Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/3131372e3132312e3230302e302f32312d3234203d3e203436303239.roa
File:                     3131372e3132312e3230302e302f32312d3234203d3e203436303239.roa (raw, json)
Hash identifier:          nLrHMOFyZxp8wwYV5Hf82cYOcweYem37QFF3cm1W38E=
Subject key identifier:   07:BC:73:91:3B:2E:A4:38:C4:53:76:DA:46:17:0D:68:CD:51:57:54
Certificate issuer:       /CN=45FD71C7EFF830D20E960225B4A971A14B081364
Certificate serial:       390FE6BAE81735B8D17D2F2A4CEA1A175D099B8B
Authority key identifier: 45:FD:71:C7:EF:F8:30:D2:0E:96:02:25:B4:A9:71:A1:4B:08:13:64
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/45FD71C7EFF830D20E960225B4A971A14B081364.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/3131372e3132312e3230302e302f32312d3234203d3e203436303239.roa
Signing time:             Mon 31 Jul 2023 00:08:39 +0000
ROA not before:           Mon 31 Jul 2023 00:03:39 +0000
ROA not after:            Mon 29 Jul 2024 00:08:39 +0000
asID:                     46029
IP address blocks:        117.121.200.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/45FD71C7EFF830D20E960225B4A971A14B081364.crl
                          rsync://repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/45FD71C7EFF830D20E960225B4A971A14B081364.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/45FD71C7EFF830D20E960225B4A971A14B081364.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:0f:e6:ba:e8:17:35:b8:d1:7d:2f:2a:4c:ea:1a:17:5d:09:9b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45FD71C7EFF830D20E960225B4A971A14B081364
        Validity
            Not Before: Jul 31 00:03:39 2023 GMT
            Not After : Jul 29 00:08:39 2024 GMT
        Subject: CN=07BC73913B2EA438C45376DA46170D68CD515754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:41:9f:41:19:d9:77:e3:b5:a7:4f:92:b7:59:
                    15:be:3d:89:fc:bd:bf:ea:80:b3:0a:23:ba:2e:a9:
                    b4:69:81:28:74:4a:a5:3d:e8:82:2f:a3:68:41:4e:
                    d4:25:57:c5:2a:3f:f7:fd:22:52:c3:f4:bf:d6:b1:
                    2e:63:d7:0a:cb:54:90:ad:fe:b7:da:cf:d1:c5:9e:
                    cd:71:38:67:16:41:95:78:26:21:33:c3:8c:c4:91:
                    79:b1:d0:6b:06:89:77:d4:fc:b2:b6:8b:da:60:05:
                    1d:75:07:19:b8:a0:68:19:4f:2b:26:3f:60:c4:6c:
                    81:9f:db:18:d9:d0:d2:57:54:4c:f1:23:1c:61:04:
                    00:1b:9c:d2:d7:91:40:9a:9a:0d:d3:f3:a7:44:e3:
                    eb:59:a2:dc:67:cc:77:2b:71:0b:be:e6:54:e1:29:
                    d4:3c:d9:4d:f7:37:84:d1:f3:90:92:10:ec:74:1a:
                    7a:29:31:e9:92:b2:6a:31:4d:3a:bb:b9:17:6c:55:
                    d7:d9:7e:e3:7c:ac:a0:df:08:19:5b:87:6a:11:a9:
                    77:b4:39:53:ec:99:94:36:c0:12:d2:90:3c:56:f9:
                    91:93:60:3a:bf:72:54:df:54:a4:1d:53:13:0c:f2:
                    f6:87:c7:8a:6c:12:aa:a8:78:68:38:7a:9d:12:e0:
                    e0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:BC:73:91:3B:2E:A4:38:C4:53:76:DA:46:17:0D:68:CD:51:57:54
            X509v3 Authority Key Identifier:
                keyid:45:FD:71:C7:EF:F8:30:D2:0E:96:02:25:B4:A9:71:A1:4B:08:13:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/45FD71C7EFF830D20E960225B4A971A14B081364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/45FD71C7EFF830D20E960225B4A971A14B081364.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/153b067c-ecc9-4dca-987d-b9576815f855/0/3131372e3132312e3230302e302f32312d3234203d3e203436303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.121.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bf:b9:f1:45:98:4b:7b:1c:bb:21:78:e7:55:18:e5:49:0e:5f:
         5c:f8:d4:c5:a0:57:44:62:0c:d5:d7:08:6f:c1:db:e2:c8:27:
         e8:02:ac:e1:47:26:4e:e9:10:3e:d8:d4:af:43:a8:7b:d5:de:
         9a:5d:fe:cb:b4:71:1f:a5:4c:a3:14:ba:3f:4e:24:70:89:d5:
         30:e4:cb:c3:91:b7:31:0b:43:74:6a:1f:73:23:7d:91:c6:9c:
         0c:9b:b6:f1:39:c8:d9:32:e6:f6:3c:8f:0c:7f:d0:8d:0e:27:
         3e:49:da:ef:bd:32:9c:7c:69:46:b8:03:e2:22:93:61:8e:0e:
         91:1e:0f:27:46:16:aa:91:82:a4:21:2e:74:ec:35:2f:ff:08:
         a8:c9:9c:61:8c:db:4e:6a:19:99:09:8d:6c:40:4b:b7:46:76:
         ef:d7:de:63:d1:19:04:50:86:a8:67:d1:24:86:4b:56:36:54:
         78:c6:25:da:ff:d8:50:d1:58:51:43:2b:dc:c4:9b:c1:cd:ea:
         01:9b:bb:1c:6e:59:af:ff:75:0d:95:ec:73:f7:74:d9:89:7a:
         db:19:75:23:c0:1c:6d:48:b2:76:a2:43:eb:82:75:12:8d:63:
         30:83:53:18:06:d1:a8:b5:6d:81:4e:a9:b0:42:4d:4b:59:9d:
         55:62:98:8a
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUOQ/muugXNbjRfS8qTOoaF10Jm4swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVGRDcxQzdFRkY4MzBEMjBFOTYwMjI1QjRBOTcxQTE0
QjA4MTM2NDAeFw0yMzA3MzEwMDAzMzlaFw0yNDA3MjkwMDA4MzlaMDMxMTAvBgNV
BAMTKDA3QkM3MzkxM0IyRUE0MzhDNDUzNzZEQTQ2MTcwRDY4Q0Q1MTU3NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQZ9BGdl347WnT5K3WRW+PYn8
vb/qgLMKI7ouqbRpgSh0SqU96IIvo2hBTtQlV8UqP/f9IlLD9L/WsS5j1wrLVJCt
/rfaz9HFns1xOGcWQZV4JiEzw4zEkXmx0GsGiXfU/LK2i9pgBR11Bxm4oGgZTysm
P2DEbIGf2xjZ0NJXVEzxIxxhBAAbnNLXkUCamg3T86dE4+tZotxnzHcrcQu+5lTh
KdQ82U33N4TR85CSEOx0GnopMemSsmoxTTq7uRdsVdfZfuN8rKDfCBlbh2oRqXe0
OVPsmZQ2wBLSkDxW+ZGTYDq/clTfVKQdUxMM8vaHx4psEqqoeGg4ep0S4OAXAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUB7xzkTsupDjEU3baRhcNaM1RV1QwHwYDVR0j
BBgwFoAURf1xx+/4MNIOlgIltKlxoUsIE2QwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
NTNiMDY3Yy1lY2M5LTRkY2EtOTg3ZC1iOTU3NjgxNWY4NTUvMC80NUZENzFDN0VG
RjgzMEQyMEU5NjAyMjVCNEE5NzFBMTRCMDgxMzY0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDVGRDcxQzdFRkY4MzBEMjBFOTYwMjI1QjRBOTcxQTE0QjA4
MTM2NC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE1M2IwNjdjLWVjYzktNGRjYS05
ODdkLWI5NTc2ODE1Zjg1NS8wLzMxMzEzNzJlMzEzMjMxMmUzMjMwMzAyZTMwMmYz
MjMxMmQzMjM0MjAzZDNlMjAzNDM2MzAzMjM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDdXnIMA0GCSqG
SIb3DQEBCwUAA4IBAQC/ufFFmEt7HLsheOdVGOVJDl9c+NTFoFdEYgzV1whvwdvi
yCfoAqzhRyZO6RA+2NSvQ6h71d6aXf7LtHEfpUyjFLo/TiRwidUw5MvDkbcxC0N0
ah9zI32RxpwMm7bxOcjZMub2PI8Mf9CNDic+SdrvvTKcfGlGuAPiIpNhjg6RHg8n
RhaqkYKkIS507DUv/wioyZxhjNtOahmZCY1sQEu3Rnbv195j0RkEUIaoZ9EkhktW
NlR4xiXa/9hQ0VhRQyvcxJvBzeoBm7scblmv/3UNlexz93TZiXrbGXUjwBxtSLJ2
okPrgnUSjWMwg1MYBtGotW2BTqmwQk1LWZ1VYpiK
-----END CERTIFICATE-----
Generated at Fri Mar 29 03:42:32 2024 by rpki-client on console-fra.rpki-client.org