Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa
File:                     34332e3235322e3233382e302f32342d3234203d3e203535373031.roa (raw, json)
Hash identifier:          T9eUL7UJmPWb6o9EvSNNM0T8Qh2joeYfCtGj3ui6JP0=
Subject key identifier:   FB:AB:D8:37:8E:CD:53:C5:10:DA:F1:D9:29:9C:9E:21:EA:DE:F7:E2
Certificate issuer:       /CN=8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A
Certificate serial:       7D97298ED9C851F6ADDC81BA6CCCB7CF5F7566C9
Authority key identifier: 8F:84:D6:FE:EA:F8:C5:D3:C5:D1:3F:10:1B:C7:0B:75:8B:F5:0F:6A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa
Signing time:             Mon 31 Jul 2023 00:13:40 +0000
ROA not before:           Mon 31 Jul 2023 00:08:40 +0000
ROA not after:            Mon 29 Jul 2024 00:13:40 +0000
asID:                     55701
IP address blocks:        43.252.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.crl
                          rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:97:29:8e:d9:c8:51:f6:ad:dc:81:ba:6c:cc:b7:cf:5f:75:66:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A
        Validity
            Not Before: Jul 31 00:08:40 2023 GMT
            Not After : Jul 29 00:13:40 2024 GMT
        Subject: CN=FBABD8378ECD53C510DAF1D9299C9E21EADEF7E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f1:9a:a5:3d:5d:fa:ed:6b:5a:b6:73:2d:1d:
                    82:33:a6:f5:ec:8d:ab:76:11:2b:e7:a0:74:48:ef:
                    b2:51:07:12:eb:ae:4a:4c:c6:ab:7f:3b:93:6b:de:
                    c6:ab:4a:56:6b:c4:67:40:2d:9c:03:ab:fa:c1:31:
                    e2:47:bc:b0:ab:d7:db:f1:79:97:87:93:2f:16:52:
                    64:12:45:53:7b:ee:31:74:5f:31:45:5b:b8:92:c0:
                    44:c6:90:25:a9:bb:cc:ad:37:a2:96:20:d5:5b:74:
                    c0:13:59:84:6f:bb:72:9e:1c:4a:01:a6:85:85:5e:
                    7f:e5:7e:28:6d:7f:81:ec:0f:88:53:cf:f6:50:3f:
                    c1:9a:af:66:e0:86:fe:9a:53:4d:b1:68:91:b8:5f:
                    02:20:4f:37:0d:25:a5:28:12:1d:83:d9:65:23:f8:
                    a4:ef:07:72:ed:40:e1:20:f3:45:46:a9:6e:69:45:
                    84:da:cd:c0:f8:0f:05:0a:2e:81:ec:f6:27:87:2f:
                    4c:a8:3a:95:d2:e3:37:65:6f:70:f5:72:d1:4d:db:
                    5a:8c:1c:89:9b:8a:c3:0b:3b:37:86:7f:32:fd:0c:
                    85:ec:cc:d7:6b:59:d6:05:78:3d:b7:ec:50:02:bc:
                    5b:19:d1:26:c6:46:1a:56:5d:f5:6a:03:a7:1a:53:
                    5b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:AB:D8:37:8E:CD:53:C5:10:DA:F1:D9:29:9C:9E:21:EA:DE:F7:E2
            X509v3 Authority Key Identifier:
                keyid:8F:84:D6:FE:EA:F8:C5:D3:C5:D1:3F:10:1B:C7:0B:75:8B:F5:0F:6A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.252.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:a3:fc:51:db:02:81:1e:51:59:11:9d:7c:06:e1:b2:97:a1:
         33:bc:18:51:81:89:4b:a8:6e:d5:74:2f:ea:2d:c9:94:ba:73:
         e5:d9:63:13:71:23:42:cb:3b:b3:8b:16:50:cb:1c:43:fb:41:
         3f:b0:c1:7c:10:84:88:a7:e8:f5:c0:07:32:e7:53:e1:a7:2a:
         41:4a:eb:00:6f:61:2b:e9:83:53:05:93:f0:79:4e:b2:92:75:
         4c:23:5c:f9:7b:be:3d:69:ad:36:4a:36:7c:6b:ac:08:18:d9:
         43:c5:2c:81:76:db:0f:87:71:dc:47:8f:2f:fd:ad:9b:77:2a:
         b0:4d:a4:11:e5:cd:06:8e:31:20:07:15:28:ff:7f:b9:e9:12:
         a1:86:9a:c4:67:9a:76:56:c2:6a:b0:1f:a5:24:95:3e:07:dd:
         e0:e6:6d:73:15:2f:b6:6a:69:07:4d:0d:09:c2:e6:6e:e7:8d:
         24:75:e5:8b:e2:bf:0f:06:b2:48:70:8b:11:ab:21:dd:e5:13:
         44:a8:99:40:fe:ef:c2:8b:92:e4:9c:7d:b9:52:eb:32:1b:45:
         3e:67:3d:74:2c:04:73:a8:a5:8e:7f:43:f5:71:0c:a5:02:5a:
         17:84:fa:bb:f0:22:dd:ba:b3:f5:fc:8a:a3:fc:2c:1e:27:51:
         dd:d4:f9:72
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUfZcpjtnIUfat3IG6bMy3z191ZskwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEY4NEQ2RkVFQUY4QzVEM0M1RDEzRjEwMUJDNzBCNzU4
QkY1MEY2QTAeFw0yMzA3MzEwMDA4NDBaFw0yNDA3MjkwMDEzNDBaMDMxMTAvBgNV
BAMTKEZCQUJEODM3OEVDRDUzQzUxMERBRjFEOTI5OUM5RTIxRUFERUY3RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj8ZqlPV367WtatnMtHYIzpvXs
jat2ESvnoHRI77JRBxLrrkpMxqt/O5Nr3sarSlZrxGdALZwDq/rBMeJHvLCr19vx
eZeHky8WUmQSRVN77jF0XzFFW7iSwETGkCWpu8ytN6KWINVbdMATWYRvu3KeHEoB
poWFXn/lfihtf4HsD4hTz/ZQP8Gar2bghv6aU02xaJG4XwIgTzcNJaUoEh2D2WUj
+KTvB3LtQOEg80VGqW5pRYTazcD4DwUKLoHs9ieHL0yoOpXS4zdlb3D1ctFN21qM
HImbisMLOzeGfzL9DIXszNdrWdYFeD237FACvFsZ0SbGRhpWXfVqA6caU1t5AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU+6vYN47NU8UQ2vHZKZyeIere9+IwHwYDVR0j
BBgwFoAUj4TW/ur4xdPF0T8QG8cLdYv1D2owDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
N2Q5Zjg1MS03ZTczLTQzODQtOTUwZS04YmU4ZTE1ZmQzZWUvMC84Rjg0RDZGRUVB
RjhDNUQzQzVEMTNGMTAxQkM3MEI3NThCRjUwRjZBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEY4NEQ2RkVFQUY4QzVEM0M1RDEzRjEwMUJDNzBCNzU4QkY1
MEY2QS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzI3ZDlmODUxLTdlNzMtNDM4NC05
NTBlLThiZThlMTVmZDNlZS8wLzM0MzMyZTMyMzUzMjJlMzIzMzM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNTM3MzAzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACv87jANBgkqhkiG
9w0BAQsFAAOCAQEAtaP8UdsCgR5RWRGdfAbhspehM7wYUYGJS6hu1XQv6i3JlLpz
5dljE3EjQss7s4sWUMscQ/tBP7DBfBCEiKfo9cAHMudT4acqQUrrAG9hK+mDUwWT
8HlOspJ1TCNc+Xu+PWmtNko2fGusCBjZQ8UsgXbbD4dx3EePL/2tm3cqsE2kEeXN
Bo4xIAcVKP9/uekSoYaaxGeadlbCarAfpSSVPgfd4OZtcxUvtmppB00NCcLmbueN
JHXli+K/DwaySHCLEash3eUTRKiZQP7vwouS5Jx9uVLrMhtFPmc9dCwEc6iljn9D
9XEMpQJaF4T6u/Ai3bqz9fyKo/wsHidR3dT5cg==
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:46:05 2024 by rpki-client on console-fra.rpki-client.org