Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/34332e3234382e3231352e302f32342d3234203d3e203538343734.roa
File:                     34332e3234382e3231352e302f32342d3234203d3e203538343734.roa (raw, json)
Hash identifier:          SNF1Ne7UGGbQwdqcAXEqb1LfwnjeMcFpE1WTMfMPvxM=
Subject key identifier:   DC:D6:A5:EA:81:2C:46:ED:85:B7:8B:7E:98:03:52:96:EE:00:A3:6E
Certificate issuer:       /CN=95FC6072A4A690A61A0B5F14B36882B43DA2F098
Certificate serial:       0D75C3E2861F95EDA98ED95B733F1A1A882DC7E6
Authority key identifier: 95:FC:60:72:A4:A6:90:A6:1A:0B:5F:14:B3:68:82:B4:3D:A2:F0:98
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/95FC6072A4A690A61A0B5F14B36882B43DA2F098.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/34332e3234382e3231352e302f32342d3234203d3e203538343734.roa
Signing time:             Sun 24 Sep 2023 05:00:02 +0000
ROA not before:           Sun 24 Sep 2023 04:55:02 +0000
ROA not after:            Sun 22 Sep 2024 05:00:02 +0000
asID:                     58474
IP address blocks:        43.248.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/95FC6072A4A690A61A0B5F14B36882B43DA2F098.crl
                          rsync://repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/95FC6072A4A690A61A0B5F14B36882B43DA2F098.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/95FC6072A4A690A61A0B5F14B36882B43DA2F098.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:75:c3:e2:86:1f:95:ed:a9:8e:d9:5b:73:3f:1a:1a:88:2d:c7:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95FC6072A4A690A61A0B5F14B36882B43DA2F098
        Validity
            Not Before: Sep 24 04:55:02 2023 GMT
            Not After : Sep 22 05:00:02 2024 GMT
        Subject: CN=DCD6A5EA812C46ED85B78B7E98035296EE00A36E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:84:2d:27:55:35:8f:6e:bc:05:3f:f0:7b:b8:
                    6c:6b:b2:52:a2:4a:a7:4c:c5:8b:e2:e3:88:5e:40:
                    5f:d8:89:3e:4f:68:09:49:a6:38:40:42:27:05:3f:
                    67:8e:48:fd:b8:0b:01:f0:cb:91:c5:2e:65:f0:5b:
                    37:06:5f:32:29:31:d9:dc:d7:0d:7a:9a:06:a2:2a:
                    78:1e:fb:04:9f:68:c4:ec:98:7b:d3:0e:12:5d:19:
                    78:21:3a:33:63:7a:9c:19:f5:6f:c4:54:bb:a9:32:
                    82:4d:60:65:68:90:35:5c:dc:3f:d2:3c:5a:95:a7:
                    ad:f2:01:40:52:20:4d:d6:54:02:67:e7:8d:af:aa:
                    4f:55:d6:f3:51:c7:2b:25:66:da:4d:b4:9d:9c:5f:
                    7c:ad:7d:8c:d0:17:0b:5b:b3:26:98:17:7e:fd:83:
                    15:93:72:89:22:58:81:f4:b6:e6:36:d3:8b:3e:b9:
                    80:72:8d:4b:e0:2c:97:2a:7b:11:83:9d:06:d4:12:
                    35:09:66:15:73:3a:c3:40:4b:c1:92:54:ea:a1:02:
                    47:b5:5b:5e:91:df:dd:7e:3b:b6:a7:36:60:73:e1:
                    b9:71:8d:e6:1c:54:d5:38:7c:64:fc:d0:1c:33:04:
                    0e:5d:61:ea:60:21:92:15:4a:91:02:87:f0:12:f9:
                    c2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D6:A5:EA:81:2C:46:ED:85:B7:8B:7E:98:03:52:96:EE:00:A3:6E
            X509v3 Authority Key Identifier:
                keyid:95:FC:60:72:A4:A6:90:A6:1A:0B:5F:14:B3:68:82:B4:3D:A2:F0:98

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/95FC6072A4A690A61A0B5F14B36882B43DA2F098.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/95FC6072A4A690A61A0B5F14B36882B43DA2F098.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3305177a-a500-4996-b3ff-70c144edfece/0/34332e3234382e3231352e302f32342d3234203d3e203538343734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.248.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:fa:26:01:6a:4b:81:28:28:f6:06:a7:32:2b:a1:69:8d:6a:
         b1:1d:3e:38:ac:e1:74:e8:5b:b5:30:bd:eb:8e:97:e8:0d:80:
         3f:be:05:d4:16:3f:45:ef:4e:bd:d3:d1:a9:17:a1:3b:26:05:
         aa:f7:98:37:d4:5a:7a:21:fa:7c:9c:8f:32:68:e2:67:41:1e:
         36:6d:80:93:db:6b:51:46:ce:cb:56:fd:40:dc:7e:e0:92:61:
         05:1c:42:55:24:c9:d0:22:a6:42:b6:0b:a3:c5:1f:2a:c2:7e:
         66:a8:ed:87:e1:d0:51:72:12:0f:82:d3:c8:bd:86:44:5f:19:
         75:89:5d:e4:8b:31:d9:3e:6d:68:d0:11:66:a7:a2:9c:68:11:
         48:6f:23:7f:0b:f8:59:1b:bc:7e:90:4b:0a:8f:ec:45:3e:83:
         e4:8e:ae:79:e2:2a:4f:49:e3:09:23:98:cc:76:86:9a:33:5d:
         58:58:10:8b:55:bc:58:18:8b:71:f9:54:f7:8a:7e:49:8f:4e:
         d9:05:32:f0:f9:f4:6f:97:b7:7a:5f:fa:00:be:04:2e:e5:b9:
         e9:dd:00:a9:58:4a:82:08:b9:83:64:06:32:9a:ed:86:c6:91:
         6f:98:a6:a8:64:a1:1e:c2:cd:f8:ed:18:76:15:3f:d3:65:88:
         69:86:81:4b
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUDXXD4oYfle2pjtlbcz8aGogtx+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTVGQzYwNzJBNEE2OTBBNjFBMEI1RjE0QjM2ODgyQjQz
REEyRjA5ODAeFw0yMzA5MjQwNDU1MDJaFw0yNDA5MjIwNTAwMDJaMDMxMTAvBgNV
BAMTKERDRDZBNUVBODEyQzQ2RUQ4NUI3OEI3RTk4MDM1Mjk2RUUwMEEzNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrhC0nVTWPbrwFP/B7uGxrslKi
SqdMxYvi44heQF/YiT5PaAlJpjhAQicFP2eOSP24CwHwy5HFLmXwWzcGXzIpMdnc
1w16mgaiKnge+wSfaMTsmHvTDhJdGXghOjNjepwZ9W/EVLupMoJNYGVokDVc3D/S
PFqVp63yAUBSIE3WVAJn542vqk9V1vNRxyslZtpNtJ2cX3ytfYzQFwtbsyaYF379
gxWTcokiWIH0tuY204s+uYByjUvgLJcqexGDnQbUEjUJZhVzOsNAS8GSVOqhAke1
W16R391+O7anNmBz4blxjeYcVNU4fGT80BwzBA5dYepgIZIVSpECh/AS+cIXAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU3Nal6oEsRu2Ft4t+mANSlu4Ao24wHwYDVR0j
BBgwFoAUlfxgcqSmkKYaC18Us2iCtD2i8JgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MzA1MTc3YS1hNTAwLTQ5OTYtYjNmZi03MGMxNDRlZGZlY2UvMC85NUZDNjA3MkE0
QTY5MEE2MUEwQjVGMTRCMzY4ODJCNDNEQTJGMDk4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOTVGQzYwNzJBNEE2OTBBNjFBMEI1RjE0QjM2ODgyQjQzREEy
RjA5OC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMzMDUxNzdhLWE1MDAtNDk5Ni1i
M2ZmLTcwYzE0NGVkZmVjZS8wLzM0MzMyZTMyMzQzODJlMzIzMTM1MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzODM0MzczNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACv41zANBgkqhkiG
9w0BAQsFAAOCAQEAtfomAWpLgSgo9ganMiuhaY1qsR0+OKzhdOhbtTC9646X6A2A
P74F1BY/Re9OvdPRqRehOyYFqveYN9RaeiH6fJyPMmjiZ0EeNm2Ak9trUUbOy1b9
QNx+4JJhBRxCVSTJ0CKmQrYLo8UfKsJ+Zqjth+HQUXISD4LTyL2GRF8ZdYld5Isx
2T5taNARZqeinGgRSG8jfwv4WRu8fpBLCo/sRT6D5I6ueeIqT0njCSOYzHaGmjNd
WFgQi1W8WBiLcflU94p+SY9O2QUy8Pn0b5e3el/6AL4ELuW56d0AqVhKggi5g2QG
MprthsaRb5imqGShHsLN+O0YdhU/02WIaYaBSw==
-----END CERTIFICATE-----
Generated at Wed Mar 27 23:30:21 2024 by rpki-client on console-ams.rpki-client.org