Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3131392e322e34372e302f32342d3234203d3e203338353234.roa
File:                     3131392e322e34372e302f32342d3234203d3e203338353234.roa (raw, json)
Hash identifier:          +QDPyi77ZUmssejkSk1Qy95B0ak3IbbEL7qvFYLIkmw=
Subject key identifier:   DF:FA:60:F4:7B:5E:12:6F:3E:8D:92:E4:08:0C:91:42:35:33:89:DE
Certificate issuer:       /CN=6B33A08D6452492D38FE5FC6560DF750CD283E9A
Certificate serial:       3D3C871CA2A78F167A5954F18A74C0A21969E3F1
Authority key identifier: 6B:33:A0:8D:64:52:49:2D:38:FE:5F:C6:56:0D:F7:50:CD:28:3E:9A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3131392e322e34372e302f32342d3234203d3e203338353234.roa
Signing time:             Mon 31 Jul 2023 00:05:36 +0000
ROA not before:           Mon 31 Jul 2023 00:00:36 +0000
ROA not after:            Mon 29 Jul 2024 00:05:36 +0000
asID:                     38524
IP address blocks:        119.2.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.crl
                          rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:15:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:3c:87:1c:a2:a7:8f:16:7a:59:54:f1:8a:74:c0:a2:19:69:e3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6B33A08D6452492D38FE5FC6560DF750CD283E9A
        Validity
            Not Before: Jul 31 00:00:36 2023 GMT
            Not After : Jul 29 00:05:36 2024 GMT
        Subject: CN=DFFA60F47B5E126F3E8D92E4080C9142353389DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:9c:4e:88:1b:23:40:82:e7:8b:7b:9c:cb:c0:
                    63:a8:d1:a6:f8:c5:f7:f2:0b:d1:6e:47:c3:e2:82:
                    33:46:9c:a0:c1:a0:f4:0f:02:9e:ca:6b:21:ee:c1:
                    5c:97:7b:a6:0f:c9:9f:9a:a1:2e:ea:dc:ae:75:d4:
                    a7:60:a6:d8:e8:76:1b:20:9f:68:08:1a:60:dd:99:
                    e2:da:dc:5f:1c:cc:c8:fc:36:f2:a7:cb:f7:df:ee:
                    78:2a:af:0b:ef:ac:74:f7:89:60:8a:ad:c7:e3:fc:
                    71:2f:b2:31:91:af:30:7b:c3:81:ce:c2:9e:88:09:
                    1c:27:a7:f2:1e:39:65:37:b5:f6:2b:09:53:4d:44:
                    4d:d0:6a:0f:ba:6a:5a:8f:4f:07:c1:9f:da:d8:56:
                    32:a5:a6:d9:49:8b:39:a6:27:28:2b:1e:b6:fd:39:
                    09:22:7d:61:12:97:6a:7b:c8:6c:31:14:06:42:7b:
                    29:31:8f:b7:60:9d:6f:aa:ea:0d:5d:9c:7a:dc:ba:
                    60:90:0c:1b:18:01:c9:64:fd:c2:1f:01:9c:f4:6f:
                    7e:0a:53:7b:ab:80:b8:26:61:9e:65:71:a2:93:a7:
                    b4:bf:76:61:69:ad:81:9b:d9:1d:42:88:10:6e:23:
                    3c:7d:28:8e:c1:fc:5e:09:b3:52:46:93:01:02:d3:
                    e9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:FA:60:F4:7B:5E:12:6F:3E:8D:92:E4:08:0C:91:42:35:33:89:DE
            X509v3 Authority Key Identifier:
                keyid:6B:33:A0:8D:64:52:49:2D:38:FE:5F:C6:56:0D:F7:50:CD:28:3E:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/6B33A08D6452492D38FE5FC6560DF750CD283E9A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B33A08D6452492D38FE5FC6560DF750CD283E9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7ff969fc-39c7-44cd-8716-9ce4c6d5ac91/0/3131392e322e34372e302f32342d3234203d3e203338353234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.2.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:7e:6a:ab:79:26:c3:0e:5a:c5:7d:e2:2d:01:12:ed:1f:8f:
         95:0e:28:5f:dd:33:1b:4b:5f:df:c6:a5:1a:00:2e:8d:89:6a:
         cd:56:40:3d:f9:ef:24:65:aa:e8:b7:58:f0:56:07:40:78:2d:
         65:5b:db:90:7c:a6:fb:f4:36:00:ce:72:61:13:bc:72:18:0d:
         28:5d:93:d2:10:31:00:70:b7:b6:5c:c2:ea:62:7e:2c:46:9a:
         2f:da:3a:1a:7d:c6:e7:41:d5:a8:84:eb:4c:92:5b:a3:3d:24:
         89:ac:6d:34:84:6a:f6:2c:b4:4d:a6:d9:50:0f:bd:2d:9a:be:
         b5:c9:dc:e3:07:24:00:11:05:9f:2b:95:f9:0c:9e:1d:88:5c:
         71:3c:f9:c5:4f:0b:d5:a2:ba:ef:31:44:4e:da:ee:ee:02:8e:
         73:c8:e3:bf:09:79:27:20:7a:7d:bc:02:31:de:48:cb:49:5c:
         9e:09:f7:51:54:3f:46:13:f2:7c:d6:2e:a0:a0:01:5e:8b:2b:
         69:9c:62:8e:ec:ce:6f:7b:eb:6a:6f:dd:1f:c2:bc:f9:32:be:
         a2:15:b0:cb:f5:9d:43:16:6d:d8:39:e6:7b:af:17:26:0e:37:
         dd:14:20:c8:42:a3:4d:7f:d7:d9:c6:74:e0:d9:d2:31:1d:89:
         cb:61:ea:79
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUPTyHHKKnjxZ6WVTxinTAohlp4/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkIzM0EwOEQ2NDUyNDkyRDM4RkU1RkM2NTYwREY3NTBD
RDI4M0U5QTAeFw0yMzA3MzEwMDAwMzZaFw0yNDA3MjkwMDA1MzZaMDMxMTAvBgNV
BAMTKERGRkE2MEY0N0I1RTEyNkYzRThEOTJFNDA4MEM5MTQyMzUzMzg5REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4nE6IGyNAgueLe5zLwGOo0ab4
xffyC9FuR8PigjNGnKDBoPQPAp7KayHuwVyXe6YPyZ+aoS7q3K511Kdgptjodhsg
n2gIGmDdmeLa3F8czMj8NvKny/ff7ngqrwvvrHT3iWCKrcfj/HEvsjGRrzB7w4HO
wp6ICRwnp/IeOWU3tfYrCVNNRE3Qag+6alqPTwfBn9rYVjKlptlJizmmJygrHrb9
OQkifWESl2p7yGwxFAZCeykxj7dgnW+q6g1dnHrcumCQDBsYAclk/cIfAZz0b34K
U3urgLgmYZ5lcaKTp7S/dmFprYGb2R1CiBBuIzx9KI7B/F4Js1JGkwEC0+kRAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQU3/pg9HteEm8+jZLkCAyRQjUzid4wHwYDVR0j
BBgwFoAUazOgjWRSSS04/l/GVg33UM0oPpowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZmY5NjlmYy0zOWM3LTQ0Y2QtODcxNi05Y2U0YzZkNWFjOTEvMC82QjMzQTA4RDY0
NTI0OTJEMzhGRTVGQzY1NjBERjc1MENEMjgzRTlBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkIzM0EwOEQ2NDUyNDkyRDM4RkU1RkM2NTYwREY3NTBDRDI4
M0U5QS5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vN2ZmOTY5ZmMtMzljNy00NGNkLTg3
MTYtOWNlNGM2ZDVhYzkxLzAvMzEzMTM5MmUzMjJlMzQzNzJlMzAyZjMyMzQyZDMy
MzQyMDNkM2UyMDMzMzgzNTMyMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAB3Ai8wDQYJKoZIhvcNAQEL
BQADggEBACt+aqt5JsMOWsV94i0BEu0fj5UOKF/dMxtLX9/GpRoALo2Jas1WQD35
7yRlqui3WPBWB0B4LWVb25B8pvv0NgDOcmETvHIYDShdk9IQMQBwt7ZcwupifixG
mi/aOhp9xudB1aiE60ySW6M9JImsbTSEavYstE2m2VAPvS2avrXJ3OMHJAARBZ8r
lfkMnh2IXHE8+cVPC9Wiuu8xRE7a7u4CjnPI478JeScgen28AjHeSMtJXJ4J91FU
P0YT8nzWLqCgAV6LK2mcYo7szm9762pv3R/CvPkyvqIVsMv1nUMWbdg55nuvFyYO
N90UIMhCo01/19nGdODZ0jEdicth6nk=
-----END CERTIFICATE-----
Generated at Wed Mar 27 10:38:31 2024 by rpki-client on console-fra.rpki-client.org