Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3132382e302f32342d3234203d3e203435333036.roa
File:                     3131392e31352e3132382e302f32342d3234203d3e203435333036.roa (raw, json)
Hash identifier:          hMpLLtpO0oKLTbRKOkSHJXF1x8epTWtVi5DYgjm9EB0=
Subject key identifier:   B2:FC:04:7C:60:C2:7F:C3:2E:26:DD:67:71:86:26:4B:9E:41:35:25
Certificate issuer:       /CN=F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A
Certificate serial:       226A56ACC0D75FF434EFEE916BBD1E7F4362AA34
Authority key identifier: F1:85:3A:1C:5C:1E:CA:FE:10:76:F9:4A:61:FA:77:96:DD:3C:67:1A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3132382e302f32342d3234203d3e203435333036.roa
Signing time:             Sun 16 Jun 2024 06:00:00 +0000
ROA not before:           Sun 16 Jun 2024 05:55:00 +0000
ROA not after:            Sun 15 Jun 2025 06:00:00 +0000
asID:                     45306
IP address blocks:        119.15.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.crl
                          rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 17 Nov 2024 06:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:6a:56:ac:c0:d7:5f:f4:34:ef:ee:91:6b:bd:1e:7f:43:62:aa:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A
        Validity
            Not Before: Jun 16 05:55:00 2024 GMT
            Not After : Jun 15 06:00:00 2025 GMT
        Subject: CN=B2FC047C60C27FC32E26DD677186264B9E413525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1d:ea:e2:60:d6:fe:0b:db:f4:15:4d:66:ac:
                    a4:77:b4:a0:7d:29:2f:2e:53:c1:c6:1a:79:b3:45:
                    23:10:29:18:ec:3c:15:b9:76:ce:97:c9:d5:b3:ab:
                    28:83:e5:6b:6f:9e:5c:3c:f3:e8:26:9d:49:5f:7f:
                    04:33:ed:4a:7c:1a:3f:c4:4c:53:e7:e7:ae:89:71:
                    5c:20:17:43:53:52:27:19:d9:cd:a7:f5:ac:c7:74:
                    c9:8c:24:ea:0e:f3:4d:4f:cf:51:d6:e3:56:5a:45:
                    c4:b7:dd:20:f6:c4:2b:3f:60:d6:cf:bc:c2:5e:d1:
                    1c:f6:4a:e3:b5:50:8a:ef:73:2e:a6:18:25:c6:91:
                    40:f0:d5:27:63:27:ae:9e:61:c7:21:d9:fd:43:af:
                    d8:c6:48:b6:4d:79:16:03:21:f9:29:fb:46:10:94:
                    8a:2a:d5:c1:37:a5:3b:ee:b5:8b:30:c4:74:04:30:
                    60:3d:b3:86:1a:84:56:a3:33:a0:ae:d0:5a:0f:10:
                    06:4c:19:32:5c:ee:42:4f:29:0d:71:e3:c9:ba:fc:
                    b0:0d:fb:af:9d:4b:2b:19:37:48:29:f6:16:e1:23:
                    fc:9d:04:15:68:de:be:8f:4d:57:4f:39:98:c0:63:
                    6a:58:43:f3:2a:10:40:c9:62:96:bd:9d:8c:3e:70:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:FC:04:7C:60:C2:7F:C3:2E:26:DD:67:71:86:26:4B:9E:41:35:25
            X509v3 Authority Key Identifier:
                keyid:F1:85:3A:1C:5C:1E:CA:FE:10:76:F9:4A:61:FA:77:96:DD:3C:67:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3132382e302f32342d3234203d3e203435333036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.15.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:54:55:c5:d3:83:18:c0:14:d8:e7:91:a4:65:c8:00:9f:1e:
         d8:5c:7c:72:cc:d2:29:dc:63:36:60:0a:b1:54:8b:e4:d2:4b:
         da:69:cc:af:db:b6:ae:ea:13:75:9c:09:2d:40:68:f1:cb:2f:
         7c:0b:7d:ae:d0:56:26:8b:db:77:a2:ad:71:ec:8a:4a:09:e5:
         0b:5a:06:52:97:f1:ae:6c:26:54:36:22:f5:a0:2a:a3:1c:bc:
         e3:aa:0a:98:ba:b7:d9:ff:8b:51:31:0b:98:eb:1c:ad:4b:1e:
         6b:63:e8:6d:2b:3d:3a:b2:d4:ff:8d:31:c9:62:31:43:74:c3:
         ae:45:0b:67:25:c5:21:4c:d2:36:e4:6c:84:d5:8a:25:b1:bb:
         0a:df:39:7e:a4:8c:92:8d:a8:a8:64:5e:ff:f1:2a:e4:eb:b1:
         13:83:69:e7:82:94:b2:cd:c0:ba:fe:76:ce:ba:73:91:66:76:
         cc:d0:92:08:90:9a:04:de:a2:29:02:85:a5:3c:47:8b:af:8f:
         b8:0a:85:69:ac:60:18:f2:9e:1f:bc:a8:88:26:13:0a:97:37:
         43:43:a3:69:78:f5:97:75:f6:87:f3:4f:aa:48:84:ed:c0:0a:
         8e:e4:32:19:8d:cf:52:a2:f3:06:55:a4:e9:da:88:4d:c5:a5:
         1a:96:bb:a7
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUImpWrMDXX/Q07+6Ra70ef0NiqjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjE4NTNBMUM1QzFFQ0FGRTEwNzZGOTRBNjFGQTc3OTZE
RDNDNjcxQTAeFw0yNDA2MTYwNTU1MDBaFw0yNTA2MTUwNjAwMDBaMDMxMTAvBgNV
BAMTKEIyRkMwNDdDNjBDMjdGQzMyRTI2REQ2NzcxODYyNjRCOUU0MTM1MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZHeriYNb+C9v0FU1mrKR3tKB9
KS8uU8HGGnmzRSMQKRjsPBW5ds6XydWzqyiD5Wtvnlw88+gmnUlffwQz7Up8Gj/E
TFPn566JcVwgF0NTUicZ2c2n9azHdMmMJOoO801Pz1HW41ZaRcS33SD2xCs/YNbP
vMJe0Rz2SuO1UIrvcy6mGCXGkUDw1SdjJ66eYcch2f1Dr9jGSLZNeRYDIfkp+0YQ
lIoq1cE3pTvutYswxHQEMGA9s4YahFajM6Cu0FoPEAZMGTJc7kJPKQ1x48m6/LAN
+6+dSysZN0gp9hbhI/ydBBVo3r6PTVdPOZjAY2pYQ/MqEEDJYpa9nYw+cBaPAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUsvwEfGDCf8MuJt1ncYYmS55BNSUwHwYDVR0j
BBgwFoAU8YU6HFweyv4QdvlKYfp3lt08ZxowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
OWFiNjBiMS1hMjQ0LTRhNzgtYjMxYi1mZWNhM2QxNGVkOWYvMC9GMTg1M0ExQzVD
MUVDQUZFMTA3NkY5NEE2MUZBNzc5NkREM0M2NzFBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRjE4NTNBMUM1QzFFQ0FGRTEwNzZGOTRBNjFGQTc3OTZERDND
NjcxQS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzI5YWI2MGIxLWEyNDQtNGE3OC1i
MzFiLWZlY2EzZDE0ZWQ5Zi8wLzMxMzEzOTJlMzEzNTJlMzEzMjM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzNTMzMzAzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHcPgDANBgkqhkiG
9w0BAQsFAAOCAQEAlFRVxdODGMAU2OeRpGXIAJ8e2Fx8cszSKdxjNmAKsVSL5NJL
2mnMr9u2ruoTdZwJLUBo8csvfAt9rtBWJovbd6KtceyKSgnlC1oGUpfxrmwmVDYi
9aAqoxy846oKmLq32f+LUTELmOscrUsea2PobSs9OrLU/40xyWIxQ3TDrkULZyXF
IUzSNuRshNWKJbG7Ct85fqSMko2oqGRe//Eq5OuxE4Np54KUss3Auv52zrpzkWZ2
zNCSCJCaBN6iKQKFpTxHi6+PuAqFaaxgGPKeH7yoiCYTCpc3Q0OjaXj1l3X2h/NP
qkiE7cAKjuQyGY3PUqLzBlWk6dqITcWlGpa7pw==
-----END CERTIFICATE-----
Generated at Thu Nov 14 06:01:09 2024 by rpki-client on console-ams.rpki-client.org