Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3133302e302f32342d3234203d3e203435333036.roa
File:                     3131392e31352e3133302e302f32342d3234203d3e203435333036.roa (raw, json)
Hash identifier:          /tGos7w3O3Cc2rEeSWTt2hXixFy8jLbVfKIMCGGSlCU=
Subject key identifier:   AF:E5:94:58:43:A6:C6:96:04:CD:39:99:6B:89:E4:B5:B8:C2:47:84
Certificate issuer:       /CN=F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A
Certificate serial:       42E9616D65CFDCA358ADF4FFA62DE3C4BA18818D
Authority key identifier: F1:85:3A:1C:5C:1E:CA:FE:10:76:F9:4A:61:FA:77:96:DD:3C:67:1A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3133302e302f32342d3234203d3e203435333036.roa
Signing time:             Sun 16 Jun 2024 05:00:01 +0000
ROA not before:           Sun 16 Jun 2024 04:55:01 +0000
ROA not after:            Sun 15 Jun 2025 05:00:01 +0000
asID:                     45306
IP address blocks:        119.15.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.crl
                          rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 12 Nov 2024 18:46:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:e9:61:6d:65:cf:dc:a3:58:ad:f4:ff:a6:2d:e3:c4:ba:18:81:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A
        Validity
            Not Before: Jun 16 04:55:01 2024 GMT
            Not After : Jun 15 05:00:01 2025 GMT
        Subject: CN=AFE5945843A6C69604CD39996B89E4B5B8C24784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ff:95:f0:80:5d:66:39:72:9d:60:ea:85:0a:
                    84:16:a2:46:05:ba:08:ed:a7:fb:38:70:01:52:6a:
                    f3:90:55:ee:c5:9b:58:0e:33:f0:3f:05:61:49:f5:
                    e6:06:42:aa:97:8d:12:5b:94:e9:ca:88:1e:07:73:
                    f6:12:dc:c9:c0:4e:e7:91:b7:e4:32:7e:3c:a5:fe:
                    78:50:1b:7b:af:05:68:d2:38:6e:69:86:1e:09:9b:
                    14:ea:82:d2:18:7f:6a:5d:8c:54:cd:3b:9e:4f:8b:
                    df:d4:a4:1a:e5:a3:d8:a3:51:20:eb:05:16:55:b6:
                    4a:de:0f:16:17:20:ba:80:9a:66:98:9b:ff:06:63:
                    f0:02:8c:55:c4:b6:49:e3:15:76:35:1f:90:f9:10:
                    4f:a5:70:e9:0b:ac:82:63:27:80:68:09:b7:38:2e:
                    cb:2f:07:2d:b0:5d:c5:7b:e3:f1:5c:5c:f6:80:04:
                    bf:ac:34:18:b9:00:06:be:35:09:3c:91:6b:61:9b:
                    2c:af:0b:4b:4f:42:65:90:79:8c:61:20:9a:d3:9a:
                    db:34:82:32:a3:c7:29:cf:91:c2:87:a0:8b:93:ab:
                    cc:45:5a:0e:36:3e:60:7c:b6:81:0d:48:30:88:b8:
                    2b:a2:62:81:9c:8f:97:b5:0c:fa:a0:0b:ba:78:37:
                    b7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E5:94:58:43:A6:C6:96:04:CD:39:99:6B:89:E4:B5:B8:C2:47:84
            X509v3 Authority Key Identifier:
                keyid:F1:85:3A:1C:5C:1E:CA:FE:10:76:F9:4A:61:FA:77:96:DD:3C:67:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F1853A1C5C1ECAFE1076F94A61FA7796DD3C671A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/29ab60b1-a244-4a78-b31b-feca3d14ed9f/0/3131392e31352e3133302e302f32342d3234203d3e203435333036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.15.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b7:6f:b4:09:ca:2d:40:38:35:42:09:f5:a9:32:f5:62:c2:
         42:96:a6:67:22:1e:f5:25:45:1b:03:a5:5b:e3:87:fa:c1:7c:
         23:5a:7f:f0:ac:ef:c1:17:55:bb:19:ba:7f:c8:b5:4c:69:60:
         f4:04:ab:82:97:e7:f8:23:b1:0c:e4:a1:c6:ec:eb:89:eb:fe:
         e1:d9:d7:60:07:71:35:c1:01:32:89:fc:52:23:6e:b0:37:a3:
         28:55:2a:af:9e:2e:73:d1:ee:a5:85:d0:38:a3:5a:62:b6:71:
         a0:5c:52:d8:e0:19:87:d8:23:d8:68:53:f6:4d:9f:91:d2:a2:
         66:b1:a2:80:f2:01:c6:41:d7:97:bd:e8:51:37:59:1f:bf:bd:
         84:85:db:cc:e0:cc:4d:2a:a5:87:57:e2:b0:10:89:92:f0:7b:
         c8:15:e5:18:b1:1d:b6:fe:4f:9b:e7:13:33:ef:47:46:42:61:
         2b:4b:e8:34:67:f7:36:b6:25:05:0d:9a:d2:c3:88:8e:ba:3b:
         1a:76:15:6c:8d:06:de:36:c4:0a:6b:79:86:2f:5b:61:7f:1f:
         71:01:d2:dc:9c:41:38:95:fa:07:50:cf:5f:4e:8e:ba:ff:ec:
         cc:9e:40:3f:98:e7:14:73:1b:c5:46:89:59:64:d2:66:39:c1:
         75:7f:1b:bd
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUQulhbWXP3KNYrfT/pi3jxLoYgY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjE4NTNBMUM1QzFFQ0FGRTEwNzZGOTRBNjFGQTc3OTZE
RDNDNjcxQTAeFw0yNDA2MTYwNDU1MDFaFw0yNTA2MTUwNTAwMDFaMDMxMTAvBgNV
BAMTKEFGRTU5NDU4NDNBNkM2OTYwNENEMzk5OTZCODlFNEI1QjhDMjQ3ODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn/5XwgF1mOXKdYOqFCoQWokYF
ugjtp/s4cAFSavOQVe7Fm1gOM/A/BWFJ9eYGQqqXjRJblOnKiB4Hc/YS3MnATueR
t+Qyfjyl/nhQG3uvBWjSOG5phh4JmxTqgtIYf2pdjFTNO55Pi9/UpBrlo9ijUSDr
BRZVtkreDxYXILqAmmaYm/8GY/ACjFXEtknjFXY1H5D5EE+lcOkLrIJjJ4BoCbc4
LssvBy2wXcV74/FcXPaABL+sNBi5AAa+NQk8kWthmyyvC0tPQmWQeYxhIJrTmts0
gjKjxynPkcKHoIuTq8xFWg42PmB8toENSDCIuCuiYoGcj5e1DPqgC7p4N7d7AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUr+WUWEOmxpYEzTmZa4nktbjCR4QwHwYDVR0j
BBgwFoAU8YU6HFweyv4QdvlKYfp3lt08ZxowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
OWFiNjBiMS1hMjQ0LTRhNzgtYjMxYi1mZWNhM2QxNGVkOWYvMC9GMTg1M0ExQzVD
MUVDQUZFMTA3NkY5NEE2MUZBNzc5NkREM0M2NzFBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRjE4NTNBMUM1QzFFQ0FGRTEwNzZGOTRBNjFGQTc3OTZERDND
NjcxQS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzI5YWI2MGIxLWEyNDQtNGE3OC1i
MzFiLWZlY2EzZDE0ZWQ5Zi8wLzMxMzEzOTJlMzEzNTJlMzEzMzMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzNTMzMzAzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHcPgjANBgkqhkiG
9w0BAQsFAAOCAQEAo7dvtAnKLUA4NUIJ9aky9WLCQpamZyIe9SVFGwOlW+OH+sF8
I1p/8KzvwRdVuxm6f8i1TGlg9ASrgpfn+COxDOShxuzriev+4dnXYAdxNcEBMon8
UiNusDejKFUqr54uc9HupYXQOKNaYrZxoFxS2OAZh9gj2GhT9k2fkdKiZrGigPIB
xkHXl73oUTdZH7+9hIXbzODMTSqlh1fisBCJkvB7yBXlGLEdtv5Pm+cTM+9HRkJh
K0voNGf3NrYlBQ2a0sOIjro7GnYVbI0G3jbECmt5hi9bYX8fcQHS3JxBOJX6B1DP
X06Ouv/szJ5AP5jnFHMbxUaJWWTSZjnBdX8bvQ==
-----END CERTIFICATE-----
Generated at Sat Nov 9 16:25:32 2024 by rpki-client on console-ams.rpki-client.org