Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/3130332e35342e39352e302f32342d3234203d3e20313333383233.roa
File:                     3130332e35342e39352e302f32342d3234203d3e20313333383233.roa (raw, json)
Hash identifier:          4hNydA2ao+SAdzNq5mE/FcCs6i1iD/UyZOAJffeSP0U=
Subject key identifier:   9D:3F:C0:51:A0:E7:6A:90:0F:D1:95:B1:15:99:D4:CC:38:FC:F9:B3
Certificate issuer:       /CN=229F9618AE3F0667EC17C977F266B2BE74C81AB7
Certificate serial:       5C31C728EAB67F751A201F5850DE1938942BE8F3
Authority key identifier: 22:9F:96:18:AE:3F:06:67:EC:17:C9:77:F2:66:B2:BE:74:C8:1A:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229F9618AE3F0667EC17C977F266B2BE74C81AB7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/3130332e35342e39352e302f32342d3234203d3e20313333383233.roa
Signing time:             Fri 08 Sep 2023 08:00:01 +0000
ROA not before:           Fri 08 Sep 2023 07:55:01 +0000
ROA not after:            Fri 06 Sep 2024 08:00:01 +0000
asID:                     133823
IP address blocks:        103.54.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/229F9618AE3F0667EC17C977F266B2BE74C81AB7.crl
                          rsync://repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/229F9618AE3F0667EC17C977F266B2BE74C81AB7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229F9618AE3F0667EC17C977F266B2BE74C81AB7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:31:c7:28:ea:b6:7f:75:1a:20:1f:58:50:de:19:38:94:2b:e8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=229F9618AE3F0667EC17C977F266B2BE74C81AB7
        Validity
            Not Before: Sep  8 07:55:01 2023 GMT
            Not After : Sep  6 08:00:01 2024 GMT
        Subject: CN=9D3FC051A0E76A900FD195B11599D4CC38FCF9B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:36:07:8c:63:5f:26:5b:2e:5b:b4:65:16:17:
                    69:f6:7c:07:2c:cc:4e:e2:9f:79:55:d0:a1:7b:c4:
                    53:7a:14:cc:d0:11:be:68:e2:18:07:f0:0b:ab:c2:
                    b2:21:08:17:df:5e:0d:4f:3d:cd:ec:74:fa:2f:eb:
                    46:a8:9b:67:7b:13:39:0c:3a:98:5f:11:2e:fb:bc:
                    3d:68:ff:c5:81:81:85:42:64:b9:37:37:1f:bf:37:
                    ca:d2:a7:15:33:9f:9d:22:0b:82:81:5a:3d:11:5f:
                    71:8d:be:55:f2:78:3b:2b:d8:d2:32:50:d9:a6:e3:
                    01:ab:60:1a:7c:2f:ce:a4:1e:e1:cc:49:60:03:37:
                    91:89:7c:1b:28:97:b9:e5:e9:19:8f:2e:ae:ea:15:
                    32:32:fe:38:54:22:f9:7f:59:a4:ef:44:5c:d9:db:
                    db:99:b6:2e:1e:25:a3:5a:f6:ac:f0:6b:96:9b:1e:
                    d6:4d:3d:86:79:3e:58:70:89:ca:4d:ba:21:f1:02:
                    ec:fc:e2:3b:e9:23:9a:74:8b:77:da:bf:0b:34:46:
                    9e:36:6c:08:86:77:a2:f1:d7:a9:89:16:6f:15:a8:
                    23:0f:14:21:04:e9:a7:c2:2e:62:53:96:33:d6:77:
                    0a:54:c6:43:0e:25:05:e8:7b:d6:cd:d9:f8:85:9e:
                    c2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3F:C0:51:A0:E7:6A:90:0F:D1:95:B1:15:99:D4:CC:38:FC:F9:B3
            X509v3 Authority Key Identifier:
                keyid:22:9F:96:18:AE:3F:06:67:EC:17:C9:77:F2:66:B2:BE:74:C8:1A:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/229F9618AE3F0667EC17C977F266B2BE74C81AB7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229F9618AE3F0667EC17C977F266B2BE74C81AB7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/44791b1f-6da9-400d-8b14-992aae63746c/0/3130332e35342e39352e302f32342d3234203d3e20313333383233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.54.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:5f:6b:8e:34:82:f6:ca:5b:ea:f5:5d:77:83:c1:9a:ec:47:
         4e:4e:3e:9c:2f:aa:41:66:78:35:c0:d6:c8:42:f1:67:0a:de:
         9e:f4:86:05:ef:2c:9d:0c:e7:e7:46:0b:e0:aa:7f:23:51:49:
         09:fe:4e:b1:f1:ee:ba:13:05:9d:5d:17:3b:10:7d:f3:2f:3c:
         3f:cc:fe:07:71:2a:e0:14:75:ee:4f:56:7b:9d:cb:f7:b2:22:
         2c:25:ae:ba:02:5c:0b:2e:4e:aa:4d:42:59:8d:b4:64:ba:64:
         ee:f0:92:26:db:8f:1e:2c:bb:09:ba:73:c1:3e:2c:4a:ba:1d:
         ec:54:22:21:0c:bb:fb:f9:cb:30:55:5b:c4:24:31:a3:dd:bb:
         34:e9:e5:82:9e:bd:45:dc:47:8a:e9:70:64:14:fd:4e:e9:5e:
         22:75:fe:d6:cc:ce:cd:36:ab:7c:85:3d:3e:ce:e5:58:32:d7:
         d7:d2:56:c9:60:81:b0:6a:a2:2e:df:c0:3d:c5:94:bb:cc:bc:
         e5:b3:08:0d:93:6a:43:85:51:98:ef:63:ae:24:50:e8:a8:dc:
         ca:f8:db:8c:e1:9b:01:eb:91:7a:24:c1:f4:6a:98:67:fe:58:
         1e:84:83:13:ff:98:ac:35:ce:e5:c7:1d:75:cd:38:c8:8f:2b:
         8a:65:71:f0
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUXDHHKOq2f3UaIB9YUN4ZOJQr6PMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI5Rjk2MThBRTNGMDY2N0VDMTdDOTc3RjI2NkIyQkU3
NEM4MUFCNzAeFw0yMzA5MDgwNzU1MDFaFw0yNDA5MDYwODAwMDFaMDMxMTAvBgNV
BAMTKDlEM0ZDMDUxQTBFNzZBOTAwRkQxOTVCMTE1OTlENENDMzhGQ0Y5QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmNgeMY18mWy5btGUWF2n2fAcs
zE7in3lV0KF7xFN6FMzQEb5o4hgH8AurwrIhCBffXg1PPc3sdPov60aom2d7EzkM
OphfES77vD1o/8WBgYVCZLk3Nx+/N8rSpxUzn50iC4KBWj0RX3GNvlXyeDsr2NIy
UNmm4wGrYBp8L86kHuHMSWADN5GJfBsol7nl6RmPLq7qFTIy/jhUIvl/WaTvRFzZ
29uZti4eJaNa9qzwa5abHtZNPYZ5PlhwicpNuiHxAuz84jvpI5p0i3favws0Rp42
bAiGd6Lx16mJFm8VqCMPFCEE6afCLmJTljPWdwpUxkMOJQXoe9bN2fiFnsIXAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUnT/AUaDnapAP0ZWxFZnUzDj8+bMwHwYDVR0j
BBgwFoAUIp+WGK4/BmfsF8l38mayvnTIGrcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby80
NDc5MWIxZi02ZGE5LTQwMGQtOGIxNC05OTJhYWU2Mzc0NmMvMC8yMjlGOTYxOEFF
M0YwNjY3RUMxN0M5NzdGMjY2QjJCRTc0QzgxQUI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI5Rjk2MThBRTNGMDY2N0VDMTdDOTc3RjI2NkIyQkU3NEM4
MUFCNy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzQ0NzkxYjFmLTZkYTktNDAwZC04
YjE0LTk5MmFhZTYzNzQ2Yy8wLzMxMzAzMzJlMzUzNDJlMzkzNTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzMzM4MzIzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGc2XzANBgkqhkiG
9w0BAQsFAAOCAQEA2l9rjjSC9spb6vVdd4PBmuxHTk4+nC+qQWZ4NcDWyELxZwre
nvSGBe8snQzn50YL4Kp/I1FJCf5OsfHuuhMFnV0XOxB98y88P8z+B3Eq4BR17k9W
e53L97IiLCWuugJcCy5Oqk1CWY20ZLpk7vCSJtuPHiy7CbpzwT4sSrod7FQiIQy7
+/nLMFVbxCQxo927NOnlgp69RdxHiulwZBT9TuleInX+1szOzTarfIU9Ps7lWDLX
19JWyWCBsGqiLt/APcWUu8y85bMIDZNqQ4VRmO9jriRQ6KjcyvjbjOGbAeuReiTB
9GqYZ/5YHoSDE/+YrDXO5ccddc04yI8rimVx8A==
-----END CERTIFICATE-----
Generated at Thu Mar 28 03:10:05 2024 by rpki-client on console-fra.rpki-client.org