Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/3230322e3134392e3132382e302f31392d3234203d3e2034383333.roa
File:                     3230322e3134392e3132382e302f31392d3234203d3e2034383333.roa (raw, json)
Hash identifier:          ZN8o4ODVqkbXPmGxoJFWhpabljcqPPXXnJZ7PHBNNdE=
Subject key identifier:   21:47:02:AC:FC:EA:C9:07:D4:39:CB:81:D8:F2:E5:25:8D:99:B8:0D
Certificate issuer:       /CN=CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9
Certificate serial:       21F64B37157BD3FD778B926E2D9FC89AD2A8EA63
Authority key identifier: CD:68:1E:40:6D:2E:CD:8A:CA:28:E4:F0:7B:9A:FA:9D:F6:48:C4:E9
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/3230322e3134392e3132382e302f31392d3234203d3e2034383333.roa
Signing time:             Mon 31 Jul 2023 00:07:20 +0000
ROA not before:           Mon 31 Jul 2023 00:02:20 +0000
ROA not after:            Mon 29 Jul 2024 00:07:20 +0000
asID:                     4833
IP address blocks:        202.149.128.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.crl
                          rsync://repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 13:56:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f6:4b:37:15:7b:d3:fd:77:8b:92:6e:2d:9f:c8:9a:d2:a8:ea:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9
        Validity
            Not Before: Jul 31 00:02:20 2023 GMT
            Not After : Jul 29 00:07:20 2024 GMT
        Subject: CN=214702ACFCEAC907D439CB81D8F2E5258D99B80D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:c2:a0:26:40:94:69:05:fd:ed:0f:13:4d:cf:
                    d0:e2:8a:af:2a:7e:c7:52:da:97:ed:55:a9:db:3b:
                    48:e8:ba:3e:f9:00:b1:e8:28:bd:2c:48:23:3b:57:
                    4c:15:63:21:7b:fc:ce:cf:9f:4f:e1:5c:6c:db:7c:
                    e8:37:9e:7a:0b:0a:d3:d7:1b:2d:7f:9a:91:78:c2:
                    a7:70:6d:7d:0b:d2:74:e4:b4:cf:62:8a:b6:82:1b:
                    da:b5:ef:cf:0b:12:58:cb:ec:75:42:ec:d0:c8:48:
                    41:f1:79:86:61:50:64:c1:14:4c:12:54:31:f6:aa:
                    34:69:6e:c1:7e:db:92:6c:d4:00:7f:93:7e:cf:35:
                    13:64:a3:2f:9c:59:2a:7a:db:28:8c:7f:52:49:21:
                    af:42:db:86:3e:bb:1f:52:af:fa:59:a8:c9:d7:e9:
                    2f:01:2c:a9:bd:0a:80:61:76:b3:f0:62:64:0a:cb:
                    ea:6c:e6:8d:3e:f2:4b:0f:39:f0:39:21:b8:6b:9f:
                    d0:cb:df:cb:d1:76:f0:72:a0:a6:6d:19:a2:cc:9f:
                    eb:32:ef:10:52:fb:18:1c:fc:2d:20:06:84:53:58:
                    0c:2a:3b:65:81:32:61:68:96:a1:45:00:8a:ca:9e:
                    a8:98:97:b5:5c:49:ca:34:db:d9:25:e9:3e:fd:f8:
                    3c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:47:02:AC:FC:EA:C9:07:D4:39:CB:81:D8:F2:E5:25:8D:99:B8:0D
            X509v3 Authority Key Identifier:
                keyid:CD:68:1E:40:6D:2E:CD:8A:CA:28:E4:F0:7B:9A:FA:9D:F6:48:C4:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CD681E406D2ECD8ACA28E4F07B9AFA9DF648C4E9.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/66c1f51a-8645-4eb1-a2ff-e27c24c8e0c8/0/3230322e3134392e3132382e302f31392d3234203d3e2034383333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.149.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5f:5d:82:f2:90:14:13:8c:de:f9:37:46:d9:3b:83:fd:d0:ae:
         0e:09:f9:cb:55:7d:af:4a:ff:7d:c6:cf:49:d5:6a:75:1b:2a:
         60:15:df:bb:7a:51:20:97:0b:a4:b7:bc:a4:39:1c:68:f6:6a:
         08:a1:79:23:d3:f4:ab:70:78:dd:10:20:0a:bf:aa:1c:9e:15:
         60:5c:70:f2:d1:d8:ab:a7:bc:52:45:06:ca:3d:be:00:1a:ee:
         58:52:42:44:02:97:21:77:d0:6e:b2:ff:b2:3d:95:8f:65:8e:
         a7:ce:3a:2b:c7:07:fe:ea:5f:10:98:7a:b6:3c:b2:4f:df:a3:
         10:05:16:60:2f:b4:e3:9a:2c:74:77:5a:32:1c:45:b6:69:55:
         57:bd:3f:af:77:f5:e1:e0:1f:9c:eb:cc:41:fd:86:7d:db:79:
         cb:94:98:c9:8d:ac:54:9c:0d:70:38:f4:75:14:9d:61:31:cc:
         35:68:43:f3:89:64:e7:80:5f:53:c2:40:09:bb:d4:96:2e:c5:
         df:a7:86:0a:e4:96:af:c1:92:0a:33:81:92:9b:46:37:1c:12:
         73:ef:b4:4b:b8:aa:d4:6e:22:a2:fd:93:25:1f:46:df:bf:60:
         1e:82:ea:4c:2d:30:e8:53:5c:7e:53:ae:9d:d3:4c:bd:5e:57:
         7d:57:d6:87
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUIfZLNxV70/13i5JuLZ/ImtKo6mMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0Q2ODFFNDA2RDJFQ0Q4QUNBMjhFNEYwN0I5QUZBOURG
NjQ4QzRFOTAeFw0yMzA3MzEwMDAyMjBaFw0yNDA3MjkwMDA3MjBaMDMxMTAvBgNV
BAMTKDIxNDcwMkFDRkNFQUM5MDdENDM5Q0I4MUQ4RjJFNTI1OEQ5OUI4MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiwqAmQJRpBf3tDxNNz9Diiq8q
fsdS2pftVanbO0jouj75ALHoKL0sSCM7V0wVYyF7/M7Pn0/hXGzbfOg3nnoLCtPX
Gy1/mpF4wqdwbX0L0nTktM9iiraCG9q1788LEljL7HVC7NDISEHxeYZhUGTBFEwS
VDH2qjRpbsF+25Js1AB/k37PNRNkoy+cWSp62yiMf1JJIa9C24Y+ux9Sr/pZqMnX
6S8BLKm9CoBhdrPwYmQKy+ps5o0+8ksPOfA5Ibhrn9DL38vRdvByoKZtGaLMn+sy
7xBS+xgc/C0gBoRTWAwqO2WBMmFolqFFAIrKnqiYl7VcSco029kl6T79+DxVAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUIUcCrPzqyQfUOcuB2PLlJY2ZuA0wHwYDVR0j
BBgwFoAUzWgeQG0uzYrKKOTwe5r6nfZIxOkwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
NmMxZjUxYS04NjQ1LTRlYjEtYTJmZi1lMjdjMjRjOGUwYzgvMC9DRDY4MUU0MDZE
MkVDRDhBQ0EyOEU0RjA3QjlBRkE5REY2NDhDNEU5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQ0Q2ODFFNDA2RDJFQ0Q4QUNBMjhFNEYwN0I5QUZBOURGNjQ4
QzRFOS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY2YzFmNTFhLTg2NDUtNGViMS1h
MmZmLWUyN2MyNGM4ZTBjOC8wLzMyMzAzMjJlMzEzNDM5MmUzMTMyMzgyZTMwMmYz
MTM5MmQzMjM0MjAzZDNlMjAzNDM4MzMzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBcqVgDANBgkqhkiG
9w0BAQsFAAOCAQEAX12C8pAUE4ze+TdG2TuD/dCuDgn5y1V9r0r/fcbPSdVqdRsq
YBXfu3pRIJcLpLe8pDkcaPZqCKF5I9P0q3B43RAgCr+qHJ4VYFxw8tHYq6e8UkUG
yj2+ABruWFJCRAKXIXfQbrL/sj2Vj2WOp846K8cH/upfEJh6tjyyT9+jEAUWYC+0
45osdHdaMhxFtmlVV70/r3f14eAfnOvMQf2Gfdt5y5SYyY2sVJwNcDj0dRSdYTHM
NWhD84lk54BfU8JACbvUli7F36eGCuSWr8GSCjOBkptGNxwSc++0S7iq1G4iov2T
JR9G379gHoLqTC0w6FNcflOundNMvV5XfVfWhw==
-----END CERTIFICATE-----
Generated at Wed Mar 27 07:57:35 2024 by rpki-client on console-ams.rpki-client.org