Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/3131342e3132392e31362e302f32312d3234203d3e203338373538.roa
File:                     3131342e3132392e31362e302f32312d3234203d3e203338373538.roa (raw, json)
Hash identifier:          ZOyGEZ3mD1vhdA/G2xLjnQPnFDvqjV7crVi/wqCyrdA=
Subject key identifier:   C7:0C:9B:CD:A9:72:E6:13:B9:84:83:9E:E3:75:FB:FB:C4:0D:A5:CB
Certificate issuer:       /CN=9FEB25155CF1AFF90AE11DA0298F164D554986F4
Certificate serial:       585A02B61D19F1E0FACAA506A9AB67B944DC2CFF
Authority key identifier: 9F:EB:25:15:5C:F1:AF:F9:0A:E1:1D:A0:29:8F:16:4D:55:49:86:F4
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9FEB25155CF1AFF90AE11DA0298F164D554986F4.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/3131342e3132392e31362e302f32312d3234203d3e203338373538.roa
Signing time:             Mon 31 Jul 2023 00:00:05 +0000
ROA not before:           Sun 30 Jul 2023 23:55:05 +0000
ROA not after:            Mon 29 Jul 2024 00:00:05 +0000
asID:                     38758
IP address blocks:        114.129.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/9FEB25155CF1AFF90AE11DA0298F164D554986F4.crl
                          rsync://repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/9FEB25155CF1AFF90AE11DA0298F164D554986F4.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9FEB25155CF1AFF90AE11DA0298F164D554986F4.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 03:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:5a:02:b6:1d:19:f1:e0:fa:ca:a5:06:a9:ab:67:b9:44:dc:2c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9FEB25155CF1AFF90AE11DA0298F164D554986F4
        Validity
            Not Before: Jul 30 23:55:05 2023 GMT
            Not After : Jul 29 00:00:05 2024 GMT
        Subject: CN=C70C9BCDA972E613B984839EE375FBFBC40DA5CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ef:33:9b:01:1a:2a:dd:7e:a5:15:2b:c2:a2:
                    d1:0e:4b:1a:72:2b:0c:cf:75:84:93:ea:e6:ae:85:
                    ef:d1:a5:c1:03:59:1a:cc:89:a3:d6:6b:04:01:a0:
                    c4:1d:aa:3c:f4:27:c9:10:cb:8d:5d:d8:72:5c:cb:
                    11:e5:5f:f1:1a:1d:00:9e:5c:be:b0:4d:27:7d:a9:
                    51:4e:ee:16:29:1b:d4:de:00:1a:23:d5:07:e5:b8:
                    b4:ea:35:3f:85:63:e6:10:fe:27:d0:ea:a9:d5:92:
                    c3:46:0b:65:e5:e9:02:02:e0:1a:d3:0d:11:a8:3c:
                    e2:bd:90:67:44:7b:b4:d7:b5:28:42:e5:68:f8:25:
                    78:5f:b0:21:2e:bc:86:b3:dd:95:f9:77:25:1e:df:
                    3e:fb:8e:78:f6:20:c6:d3:e9:ac:bb:c6:b3:b0:b7:
                    13:8d:eb:09:df:41:49:6c:56:82:f2:ca:9e:ce:32:
                    be:fd:4f:b9:92:fa:c1:a7:1d:43:7e:cd:0b:f7:4a:
                    38:a8:fb:d1:ff:32:6a:c0:39:29:80:6f:8d:1c:e6:
                    35:80:bc:b8:99:79:43:d9:72:92:23:3e:a2:bb:d0:
                    08:d6:e9:67:b3:00:50:08:da:f0:84:7f:64:00:78:
                    2d:ee:e0:7e:46:3c:72:75:30:68:cc:f2:b4:cf:a5:
                    0c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0C:9B:CD:A9:72:E6:13:B9:84:83:9E:E3:75:FB:FB:C4:0D:A5:CB
            X509v3 Authority Key Identifier:
                keyid:9F:EB:25:15:5C:F1:AF:F9:0A:E1:1D:A0:29:8F:16:4D:55:49:86:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/9FEB25155CF1AFF90AE11DA0298F164D554986F4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9FEB25155CF1AFF90AE11DA0298F164D554986F4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/1b4e195e-12de-4c3c-93e5-522ee54018d6/0/3131342e3132392e31362e302f32312d3234203d3e203338373538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.129.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:e6:a2:6c:6d:ec:74:b9:a7:58:e7:e6:2e:c1:c1:1f:74:95:
         a9:cb:26:1a:6b:85:91:59:5e:42:b0:31:24:c7:12:5e:94:e3:
         04:dc:25:cc:7a:f7:b7:54:56:07:2c:a7:88:6b:8d:07:da:e7:
         5e:fb:2c:54:f2:d5:ea:b6:33:32:8b:1d:1b:b6:9e:95:5b:4e:
         80:ae:e8:14:13:87:5d:32:3e:22:7a:06:31:e1:06:4e:82:57:
         55:1a:2a:b8:33:97:5f:18:f0:74:eb:bc:f0:18:50:d4:04:ab:
         46:92:91:f8:ce:1e:93:88:d0:63:4b:bf:18:d4:23:91:c5:ee:
         6a:fe:11:cc:8a:80:ba:81:8d:0c:4e:4b:bb:c0:b0:a9:08:5c:
         9b:77:6d:85:30:61:b2:c4:bc:14:20:97:fd:a4:0c:80:c3:f6:
         e9:f2:c3:87:28:e6:46:6e:7c:d1:a1:25:7b:be:47:6e:87:12:
         5b:d0:27:aa:e2:b3:c0:ac:55:0e:72:e2:85:c0:bc:9d:27:67:
         59:68:55:9c:53:c5:32:90:01:6b:8c:fc:47:48:b7:00:a4:7e:
         42:23:b2:63:83:ff:1f:77:d3:16:3d:49:9a:dd:3b:3a:88:ac:
         ae:05:57:3c:48:d9:92:95:7c:5e:eb:55:37:55:66:90:8c:7f:
         1e:3e:da:a1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUWFoCth0Z8eD6yqUGqatnuUTcLP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUZFQjI1MTU1Q0YxQUZGOTBBRTExREEwMjk4RjE2NEQ1
NTQ5ODZGNDAeFw0yMzA3MzAyMzU1MDVaFw0yNDA3MjkwMDAwMDVaMDMxMTAvBgNV
BAMTKEM3MEM5QkNEQTk3MkU2MTNCOTg0ODM5RUUzNzVGQkZCQzQwREE1Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO7zObARoq3X6lFSvCotEOSxpy
KwzPdYST6uauhe/RpcEDWRrMiaPWawQBoMQdqjz0J8kQy41d2HJcyxHlX/EaHQCe
XL6wTSd9qVFO7hYpG9TeABoj1QfluLTqNT+FY+YQ/ifQ6qnVksNGC2Xl6QIC4BrT
DRGoPOK9kGdEe7TXtShC5Wj4JXhfsCEuvIaz3ZX5dyUe3z77jnj2IMbT6ay7xrOw
txON6wnfQUlsVoLyyp7OMr79T7mS+sGnHUN+zQv3Sjio+9H/MmrAOSmAb40c5jWA
vLiZeUPZcpIjPqK70AjW6WezAFAI2vCEf2QAeC3u4H5GPHJ1MGjM8rTPpQwZAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUxwybzaly5hO5hIOe43X7+8QNpcswHwYDVR0j
BBgwFoAUn+slFVzxr/kK4R2gKY8WTVVJhvQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
YjRlMTk1ZS0xMmRlLTRjM2MtOTNlNS01MjJlZTU0MDE4ZDYvMC85RkVCMjUxNTVD
RjFBRkY5MEFFMTFEQTAyOThGMTY0RDU1NDk4NkY0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUZFQjI1MTU1Q0YxQUZGOTBBRTExREEwMjk4RjE2NEQ1NTQ5
ODZGNC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzFiNGUxOTVlLTEyZGUtNGMzYy05
M2U1LTUyMmVlNTQwMThkNi8wLzMxMzEzNDJlMzEzMjM5MmUzMTM2MmUzMDJmMzIz
MTJkMzIzNDIwM2QzZTIwMzMzODM3MzUzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA3KBEDANBgkqhkiG
9w0BAQsFAAOCAQEAleaibG3sdLmnWOfmLsHBH3SVqcsmGmuFkVleQrAxJMcSXpTj
BNwlzHr3t1RWByyniGuNB9rnXvssVPLV6rYzMosdG7aelVtOgK7oFBOHXTI+InoG
MeEGToJXVRoquDOXXxjwdOu88BhQ1ASrRpKR+M4ek4jQY0u/GNQjkcXuav4RzIqA
uoGNDE5Lu8CwqQhcm3dthTBhssS8FCCX/aQMgMP26fLDhyjmRm580aEle75HbocS
W9AnquKzwKxVDnLihcC8nSdnWWhVnFPFMpABa4z8R0i3AKR+QiOyY4P/H3fTFj1J
mt07OoisrgVXPEjZkpV8XutVN1VmkIx/Hj7aoQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 03:25:46 2024 by rpki-client on console-ams.rpki-client.org