Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/3130332e33312e3133342e302f32332d3233203d3e20313331373439.roa
File:                     3130332e33312e3133342e302f32332d3233203d3e20313331373439.roa (raw, json)
Hash identifier:          xaLCqb9BSlOw22qrcy3sXp6sp0UG31m5gaLC+F0ihjc=
Subject key identifier:   D4:C4:4B:F4:54:DD:FE:C0:86:EC:33:93:16:15:44:1C:72:C6:81:DB
Certificate issuer:       /CN=10FE35B040E8A3D05E5BE9BEE4F0A636952246FF
Certificate serial:       2F6F36D5AAE87A36A0867455F6CE00530CDF12FD
Authority key identifier: 10:FE:35:B0:40:E8:A3:D0:5E:5B:E9:BE:E4:F0:A6:36:95:22:46:FF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/3130332e33312e3133342e302f32332d3233203d3e20313331373439.roa
Signing time:             Mon 01 Jul 2024 01:02:33 +0000
ROA not before:           Mon 01 Jul 2024 00:57:33 +0000
ROA not after:            Mon 30 Jun 2025 01:02:33 +0000
asID:                     131749
IP address blocks:        103.31.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.crl
                          rsync://repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 05:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:6f:36:d5:aa:e8:7a:36:a0:86:74:55:f6:ce:00:53:0c:df:12:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10FE35B040E8A3D05E5BE9BEE4F0A636952246FF
        Validity
            Not Before: Jul  1 00:57:33 2024 GMT
            Not After : Jun 30 01:02:33 2025 GMT
        Subject: CN=D4C44BF454DDFEC086EC33931615441C72C681DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:0d:9f:71:2d:36:5d:7c:14:16:87:18:b3:93:
                    62:a0:e7:4a:62:fb:b0:83:61:14:f2:eb:78:13:ea:
                    70:be:53:8c:0d:21:d0:43:bc:e3:86:03:24:11:7b:
                    f1:cb:a2:c9:e6:40:a4:0a:66:27:74:a8:8b:9e:70:
                    2c:63:53:93:2e:88:cc:51:39:32:47:cb:e8:d1:56:
                    04:42:c6:06:d8:92:d0:52:d0:f7:4b:ee:b7:1b:eb:
                    cf:a6:c9:07:70:8f:ca:3c:40:45:89:34:ae:db:40:
                    93:ee:47:d1:8c:f3:b0:b8:6f:ef:fa:d1:c3:95:e2:
                    42:28:21:2a:4b:a2:1b:93:a1:09:ab:26:de:47:21:
                    06:5c:e3:76:c0:07:f1:65:2e:3b:97:60:4d:63:36:
                    5b:ba:18:39:8f:b8:f2:f1:20:87:e6:31:26:22:e6:
                    93:23:44:b3:ab:ed:92:d9:8f:8f:49:1a:ea:08:ea:
                    d7:36:da:15:2d:7b:f1:66:6c:9d:0c:5f:38:43:4a:
                    92:4d:1e:83:0d:49:a0:ac:08:ff:9d:25:4d:57:a3:
                    a7:45:8c:d5:e4:6a:35:1e:c8:8d:cd:4a:cb:cd:e2:
                    47:ec:e8:1d:2b:89:4a:89:29:fe:0a:92:1c:fa:19:
                    ce:b6:33:f2:5b:17:83:87:6f:45:17:6f:d2:10:5e:
                    78:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C4:4B:F4:54:DD:FE:C0:86:EC:33:93:16:15:44:1C:72:C6:81:DB
            X509v3 Authority Key Identifier:
                keyid:10:FE:35:B0:40:E8:A3:D0:5E:5B:E9:BE:E4:F0:A6:36:95:22:46:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10FE35B040E8A3D05E5BE9BEE4F0A636952246FF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/300f4f37-c7fb-47d0-8a85-ecfd12b915f5/0/3130332e33312e3133342e302f32332d3233203d3e20313331373439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:5c:2b:cc:c9:b2:6b:02:62:b2:aa:56:0b:c9:35:24:9e:1d:
         82:25:e2:57:21:ba:1b:fe:61:d3:eb:b3:cb:51:ad:79:3e:34:
         c0:4d:28:95:3b:1c:b9:33:be:a3:84:05:db:d1:14:fc:05:a3:
         88:0a:5d:c9:ef:5d:d0:47:01:90:71:6c:c1:0e:66:bd:b7:7d:
         2c:9b:ec:a1:c7:da:15:c7:ad:e0:74:90:fc:4a:f2:8e:22:4e:
         b9:92:93:35:24:93:d8:68:36:f4:ee:64:1b:7a:0f:97:19:ee:
         ec:7e:bc:8f:f8:de:12:c9:bb:c4:d9:7a:52:a5:74:5d:4c:61:
         14:1f:06:35:5e:87:ae:48:76:eb:d0:9d:1c:65:86:9f:3c:78:
         12:aa:a5:9c:22:2c:2a:a9:1c:2c:f1:99:3f:e7:76:dd:7b:41:
         87:54:7b:84:26:98:59:cf:42:a2:a9:5f:a8:b1:56:a8:3b:21:
         9c:5d:c1:cd:e2:05:25:e7:9d:f7:a6:76:fc:5c:8f:ca:7f:63:
         e5:10:fb:23:15:a1:c1:ec:04:86:e8:62:2d:9c:4f:de:90:b7:
         25:92:1e:b7:9f:49:be:82:d6:42:03:34:bb:9b:8b:35:23:94:
         ec:52:d8:6f:12:58:98:4d:1e:9f:57:63:a3:c9:af:4c:22:33:
         dd:b3:f2:c4
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUL2821aroejaghnRV9s4AUwzfEv0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGRTM1QjA0MEU4QTNEMDVFNUJFOUJFRTRGMEE2MzY5
NTIyNDZGRjAeFw0yNDA3MDEwMDU3MzNaFw0yNTA2MzAwMTAyMzNaMDMxMTAvBgNV
BAMTKEQ0QzQ0QkY0NTREREZFQzA4NkVDMzM5MzE2MTU0NDFDNzJDNjgxREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDADZ9xLTZdfBQWhxizk2Kg50pi
+7CDYRTy63gT6nC+U4wNIdBDvOOGAyQRe/HLosnmQKQKZid0qIuecCxjU5MuiMxR
OTJHy+jRVgRCxgbYktBS0PdL7rcb68+myQdwj8o8QEWJNK7bQJPuR9GM87C4b+/6
0cOV4kIoISpLohuToQmrJt5HIQZc43bAB/FlLjuXYE1jNlu6GDmPuPLxIIfmMSYi
5pMjRLOr7ZLZj49JGuoI6tc22hUte/FmbJ0MXzhDSpJNHoMNSaCsCP+dJU1Xo6dF
jNXkajUeyI3NSsvN4kfs6B0riUqJKf4Kkhz6Gc62M/JbF4OHb0UXb9IQXngTAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU1MRL9FTd/sCG7DOTFhVEHHLGgdswHwYDVR0j
BBgwFoAUEP41sEDoo9BeW+m+5PCmNpUiRv8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MDBmNGYzNy1jN2ZiLTQ3ZDAtOGE4NS1lY2ZkMTJiOTE1ZjUvMC8xMEZFMzVCMDQw
RThBM0QwNUU1QkU5QkVFNEYwQTYzNjk1MjI0NkZGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGRTM1QjA0MEU4QTNEMDVFNUJFOUJFRTRGMEE2MzY5NTIy
NDZGRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMwMGY0ZjM3LWM3ZmItNDdkMC04
YTg1LWVjZmQxMmI5MTVmNS8wLzMxMzAzMzJlMzMzMTJlMzEzMzM0MmUzMDJmMzIz
MzJkMzIzMzIwM2QzZTIwMzEzMzMxMzczNDM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZx+GMA0GCSqG
SIb3DQEBCwUAA4IBAQBJXCvMybJrAmKyqlYLyTUknh2CJeJXIbob/mHT67PLUa15
PjTATSiVOxy5M76jhAXb0RT8BaOICl3J713QRwGQcWzBDma9t30sm+yhx9oVx63g
dJD8SvKOIk65kpM1JJPYaDb07mQbeg+XGe7sfryP+N4SybvE2XpSpXRdTGEUHwY1
XoeuSHbr0J0cZYafPHgSqqWcIiwqqRws8Zk/53bde0GHVHuEJphZz0KiqV+osVao
OyGcXcHN4gUl5533pnb8XI/Kf2PlEPsjFaHB7ASG6GItnE/ekLclkh63n0m+gtZC
AzS7m4s1I5TsUthvEliYTR6fV2Ojya9MIjPds/LE
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:33:23 2024 by rpki-client on console-ams.rpki-client.org