Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3132332e3235332e3234382e302f32332d3234203d3e20313432333739.roa
File:                     3132332e3235332e3234382e302f32332d3234203d3e20313432333739.roa (raw, json)
Hash identifier:          rd1DlMh/MYO7HpSHAI7Fm6/tPrgqiJvxbgj5UtMH0zE=
Subject key identifier:   8F:3D:39:AB:C5:6D:80:34:EF:5E:5D:CA:C2:4A:0F:F5:7D:BB:89:C0
Certificate issuer:       /CN=25D788BD2A450C01354B9AB70826895FDFF56208
Certificate serial:       282EE73CABF535F36DA24C3362A549A48D8452DA
Authority key identifier: 25:D7:88:BD:2A:45:0C:01:35:4B:9A:B7:08:26:89:5F:DF:F5:62:08
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3132332e3235332e3234382e302f32332d3234203d3e20313432333739.roa
Signing time:             Wed 29 May 2024 05:00:02 +0000
ROA not before:           Wed 29 May 2024 04:55:02 +0000
ROA not after:            Wed 28 May 2025 05:00:02 +0000
asID:                     142379
IP address blocks:        123.253.248.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.crl
                          rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 09:50:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:2e:e7:3c:ab:f5:35:f3:6d:a2:4c:33:62:a5:49:a4:8d:84:52:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25D788BD2A450C01354B9AB70826895FDFF56208
        Validity
            Not Before: May 29 04:55:02 2024 GMT
            Not After : May 28 05:00:02 2025 GMT
        Subject: CN=8F3D39ABC56D8034EF5E5DCAC24A0FF57DBB89C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:f6:02:e8:0f:a8:bd:ad:11:92:a7:1e:bb:08:
                    73:c2:e1:db:4c:14:57:d6:11:04:c6:38:5d:8b:fc:
                    51:f2:87:c8:6d:d2:1f:24:24:56:1a:1b:f3:01:89:
                    34:46:2a:b9:61:ed:56:64:c1:79:f0:76:6a:65:5b:
                    7e:2f:c5:9a:69:6a:35:36:a0:52:a0:30:33:89:f6:
                    69:04:c9:e3:72:29:2c:50:41:1b:44:97:62:c8:d0:
                    a3:b9:93:ec:79:2d:7f:4d:89:63:2c:06:13:4c:8a:
                    2e:00:56:2a:e7:49:36:a4:5f:41:0c:e9:7f:77:f5:
                    3d:15:69:a2:b6:49:4a:1f:89:5d:2d:44:21:15:de:
                    37:88:b0:1d:9d:e0:29:87:f0:76:78:46:fe:93:54:
                    7c:ea:fa:55:37:61:63:a3:11:42:21:ae:92:64:35:
                    6f:ac:86:b9:db:aa:72:4d:b5:31:71:c3:4a:4d:14:
                    0d:a1:49:08:5d:43:d1:22:b3:f8:83:88:0c:1a:90:
                    2f:c1:2c:ed:e5:53:e6:3b:de:aa:15:3a:0d:10:a3:
                    5f:d5:0c:3b:3b:fb:89:01:73:da:e8:c7:0c:fe:05:
                    ec:b9:3b:3b:fe:51:a9:66:50:18:31:75:d3:5e:6f:
                    a5:73:18:08:ce:ba:2b:76:b8:c1:a9:d0:5a:ef:b3:
                    bc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:3D:39:AB:C5:6D:80:34:EF:5E:5D:CA:C2:4A:0F:F5:7D:BB:89:C0
            X509v3 Authority Key Identifier:
                keyid:25:D7:88:BD:2A:45:0C:01:35:4B:9A:B7:08:26:89:5F:DF:F5:62:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/25D788BD2A450C01354B9AB70826895FDFF56208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25D788BD2A450C01354B9AB70826895FDFF56208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/06a7665a-b50b-4a45-a8f9-0d69bd7d743d/0/3132332e3235332e3234382e302f32332d3234203d3e20313432333739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:5f:bb:d8:c8:a3:b8:20:65:4b:99:5d:40:71:0e:d3:98:ca:
         69:37:5f:a0:c7:38:1e:2e:83:28:33:81:23:32:4b:b6:21:93:
         d1:f0:15:34:35:e9:b9:21:37:25:56:84:c7:68:4f:ab:1d:88:
         6b:75:56:93:61:82:0e:e5:70:05:45:a1:54:f6:7d:b1:52:f3:
         29:38:a5:88:c5:8e:84:fc:14:45:93:81:10:26:f8:34:67:fb:
         22:4b:c1:a0:80:4b:1f:3c:f9:6f:ef:0e:e3:c8:92:0f:11:f5:
         b6:81:06:ee:4b:94:ed:77:f9:b5:17:ee:3e:6b:b4:54:14:e6:
         b5:53:ef:b6:b4:03:05:b3:59:c9:5c:b0:04:1a:f5:2d:46:4b:
         75:4d:cb:71:20:e6:d5:76:fc:d8:a6:d2:be:12:52:0f:a2:c1:
         6d:d8:8e:bd:88:8d:12:21:3a:f7:53:59:01:de:a8:12:66:ab:
         a8:4f:a8:fd:de:81:1b:fe:0c:66:db:b8:fa:56:d5:9d:1b:8d:
         e1:17:21:18:39:f8:21:06:34:56:e1:ea:f4:85:88:c7:d2:5b:
         ad:b0:c0:e1:94:8b:63:b0:d1:6b:99:c7:aa:a2:96:4e:a2:6d:
         ce:e7:64:2d:eb:64:aa:96:36:38:d1:84:c5:58:b2:1f:d1:41:
         17:ce:be:8b
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUKC7nPKv1NfNtokwzYqVJpI2EUtowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVENzg4QkQyQTQ1MEMwMTM1NEI5QUI3MDgyNjg5NUZE
RkY1NjIwODAeFw0yNDA1MjkwNDU1MDJaFw0yNTA1MjgwNTAwMDJaMDMxMTAvBgNV
BAMTKDhGM0QzOUFCQzU2RDgwMzRFRjVFNURDQUMyNEEwRkY1N0RCQjg5QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDx9gLoD6i9rRGSpx67CHPC4dtM
FFfWEQTGOF2L/FHyh8ht0h8kJFYaG/MBiTRGKrlh7VZkwXnwdmplW34vxZppajU2
oFKgMDOJ9mkEyeNyKSxQQRtEl2LI0KO5k+x5LX9NiWMsBhNMii4AVirnSTakX0EM
6X939T0VaaK2SUofiV0tRCEV3jeIsB2d4CmH8HZ4Rv6TVHzq+lU3YWOjEUIhrpJk
NW+shrnbqnJNtTFxw0pNFA2hSQhdQ9Eis/iDiAwakC/BLO3lU+Y73qoVOg0Qo1/V
DDs7+4kBc9roxwz+Bey5Ozv+UalmUBgxddNeb6VzGAjOuit2uMGp0Frvs7yZAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUjz05q8VtgDTvXl3KwkoP9X27icAwHwYDVR0j
BBgwFoAUJdeIvSpFDAE1S5q3CCaJX9/1YggwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
NmE3NjY1YS1iNTBiLTRhNDUtYThmOS0wZDY5YmQ3ZDc0M2QvMC8yNUQ3ODhCRDJB
NDUwQzAxMzU0QjlBQjcwODI2ODk1RkRGRjU2MjA4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjVENzg4QkQyQTQ1MEMwMTM1NEI5QUI3MDgyNjg5NUZERkY1
NjIwOC5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzA2YTc2NjVhLWI1MGItNGE0NS1h
OGY5LTBkNjliZDdkNzQzZC8wLzMxMzIzMzJlMzIzNTMzMmUzMjM0MzgyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTM0MzIzMzM3Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAF7/fgwDQYJ
KoZIhvcNAQELBQADggEBABpfu9jIo7ggZUuZXUBxDtOYymk3X6DHOB4ugygzgSMy
S7Yhk9HwFTQ16bkhNyVWhMdoT6sdiGt1VpNhgg7lcAVFoVT2fbFS8yk4pYjFjoT8
FEWTgRAm+DRn+yJLwaCASx88+W/vDuPIkg8R9baBBu5LlO13+bUX7j5rtFQU5rVT
77a0AwWzWclcsAQa9S1GS3VNy3Eg5tV2/Nim0r4SUg+iwW3Yjr2IjRIhOvdTWQHe
qBJmq6hPqP3egRv+DGbbuPpW1Z0bjeEXIRg5+CEGNFbh6vSFiMfSW62wwOGUi2Ow
0WuZx6qilk6ibc7nZC3rZKqWNjjRhMVYsh/RQRfOvos=
-----END CERTIFICATE-----
Generated at Sun Jun 16 05:29:49 2024 by rpki-client on console-fra.rpki-client.org