Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/3130332e3233322e3234322e302f32332d3233203d3e203633343937.roa
File:                     3130332e3233322e3234322e302f32332d3233203d3e203633343937.roa (raw, json)
Hash identifier:          TqAaJSXTeepR0ncZUZPgI9FHSgBXciaZzpuvJVZEEJs=
Subject key identifier:   88:E6:17:3B:88:9E:12:39:00:0D:46:3B:7D:86:B2:1B:D2:4A:69:64
Certificate issuer:       /CN=0321984F98230A4F94667E82C0A3DEB1151C5EDB
Certificate serial:       344F7B48088A6FB4151F198C33D0C46092A7F6CB
Authority key identifier: 03:21:98:4F:98:23:0A:4F:94:66:7E:82:C0:A3:DE:B1:15:1C:5E:DB
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0321984F98230A4F94667E82C0A3DEB1151C5EDB.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/3130332e3233322e3234322e302f32332d3233203d3e203633343937.roa
Signing time:             Mon 31 Jul 2023 00:08:09 +0000
ROA not before:           Mon 31 Jul 2023 00:03:09 +0000
ROA not after:            Mon 29 Jul 2024 00:08:09 +0000
asID:                     63497
IP address blocks:        103.232.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/0321984F98230A4F94667E82C0A3DEB1151C5EDB.crl
                          rsync://repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/0321984F98230A4F94667E82C0A3DEB1151C5EDB.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0321984F98230A4F94667E82C0A3DEB1151C5EDB.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4f:7b:48:08:8a:6f:b4:15:1f:19:8c:33:d0:c4:60:92:a7:f6:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0321984F98230A4F94667E82C0A3DEB1151C5EDB
        Validity
            Not Before: Jul 31 00:03:09 2023 GMT
            Not After : Jul 29 00:08:09 2024 GMT
        Subject: CN=88E6173B889E1239000D463B7D86B21BD24A6964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2d:20:4e:9e:8a:76:2c:b1:1b:77:5a:79:cd:
                    f4:c2:d2:5c:a0:a6:f8:bd:23:94:5c:af:a0:a3:17:
                    13:49:d6:fb:bd:a1:48:77:52:bd:19:7e:9d:cb:44:
                    ea:83:5a:31:fb:6b:c2:c3:8c:f3:ab:6a:5e:e4:41:
                    6e:df:c2:17:23:e8:c0:fa:b3:47:13:31:b3:b1:e0:
                    be:80:58:e8:d7:af:06:7a:cf:75:88:d9:73:46:3b:
                    31:e3:b5:fa:b3:d4:25:08:4a:a5:7d:ad:e9:60:a0:
                    b0:69:24:2d:16:cf:1e:de:b2:70:62:ba:6e:ca:cf:
                    a7:ea:27:03:7f:f8:04:c1:dc:74:87:65:ce:0b:22:
                    73:65:de:6e:c3:83:0a:da:8c:ba:7d:d9:6f:3e:78:
                    ea:bb:ae:a4:aa:06:47:0a:00:86:34:b7:7b:8a:0b:
                    a0:7b:a1:30:50:f4:d5:15:b5:c6:cd:32:d6:de:85:
                    dd:ce:41:e0:19:3f:cd:58:1c:72:00:21:13:9f:a2:
                    53:75:da:ca:12:68:79:f7:f9:1a:6a:5c:ce:29:ea:
                    a1:67:82:ce:e8:05:57:38:1c:5d:fe:90:d9:9a:1b:
                    b6:1a:da:67:dc:73:16:b3:13:34:34:4a:32:32:5f:
                    be:70:f7:6c:ee:df:a5:e2:cf:5e:c7:3c:43:90:95:
                    a3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E6:17:3B:88:9E:12:39:00:0D:46:3B:7D:86:B2:1B:D2:4A:69:64
            X509v3 Authority Key Identifier:
                keyid:03:21:98:4F:98:23:0A:4F:94:66:7E:82:C0:A3:DE:B1:15:1C:5E:DB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/0321984F98230A4F94667E82C0A3DEB1151C5EDB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0321984F98230A4F94667E82C0A3DEB1151C5EDB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/a1633b8e-0df9-44ac-9cae-d6f6765a52c9/0/3130332e3233322e3234322e302f32332d3233203d3e203633343937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.232.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:38:2b:c6:c1:ef:e0:46:b5:6e:42:f9:9d:23:a5:4e:22:22:
         eb:43:0d:d2:a5:e3:8b:b1:03:6d:d8:87:73:39:5e:90:cd:b1:
         a5:d0:b1:f6:d7:6b:a0:ab:de:2f:f1:c7:63:7c:9d:65:03:f9:
         1c:48:d7:1d:1e:b9:e3:5f:43:e8:5e:e4:61:e1:94:df:3a:f2:
         52:8d:f4:25:33:59:ac:97:17:60:ee:e3:2f:f0:82:a9:10:92:
         67:27:2b:1b:d3:cb:3c:47:f1:92:9a:33:12:c8:23:c4:fe:f4:
         4c:82:05:b6:e3:09:40:18:6a:ba:d9:4a:4d:6c:ae:96:8b:e2:
         90:c2:f0:90:da:ea:ba:04:e6:e2:b3:4a:d1:e3:07:09:ea:11:
         c6:2f:30:29:38:8a:25:0d:de:be:8b:2a:be:39:37:71:22:cb:
         fd:41:2a:0c:87:36:00:a3:46:f9:18:83:7b:34:a8:bc:68:93:
         70:7f:34:9b:24:fc:79:80:57:0d:11:7e:2f:e9:47:f6:d9:e5:
         90:49:14:78:43:06:39:c1:4a:23:3d:91:b2:23:03:35:ca:8d:
         eb:36:67:8e:0c:fa:4e:37:96:a0:48:25:79:c1:cc:bc:63:94:
         d0:ff:a5:95:85:df:47:13:e5:52:89:3c:7d:72:79:88:24:a4:
         d3:4d:67:62
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUNE97SAiKb7QVHxmMM9DEYJKn9sswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDMyMTk4NEY5ODIzMEE0Rjk0NjY3RTgyQzBBM0RFQjEx
NTFDNUVEQjAeFw0yMzA3MzEwMDAzMDlaFw0yNDA3MjkwMDA4MDlaMDMxMTAvBgNV
BAMTKDg4RTYxNzNCODg5RTEyMzkwMDBENDYzQjdEODZCMjFCRDI0QTY5NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNLSBOnop2LLEbd1p5zfTC0lyg
pvi9I5Rcr6CjFxNJ1vu9oUh3Ur0Zfp3LROqDWjH7a8LDjPOral7kQW7fwhcj6MD6
s0cTMbOx4L6AWOjXrwZ6z3WI2XNGOzHjtfqz1CUISqV9relgoLBpJC0Wzx7esnBi
um7Kz6fqJwN/+ATB3HSHZc4LInNl3m7DgwrajLp92W8+eOq7rqSqBkcKAIY0t3uK
C6B7oTBQ9NUVtcbNMtbehd3OQeAZP81YHHIAIROfolN12soSaHn3+RpqXM4p6qFn
gs7oBVc4HF3+kNmaG7Ya2mfccxazEzQ0SjIyX75w92zu36Xiz17HPEOQlaM5AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUiOYXO4ieEjkADUY7fYayG9JKaWQwHwYDVR0j
BBgwFoAUAyGYT5gjCk+UZn6CwKPesRUcXtswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
MTYzM2I4ZS0wZGY5LTQ0YWMtOWNhZS1kNmY2NzY1YTUyYzkvMC8wMzIxOTg0Rjk4
MjMwQTRGOTQ2NjdFODJDMEEzREVCMTE1MUM1RURCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDMyMTk4NEY5ODIzMEE0Rjk0NjY3RTgyQzBBM0RFQjExNTFD
NUVEQi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2ExNjMzYjhlLTBkZjktNDRhYy05
Y2FlLWQ2ZjY3NjVhNTJjOS8wLzMxMzAzMzJlMzIzMzMyMmUzMjM0MzIyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzNjMzMzQzOTM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ+jyMA0GCSqG
SIb3DQEBCwUAA4IBAQB7OCvGwe/gRrVuQvmdI6VOIiLrQw3SpeOLsQNt2IdzOV6Q
zbGl0LH212ugq94v8cdjfJ1lA/kcSNcdHrnjX0PoXuRh4ZTfOvJSjfQlM1mslxdg
7uMv8IKpEJJnJysb08s8R/GSmjMSyCPE/vRMggW24wlAGGq62UpNbK6Wi+KQwvCQ
2uq6BObis0rR4wcJ6hHGLzApOIolDd6+iyq+OTdxIsv9QSoMhzYAo0b5GIN7NKi8
aJNwfzSbJPx5gFcNEX4v6Uf22eWQSRR4QwY5wUojPZGyIwM1yo3rNmeODPpON5ag
SCV5wcy8Y5TQ/6WVhd9HE+VSiTx9cnmIJKTTTWdi
-----END CERTIFICATE-----
Generated at Wed Mar 27 20:56:59 2024 by rpki-client on console-ams.rpki-client.org