Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/3130332e3134332e3234342e302f32342d3234203d3e20313332363337.roa
File:                     3130332e3134332e3234342e302f32342d3234203d3e20313332363337.roa (raw, json)
Hash identifier:          JfqqGzY/i3PLYNU0r1PisXsB/ZXCU8RctXrm8Aws5Z4=
Subject key identifier:   C4:63:B7:38:52:D7:7D:B2:55:01:B5:6C:4C:61:67:8A:05:36:DB:A2
Certificate issuer:       /CN=9EA3AB422D824FDD9A25622F84924203216B1ED1
Certificate serial:       74F1D65D8C2A679106BC700602065EEAD3E44561
Authority key identifier: 9E:A3:AB:42:2D:82:4F:DD:9A:25:62:2F:84:92:42:03:21:6B:1E:D1
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EA3AB422D824FDD9A25622F84924203216B1ED1.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/3130332e3134332e3234342e302f32342d3234203d3e20313332363337.roa
Signing time:             Mon 31 Jul 2023 00:06:29 +0000
ROA not before:           Mon 31 Jul 2023 00:01:29 +0000
ROA not after:            Mon 29 Jul 2024 00:06:29 +0000
asID:                     132637
IP address blocks:        103.143.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/9EA3AB422D824FDD9A25622F84924203216B1ED1.crl
                          rsync://repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/9EA3AB422D824FDD9A25622F84924203216B1ED1.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EA3AB422D824FDD9A25622F84924203216B1ED1.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:f1:d6:5d:8c:2a:67:91:06:bc:70:06:02:06:5e:ea:d3:e4:45:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9EA3AB422D824FDD9A25622F84924203216B1ED1
        Validity
            Not Before: Jul 31 00:01:29 2023 GMT
            Not After : Jul 29 00:06:29 2024 GMT
        Subject: CN=C463B73852D77DB25501B56C4C61678A0536DBA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bb:6a:78:6b:07:72:ba:d0:e8:a9:e2:dd:65:
                    65:c7:4e:de:83:88:63:54:f2:5d:ef:8f:84:dd:81:
                    ea:89:f3:3d:18:7d:ea:83:52:65:ed:fe:2b:cf:d3:
                    f3:a3:f8:3a:f7:63:d9:ae:ea:83:36:9d:26:c7:dc:
                    c2:d3:28:f3:f9:53:28:e1:f1:a3:f7:cd:ad:97:0f:
                    19:ab:d1:90:fd:e5:25:69:c8:59:80:79:a2:33:7c:
                    03:09:40:02:32:1e:9b:5b:d1:46:88:42:fb:73:15:
                    50:20:54:fd:6f:54:fb:4f:8c:c5:fc:18:7d:ff:94:
                    df:d1:41:1c:84:3c:02:df:86:a5:4f:af:d8:9f:13:
                    10:49:b3:17:49:3a:73:3c:66:9a:7e:84:2e:1e:4a:
                    38:d9:43:73:ab:ce:09:b1:58:1e:b9:f1:c8:46:07:
                    a6:dd:9a:3c:4e:0b:c4:68:5f:fa:f6:6e:61:a4:10:
                    6f:da:77:28:4a:b3:3a:97:df:e1:fc:fe:c0:24:13:
                    89:62:9c:f2:48:74:c8:aa:58:36:90:0e:99:1d:e9:
                    ab:a0:d3:7e:8a:52:e6:2d:5b:81:3a:92:33:12:e1:
                    13:c1:d3:e7:10:3a:fb:83:1d:1c:b8:f3:11:a9:ee:
                    bc:ce:6d:5d:c0:47:d1:39:8b:52:b8:10:9c:97:b0:
                    ea:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:63:B7:38:52:D7:7D:B2:55:01:B5:6C:4C:61:67:8A:05:36:DB:A2
            X509v3 Authority Key Identifier:
                keyid:9E:A3:AB:42:2D:82:4F:DD:9A:25:62:2F:84:92:42:03:21:6B:1E:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/9EA3AB422D824FDD9A25622F84924203216B1ED1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EA3AB422D824FDD9A25622F84924203216B1ED1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/cf6d5582-9a63-41e5-8969-db919277a5e5/0/3130332e3134332e3234342e302f32342d3234203d3e20313332363337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.143.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a6:d5:a1:11:2f:22:6c:ce:28:e4:fa:b2:c5:3e:4f:4d:1d:
         22:9e:61:d0:28:37:7e:95:75:42:af:19:1c:4b:25:2f:ad:01:
         f4:c5:25:b4:9d:da:dc:6d:64:98:ba:be:ff:81:1c:cc:cb:e7:
         ea:97:79:90:b7:ae:51:02:32:c8:95:d3:68:94:ff:46:a6:c3:
         18:38:7b:fe:f6:22:f1:2d:93:d2:7f:0d:0a:05:ad:46:78:43:
         f4:69:be:39:4a:20:2e:20:37:7d:69:0f:74:77:d7:55:bf:27:
         03:5f:84:d2:0e:91:5c:c6:a9:ac:5f:d3:19:99:f1:9c:9d:05:
         c4:1b:6d:ce:fc:55:b7:f9:e2:02:00:49:92:7b:16:9a:79:99:
         bf:2a:36:70:fb:59:5a:2b:f6:f8:d6:28:bd:6a:29:62:28:b8:
         6c:55:fc:98:70:eb:ae:b1:45:7b:7e:26:72:60:43:d4:ef:d4:
         84:32:ff:e5:0f:e7:c3:63:49:3c:3d:9e:31:de:b6:c1:a9:26:
         44:54:96:d1:d4:71:f8:4d:16:fc:64:0e:82:2d:89:73:85:a1:
         85:98:29:b1:35:fa:81:3b:bf:6c:a2:db:83:db:fb:26:83:f2:
         47:e8:f5:ab:2f:cb:8e:b2:ac:c5:9a:1c:8e:98:64:3b:e1:8d:
         21:32:ea:54
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUdPHWXYwqZ5EGvHAGAgZe6tPkRWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUVBM0FCNDIyRDgyNEZERDlBMjU2MjJGODQ5MjQyMDMy
MTZCMUVEMTAeFw0yMzA3MzEwMDAxMjlaFw0yNDA3MjkwMDA2MjlaMDMxMTAvBgNV
BAMTKEM0NjNCNzM4NTJENzdEQjI1NTAxQjU2QzRDNjE2NzhBMDUzNkRCQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPu2p4awdyutDoqeLdZWXHTt6D
iGNU8l3vj4TdgeqJ8z0YfeqDUmXt/ivP0/Oj+Dr3Y9mu6oM2nSbH3MLTKPP5Uyjh
8aP3za2XDxmr0ZD95SVpyFmAeaIzfAMJQAIyHptb0UaIQvtzFVAgVP1vVPtPjMX8
GH3/lN/RQRyEPALfhqVPr9ifExBJsxdJOnM8Zpp+hC4eSjjZQ3OrzgmxWB658chG
B6bdmjxOC8RoX/r2bmGkEG/adyhKszqX3+H8/sAkE4linPJIdMiqWDaQDpkd6aug
036KUuYtW4E6kjMS4RPB0+cQOvuDHRy48xGp7rzObV3AR9E5i1K4EJyXsOqzAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUxGO3OFLXfbJVAbVsTGFnigU226IwHwYDVR0j
BBgwFoAUnqOrQi2CT92aJWIvhJJCAyFrHtEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
ZjZkNTU4Mi05YTYzLTQxZTUtODk2OS1kYjkxOTI3N2E1ZTUvMC85RUEzQUI0MjJE
ODI0RkREOUEyNTYyMkY4NDkyNDIwMzIxNkIxRUQxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUVBM0FCNDIyRDgyNEZERDlBMjU2MjJGODQ5MjQyMDMyMTZC
MUVEMS5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2NmNmQ1NTgyLTlhNjMtNDFlNS04
OTY5LWRiOTE5Mjc3YTVlNS8wLzMxMzAzMzJlMzEzNDMzMmUzMjM0MzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMTMzMzIzNjMzMzcucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnj/QwDQYJ
KoZIhvcNAQELBQADggEBADym1aERLyJszijk+rLFPk9NHSKeYdAoN36VdUKvGRxL
JS+tAfTFJbSd2txtZJi6vv+BHMzL5+qXeZC3rlECMsiV02iU/0amwxg4e/72IvEt
k9J/DQoFrUZ4Q/RpvjlKIC4gN31pD3R311W/JwNfhNIOkVzGqaxf0xmZ8ZydBcQb
bc78Vbf54gIASZJ7Fpp5mb8qNnD7WVor9vjWKL1qKWIouGxV/Jhw666xRXt+JnJg
Q9Tv1IQy/+UP58NjSTw9njHetsGpJkRUltHUcfhNFvxkDoItiXOFoYWYKbE1+oE7
v2yi24Pb+yaD8kfo9asvy46yrMWaHI6YZDvhjSEy6lQ=
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:52:59 2024 by rpki-client on console-ams.rpki-client.org