Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/3130332e3132302e3230342e302f32342d3234203d3e2038313030.roa
File:                     3130332e3132302e3230342e302f32342d3234203d3e2038313030.roa (raw, json)
Hash identifier:          7OyC9qSfvSSH08yl+vhmSgsgEo1qkHTXqS06syoluy8=
Subject key identifier:   35:A9:BF:A8:1A:27:22:2A:A6:20:4C:2A:E7:7F:AD:F6:96:1C:A0:B6
Certificate issuer:       /CN=60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE
Certificate serial:       338C63BF2E16A292EA38CC2827CC2C468115732F
Authority key identifier: 60:EB:C7:6B:67:AB:68:E5:A9:85:28:7D:E1:EB:DB:DB:28:96:E6:DE
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/3130332e3132302e3230342e302f32342d3234203d3e2038313030.roa
Signing time:             Sat 02 Dec 2023 07:00:02 +0000
ROA not before:           Sat 02 Dec 2023 06:55:02 +0000
ROA not after:            Sat 30 Nov 2024 07:00:02 +0000
asID:                     8100
IP address blocks:        103.120.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.crl
                          rsync://repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 16:28:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:8c:63:bf:2e:16:a2:92:ea:38:cc:28:27:cc:2c:46:81:15:73:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE
        Validity
            Not Before: Dec  2 06:55:02 2023 GMT
            Not After : Nov 30 07:00:02 2024 GMT
        Subject: CN=35A9BFA81A27222AA6204C2AE77FADF6961CA0B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:23:3e:4a:64:ec:bd:47:4f:99:7b:f8:4b:d6:
                    6b:3a:37:34:b2:4f:3c:39:67:8a:20:82:e2:c7:0d:
                    e4:94:e6:f5:af:e1:ac:51:10:e7:e3:be:1a:de:4f:
                    3a:5b:3f:dc:df:02:ea:8f:b6:46:e7:e4:08:e5:6c:
                    b9:45:a9:27:63:f5:22:ea:d8:2f:95:04:4e:2a:31:
                    c4:02:67:60:4e:39:8d:95:b3:27:ad:99:8f:f1:e6:
                    4f:1c:ab:53:bb:c9:f4:27:5f:e4:56:7d:60:8b:1d:
                    6d:8d:59:0e:c3:f8:91:52:ec:47:9e:1f:80:3a:d8:
                    62:f1:4f:78:57:26:da:f2:c9:8b:d2:c6:25:12:ba:
                    73:29:51:38:7c:2a:df:52:91:f8:f8:28:25:97:87:
                    b9:15:ac:35:81:91:0d:33:24:8f:c8:6f:ae:27:6d:
                    ce:19:f5:95:8a:af:15:40:be:c4:0d:72:96:a8:d9:
                    72:e5:93:cd:91:9a:37:85:68:8d:d5:1d:94:9e:7e:
                    da:26:c4:90:5b:32:32:58:df:d4:1e:13:42:05:16:
                    de:5e:7c:7b:a5:f7:a2:61:cc:10:3f:36:d8:96:d4:
                    49:57:a0:f8:dc:01:37:f0:53:82:94:e7:04:0e:b0:
                    3a:82:20:09:c6:dc:81:f7:f8:9d:3e:f3:9a:15:34:
                    5c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A9:BF:A8:1A:27:22:2A:A6:20:4C:2A:E7:7F:AD:F6:96:1C:A0:B6
            X509v3 Authority Key Identifier:
                keyid:60:EB:C7:6B:67:AB:68:E5:A9:85:28:7D:E1:EB:DB:DB:28:96:E6:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/60EBC76B67AB68E5A985287DE1EBDBDB2896E6DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/140f37c0-380c-4053-b3ba-b32ef035c28f/0/3130332e3132302e3230342e302f32342d3234203d3e2038313030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:81:69:38:d5:cb:f4:4d:e0:d0:6a:07:9a:c3:e7:f6:fd:14:
         37:b7:67:a3:ac:bc:11:10:f7:42:29:23:fd:8a:fd:a8:35:e1:
         da:b3:72:30:f4:0d:0c:fd:05:3f:15:ed:d8:e8:83:31:87:a1:
         51:77:03:b3:e1:a2:fa:f4:7c:60:78:27:22:3a:f7:06:ca:eb:
         b4:5f:1e:96:58:2c:de:cc:d3:f1:25:a3:b6:62:a5:90:ff:32:
         5b:05:d5:92:b4:84:d5:5e:b2:88:44:0b:eb:e1:62:0d:b9:28:
         96:81:5b:27:7f:ba:7a:1d:ce:bc:bb:4e:f3:6c:82:b2:24:1d:
         e5:fc:33:1e:56:20:56:f2:5b:aa:b1:ce:be:13:c9:6f:b7:4e:
         ad:aa:13:70:2a:30:24:20:25:1c:85:a3:e4:99:6d:01:29:ff:
         a4:fa:83:fb:8f:12:2c:07:21:d2:90:b9:48:ce:7e:b5:d0:ce:
         99:82:82:50:32:76:b6:7e:3e:da:78:4f:d8:96:90:e8:3f:2f:
         c1:33:d0:8f:25:4c:b9:fc:78:dd:34:94:55:47:7b:ea:71:6c:
         43:17:7a:38:a2:bc:dc:37:fa:ab:43:b9:1c:d1:fc:e0:92:98:
         38:9d:89:72:e3:80:7f:c4:78:9b:d3:8e:87:b4:bf:cd:90:c6:
         83:31:7c:84
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUM4xjvy4WopLqOMwoJ8wsRoEVcy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjBFQkM3NkI2N0FCNjhFNUE5ODUyODdERTFFQkRCREIy
ODk2RTZERTAeFw0yMzEyMDIwNjU1MDJaFw0yNDExMzAwNzAwMDJaMDMxMTAvBgNV
BAMTKDM1QTlCRkE4MUEyNzIyMkFBNjIwNEMyQUU3N0ZBREY2OTYxQ0EwQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkIz5KZOy9R0+Ze/hL1ms6NzSy
Tzw5Z4ogguLHDeSU5vWv4axREOfjvhreTzpbP9zfAuqPtkbn5AjlbLlFqSdj9SLq
2C+VBE4qMcQCZ2BOOY2VsyetmY/x5k8cq1O7yfQnX+RWfWCLHW2NWQ7D+JFS7Eee
H4A62GLxT3hXJtryyYvSxiUSunMpUTh8Kt9Skfj4KCWXh7kVrDWBkQ0zJI/Ib64n
bc4Z9ZWKrxVAvsQNcpao2XLlk82RmjeFaI3VHZSeftomxJBbMjJY39QeE0IFFt5e
fHul96JhzBA/NtiW1ElXoPjcATfwU4KU5wQOsDqCIAnG3IH3+J0+85oVNFzfAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUNam/qBonIiqmIEwq53+t9pYcoLYwHwYDVR0j
BBgwFoAUYOvHa2eraOWphSh94evb2yiW5t4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
NDBmMzdjMC0zODBjLTQwNTMtYjNiYS1iMzJlZjAzNWMyOGYvMC82MEVCQzc2QjY3
QUI2OEU1QTk4NTI4N0RFMUVCREJEQjI4OTZFNkRFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjBFQkM3NkI2N0FCNjhFNUE5ODUyODdERTFFQkRCREIyODk2
RTZERS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE0MGYzN2MwLTM4MGMtNDA1My1i
M2JhLWIzMmVmMDM1YzI4Zi8wLzMxMzAzMzJlMzEzMjMwMmUzMjMwMzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzODMxMzAzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGd4zDANBgkqhkiG
9w0BAQsFAAOCAQEAIoFpONXL9E3g0GoHmsPn9v0UN7dno6y8ERD3Qikj/Yr9qDXh
2rNyMPQNDP0FPxXt2OiDMYehUXcDs+Gi+vR8YHgnIjr3BsrrtF8ellgs3szT8SWj
tmKlkP8yWwXVkrSE1V6yiEQL6+FiDbkoloFbJ3+6eh3OvLtO82yCsiQd5fwzHlYg
VvJbqrHOvhPJb7dOraoTcCowJCAlHIWj5JltASn/pPqD+48SLAch0pC5SM5+tdDO
mYKCUDJ2tn4+2nhP2JaQ6D8vwTPQjyVMufx43TSUVUd76nFsQxd6OKK83Df6q0O5
HNH84JKYOJ2JcuOAf8R4m9OOh7S/zZDGgzF8hA==
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:52:59 2024 by rpki-client on console-ams.rpki-client.org