ6U89BEThzfkRg0XA8+okCv8jh
8rh8sr8utL+mUPRKEPtjoXBMDub6eQ931J8i/grYfhWhHBmGPJXIWBb55gmXGFkS
TAmQ9BF2jKyzO35KbQx3fUdimCSzpAl78AHnkAIWJ3rWzwpCN90uBOFOGA2rF8uA
FNl0oDqARvQKOrP0tNfz+fcgDvb4MBGZ0ag8wmqSIvFrojYpdFMNO+3vWsbJBfaT
TwwvIeUxO3LDX3QZALTzYDLzClXCuIyeGGU=
-----END CERTIFICATE-----
Generated at Fri Mar 29 04:58:01 2024 by rpki-client on console-fra.rpki-client.org