Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/34332e3233312e3132382e302f32332d3233203d3e203338373838.roa
File:                     34332e3233312e3132382e302f32332d3233203d3e203338373838.roa (raw, json)
Hash identifier:          YI5DvNRQf8JSW6se99E1GrLPWecZZgVWCVaatT5ap+w=
Subject key identifier:   74:43:15:A1:E6:E5:D3:2A:F8:0E:1F:6B:1F:07:53:87:FF:21:77:69
Certificate issuer:       /CN=8C3E44A2E2B475D5CF4A48E52D17290001FEFECA
Certificate serial:       0E2BC3ABA5F6A269A617007A0D75B0ACDC32BF1E
Authority key identifier: 8C:3E:44:A2:E2:B4:75:D5:CF:4A:48:E5:2D:17:29:00:01:FE:FE:CA
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/34332e3233312e3132382e302f32332d3233203d3e203338373838.roa
Signing time:             Mon 31 Jul 2023 00:14:30 +0000
ROA not before:           Mon 31 Jul 2023 00:09:30 +0000
ROA not after:            Mon 29 Jul 2024 00:14:30 +0000
asID:                     38788
IP address blocks:        43.231.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.crl
                          rsync://repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:2b:c3:ab:a5:f6:a2:69:a6:17:00:7a:0d:75:b0:ac:dc:32:bf:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8C3E44A2E2B475D5CF4A48E52D17290001FEFECA
        Validity
            Not Before: Jul 31 00:09:30 2023 GMT
            Not After : Jul 29 00:14:30 2024 GMT
        Subject: CN=744315A1E6E5D32AF80E1F6B1F075387FF217769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:04:78:f2:c7:6c:80:de:48:5d:c4:28:0e:
                    02:ce:47:8d:f4:4f:3d:37:e4:13:55:00:e0:7d:9c:
                    45:c5:b0:a6:b6:1d:a1:93:03:2f:8b:74:9c:a9:a1:
                    c8:39:e2:a4:84:5e:ab:28:9d:6b:ec:1c:74:09:19:
                    b8:e1:e9:ea:27:5c:f8:e9:c9:a9:c9:c3:ed:21:af:
                    c7:ff:70:2d:96:7e:d5:ce:1a:60:29:62:52:7c:3a:
                    7e:5c:87:75:55:37:7d:62:01:ab:56:07:93:ab:65:
                    1a:10:92:31:4d:8d:30:8c:97:c2:0b:0f:f2:33:3a:
                    55:ff:78:1a:60:d1:9f:1f:1a:54:e1:8e:f7:ab:6f:
                    11:c1:c7:ad:5a:a4:7f:59:91:0a:9c:3b:db:04:18:
                    c7:ad:ff:46:bb:ea:98:47:8d:a2:94:19:fe:15:fd:
                    9c:64:e4:9b:03:32:c6:7a:ab:5f:6a:30:e8:d1:e7:
                    67:d0:2c:4c:c8:27:0e:3a:06:3d:1e:e4:78:ac:2c:
                    5c:a9:90:30:73:a6:74:50:c1:53:76:73:64:90:dc:
                    b0:77:a8:fd:2f:a9:1a:73:35:ae:97:8b:41:f2:29:
                    81:04:bf:88:87:39:ab:ad:70:8a:cd:61:1e:04:e2:
                    bb:c1:40:9f:dc:c4:4d:f5:e4:8f:d4:46:30:ce:b5:
                    f2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:43:15:A1:E6:E5:D3:2A:F8:0E:1F:6B:1F:07:53:87:FF:21:77:69
            X509v3 Authority Key Identifier:
                keyid:8C:3E:44:A2:E2:B4:75:D5:CF:4A:48:E5:2D:17:29:00:01:FE:FE:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8C3E44A2E2B475D5CF4A48E52D17290001FEFECA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/34e2bf09-5f42-4b65-a42d-63d0796d206c/0/34332e3233312e3132382e302f32332d3233203d3e203338373838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.231.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:59:98:e2:1b:56:a0:3a:fc:2e:cf:50:78:17:a8:12:bb:0d:
         ae:49:bc:57:89:db:0f:97:ff:55:65:95:58:62:ed:c3:14:29:
         a7:88:3b:7a:36:80:4d:ae:06:ed:30:f5:e0:1b:86:91:3a:c2:
         7d:3b:26:79:96:25:59:2d:8c:5e:f7:f2:7d:3b:c3:dd:f3:5b:
         bb:b3:74:90:8c:68:8a:bf:ab:1f:7a:6c:34:f8:4c:93:e1:21:
         ae:c9:c1:28:3e:7e:b5:1b:23:6b:5a:87:8f:1d:fb:a1:8f:a0:
         f5:7c:6f:dd:94:cb:c5:30:2f:18:db:99:cd:8a:95:a0:2c:45:
         f2:c1:c3:2a:40:96:7d:d3:4a:18:26:04:5e:af:3c:f5:3a:66:
         86:16:5c:d7:b4:57:93:0e:53:fb:05:68:bc:e5:66:2f:72:33:
         7d:c6:70:e9:df:6d:b4:28:54:56:67:16:fe:d7:af:d3:10:20:
         9d:b5:de:37:7a:b4:83:da:90:46:fd:17:cd:31:fd:3d:bd:f9:
         df:c4:40:44:8e:06:8d:dd:b8:59:24:ba:a1:a0:c8:6d:71:6d:
         ee:7b:22:c9:62:be:9d:30:e2:74:72:df:89:82:cd:ce:aa:c7:
         07:82:ce:32:a0:f4:0c:bc:8b:4c:0c:f9:9b:01:dd:26:df:bd:
         c7:ec:e6:bc
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUDivDq6X2ommmFwB6DXWwrNwyvx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEMzRTQ0QTJFMkI0NzVENUNGNEE0OEU1MkQxNzI5MDAw
MUZFRkVDQTAeFw0yMzA3MzEwMDA5MzBaFw0yNDA3MjkwMDE0MzBaMDMxMTAvBgNV
BAMTKDc0NDMxNUExRTZFNUQzMkFGODBFMUY2QjFGMDc1Mzg3RkYyMTc3NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAVwR48sdsgN5IXcQoDgLOR430
Tz035BNVAOB9nEXFsKa2HaGTAy+LdJypocg54qSEXqsonWvsHHQJGbjh6eonXPjp
yanJw+0hr8f/cC2WftXOGmApYlJ8On5ch3VVN31iAatWB5OrZRoQkjFNjTCMl8IL
D/IzOlX/eBpg0Z8fGlThjverbxHBx61apH9ZkQqcO9sEGMet/0a76phHjaKUGf4V
/Zxk5JsDMsZ6q19qMOjR52fQLEzIJw46Bj0e5HisLFypkDBzpnRQwVN2c2SQ3LB3
qP0vqRpzNa6Xi0HyKYEEv4iHOautcIrNYR4E4rvBQJ/cxE315I/URjDOtfJxAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUdEMVoebl0yr4Dh9rHwdTh/8hd2kwHwYDVR0j
BBgwFoAUjD5EouK0ddXPSkjlLRcpAAH+/sowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
NGUyYmYwOS01ZjQyLTRiNjUtYTQyZC02M2QwNzk2ZDIwNmMvMC84QzNFNDRBMkUy
QjQ3NUQ1Q0Y0QTQ4RTUyRDE3MjkwMDAxRkVGRUNBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEMzRTQ0QTJFMkI0NzVENUNGNEE0OEU1MkQxNzI5MDAwMUZF
RkVDQS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzM0ZTJiZjA5LTVmNDItNGI2NS1h
NDJkLTYzZDA3OTZkMjA2Yy8wLzM0MzMyZTMyMzMzMTJlMzEzMjM4MmUzMDJmMzIz
MzJkMzIzMzIwM2QzZTIwMzMzODM3MzgzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEASvngDANBgkqhkiG
9w0BAQsFAAOCAQEAQFmY4htWoDr8Ls9QeBeoErsNrkm8V4nbD5f/VWWVWGLtwxQp
p4g7ejaATa4G7TD14BuGkTrCfTsmeZYlWS2MXvfyfTvD3fNbu7N0kIxoir+rH3ps
NPhMk+EhrsnBKD5+tRsja1qHjx37oY+g9Xxv3ZTLxTAvGNuZzYqVoCxF8sHDKkCW
fdNKGCYEXq889TpmhhZc17RXkw5T+wVovOVmL3IzfcZw6d9ttChUVmcW/tev0xAg
nbXeN3q0g9qQRv0XzTH9Pb3538RARI4Gjd24WSS6oaDIbXFt7nsiyWK+nTDidHLf
iYLNzqrHB4LOMqD0DLyLTAz5mwHdJt+9x+zmvA==
-----END CERTIFICATE-----
Generated at Wed Mar 27 04:37:32 2024 by rpki-client on console-ams.rpki-client.org