Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3132342e3135382e3134342e302f32302d3234203d3e203137393935.roa
File:                     3132342e3135382e3134342e302f32302d3234203d3e203137393935.roa (raw, json)
Hash identifier:          EYYTaQISL9ey9V84hwifPF9tgGzRVKdYP9+/C2UYU90=
Subject key identifier:   7B:1B:59:0C:67:EF:DB:D3:F4:24:93:D4:AA:D9:34:D0:F8:82:32:EB
Certificate issuer:       /CN=3EDBB7844714C545CED724120ED0E5A34EFB45EE
Certificate serial:       12945D652B901F2B0017002B932E69E49BE8A85B
Authority key identifier: 3E:DB:B7:84:47:14:C5:45:CE:D7:24:12:0E:D0:E5:A3:4E:FB:45:EE
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3EDBB7844714C545CED724120ED0E5A34EFB45EE.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3132342e3135382e3134342e302f32302d3234203d3e203137393935.roa
Signing time:             Mon 31 Jul 2023 00:09:33 +0000
ROA not before:           Mon 31 Jul 2023 00:04:33 +0000
ROA not after:            Mon 29 Jul 2024 00:09:33 +0000
asID:                     17995
IP address blocks:        124.158.144.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3EDBB7844714C545CED724120ED0E5A34EFB45EE.crl
                          rsync://repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3EDBB7844714C545CED724120ED0E5A34EFB45EE.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3EDBB7844714C545CED724120ED0E5A34EFB45EE.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 19:38:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:94:5d:65:2b:90:1f:2b:00:17:00:2b:93:2e:69:e4:9b:e8:a8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3EDBB7844714C545CED724120ED0E5A34EFB45EE
        Validity
            Not Before: Jul 31 00:04:33 2023 GMT
            Not After : Jul 29 00:09:33 2024 GMT
        Subject: CN=7B1B590C67EFDBD3F42493D4AAD934D0F88232EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:94:6d:b9:b7:53:17:a2:2e:81:c2:aa:5a:4f:
                    40:ab:89:27:37:cf:35:73:73:89:11:ca:b0:ae:4b:
                    be:14:2c:e0:8b:0a:d1:de:77:03:a8:04:18:8a:7c:
                    28:d0:3d:e9:11:8c:59:b7:96:07:e3:c9:8a:80:31:
                    a5:f4:4c:c4:04:c9:b2:cd:e8:b8:e6:8f:35:88:13:
                    ea:3a:67:8c:f0:6e:9a:a0:3d:d1:4c:40:18:48:96:
                    42:78:b8:4c:4a:6c:af:86:53:fe:af:b7:a8:33:e6:
                    d3:62:76:69:94:b5:e6:39:e2:5a:1b:15:56:16:a4:
                    3a:b1:b3:45:5f:85:6d:81:44:f0:be:78:b1:5e:d6:
                    09:b4:2d:22:c8:46:88:1e:90:62:bd:84:7c:96:0c:
                    4f:28:c6:1e:88:44:dd:8e:f9:ac:d3:e7:ac:70:1d:
                    e2:ad:49:c1:81:6d:e1:8c:05:24:7d:6d:bb:3e:64:
                    f8:88:51:9a:fe:a7:e5:d1:1e:ea:6f:d7:0c:0b:9e:
                    30:26:83:53:60:28:3f:fe:13:42:80:36:08:eb:fd:
                    13:e5:80:9d:e9:65:59:9e:a9:c8:1a:89:72:45:27:
                    f2:0d:dc:cd:d5:1c:d4:af:3a:f8:f4:25:9f:a5:7c:
                    39:22:4e:71:83:06:c4:ec:f8:28:75:85:96:6c:58:
                    3c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1B:59:0C:67:EF:DB:D3:F4:24:93:D4:AA:D9:34:D0:F8:82:32:EB
            X509v3 Authority Key Identifier:
                keyid:3E:DB:B7:84:47:14:C5:45:CE:D7:24:12:0E:D0:E5:A3:4E:FB:45:EE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3EDBB7844714C545CED724120ED0E5A34EFB45EE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3EDBB7844714C545CED724120ED0E5A34EFB45EE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/9ed955c8-e6d3-49c2-abd8-e0f92c081247/0/3132342e3135382e3134342e302f32302d3234203d3e203137393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.158.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a7:17:03:d4:e2:c2:41:d1:0c:df:c7:b8:1a:9c:d6:16:9a:78:
         d4:9b:53:77:f0:ab:f2:d1:c3:5f:f8:cc:e9:22:67:75:44:eb:
         e9:ce:a0:6e:ae:f8:21:b6:1b:eb:30:ce:73:c2:7d:df:46:74:
         9b:65:11:a7:88:bd:c0:ae:fd:81:c9:73:9c:84:c0:f9:c6:9e:
         3f:86:24:66:eb:43:11:28:bf:dc:2a:5b:36:2b:b3:1f:ba:b4:
         34:05:c9:71:a6:93:a1:25:b9:ce:e0:52:6b:d6:d5:11:5f:8c:
         33:f0:84:87:2b:15:e8:77:80:56:b0:4f:6a:29:fb:43:98:f3:
         d6:05:eb:8e:c5:a8:0c:54:8c:dc:46:8e:71:5a:09:88:a9:38:
         b8:2b:4d:60:b1:df:8c:8b:19:98:25:e8:6e:56:9a:2d:16:a8:
         78:cb:45:74:8b:39:94:83:b3:47:f9:2c:97:22:88:66:cf:28:
         fe:15:87:f4:15:61:6c:bd:c4:1e:ba:bc:18:ae:22:fc:ee:32:
         3b:bd:02:2a:7f:79:d5:7d:94:a3:48:67:34:3b:49:c6:73:31:
         ce:38:2f:d1:b2:a1:13:e7:70:54:5d:c1:a4:33:c3:42:b1:fe:
         47:cf:b9:02:76:a7:ab:ee:e0:a8:99:62:b2:e0:b6:86:ad:06:
         2e:7c:cb:a3
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUEpRdZSuQHysAFwArky5p5JvoqFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0VEQkI3ODQ0NzE0QzU0NUNFRDcyNDEyMEVEMEU1QTM0
RUZCNDVFRTAeFw0yMzA3MzEwMDA0MzNaFw0yNDA3MjkwMDA5MzNaMDMxMTAvBgNV
BAMTKDdCMUI1OTBDNjdFRkRCRDNGNDI0OTNENEFBRDkzNEQwRjg4MjMyRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5lG25t1MXoi6BwqpaT0CriSc3
zzVzc4kRyrCuS74ULOCLCtHedwOoBBiKfCjQPekRjFm3lgfjyYqAMaX0TMQEybLN
6LjmjzWIE+o6Z4zwbpqgPdFMQBhIlkJ4uExKbK+GU/6vt6gz5tNidmmUteY54lob
FVYWpDqxs0VfhW2BRPC+eLFe1gm0LSLIRogekGK9hHyWDE8oxh6IRN2O+azT56xw
HeKtScGBbeGMBSR9bbs+ZPiIUZr+p+XRHupv1wwLnjAmg1NgKD/+E0KANgjr/RPl
gJ3pZVmeqcgaiXJFJ/IN3M3VHNSvOvj0JZ+lfDkiTnGDBsTs+Ch1hZZsWDyvAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUextZDGfv29P0JJPUqtk00PiCMuswHwYDVR0j
BBgwFoAUPtu3hEcUxUXO1yQSDtDlo077Re4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
ZWQ5NTVjOC1lNmQzLTQ5YzItYWJkOC1lMGY5MmMwODEyNDcvMC8zRURCQjc4NDQ3
MTRDNTQ1Q0VENzI0MTIwRUQwRTVBMzRFRkI0NUVFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvM0VEQkI3ODQ0NzE0QzU0NUNFRDcyNDEyMEVEMEU1QTM0RUZC
NDVFRS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzllZDk1NWM4LWU2ZDMtNDljMi1h
YmQ4LWUwZjkyYzA4MTI0Ny8wLzMxMzIzNDJlMzEzNTM4MmUzMTM0MzQyZTMwMmYz
MjMwMmQzMjM0MjAzZDNlMjAzMTM3MzkzOTM1LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEfJ6QMA0GCSqG
SIb3DQEBCwUAA4IBAQCnFwPU4sJB0Qzfx7ganNYWmnjUm1N38Kvy0cNf+MzpImd1
ROvpzqBurvghthvrMM5zwn3fRnSbZRGniL3Arv2ByXOchMD5xp4/hiRm60MRKL/c
Kls2K7MfurQ0BclxppOhJbnO4FJr1tURX4wz8ISHKxXod4BWsE9qKftDmPPWBeuO
xagMVIzcRo5xWgmIqTi4K01gsd+MixmYJehuVpotFqh4y0V0izmUg7NH+SyXIohm
zyj+FYf0FWFsvcQeurwYriL87jI7vQIqf3nVfZSjSGc0O0nGczHOOC/RsqET53BU
XcGkM8NCsf5Hz7kCdqer7uComWKy4LaGrQYufMuj
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:02:29 2024 by rpki-client on console-ams.rpki-client.org