Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/34352e3131382e3131322e302f32322d3232203d3e20313331373137.roa
File:                     34352e3131382e3131322e302f32322d3232203d3e20313331373137.roa (raw, json)
Hash identifier:          BZPcNISQ1cIDmQmFdtu6Zj2xrAQnYVfbuYA9ztkFEHo=
Subject key identifier:   8D:22:BA:E9:E3:F5:BB:95:0A:6B:54:11:1F:12:AF:0D:B9:4B:95:0D
Certificate issuer:       /CN=882209E37356E0512FBE4E81B00E4F2481865087
Certificate serial:       3A479622D2548BBD6619DA97F1EBB9B0F423805B
Authority key identifier: 88:22:09:E3:73:56:E0:51:2F:BE:4E:81:B0:0E:4F:24:81:86:50:87
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/34352e3131382e3131322e302f32322d3232203d3e20313331373137.roa
Signing time:             Mon 31 Jul 2023 00:03:13 +0000
ROA not before:           Sun 30 Jul 2023 23:58:13 +0000
ROA not after:            Mon 29 Jul 2024 00:03:13 +0000
asID:                     131717
IP address blocks:        45.118.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.crl
                          rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:47:96:22:d2:54:8b:bd:66:19:da:97:f1:eb:b9:b0:f4:23:80:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=882209E37356E0512FBE4E81B00E4F2481865087
        Validity
            Not Before: Jul 30 23:58:13 2023 GMT
            Not After : Jul 29 00:03:13 2024 GMT
        Subject: CN=8D22BAE9E3F5BB950A6B54111F12AF0DB94B950D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:07:9a:22:cd:80:14:96:ab:e3:66:0a:86:6f:
                    97:ea:54:9f:ee:1a:5b:3f:1a:2d:8b:31:42:6b:ea:
                    47:5d:5f:e2:0f:8b:ed:7f:3e:7b:bf:93:a4:ae:83:
                    36:fe:02:21:e6:1e:95:85:87:52:3b:64:1b:77:87:
                    9d:48:68:90:b8:28:e1:7d:ef:c2:a8:f5:c9:8f:47:
                    1b:26:82:29:72:37:62:c9:07:68:b2:2c:42:65:12:
                    59:4e:35:ce:17:7d:1c:82:ec:b9:dc:b2:25:01:f7:
                    d5:df:71:06:a8:aa:98:55:60:db:9a:77:35:3d:4f:
                    4e:03:20:0d:b8:40:c7:d3:17:3a:28:fc:32:83:1d:
                    7c:2c:46:38:e3:db:61:b3:c7:55:f8:d4:16:d9:8a:
                    ee:de:78:44:11:37:cb:86:c8:f6:88:d6:bd:0c:de:
                    6d:91:18:58:83:93:8b:50:da:c7:36:2c:ad:ea:ab:
                    37:94:a5:50:e7:51:1e:ba:57:7c:ef:71:a4:5a:a6:
                    a2:85:92:f9:c4:a8:0a:0e:1b:45:ac:79:c4:2c:54:
                    1f:6d:8b:64:33:e5:8f:df:ca:4d:c9:04:b5:be:6c:
                    3e:48:ec:db:d7:57:ed:27:24:ea:9d:0f:37:93:e8:
                    97:16:2a:23:38:fc:48:60:4a:ba:e4:8d:22:e1:cd:
                    4f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:22:BA:E9:E3:F5:BB:95:0A:6B:54:11:1F:12:AF:0D:B9:4B:95:0D
            X509v3 Authority Key Identifier:
                keyid:88:22:09:E3:73:56:E0:51:2F:BE:4E:81:B0:0E:4F:24:81:86:50:87

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/882209E37356E0512FBE4E81B00E4F2481865087.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/882209E37356E0512FBE4E81B00E4F2481865087.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d07471a3-ee53-499c-9f2d-cf16b1e4a353/0/34352e3131382e3131322e302f32322d3232203d3e20313331373137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.118.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:ac:97:38:94:86:0d:09:0c:af:bb:e5:eb:51:0c:64:42:f5:
         a7:e5:10:d8:dc:2a:45:f0:66:02:9b:f8:37:c3:9b:31:95:98:
         9f:30:ab:46:43:54:0d:21:63:89:b5:59:89:7f:35:7a:f1:7e:
         ee:82:e8:15:ef:6e:78:c6:d6:e8:1c:ba:62:c8:7e:1b:04:2a:
         3d:95:35:1c:6a:ce:16:bf:84:c3:f1:34:3d:49:8c:96:1e:00:
         27:a5:61:41:26:c1:d0:b0:4d:a7:6a:46:17:58:91:6c:5c:e5:
         45:cf:6a:df:ee:a5:3c:3a:4e:ae:22:57:17:dc:8f:37:5d:8c:
         6b:5b:b2:a4:a6:e9:80:77:4a:b7:03:18:7f:e7:b8:12:85:e6:
         ac:14:0d:f5:14:f4:18:08:73:52:94:a1:41:8a:7b:df:6a:3f:
         5d:76:8b:26:ee:3d:14:ce:97:b1:4d:54:10:39:e0:83:93:28:
         7d:af:95:86:59:e3:5f:db:8b:35:e8:dd:d3:9b:57:b3:06:9e:
         fe:fd:dd:61:8c:ae:ca:48:95:ea:01:f3:d1:5c:9b:3c:f9:16:
         d6:30:10:58:31:29:9d:72:f2:05:c9:30:d6:48:1f:e1:d4:41:
         7c:92:ed:4d:71:31:00:e2:94:d5:44:f9:db:84:eb:5c:e1:79:
         2d:56:59:6f
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUOkeWItJUi71mGdqX8eu5sPQjgFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODgyMjA5RTM3MzU2RTA1MTJGQkU0RTgxQjAwRTRGMjQ4
MTg2NTA4NzAeFw0yMzA3MzAyMzU4MTNaFw0yNDA3MjkwMDAzMTNaMDMxMTAvBgNV
BAMTKDhEMjJCQUU5RTNGNUJCOTUwQTZCNTQxMTFGMTJBRjBEQjk0Qjk1MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaB5oizYAUlqvjZgqGb5fqVJ/u
Gls/Gi2LMUJr6kddX+IPi+1/Pnu/k6Sugzb+AiHmHpWFh1I7ZBt3h51IaJC4KOF9
78Ko9cmPRxsmgilyN2LJB2iyLEJlEllONc4XfRyC7LncsiUB99XfcQaoqphVYNua
dzU9T04DIA24QMfTFzoo/DKDHXwsRjjj22Gzx1X41BbZiu7eeEQRN8uGyPaI1r0M
3m2RGFiDk4tQ2sc2LK3qqzeUpVDnUR66V3zvcaRapqKFkvnEqAoOG0WsecQsVB9t
i2Qz5Y/fyk3JBLW+bD5I7NvXV+0nJOqdDzeT6JcWKiM4/EhgSrrkjSLhzU9fAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUjSK66eP1u5UKa1QRHxKvDblLlQ0wHwYDVR0j
BBgwFoAUiCIJ43NW4FEvvk6BsA5PJIGGUIcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MDc0NzFhMy1lZTUzLTQ5OWMtOWYyZC1jZjE2YjFlNGEzNTMvMC84ODIyMDlFMzcz
NTZFMDUxMkZCRTRFODFCMDBFNEYyNDgxODY1MDg3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvODgyMjA5RTM3MzU2RTA1MTJGQkU0RTgxQjAwRTRGMjQ4MTg2
NTA4Ny5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QwNzQ3MWEzLWVlNTMtNDk5Yy05
ZjJkLWNmMTZiMWU0YTM1My8wLzM0MzUyZTMxMzEzODJlMzEzMTMyMmUzMDJmMzIz
MjJkMzIzMjIwM2QzZTIwMzEzMzMxMzczMTM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLXZwMA0GCSqG
SIb3DQEBCwUAA4IBAQBfrJc4lIYNCQyvu+XrUQxkQvWn5RDY3CpF8GYCm/g3w5sx
lZifMKtGQ1QNIWOJtVmJfzV68X7ugugV7254xtboHLpiyH4bBCo9lTUcas4Wv4TD
8TQ9SYyWHgAnpWFBJsHQsE2nakYXWJFsXOVFz2rf7qU8Ok6uIlcX3I83XYxrW7Kk
pumAd0q3Axh/57gSheasFA31FPQYCHNSlKFBinvfaj9ddosm7j0UzpexTVQQOeCD
kyh9r5WGWeNf24s16N3Tm1ezBp7+/d1hjK7KSJXqAfPRXJs8+RbWMBBYMSmdcvIF
yTDWSB/h1EF8ku1NcTEA4pTVRPnbhOtc4XktVllv
-----END CERTIFICATE-----
Generated at Wed Mar 27 18:21:23 2024 by rpki-client on console-ams.rpki-client.org