Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/3131312e36382e3131322e302f32302d3234203d3e203435323837.roa
File:                     3131312e36382e3131322e302f32302d3234203d3e203435323837.roa (raw, json)
Hash identifier:          XewTdRzAzPOGQthv9JUKY2qr57QbO/Zlqh2Frx9mXsw=
Subject key identifier:   70:FF:6F:61:1E:37:4F:78:7A:9C:2D:84:52:C1:59:81:53:DF:F2:C0
Certificate issuer:       /CN=DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7
Certificate serial:       6FA9FF7339BE3EBF4CF99A3D68B3908DC68FD5FD
Authority key identifier: DC:1F:CA:69:CA:5B:7A:3A:3E:48:25:B3:CA:FC:C3:BD:1B:C0:6E:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/3131312e36382e3131322e302f32302d3234203d3e203435323837.roa
Signing time:             Mon 31 Jul 2023 00:02:34 +0000
ROA not before:           Sun 30 Jul 2023 23:57:34 +0000
ROA not after:            Mon 29 Jul 2024 00:02:34 +0000
asID:                     45287
IP address blocks:        111.68.112.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.crl
                          rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:a9:ff:73:39:be:3e:bf:4c:f9:9a:3d:68:b3:90:8d:c6:8f:d5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7
        Validity
            Not Before: Jul 30 23:57:34 2023 GMT
            Not After : Jul 29 00:02:34 2024 GMT
        Subject: CN=70FF6F611E374F787A9C2D8452C1598153DFF2C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:06:c8:bd:72:4a:df:01:42:ce:3e:92:f7:c9:
                    0b:29:4d:25:88:26:d7:78:54:c8:99:fa:4e:b5:ae:
                    cd:c7:5e:f4:e1:03:e3:fa:a7:57:8c:c2:7a:cc:70:
                    18:14:61:26:c3:1a:40:8d:83:62:b9:19:dd:0c:a2:
                    ca:2d:6f:14:67:ca:69:da:7c:62:36:30:86:41:fd:
                    5b:66:85:ff:02:f7:d0:d3:00:f6:24:64:ea:5e:5d:
                    5d:09:38:3a:e3:26:ad:83:42:dc:96:08:fe:6a:2c:
                    59:fa:67:80:08:ae:cf:dc:3a:c2:1e:4f:71:8f:9b:
                    80:30:1f:df:18:79:cc:04:6c:46:e7:f2:d0:f2:ba:
                    22:88:52:2b:c4:58:7a:b3:0c:05:e1:4e:22:70:92:
                    35:9c:36:01:4e:ef:a0:48:ff:30:3c:36:4f:27:b6:
                    6d:2c:12:d1:e8:ac:23:88:26:86:2f:7b:75:e5:6d:
                    9e:d3:e4:74:ed:d4:17:ab:8e:70:8c:90:47:e5:e3:
                    24:ea:71:4f:4e:b1:79:cb:bf:57:89:89:5a:56:a4:
                    b2:b2:b7:53:76:f8:f3:b6:fe:b8:fe:1a:e0:e3:be:
                    03:48:c6:ac:dd:e0:17:34:88:17:18:f6:af:81:90:
                    a3:80:b9:51:11:ad:57:99:a9:2a:30:c9:55:7c:b8:
                    c1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FF:6F:61:1E:37:4F:78:7A:9C:2D:84:52:C1:59:81:53:DF:F2:C0
            X509v3 Authority Key Identifier:
                keyid:DC:1F:CA:69:CA:5B:7A:3A:3E:48:25:B3:CA:FC:C3:BD:1B:C0:6E:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/3131312e36382e3131322e302f32302d3234203d3e203435323837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.68.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         98:2f:85:07:56:41:e2:db:66:b8:a1:57:c6:2a:6c:39:eb:d9:
         df:42:c9:95:9a:3b:37:2f:88:49:83:99:c1:2a:d7:a6:98:d2:
         3d:27:b0:a7:3a:18:51:1f:b6:45:4d:7a:f5:84:62:36:61:55:
         7f:14:a4:d5:00:f0:fd:cb:94:27:20:dc:77:40:f9:bd:20:c6:
         b2:86:5c:e3:74:6b:1c:94:61:a9:20:b2:5a:8e:24:f8:1c:f9:
         c4:0d:6f:0e:d4:59:ff:f7:0b:a3:60:34:50:5c:13:ba:e5:4d:
         2e:a6:19:1c:38:b4:79:2a:d3:fa:9e:59:d8:0c:04:f2:7f:fd:
         9a:5c:90:e2:be:f4:fb:b8:02:f9:36:69:84:d4:e9:5c:9a:54:
         fe:8b:60:28:b8:17:46:90:d8:85:c0:7e:aa:10:af:26:0c:03:
         e7:a9:a1:3a:93:e3:bf:29:ce:7f:96:6d:f2:11:06:5d:a4:a4:
         b7:17:d8:1d:b9:31:e3:19:87:2d:4e:52:ef:97:d8:32:31:ef:
         d6:70:35:9f:e7:18:da:be:d5:71:f9:32:eb:90:c0:ff:72:f4:
         44:c1:83:c9:6f:84:18:cf:5d:d4:fd:d5:9f:5e:20:38:39:d9:
         cf:bc:61:5e:38:a2:46:26:55:e6:71:5c:aa:98:ad:7e:3a:ae:
         f0:c1:c8:15
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUb6n/czm+Pr9M+Zo9aLOQjcaP1f0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREMxRkNBNjlDQTVCN0EzQTNFNDgyNUIzQ0FGQ0MzQkQx
QkMwNkVCNzAeFw0yMzA3MzAyMzU3MzRaFw0yNDA3MjkwMDAyMzRaMDMxMTAvBgNV
BAMTKDcwRkY2RjYxMUUzNzRGNzg3QTlDMkQ4NDUyQzE1OTgxNTNERkYyQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcBsi9ckrfAULOPpL3yQspTSWI
Jtd4VMiZ+k61rs3HXvThA+P6p1eMwnrMcBgUYSbDGkCNg2K5Gd0MosotbxRnymna
fGI2MIZB/Vtmhf8C99DTAPYkZOpeXV0JODrjJq2DQtyWCP5qLFn6Z4AIrs/cOsIe
T3GPm4AwH98YecwEbEbn8tDyuiKIUivEWHqzDAXhTiJwkjWcNgFO76BI/zA8Nk8n
tm0sEtHorCOIJoYve3XlbZ7T5HTt1BerjnCMkEfl4yTqcU9OsXnLv1eJiVpWpLKy
t1N2+PO2/rj+GuDjvgNIxqzd4Bc0iBcY9q+BkKOAuVERrVeZqSowyVV8uMHpAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUcP9vYR43T3h6nC2EUsFZgVPf8sAwHwYDVR0j
BBgwFoAU3B/Kacpbejo+SCWzyvzDvRvAbrcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
ODI0OWZjMy02Yzg0LTRlOTEtYjA2Ny1hMGM2YTg0MGEzYTkvMC9EQzFGQ0E2OUNB
NUI3QTNBM0U0ODI1QjNDQUZDQzNCRDFCQzA2RUI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREMxRkNBNjlDQTVCN0EzQTNFNDgyNUIzQ0FGQ0MzQkQxQkMw
NkVCNy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzk4MjQ5ZmMzLTZjODQtNGU5MS1i
MDY3LWEwYzZhODQwYTNhOS8wLzMxMzEzMTJlMzYzODJlMzEzMTMyMmUzMDJmMzIz
MDJkMzIzNDIwM2QzZTIwMzQzNTMyMzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBG9EcDANBgkqhkiG
9w0BAQsFAAOCAQEAmC+FB1ZB4ttmuKFXxipsOevZ30LJlZo7Ny+ISYOZwSrXppjS
PSewpzoYUR+2RU169YRiNmFVfxSk1QDw/cuUJyDcd0D5vSDGsoZc43RrHJRhqSCy
Wo4k+Bz5xA1vDtRZ//cLo2A0UFwTuuVNLqYZHDi0eSrT+p5Z2AwE8n/9mlyQ4r70
+7gC+TZphNTpXJpU/otgKLgXRpDYhcB+qhCvJgwD56mhOpPjvynOf5Zt8hEGXaSk
txfYHbkx4xmHLU5S75fYMjHv1nA1n+cY2r7Vcfky65DA/3L0RMGDyW+EGM9d1P3V
n14gODnZz7xhXjiiRiZV5nFcqpitfjqu8MHIFQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 06:00:40 2024 by rpki-client on console-fra.rpki-client.org