Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/3130332e3132362e3230302e302f32322d3232203d3e20313338313133.roa
File:                     3130332e3132362e3230302e302f32322d3232203d3e20313338313133.roa (raw, json)
Hash identifier:          4/GU1Qyk0d9dbAhzkGGHUuEymrHAtO/w7LuPJlOqHa8=
Subject key identifier:   71:09:79:0B:55:75:DD:BE:1C:FC:E6:6E:B7:AC:21:31:F0:DC:FC:99
Certificate issuer:       /CN=8CFA88063D5C0A51C1D737A5170338865A245358
Certificate serial:       7467BD8F68F5035B899866F5A808178D4C162B90
Authority key identifier: 8C:FA:88:06:3D:5C:0A:51:C1:D7:37:A5:17:03:38:86:5A:24:53:58
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8CFA88063D5C0A51C1D737A5170338865A245358.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/3130332e3132362e3230302e302f32322d3232203d3e20313338313133.roa
Signing time:             Mon 31 Jul 2023 00:03:16 +0000
ROA not before:           Sun 30 Jul 2023 23:58:16 +0000
ROA not after:            Mon 29 Jul 2024 00:03:16 +0000
asID:                     138113
IP address blocks:        103.126.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/8CFA88063D5C0A51C1D737A5170338865A245358.crl
                          rsync://repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/8CFA88063D5C0A51C1D737A5170338865A245358.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8CFA88063D5C0A51C1D737A5170338865A245358.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:67:bd:8f:68:f5:03:5b:89:98:66:f5:a8:08:17:8d:4c:16:2b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8CFA88063D5C0A51C1D737A5170338865A245358
        Validity
            Not Before: Jul 30 23:58:16 2023 GMT
            Not After : Jul 29 00:03:16 2024 GMT
        Subject: CN=7109790B5575DDBE1CFCE66EB7AC2131F0DCFC99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f1:77:07:e8:be:a3:0f:98:30:75:09:29:1e:
                    3e:34:04:4f:c7:d7:ca:f0:1a:ed:59:d4:ee:a3:5f:
                    d7:4a:1a:04:52:af:b8:ba:36:2c:8f:63:0e:31:60:
                    56:12:a0:ff:f3:c2:c4:e3:a1:f1:b0:de:93:34:a1:
                    40:2c:26:03:f0:ac:0d:57:61:09:13:09:b2:9b:0a:
                    c4:59:18:9c:33:7e:08:ab:a3:5e:80:b7:2d:ca:59:
                    48:5a:e7:32:f5:23:2f:a9:42:9e:74:40:52:15:70:
                    5e:2a:34:95:7c:81:cf:f6:3f:96:49:0a:50:98:b6:
                    48:3d:f1:00:1e:de:6e:2d:44:ae:e8:95:d2:49:84:
                    b7:50:c7:12:51:46:f0:e9:77:01:79:14:5a:da:f4:
                    aa:ae:85:c6:2e:9f:c9:66:21:40:99:0c:66:fe:65:
                    a7:65:1d:b4:32:4e:3e:cf:96:80:17:8b:c6:38:3e:
                    12:bd:bc:e6:0d:f9:86:09:08:59:3c:47:0a:07:73:
                    3d:72:a6:88:d5:c9:0f:2f:51:99:37:90:b9:56:95:
                    7f:09:d7:82:f0:0b:35:46:0c:66:11:a6:01:44:d0:
                    a1:8b:26:a1:dc:16:92:99:33:94:01:1d:c4:af:71:
                    0b:f4:fc:cf:98:af:2c:8e:3b:dd:01:6c:e0:5a:77:
                    40:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:09:79:0B:55:75:DD:BE:1C:FC:E6:6E:B7:AC:21:31:F0:DC:FC:99
            X509v3 Authority Key Identifier:
                keyid:8C:FA:88:06:3D:5C:0A:51:C1:D7:37:A5:17:03:38:86:5A:24:53:58

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/8CFA88063D5C0A51C1D737A5170338865A245358.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8CFA88063D5C0A51C1D737A5170338865A245358.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/8a2e5b69-adbd-4e2d-847d-374815581d86/0/3130332e3132362e3230302e302f32322d3232203d3e20313338313133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.126.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:34:9d:39:71:2e:f9:ed:da:32:b0:d3:74:22:d6:90:04:78:
         e6:06:31:a0:60:53:28:b5:e3:7c:08:e8:ef:b5:4d:54:a3:b3:
         00:57:26:4c:e3:0c:52:0a:ae:2f:00:ac:78:34:12:d0:6b:fb:
         a4:81:36:2f:0c:7b:62:4d:f7:84:2f:53:a4:0d:5c:a1:8a:d5:
         ef:df:48:9c:dc:11:5a:47:1e:e6:c3:e7:ee:72:83:68:47:a6:
         de:c1:b4:ca:7c:05:05:ab:f6:fa:09:ff:54:11:11:63:25:a8:
         f7:06:60:ca:81:ae:c7:d3:36:eb:eb:c5:44:2a:a2:30:66:d2:
         f8:1b:83:fe:aa:ef:45:fe:4b:50:ff:9c:75:b0:37:40:ff:71:
         18:ad:4a:b0:a4:75:84:72:36:3f:5f:ae:98:37:4b:4e:95:a4:
         ff:f9:21:a0:77:a8:c0:cf:65:da:95:9d:d6:6f:02:6c:5b:b0:
         c1:f0:1f:be:f5:48:67:e1:ac:fb:73:c1:6e:fb:69:70:66:e5:
         b2:8f:1b:aa:18:c6:b5:19:68:92:17:6b:44:04:59:87:ce:56:
         84:a2:74:26:95:84:4e:f5:27:a7:40:c7:1f:21:d1:4c:f7:b7:
         d5:7d:5c:f5:17:6e:6a:5c:fc:76:ec:35:a8:aa:0b:62:02:6c:
         8d:82:44:25
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUdGe9j2j1A1uJmGb1qAgXjUwWK5AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOENGQTg4MDYzRDVDMEE1MUMxRDczN0E1MTcwMzM4ODY1
QTI0NTM1ODAeFw0yMzA3MzAyMzU4MTZaFw0yNDA3MjkwMDAzMTZaMDMxMTAvBgNV
BAMTKDcxMDk3OTBCNTU3NUREQkUxQ0ZDRTY2RUI3QUMyMTMxRjBEQ0ZDOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA8XcH6L6jD5gwdQkpHj40BE/H
18rwGu1Z1O6jX9dKGgRSr7i6NiyPYw4xYFYSoP/zwsTjofGw3pM0oUAsJgPwrA1X
YQkTCbKbCsRZGJwzfgiro16Aty3KWUha5zL1Iy+pQp50QFIVcF4qNJV8gc/2P5ZJ
ClCYtkg98QAe3m4tRK7oldJJhLdQxxJRRvDpdwF5FFra9KquhcYun8lmIUCZDGb+
ZadlHbQyTj7PloAXi8Y4PhK9vOYN+YYJCFk8RwoHcz1ypojVyQ8vUZk3kLlWlX8J
14LwCzVGDGYRpgFE0KGLJqHcFpKZM5QBHcSvcQv0/M+YryyOO90BbOBad0B5AgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUcQl5C1V13b4c/OZut6whMfDc/JkwHwYDVR0j
BBgwFoAUjPqIBj1cClHB1zelFwM4hlokU1gwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
YTJlNWI2OS1hZGJkLTRlMmQtODQ3ZC0zNzQ4MTU1ODFkODYvMC84Q0ZBODgwNjNE
NUMwQTUxQzFENzM3QTUxNzAzMzg4NjVBMjQ1MzU4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOENGQTg4MDYzRDVDMEE1MUMxRDczN0E1MTcwMzM4ODY1QTI0
NTM1OC5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzhhMmU1YjY5LWFkYmQtNGUyZC04
NDdkLTM3NDgxNTU4MWQ4Ni8wLzMxMzAzMzJlMzEzMjM2MmUzMjMwMzAyZTMwMmYz
MjMyMmQzMjMyMjAzZDNlMjAzMTMzMzgzMTMxMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJnfsgwDQYJ
KoZIhvcNAQELBQADggEBAIo0nTlxLvnt2jKw03Qi1pAEeOYGMaBgUyi143wI6O+1
TVSjswBXJkzjDFIKri8ArHg0EtBr+6SBNi8Me2JN94QvU6QNXKGK1e/fSJzcEVpH
HubD5+5yg2hHpt7BtMp8BQWr9voJ/1QREWMlqPcGYMqBrsfTNuvrxUQqojBm0vgb
g/6q70X+S1D/nHWwN0D/cRitSrCkdYRyNj9frpg3S06VpP/5IaB3qMDPZdqVndZv
AmxbsMHwH771SGfhrPtzwW77aXBm5bKPG6oYxrUZaJIXa0QEWYfOVoSidCaVhE71
J6dAxx8h0Uz3t9V9XPUXbmpc/HbsNaiqC2ICbI2CRCU=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:12:51 2024 by rpki-client on console-ams.rpki-client.org