Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3130332e33382e3130322e302f32342d3234203d3e203338353234.roa
File:                     3130332e33382e3130322e302f32342d3234203d3e203338353234.roa (raw, json)
Hash identifier:          nCH9DOVueSTKn0sqCHcGqsnfkJY2EHxbvxDPJye+JnY=
Subject key identifier:   83:62:E8:97:63:04:05:FF:6E:25:52:CF:66:DC:B3:DD:3F:3B:E9:F3
Certificate issuer:       /CN=6B33A08D6452492D38FE5FC6560DF750CD283E9A
Certificate serial:       2C083C1FD659378C8FB828C87DBB7054E59686D1
Authority key identifier: 6B:33:A0:8D:64:52:49:2D:38:FE:5F:C6:56:0D:F7:50:CD:28:3E:9A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3130332e33382e3130322e302f32342d3234203d3e203338353234.roa
Signing time:             Mon 31 Jul 2023 00:05:35 +0000
ROA not before:           Mon 31 Jul 2023 00:00:35 +0000
ROA not after:            Mon 29 Jul 2024 00:05:35 +0000
asID:                     38524
IP address blocks:        103.38.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.crl
                          rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:15:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:08:3c:1f:d6:59:37:8c:8f:b8:28:c8:7d:bb:70:54:e5:96:86:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6B33A08D6452492D38FE5FC6560DF750CD283E9A
        Validity
            Not Before: Jul 31 00:00:35 2023 GMT
            Not After : Jul 29 00:05:35 2024 GMT
        Subject: CN=8362E897630405FF6E2552CF66DCB3DD3F3BE9F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3f:93:72:50:3b:55:c7:ef:a7:94:5f:88:5a:
                    94:c4:db:c9:3a:0a:63:18:13:91:76:37:71:0d:00:
                    07:cf:4b:1d:15:ad:c0:c2:67:d0:71:80:3c:32:de:
                    12:e8:76:8a:55:07:f6:9c:22:46:d2:e8:bf:b5:57:
                    ee:e5:77:86:61:17:6a:f6:57:2c:46:66:c4:5f:1b:
                    2b:a6:eb:67:dd:db:0f:f6:9f:47:08:4d:5d:ac:58:
                    ca:ba:d6:6f:2f:ed:3c:e3:d6:ba:af:47:07:9a:94:
                    82:ff:74:27:4c:64:22:40:50:d3:60:bd:0a:02:aa:
                    35:a1:a6:16:eb:94:e8:89:d1:17:81:22:83:5a:42:
                    74:8c:60:98:58:41:95:90:8a:a8:fe:1b:d9:34:ce:
                    4d:5c:af:16:32:d9:64:eb:82:1c:e4:ce:fc:1b:41:
                    d3:e7:89:d6:1d:1d:f7:01:f5:82:c0:ce:a0:6e:c3:
                    c1:fd:20:44:0c:1e:67:a2:53:c5:b5:fe:03:f5:50:
                    ae:e3:c5:b6:c9:3c:68:6a:f1:32:1d:49:ef:dd:9d:
                    b6:a8:6c:73:ea:e7:39:05:75:40:f1:55:79:04:e3:
                    7c:7a:f2:cd:14:2f:ff:ff:79:7f:78:eb:c8:81:ef:
                    c1:a1:6e:eb:f3:34:b6:0f:15:8b:9d:53:75:3c:c2:
                    58:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:62:E8:97:63:04:05:FF:6E:25:52:CF:66:DC:B3:DD:3F:3B:E9:F3
            X509v3 Authority Key Identifier:
                keyid:6B:33:A0:8D:64:52:49:2D:38:FE:5F:C6:56:0D:F7:50:CD:28:3E:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3130332e33382e3130322e302f32342d3234203d3e203338353234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.38.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:8d:5c:49:d9:05:51:e0:10:d3:0c:4f:d5:76:bd:2f:72:48:
         0b:64:33:b7:8f:99:63:42:53:67:f7:11:d8:e9:ee:5c:14:13:
         d4:1b:d3:66:ac:c9:06:c9:3d:4d:d3:10:d4:c6:d1:b0:06:18:
         0f:2b:d3:36:90:39:90:f5:ef:c8:27:8e:6b:38:5c:cc:22:2f:
         18:6a:e1:62:c8:f8:56:aa:ad:0a:d7:01:94:66:5b:61:b8:64:
         fe:e7:27:a8:6b:ee:ab:6c:7b:75:61:17:1d:bb:72:8d:04:1b:
         ff:98:79:6a:d7:af:a8:bf:20:2b:0f:8d:61:78:f1:32:49:04:
         df:00:cd:7f:d7:11:38:8b:0f:89:e0:66:2d:6c:87:83:8c:28:
         c6:84:d2:b2:8c:8a:3d:d1:3a:e6:e5:9f:ae:32:eb:77:19:b9:
         7e:d2:4b:6a:a1:13:2f:e2:e4:64:e5:fe:7f:47:3b:c2:cd:39:
         e2:e9:30:5b:79:7a:f5:a3:1a:d7:53:65:52:b0:a5:a2:aa:72:
         08:f3:cc:b7:bf:fc:68:72:b7:4d:48:a8:86:a3:94:53:b9:61:
         b2:e6:d1:1e:19:8b:f2:45:5f:a5:0d:03:f5:5e:1c:83:68:20:
         1f:6f:b4:bf:4f:09:78:a6:a4:eb:55:1a:79:d3:8c:37:2f:8d:
         5a:c1:9f:0c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIULAg8H9ZZN4yPuCjIfbtwVOWWhtEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkIzM0EwOEQ2NDUyNDkyRDM4RkU1RkM2NTYwREY3NTBD
RDI4M0U5QTAeFw0yMzA3MzEwMDAwMzVaFw0yNDA3MjkwMDA1MzVaMDMxMTAvBgNV
BAMTKDgzNjJFODk3NjMwNDA1RkY2RTI1NTJDRjY2RENCM0REM0YzQkU5RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9P5NyUDtVx++nlF+IWpTE28k6
CmMYE5F2N3ENAAfPSx0VrcDCZ9BxgDwy3hLodopVB/acIkbS6L+1V+7ld4ZhF2r2
VyxGZsRfGyum62fd2w/2n0cITV2sWMq61m8v7Tzj1rqvRwealIL/dCdMZCJAUNNg
vQoCqjWhphbrlOiJ0ReBIoNaQnSMYJhYQZWQiqj+G9k0zk1crxYy2WTrghzkzvwb
QdPnidYdHfcB9YLAzqBuw8H9IEQMHmeiU8W1/gP1UK7jxbbJPGhq8TIdSe/dnbao
bHPq5zkFdUDxVXkE43x68s0UL///eX9468iB78GhbuvzNLYPFYudU3U8wlhzAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUg2Lol2MEBf9uJVLPZtyz3T876fMwHwYDVR0j
BBgwFoAUazOgjWRSSS04/l/GVg33UM0oPpowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZmY5NjlmYy0zOWM3LTQ0Y2QtODcxNi05Y2U0YzZkNWFjOTEvMC82QjMzQTA4RDY0
NTI0OTJEMzhGRTVGQzY1NjBERjc1MENEMjgzRTlBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkIzM0EwOEQ2NDUyNDkyRDM4RkU1RkM2NTYwREY3NTBDRDI4
M0U5QS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdmZjk2OWZjLTM5YzctNDRjZC04
NzE2LTljZTRjNmQ1YWM5MS8wLzMxMzAzMzJlMzMzODJlMzEzMDMyMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGcmZjANBgkqhkiG
9w0BAQsFAAOCAQEAiY1cSdkFUeAQ0wxP1Xa9L3JIC2Qzt4+ZY0JTZ/cR2OnuXBQT
1BvTZqzJBsk9TdMQ1MbRsAYYDyvTNpA5kPXvyCeOazhczCIvGGrhYsj4VqqtCtcB
lGZbYbhk/ucnqGvuq2x7dWEXHbtyjQQb/5h5atevqL8gKw+NYXjxMkkE3wDNf9cR
OIsPieBmLWyHg4woxoTSsoyKPdE65uWfrjLrdxm5ftJLaqETL+LkZOX+f0c7ws05
4ukwW3l69aMa11NlUrCloqpyCPPMt7/8aHK3TUiohqOUU7lhsubRHhmL8kVfpQ0D
9V4cg2ggH2+0v08JeKak61UaedOMNy+NWsGfDA==
-----END CERTIFICATE-----
Generated at Wed Mar 27 10:38:31 2024 by rpki-client on console-fra.rpki-client.org