Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/3130332e3135322e372e302f32342d3234203d3e20313430343236.roa
File:                     3130332e3135322e372e302f32342d3234203d3e20313430343236.roa (raw, json)
Hash identifier:          RDkGkw54/F3MYm880Eu5YnEGn2RwSdQBwJZx7z3QP1w=
Subject key identifier:   B3:06:9F:C8:C1:51:59:EA:96:2B:2F:E3:9E:33:D4:D1:E9:7D:CC:32
Certificate issuer:       /CN=33F0041B7CC6D4139AB23B3CD10C56E51233C589
Certificate serial:       56BB371D9C5372F12A01DEAAA589C1FB3428CBDC
Authority key identifier: 33:F0:04:1B:7C:C6:D4:13:9A:B2:3B:3C:D1:0C:56:E5:12:33:C5:89
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/33F0041B7CC6D4139AB23B3CD10C56E51233C589.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/3130332e3135322e372e302f32342d3234203d3e20313430343236.roa
Signing time:             Mon 31 Jul 2023 00:14:32 +0000
ROA not before:           Mon 31 Jul 2023 00:09:32 +0000
ROA not after:            Mon 29 Jul 2024 00:14:32 +0000
asID:                     140426
IP address blocks:        103.152.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/33F0041B7CC6D4139AB23B3CD10C56E51233C589.crl
                          rsync://repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/33F0041B7CC6D4139AB23B3CD10C56E51233C589.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/33F0041B7CC6D4139AB23B3CD10C56E51233C589.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:bb:37:1d:9c:53:72:f1:2a:01:de:aa:a5:89:c1:fb:34:28:cb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33F0041B7CC6D4139AB23B3CD10C56E51233C589
        Validity
            Not Before: Jul 31 00:09:32 2023 GMT
            Not After : Jul 29 00:14:32 2024 GMT
        Subject: CN=B3069FC8C15159EA962B2FE39E33D4D1E97DCC32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a6:30:e5:3a:40:00:4c:69:e6:99:8c:6e:89:
                    f2:e3:f2:83:49:be:73:09:dc:63:75:01:2a:97:f9:
                    d3:b6:3c:eb:af:8b:06:67:c3:82:e6:e6:eb:16:7c:
                    50:ee:33:5f:0b:04:83:6c:66:60:c8:09:98:cf:e3:
                    81:f1:ec:57:cd:de:4b:2a:0f:b1:a7:b3:b0:b8:96:
                    af:08:b3:c0:65:9c:1f:a2:9b:dc:a1:82:ef:17:5f:
                    5d:c7:30:5a:f9:27:3f:8f:50:60:1a:57:79:70:b4:
                    70:32:b7:72:c8:6a:16:03:57:d4:3c:62:63:16:2d:
                    ad:4a:70:1c:68:00:b6:48:7d:b2:4a:7e:90:66:dd:
                    c9:97:04:10:69:a6:05:3d:4e:d8:d3:10:d0:d7:b1:
                    5a:7d:92:29:e5:16:86:98:44:75:56:f6:88:54:ce:
                    9c:57:c5:09:8b:3f:c1:6d:26:9d:57:59:2a:14:e5:
                    e3:8b:68:15:a4:60:ae:e3:0b:0c:38:b6:32:f9:21:
                    bc:8f:b3:a7:06:b7:b9:0d:47:4b:65:52:6f:1c:94:
                    30:97:e6:23:8d:f7:6e:d0:62:c9:4c:5d:11:7d:e3:
                    7e:b1:bc:42:19:fe:d6:65:47:ba:00:ee:7c:64:8c:
                    f6:cb:44:3b:bb:3e:ab:c2:9c:44:34:4a:97:aa:27:
                    22:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:06:9F:C8:C1:51:59:EA:96:2B:2F:E3:9E:33:D4:D1:E9:7D:CC:32
            X509v3 Authority Key Identifier:
                keyid:33:F0:04:1B:7C:C6:D4:13:9A:B2:3B:3C:D1:0C:56:E5:12:33:C5:89

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/33F0041B7CC6D4139AB23B3CD10C56E51233C589.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/33F0041B7CC6D4139AB23B3CD10C56E51233C589.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3baf365e-05de-4c39-bf96-83e939bed7df/0/3130332e3135322e372e302f32342d3234203d3e20313430343236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:4b:66:1d:f4:8a:73:73:83:e5:37:0b:e8:ca:73:4e:19:b4:
         c6:26:41:04:8f:2d:6f:bd:28:f8:2a:d6:2e:9a:5c:20:84:30:
         cb:fc:8e:c1:ab:59:47:58:f9:d2:0e:44:62:08:a6:6b:1b:bc:
         3e:a4:ec:45:87:e7:97:49:35:f5:33:09:b9:96:96:bd:c0:e5:
         36:0d:ec:dd:94:1c:3c:9a:a1:04:18:2e:bf:0c:33:f0:32:8a:
         54:04:c0:7a:88:d1:1a:4c:51:6e:fe:92:72:fd:82:7a:b4:be:
         3d:6e:d0:3e:da:2b:8f:d2:f7:6f:28:4b:9e:1c:55:f6:c9:7c:
         37:cf:5b:f4:13:4f:87:05:b5:7d:c0:d6:c2:11:37:76:98:60:
         1f:f5:15:e0:c6:83:8b:15:4b:f7:6d:ef:88:52:3f:a2:ac:fd:
         22:f3:d9:8d:18:57:40:23:26:d7:0e:52:5f:f5:41:08:14:50:
         93:5a:84:31:db:50:0b:b9:18:d7:89:44:ed:14:39:94:da:62:
         3b:47:d9:f7:b8:fa:81:8b:59:d5:1a:c6:98:a1:9a:40:e2:64:
         92:ed:2a:0c:bd:a7:9c:89:e6:91:15:38:55:77:5b:f9:fd:dd:
         b6:93:0f:2a:8e:4d:7d:48:9b:2d:f7:64:5a:c2:5f:a6:fe:2b:
         b3:f8:c5:5e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUVrs3HZxTcvEqAd6qpYnB+zQoy9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzNGMDA0MUI3Q0M2RDQxMzlBQjIzQjNDRDEwQzU2RTUx
MjMzQzU4OTAeFw0yMzA3MzEwMDA5MzJaFw0yNDA3MjkwMDE0MzJaMDMxMTAvBgNV
BAMTKEIzMDY5RkM4QzE1MTU5RUE5NjJCMkZFMzlFMzNENEQxRTk3RENDMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZpjDlOkAATGnmmYxuifLj8oNJ
vnMJ3GN1ASqX+dO2POuviwZnw4Lm5usWfFDuM18LBINsZmDICZjP44Hx7FfN3ksq
D7Gns7C4lq8Is8BlnB+im9yhgu8XX13HMFr5Jz+PUGAaV3lwtHAyt3LIahYDV9Q8
YmMWLa1KcBxoALZIfbJKfpBm3cmXBBBppgU9TtjTENDXsVp9kinlFoaYRHVW9ohU
zpxXxQmLP8FtJp1XWSoU5eOLaBWkYK7jCww4tjL5IbyPs6cGt7kNR0tlUm8clDCX
5iON927QYslMXRF9436xvEIZ/tZlR7oA7nxkjPbLRDu7PqvCnEQ0SpeqJyKVAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUswafyMFRWeqWKy/jnjPU0el9zDIwHwYDVR0j
BBgwFoAUM/AEG3zG1BOasjs80QxW5RIzxYkwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmFmMzY1ZS0wNWRlLTRjMzktYmY5Ni04M2U5MzliZWQ3ZGYvMC8zM0YwMDQxQjdD
QzZENDEzOUFCMjNCM0NEMTBDNTZFNTEyMzNDNTg5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzNGMDA0MUI3Q0M2RDQxMzlBQjIzQjNDRDEwQzU2RTUxMjMz
QzU4OS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYWYzNjVlLTA1ZGUtNGMzOS1i
Zjk2LTgzZTkzOWJlZDdkZi8wLzMxMzAzMzJlMzEzNTMyMmUzNzJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzQzMDM0MzIzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGeYBzANBgkqhkiG
9w0BAQsFAAOCAQEASUtmHfSKc3OD5TcL6MpzThm0xiZBBI8tb70o+CrWLppcIIQw
y/yOwatZR1j50g5EYgimaxu8PqTsRYfnl0k19TMJuZaWvcDlNg3s3ZQcPJqhBBgu
vwwz8DKKVATAeojRGkxRbv6Scv2CerS+PW7QPtorj9L3byhLnhxV9sl8N89b9BNP
hwW1fcDWwhE3dphgH/UV4MaDixVL923viFI/oqz9IvPZjRhXQCMm1w5SX/VBCBRQ
k1qEMdtQC7kY14lE7RQ5lNpiO0fZ97j6gYtZ1RrGmKGaQOJkku0qDL2nnInmkRU4
VXdb+f3dtpMPKo5NfUibLfdkWsJfpv4rs/jFXg==
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:46:06 2024 by rpki-client on console-fra.rpki-client.org