Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3138302e3231342e3234392e302f32342d3234203d3e203338313530.roa
File:                     3138302e3231342e3234392e302f32342d3234203d3e203338313530.roa (raw, json)
Hash identifier:          HoZNLtlvwm0jdiqI7BNWsDInlYK8XZyhOBMgpl3Cq6Y=
Subject key identifier:   87:2D:4B:C0:60:FA:77:E1:78:8D:88:79:12:EF:4D:EB:94:16:92:06
Certificate issuer:       /CN=2CA47487F72781733330A38C95FF8A5DF68CDBB9
Certificate serial:       243488867F2DDB6CCEAF63FCC29CA70625ED76CA
Authority key identifier: 2C:A4:74:87:F7:27:81:73:33:30:A3:8C:95:FF:8A:5D:F6:8C:DB:B9
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3138302e3231342e3234392e302f32342d3234203d3e203338313530.roa
Signing time:             Mon 31 Jul 2023 00:05:06 +0000
ROA not before:           Mon 31 Jul 2023 00:00:06 +0000
ROA not after:            Mon 29 Jul 2024 00:05:06 +0000
asID:                     38150
IP address blocks:        180.214.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.crl
                          rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:34:88:86:7f:2d:db:6c:ce:af:63:fc:c2:9c:a7:06:25:ed:76:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2CA47487F72781733330A38C95FF8A5DF68CDBB9
        Validity
            Not Before: Jul 31 00:00:06 2023 GMT
            Not After : Jul 29 00:05:06 2024 GMT
        Subject: CN=872D4BC060FA77E1788D887912EF4DEB94169206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:0d:c0:e8:45:bc:fe:a1:98:d9:ea:55:ce:
                    91:97:6c:b0:ef:df:f2:6a:88:d6:fe:1e:5f:8c:78:
                    90:55:d8:82:47:87:04:23:19:1f:e7:5c:19:64:fb:
                    c5:6c:27:e4:d0:01:7f:f3:bd:8b:f5:52:8d:b4:b1:
                    4a:86:fd:aa:5b:da:57:ed:0d:ae:49:aa:c7:ac:2d:
                    ce:41:8c:fd:02:37:b8:ac:b1:b6:34:86:3b:5b:55:
                    2a:7f:69:96:b9:88:5e:2b:9d:91:04:e7:95:c2:34:
                    01:16:13:65:cd:89:98:0a:25:1a:c6:7f:73:e7:0a:
                    20:fd:98:75:e4:5a:f9:e5:14:9c:45:7a:47:af:54:
                    e3:0f:f4:c9:57:8c:7d:3e:d8:84:07:a3:80:93:a1:
                    3e:a7:32:b6:74:76:ba:4b:78:93:55:cf:9c:3e:f5:
                    4f:6d:c3:dc:43:87:55:34:30:45:cb:94:0d:f4:69:
                    94:4c:d6:57:f5:f2:87:ee:a6:13:46:56:9a:a3:1b:
                    74:21:e0:0b:99:6e:eb:e2:53:19:eb:08:b9:5a:cc:
                    e5:02:45:76:b4:c7:8b:60:b3:f8:3c:22:21:05:e1:
                    f4:52:1a:23:67:83:3a:8e:4e:d4:ca:49:bd:75:d9:
                    11:a4:5f:f1:e1:23:cf:2c:42:6a:e6:4b:2c:aa:1c:
                    e8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2D:4B:C0:60:FA:77:E1:78:8D:88:79:12:EF:4D:EB:94:16:92:06
            X509v3 Authority Key Identifier:
                keyid:2C:A4:74:87:F7:27:81:73:33:30:A3:8C:95:FF:8A:5D:F6:8C:DB:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3138302e3231342e3234392e302f32342d3234203d3e203338313530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.214.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:17:db:1c:27:f4:3b:96:d2:7e:59:87:99:7b:59:c3:cd:50:
         2a:37:61:ee:5d:25:44:e1:06:fb:c7:85:92:48:ef:e7:cf:a9:
         d2:b7:a2:b5:f3:66:c3:7f:70:c6:94:be:ec:ca:69:1a:b1:8a:
         21:b5:b5:82:4d:82:26:f0:9b:11:5a:7c:fc:02:65:b2:04:88:
         34:f5:d1:e9:22:57:b7:35:57:74:d3:bf:45:78:5a:39:0b:94:
         5d:ea:03:96:d0:fc:4f:3c:8d:7c:b1:a2:8b:e9:ac:8e:1f:c8:
         1e:ed:8a:e5:ac:d0:dd:5e:75:09:bc:a0:ef:65:43:41:a9:e3:
         a5:03:2e:12:a2:97:b8:fd:28:31:9f:f2:49:4f:55:d2:3b:2d:
         76:e4:21:67:6f:e2:a5:ef:87:40:6c:0c:b6:9e:6c:f3:85:24:
         10:c4:2a:fb:98:d9:c1:eb:51:69:d0:aa:3e:2e:7f:29:2a:3b:
         c6:3b:b8:44:47:e4:22:f0:3d:3a:de:47:f8:65:a6:80:fe:5d:
         33:31:83:65:31:59:f2:f5:e4:23:0c:bf:47:f6:0e:94:9e:8a:
         d1:49:4d:9e:3d:e3:6c:b2:55:ab:e9:79:40:43:80:bb:83:03:
         bf:7b:fc:e9:41:94:03:8c:e8:ce:8a:59:b3:b5:16:d4:28:51:
         44:7f:e9:e0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUJDSIhn8t22zOr2P8wpynBiXtdsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkNBNDc0ODdGNzI3ODE3MzMzMzBBMzhDOTVGRjhBNURG
NjhDREJCOTAeFw0yMzA3MzEwMDAwMDZaFw0yNDA3MjkwMDA1MDZaMDMxMTAvBgNV
BAMTKDg3MkQ0QkMwNjBGQTc3RTE3ODhEODg3OTEyRUY0REVCOTQxNjkyMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrLA3A6EW8/qGY2epVzpGXbLDv
3/JqiNb+Hl+MeJBV2IJHhwQjGR/nXBlk+8VsJ+TQAX/zvYv1Uo20sUqG/apb2lft
Da5JqsesLc5BjP0CN7issbY0hjtbVSp/aZa5iF4rnZEE55XCNAEWE2XNiZgKJRrG
f3PnCiD9mHXkWvnlFJxFekevVOMP9MlXjH0+2IQHo4CToT6nMrZ0drpLeJNVz5w+
9U9tw9xDh1U0MEXLlA30aZRM1lf18ofuphNGVpqjG3Qh4AuZbuviUxnrCLlazOUC
RXa0x4tgs/g8IiEF4fRSGiNngzqOTtTKSb112RGkX/HhI88sQmrmSyyqHOgRAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUhy1LwGD6d+F4jYh5Eu9N65QWkgYwHwYDVR0j
BBgwFoAULKR0h/cngXMzMKOMlf+KXfaM27kwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
N2U2NWI2Ny05MDVjLTQwM2MtOGM3OS0yMzE1NjU5NjY4YWEvMC8yQ0E0NzQ4N0Y3
Mjc4MTczMzMzMEEzOEM5NUZGOEE1REY2OENEQkI5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMkNBNDc0ODdGNzI3ODE3MzMzMzBBMzhDOTVGRjhBNURGNjhD
REJCOS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE3ZTY1YjY3LTkwNWMtNDAzYy04
Yzc5LTIzMTU2NTk2NjhhYS8wLzMxMzgzMDJlMzIzMTM0MmUzMjM0MzkyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMzM4MzEzNTMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtNb5MA0GCSqG
SIb3DQEBCwUAA4IBAQCPF9scJ/Q7ltJ+WYeZe1nDzVAqN2HuXSVE4Qb7x4WSSO/n
z6nSt6K182bDf3DGlL7symkasYohtbWCTYIm8JsRWnz8AmWyBIg09dHpIle3NVd0
079FeFo5C5Rd6gOW0PxPPI18saKL6ayOH8ge7YrlrNDdXnUJvKDvZUNBqeOlAy4S
ope4/Sgxn/JJT1XSOy125CFnb+Kl74dAbAy2nmzzhSQQxCr7mNnB61Fp0Ko+Ln8p
KjvGO7hER+Qi8D063kf4ZaaA/l0zMYNlMVny9eQjDL9H9g6UnorRSU2ePeNsslWr
6XlAQ4C7gwO/e/zpQZQDjOjOilmztRbUKFFEf+ng
-----END CERTIFICATE-----
Generated at Fri Mar 29 06:38:50 2024 by rpki-client on console-fra.rpki-client.org