Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/3130332e31342e32312e302f32342d3234203d3e20313331373137.roa
File:                     3130332e31342e32312e302f32342d3234203d3e20313331373137.roa (raw, json)
Hash identifier:          sUf02YGkqf7JhiKPytFZr5fmBjAUFuZ/CyYHJQAW9ss=
Subject key identifier:   19:23:6B:FD:D0:D7:9C:4F:BB:FB:33:47:31:E6:B6:4D:A9:A5:AE:7C
Certificate issuer:       /CN=882209E37356E0512FBE4E81B00E4F2481865087
Certificate serial:       7BCE91219ACA0EA4DB365D5C64B6BDDD5FC48817
Authority key identifier: 88:22:09:E3:73:56:E0:51:2F:BE:4E:81:B0:0E:4F:24:81:86:50:87
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/3130332e31342e32312e302f32342d3234203d3e20313331373137.roa
Signing time:             Mon 31 Jul 2023 00:03:12 +0000
ROA not before:           Sun 30 Jul 2023 23:58:12 +0000
ROA not after:            Mon 29 Jul 2024 00:03:12 +0000
asID:                     131717
IP address blocks:        103.14.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.crl
                          rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:ce:91:21:9a:ca:0e:a4:db:36:5d:5c:64:b6:bd:dd:5f:c4:88:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=882209E37356E0512FBE4E81B00E4F2481865087
        Validity
            Not Before: Jul 30 23:58:12 2023 GMT
            Not After : Jul 29 00:03:12 2024 GMT
        Subject: CN=19236BFDD0D79C4FBBFB334731E6B64DA9A5AE7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:c3:d3:0d:cd:c7:87:c4:38:37:40:38:98:
                    a0:7e:ec:ca:1c:73:6a:0f:84:1a:07:77:cb:8a:5f:
                    e6:32:90:77:74:e5:12:54:a2:db:d1:1c:0a:38:59:
                    33:07:f6:9b:75:c0:16:d3:4e:07:56:61:db:f5:16:
                    c3:64:a2:e7:51:8d:a4:b2:63:62:ef:c8:81:ac:f9:
                    e2:5f:b4:34:e4:81:ab:c4:e9:77:cf:20:d6:6f:dc:
                    f9:f5:ff:ea:25:46:23:84:ca:56:98:88:2f:cd:10:
                    5b:1e:66:29:d6:04:fa:59:ee:64:32:93:f4:7d:67:
                    4e:c5:79:81:0b:62:37:28:63:6d:79:90:2e:27:49:
                    fa:c6:6a:5d:ad:e7:be:6c:91:35:d8:5c:0b:6b:c1:
                    52:0c:9f:19:cc:2e:12:fd:16:0e:02:ee:d3:da:05:
                    38:06:98:9d:79:95:6c:65:17:f9:3e:d8:9e:84:28:
                    8d:d8:db:0f:bb:79:86:07:b2:14:46:51:e5:f7:70:
                    80:4c:57:6c:86:2c:c9:d4:7e:a6:15:13:2b:8c:d4:
                    6d:a0:be:28:d7:9d:41:30:d8:e6:a1:eb:0f:c6:97:
                    ab:64:0a:65:cb:9d:4a:9a:6c:4d:55:a1:dc:08:15:
                    19:39:af:d2:2a:0a:87:fd:4d:6d:57:7a:7e:cb:3e:
                    e9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:23:6B:FD:D0:D7:9C:4F:BB:FB:33:47:31:E6:B6:4D:A9:A5:AE:7C
            X509v3 Authority Key Identifier:
                keyid:88:22:09:E3:73:56:E0:51:2F:BE:4E:81:B0:0E:4F:24:81:86:50:87

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/3130332e31342e32312e302f32342d3234203d3e20313331373137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.14.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:d5:3f:97:ba:d6:51:74:08:e7:3b:3e:1d:fd:55:9c:b1:9d:
         7c:45:6b:7f:42:a4:c2:2c:df:44:92:96:c2:db:e9:43:96:d0:
         67:6f:44:39:87:bc:5b:50:e4:02:ee:b3:17:18:04:ab:b6:82:
         b5:d3:9c:c1:75:3d:70:91:d0:d9:a3:3b:39:ab:14:e5:26:9e:
         70:a6:89:3c:24:20:1b:0e:00:05:32:97:da:f6:b2:2c:48:5c:
         14:46:c6:35:85:22:dd:ac:89:23:6c:f0:36:39:0b:00:05:4f:
         f5:c7:3d:94:98:66:e0:4a:f8:85:68:50:9c:76:3e:16:3e:05:
         24:2f:8b:54:38:6a:35:23:48:60:bc:77:f3:5b:6d:17:56:d7:
         0c:55:2b:11:ff:e9:2b:67:2e:68:34:fe:31:b6:eb:56:e6:2e:
         54:d9:4e:7d:01:44:45:7a:af:c4:7a:d7:84:94:0b:9d:b8:91:
         16:9a:c4:e1:b4:de:e4:59:5d:54:98:da:7d:32:e7:29:84:0f:
         8b:47:d3:fd:3f:78:eb:8c:5f:a6:b3:6d:b4:c1:bc:13:36:1b:
         76:a0:93:f6:b0:4f:7d:20:05:34:49:53:7b:56:9d:8c:d1:d8:
         66:e0:b4:ed:f3:b5:18:9e:95:ad:5a:dc:1e:de:da:f0:1c:db:
         75:a7:1a:7e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUe86RIZrKDqTbNl1cZLa93V/EiBcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODgyMjA5RTM3MzU2RTA1MTJGQkU0RTgxQjAwRTRGMjQ4
MTg2NTA4NzAeFw0yMzA3MzAyMzU4MTJaFw0yNDA3MjkwMDAzMTJaMDMxMTAvBgNV
BAMTKDE5MjM2QkZERDBENzlDNEZCQkZCMzM0NzMxRTZCNjREQTlBNUFFN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1QsPTDc3Hh8Q4N0A4mKB+7Moc
c2oPhBoHd8uKX+YykHd05RJUotvRHAo4WTMH9pt1wBbTTgdWYdv1FsNkoudRjaSy
Y2LvyIGs+eJftDTkgavE6XfPINZv3Pn1/+olRiOEylaYiC/NEFseZinWBPpZ7mQy
k/R9Z07FeYELYjcoY215kC4nSfrGal2t575skTXYXAtrwVIMnxnMLhL9Fg4C7tPa
BTgGmJ15lWxlF/k+2J6EKI3Y2w+7eYYHshRGUeX3cIBMV2yGLMnUfqYVEyuM1G2g
vijXnUEw2Oah6w/Gl6tkCmXLnUqabE1VodwIFRk5r9IqCof9TW1Xen7LPul3AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUGSNr/dDXnE+7+zNHMea2TamlrnwwHwYDVR0j
BBgwFoAUiCIJ43NW4FEvvk6BsA5PJIGGUIcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MDc0NzFhMy1lZTUzLTQ5OWMtOWYyZC1jZjE2YjFlNGEzNTMvMC84ODIyMDlFMzcz
NTZFMDUxMkZCRTRFODFCMDBFNEYyNDgxODY1MDg3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvODgyMjA5RTM3MzU2RTA1MTJGQkU0RTgxQjAwRTRGMjQ4MTg2
NTA4Ny5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QwNzQ3MWEzLWVlNTMtNDk5Yy05
ZjJkLWNmMTZiMWU0YTM1My8wLzMxMzAzMzJlMzEzNDJlMzIzMTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzMTM3MzEzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGcOFTANBgkqhkiG
9w0BAQsFAAOCAQEAstU/l7rWUXQI5zs+Hf1VnLGdfEVrf0KkwizfRJKWwtvpQ5bQ
Z29EOYe8W1DkAu6zFxgEq7aCtdOcwXU9cJHQ2aM7OasU5SaecKaJPCQgGw4ABTKX
2vayLEhcFEbGNYUi3ayJI2zwNjkLAAVP9cc9lJhm4Er4hWhQnHY+Fj4FJC+LVDhq
NSNIYLx381ttF1bXDFUrEf/pK2cuaDT+MbbrVuYuVNlOfQFERXqvxHrXhJQLnbiR
FprE4bTe5FldVJjafTLnKYQPi0fT/T9464xfprNttMG8EzYbdqCT9rBPfSAFNElT
e1adjNHYZuC07fO1GJ6VrVrcHt7a8Bzbdacafg==
-----END CERTIFICATE-----
Generated at Wed Mar 27 18:48:48 2024 by rpki-client on console-fra.rpki-client.org