Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3130332e39312e32342e302f32322d3234203d3e20313432333739.roa
File:                     3130332e39312e32342e302f32322d3234203d3e20313432333739.roa (raw, json)
Hash identifier:          LXUvF/9HV9LQjuPpMuWCi7neUUmU+exlVXTngKvHYow=
Subject key identifier:   E4:E8:67:19:D9:DC:E0:F8:08:98:49:AD:29:D0:AB:91:6B:82:A0:8E
Certificate issuer:       /CN=25D788BD2A450C01354B9AB70826895FDFF56208
Certificate serial:       261CFE26E492D230D414736DA65452243E0DFA2B
Authority key identifier: 25:D7:88:BD:2A:45:0C:01:35:4B:9A:B7:08:26:89:5F:DF:F5:62:08
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3130332e39312e32342e302f32322d3234203d3e20313432333739.roa
Signing time:             Wed 29 May 2024 05:00:02 +0000
ROA not before:           Wed 29 May 2024 04:55:02 +0000
ROA not after:            Wed 28 May 2025 05:00:02 +0000
asID:                     142379
IP address blocks:        103.91.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.crl
                          rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 09:50:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:1c:fe:26:e4:92:d2:30:d4:14:73:6d:a6:54:52:24:3e:0d:fa:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25D788BD2A450C01354B9AB70826895FDFF56208
        Validity
            Not Before: May 29 04:55:02 2024 GMT
            Not After : May 28 05:00:02 2025 GMT
        Subject: CN=E4E86719D9DCE0F8089849AD29D0AB916B82A08E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:dc:a2:b5:3c:98:73:94:b7:e1:e4:f2:f5:9a:
                    0e:d6:ce:d7:bc:4a:d5:df:ed:50:54:0a:ed:35:75:
                    d7:c9:ff:b7:02:04:ca:d3:5e:4e:fd:c7:bb:0d:65:
                    8e:69:8b:02:b9:0b:38:ea:be:9a:ee:dc:fa:5a:e3:
                    b2:86:8c:35:04:a7:66:5e:0e:98:2c:f5:33:81:60:
                    dc:8b:d1:e5:51:ac:16:20:3d:9e:d8:70:79:00:f7:
                    bf:fa:df:95:9e:c2:04:0e:e1:6e:85:95:bf:a4:77:
                    76:e2:56:c9:0a:32:39:a9:18:4b:da:7d:ef:a8:21:
                    13:4c:f8:fd:24:cb:2d:df:97:a3:b5:30:03:8c:7c:
                    15:57:b0:ce:02:d5:5b:a4:f8:66:c3:7e:c3:7f:93:
                    cd:4c:84:32:d4:f7:fd:b9:dd:f3:6d:ae:02:32:ca:
                    3b:7e:06:99:d2:f3:3f:35:07:14:e7:31:99:02:28:
                    36:c4:1c:3b:9e:c5:61:7c:5a:df:c6:30:96:26:8c:
                    bb:e7:46:92:96:63:54:1d:3e:c7:64:3b:14:cb:b4:
                    10:71:d3:b9:10:96:b7:00:b8:de:fb:b8:1e:c0:23:
                    31:20:80:2b:25:1c:09:a4:c7:c7:18:27:b1:7a:40:
                    dd:56:57:10:21:62:e1:2f:84:d6:44:aa:66:ba:3f:
                    8c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E8:67:19:D9:DC:E0:F8:08:98:49:AD:29:D0:AB:91:6B:82:A0:8E
            X509v3 Authority Key Identifier:
                keyid:25:D7:88:BD:2A:45:0C:01:35:4B:9A:B7:08:26:89:5F:DF:F5:62:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3130332e39312e32342e302f32322d3234203d3e20313432333739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.91.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:9c:27:0d:18:e9:a1:28:04:c8:ef:da:9d:8e:53:00:4d:4b:
         53:c3:96:b9:ac:b6:f8:53:4c:e9:f2:45:a9:0f:51:dc:4e:a6:
         a9:43:cc:99:a1:0c:f3:ca:3e:c8:2d:8b:1c:0f:37:81:8b:8d:
         4b:48:58:7c:c5:ee:79:0a:75:af:55:95:02:b0:bc:25:f9:73:
         f6:54:cf:84:2c:0d:fd:79:84:c5:81:04:c5:34:e9:9d:9a:cb:
         98:26:5f:3b:26:ab:61:e0:3a:4b:36:d5:a7:5b:89:ad:89:ee:
         f2:e5:d5:89:b9:63:0d:95:22:a5:22:b7:b1:e0:25:42:43:8a:
         f1:f0:e7:43:3f:ae:dc:d2:b6:86:84:46:78:19:f2:87:2a:af:
         5e:23:cc:50:62:89:5d:93:61:f7:3e:1a:2b:0a:03:30:e8:68:
         d8:4e:28:8e:f2:40:9d:6d:e2:fe:cf:ce:b6:9a:c8:5c:47:70:
         49:14:3f:21:70:90:10:85:fc:e5:12:44:ce:fb:5d:e7:9a:6a:
         1e:f8:74:c6:fa:fe:3c:b3:68:bb:09:58:79:72:89:cc:e1:b9:
         d4:0e:ee:3f:76:64:78:e8:ef:d2:a5:3e:77:e7:1f:98:4f:99:
         36:1c:93:35:da:82:2d:68:58:ca:18:11:fd:75:82:47:ed:1c:
         22:c6:16:6f
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUJhz+JuSS0jDUFHNtplRSJD4N+iswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVENzg4QkQyQTQ1MEMwMTM1NEI5QUI3MDgyNjg5NUZE
RkY1NjIwODAeFw0yNDA1MjkwNDU1MDJaFw0yNTA1MjgwNTAwMDJaMDMxMTAvBgNV
BAMTKEU0RTg2NzE5RDlEQ0UwRjgwODk4NDlBRDI5RDBBQjkxNkI4MkEwOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ3KK1PJhzlLfh5PL1mg7Wzte8
StXf7VBUCu01ddfJ/7cCBMrTXk79x7sNZY5piwK5Czjqvpru3Ppa47KGjDUEp2Ze
Dpgs9TOBYNyL0eVRrBYgPZ7YcHkA97/635WewgQO4W6Flb+kd3biVskKMjmpGEva
fe+oIRNM+P0kyy3fl6O1MAOMfBVXsM4C1Vuk+GbDfsN/k81MhDLU9/253fNtrgIy
yjt+BpnS8z81BxTnMZkCKDbEHDuexWF8Wt/GMJYmjLvnRpKWY1QdPsdkOxTLtBBx
07kQlrcAuN77uB7AIzEggCslHAmkx8cYJ7F6QN1WVxAhYuEvhNZEqma6P4x7AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU5OhnGdnc4PgImEmtKdCrkWuCoI4wHwYDVR0j
BBgwFoAUJdeIvSpFDAE1S5q3CCaJX9/1YggwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
NmE3NjY1YS1iNTBiLTRhNDUtYThmOS0wZDY5YmQ3ZDc0M2QvMC8yNUQ3ODhCRDJB
NDUwQzAxMzU0QjlBQjcwODI2ODk1RkRGRjU2MjA4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjVENzg4QkQyQTQ1MEMwMTM1NEI5QUI3MDgyNjg5NUZERkY1
NjIwOC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzA2YTc2NjVhLWI1MGItNGE0NS1h
OGY5LTBkNjliZDdkNzQzZC8wLzMxMzAzMzJlMzkzMTJlMzIzNDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMxMzQzMjMzMzczOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmdbGDANBgkqhkiG
9w0BAQsFAAOCAQEAsZwnDRjpoSgEyO/anY5TAE1LU8OWuay2+FNM6fJFqQ9R3E6m
qUPMmaEM88o+yC2LHA83gYuNS0hYfMXueQp1r1WVArC8Jflz9lTPhCwN/XmExYEE
xTTpnZrLmCZfOyarYeA6SzbVp1uJrYnu8uXVibljDZUipSK3seAlQkOK8fDnQz+u
3NK2hoRGeBnyhyqvXiPMUGKJXZNh9z4aKwoDMOho2E4ojvJAnW3i/s/OtprIXEdw
SRQ/IXCQEIX85RJEzvtd55pqHvh0xvr+PLNouwlYeXKJzOG51A7uP3ZkeOjv0qU+
d+cfmE+ZNhyTNdqCLWhYyhgR/XWCR+0cIsYWbw==
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:27:12 2024 by rpki-client on console-ams.rpki-client.org