Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/34332e3232392e32302e302f32322d3234203d3e203233393439.roa
File:                     34332e3232392e32302e302f32322d3234203d3e203233393439.roa (raw, json)
Hash identifier:          6HbYwfo/5wZ2VSWou4oU7i8Q83NmKZDR7xk18FddHJ0=
Subject key identifier:   98:67:1F:37:7B:BC:FA:AB:32:9C:8F:A9:F4:A4:5E:03:8F:35:9E:86
Certificate issuer:       /CN=8FB177AE83526D713C1240D5CEFAF73844F7F4E5
Certificate serial:       49ED6EA5961D6F3DE36ABF94F3277118E26A8A65
Authority key identifier: 8F:B1:77:AE:83:52:6D:71:3C:12:40:D5:CE:FA:F7:38:44:F7:F4:E5
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/34332e3232392e32302e302f32322d3234203d3e203233393439.roa
Signing time:             Mon 31 Jul 2023 00:03:44 +0000
ROA not before:           Sun 30 Jul 2023 23:58:44 +0000
ROA not after:            Mon 29 Jul 2024 00:03:44 +0000
asID:                     23949
IP address blocks:        43.229.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.crl
                          rsync://repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:ed:6e:a5:96:1d:6f:3d:e3:6a:bf:94:f3:27:71:18:e2:6a:8a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8FB177AE83526D713C1240D5CEFAF73844F7F4E5
        Validity
            Not Before: Jul 30 23:58:44 2023 GMT
            Not After : Jul 29 00:03:44 2024 GMT
        Subject: CN=98671F377BBCFAAB329C8FA9F4A45E038F359E86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:67:c2:ab:3c:de:62:dd:e9:51:d0:d6:9f:
                    83:7a:73:4a:ce:be:d6:ee:36:69:82:04:d7:72:89:
                    06:b3:c8:07:4e:ea:be:22:8b:4a:14:e1:db:db:28:
                    b2:ba:c4:75:78:24:60:5d:64:54:fd:80:45:51:e8:
                    df:57:44:b2:cc:6e:6b:a8:8b:da:53:0d:43:b9:c3:
                    17:1f:24:ca:a3:88:85:28:70:db:5b:d1:1b:9e:c4:
                    af:74:fe:fd:e1:1d:29:cc:bc:a0:75:17:a9:e7:09:
                    cc:fd:82:d7:75:d4:ed:31:67:d2:d5:ce:dc:4a:ef:
                    c0:c8:b5:a8:1c:81:f6:cc:37:8d:9f:b5:d0:d6:7b:
                    4f:f5:be:45:9c:24:d1:94:db:f6:4a:d9:97:6c:34:
                    ba:46:da:3b:68:3e:4d:97:e0:50:9e:07:45:14:e8:
                    9b:01:51:f2:ae:71:c8:75:7b:65:d5:35:c9:04:03:
                    c5:b9:e0:1c:75:dd:4b:39:26:18:17:dc:96:4e:d2:
                    21:88:53:fd:f0:d6:b9:b2:15:96:f5:08:12:8e:3d:
                    3d:ad:a2:0f:8f:3f:b8:a4:b2:48:c9:dd:9b:04:02:
                    74:cf:3a:81:ed:dd:a1:80:95:44:f2:51:23:61:3e:
                    47:35:99:3f:4e:32:21:a2:43:6e:c9:4f:59:a6:40:
                    45:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:67:1F:37:7B:BC:FA:AB:32:9C:8F:A9:F4:A4:5E:03:8F:35:9E:86
            X509v3 Authority Key Identifier:
                keyid:8F:B1:77:AE:83:52:6D:71:3C:12:40:D5:CE:FA:F7:38:44:F7:F4:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8FB177AE83526D713C1240D5CEFAF73844F7F4E5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2b69822c-2e22-48be-8ba2-634f582c2ecb/0/34332e3232392e32302e302f32322d3234203d3e203233393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:af:fa:f6:6b:72:b8:67:09:23:9a:83:69:5c:bf:62:36:11:
         8f:3b:b8:d7:58:3d:a1:15:cb:b8:72:0a:3f:d3:75:59:99:0a:
         22:43:2a:5c:83:21:3d:cf:6d:5c:8c:54:d2:93:1c:82:15:9f:
         45:92:31:c4:c7:62:87:16:3a:1c:f8:7c:21:54:bd:8f:40:a4:
         78:28:7d:3b:54:ea:89:8d:a5:4c:28:7a:2c:f2:70:24:d9:44:
         16:b5:60:5e:46:9f:43:2a:38:fc:a9:88:7d:f8:1a:e2:dc:0c:
         0e:43:08:ff:9e:33:8c:a9:16:17:5c:e3:ae:44:83:70:4c:f2:
         31:f7:51:5f:a4:7c:e5:e5:f1:68:15:6c:16:46:0e:3c:9f:71:
         70:50:f7:7e:78:35:f3:2e:e6:df:eb:18:57:9c:02:02:9f:be:
         37:39:f8:fd:9f:0b:e8:80:dd:87:19:71:f0:d4:7e:00:fe:6b:
         87:f4:e0:26:6b:96:7e:ab:bf:ad:4f:a4:cc:ad:be:dd:fd:3c:
         78:94:93:00:47:12:ad:d8:c3:b7:5b:9d:aa:b1:3e:94:83:f3:
         5b:f3:73:07:e7:57:d9:7e:f9:ee:38:7c:c0:3c:85:8e:69:26:
         ae:f2:b9:9b:84:dc:39:56:41:f2:ef:24:2f:64:a8:64:31:cc:
         03:67:06:1a
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUSe1upZYdbz3jar+U8ydxGOJqimUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEZCMTc3QUU4MzUyNkQ3MTNDMTI0MEQ1Q0VGQUY3Mzg0
NEY3RjRFNTAeFw0yMzA3MzAyMzU4NDRaFw0yNDA3MjkwMDAzNDRaMDMxMTAvBgNV
BAMTKDk4NjcxRjM3N0JCQ0ZBQUIzMjlDOEZBOUY0QTQ1RTAzOEYzNTlFODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5ImfCqzzeYt3pUdDWn4N6c0rO
vtbuNmmCBNdyiQazyAdO6r4ii0oU4dvbKLK6xHV4JGBdZFT9gEVR6N9XRLLMbmuo
i9pTDUO5wxcfJMqjiIUocNtb0RuexK90/v3hHSnMvKB1F6nnCcz9gtd11O0xZ9LV
ztxK78DItagcgfbMN42ftdDWe0/1vkWcJNGU2/ZK2ZdsNLpG2jtoPk2X4FCeB0UU
6JsBUfKucch1e2XVNckEA8W54Bx13Us5JhgX3JZO0iGIU/3w1rmyFZb1CBKOPT2t
og+PP7ikskjJ3ZsEAnTPOoHt3aGAlUTyUSNhPkc1mT9OMiGiQ27JT1mmQEVhAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUmGcfN3u8+qsynI+p9KReA481noYwHwYDVR0j
BBgwFoAUj7F3roNSbXE8EkDVzvr3OET39OUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
YjY5ODIyYy0yZTIyLTQ4YmUtOGJhMi02MzRmNTgyYzJlY2IvMC84RkIxNzdBRTgz
NTI2RDcxM0MxMjQwRDVDRUZBRjczODQ0RjdGNEU1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEZCMTc3QUU4MzUyNkQ3MTNDMTI0MEQ1Q0VGQUY3Mzg0NEY3
RjRFNS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJiNjk4MjJjLTJlMjItNDhiZS04
YmEyLTYzNGY1ODJjMmVjYi8wLzM0MzMyZTMyMzIzOTJlMzIzMDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMyMzMzOTM0Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIr5RQwDQYJKoZIhvcN
AQELBQADggEBAFqv+vZrcrhnCSOag2lcv2I2EY87uNdYPaEVy7hyCj/TdVmZCiJD
KlyDIT3PbVyMVNKTHIIVn0WSMcTHYocWOhz4fCFUvY9ApHgofTtU6omNpUwoeizy
cCTZRBa1YF5Gn0MqOPypiH34GuLcDA5DCP+eM4ypFhdc465Eg3BM8jH3UV+kfOXl
8WgVbBZGDjyfcXBQ9354NfMu5t/rGFecAgKfvjc5+P2fC+iA3YcZcfDUfgD+a4f0
4CZrln6rv61PpMytvt39PHiUkwBHEq3Yw7dbnaqxPpSD81vzcwfnV9l++e44fMA8
hY5pJq7yuZuE3DlWQfLvJC9kqGQxzANnBho=
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:46:06 2024 by rpki-client on console-fra.rpki-client.org