Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3131392e34372e38382e302f32342d3234203d3e203338353237.roa
File:                     3131392e34372e38382e302f32342d3234203d3e203338353237.roa (raw, json)
Hash identifier:          gXtAKsat10piv34P6t4y8Tc8WIx9/KwM7U5XBGfjT58=
Subject key identifier:   9E:C9:3C:57:BA:50:6E:F9:11:8B:84:3D:9C:21:86:33:03:AE:E4:B1
Certificate issuer:       /CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
Certificate serial:       6CAB386569E74C56CEB7B768916C1D1998EAEBBA
Authority key identifier: 22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3131392e34372e38382e302f32342d3234203d3e203338353237.roa
Signing time:             Wed 14 Feb 2024 11:00:02 +0000
ROA not before:           Wed 14 Feb 2024 10:55:02 +0000
ROA not after:            Wed 12 Feb 2025 11:00:02 +0000
asID:                     38527
IP address blocks:        119.47.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl
                          rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:ab:38:65:69:e7:4c:56:ce:b7:b7:68:91:6c:1d:19:98:ea:eb:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
        Validity
            Not Before: Feb 14 10:55:02 2024 GMT
            Not After : Feb 12 11:00:02 2025 GMT
        Subject: CN=9EC93C57BA506EF9118B843D9C21863303AEE4B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:60:6f:e3:ba:70:85:9f:00:3a:ea:52:84:bd:
                    1e:f5:29:52:75:f6:d5:f4:84:61:43:0c:79:1b:0f:
                    5d:46:2b:90:1b:1f:b3:a3:f0:5d:ec:2d:de:91:d4:
                    a8:ca:2d:19:c1:93:29:6d:d6:77:c2:35:9f:18:c9:
                    87:72:4c:23:29:15:78:a6:f4:b3:31:d2:62:11:ec:
                    4b:3f:ab:43:73:d7:15:f6:24:84:f2:3a:6d:a6:d3:
                    d2:4b:ef:e8:d7:a0:20:34:84:9e:37:25:ce:bc:51:
                    aa:5b:1e:da:aa:52:28:e9:3c:fe:6e:9b:e9:12:e3:
                    85:54:4c:59:c1:35:50:af:ac:5e:6a:d5:2c:16:13:
                    9c:2a:87:f1:60:1d:a6:61:75:40:a3:51:05:83:4a:
                    2d:ea:40:6b:d6:61:32:9f:ef:22:73:06:cb:43:06:
                    41:32:4a:b4:17:b4:bd:cc:12:41:53:43:cc:dd:82:
                    46:61:88:4e:4b:47:69:47:f0:a2:d3:57:a7:16:ea:
                    9a:fe:11:70:1d:0f:da:a6:f2:dc:79:a3:6e:c7:55:
                    6e:e1:e5:65:43:59:2e:a8:f8:78:d5:e0:c6:5f:aa:
                    da:80:0c:09:c4:dd:54:8d:d1:2d:72:ee:0a:93:f2:
                    ca:50:b7:41:83:41:bf:24:8c:f4:71:3b:01:bf:64:
                    c1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C9:3C:57:BA:50:6E:F9:11:8B:84:3D:9C:21:86:33:03:AE:E4:B1
            X509v3 Authority Key Identifier:
                keyid:22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3131392e34372e38382e302f32342d3234203d3e203338353237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.47.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:12:fb:a4:c5:f5:35:fd:b6:41:d9:ec:95:77:2d:55:f6:3d:
         f4:6f:5e:b7:bd:21:57:81:9b:d1:0e:ae:a9:52:1a:5c:5c:68:
         d7:6a:f6:29:f6:ec:db:72:d0:da:fe:78:c9:0e:cb:e8:a0:0d:
         2b:90:05:13:ac:d7:d6:3a:02:e4:f8:fa:5d:ca:cd:8f:6f:46:
         4f:3c:28:44:cb:8d:b3:d1:80:18:4d:a1:b4:87:6b:ac:e9:ba:
         60:66:ca:a5:27:bc:50:e1:cb:ab:d7:0e:4e:ac:27:7e:65:5a:
         28:ae:d7:3e:f1:4a:bd:b5:96:8b:7c:cd:38:7b:e5:9d:61:b2:
         d5:9c:db:4f:ce:11:08:44:27:3d:c7:9c:b2:f5:75:ee:be:4e:
         78:ed:e8:5e:4d:8c:91:6e:05:af:25:b3:69:f1:a3:9f:f6:98:
         c6:c7:88:62:f3:af:4b:6d:6a:f3:a5:44:3d:48:96:98:1b:a5:
         39:cc:16:28:e8:ce:56:f3:c8:9a:c0:49:34:8b:7f:23:9b:f7:
         92:d1:15:e1:b7:e6:83:e3:20:8c:70:f6:59:76:91:b7:a6:9c:
         6a:58:88:8e:0f:c7:f8:89:79:f5:82:7a:fc:0a:12:f1:78:b5:
         35:f1:1b:2a:7b:22:d4:f1:e0:1b:21:98:25:31:70:4b:49:f8:
         4a:ca:b5:08
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUbKs4ZWnnTFbOt7dokWwdGZjq67owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBD
RjlBNjQ3MzAeFw0yNDAyMTQxMDU1MDJaFw0yNTAyMTIxMTAwMDJaMDMxMTAvBgNV
BAMTKDlFQzkzQzU3QkE1MDZFRjkxMThCODQzRDlDMjE4NjMzMDNBRUU0QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiYG/junCFnwA66lKEvR71KVJ1
9tX0hGFDDHkbD11GK5AbH7Oj8F3sLd6R1KjKLRnBkylt1nfCNZ8YyYdyTCMpFXim
9LMx0mIR7Es/q0Nz1xX2JITyOm2m09JL7+jXoCA0hJ43Jc68UapbHtqqUijpPP5u
m+kS44VUTFnBNVCvrF5q1SwWE5wqh/FgHaZhdUCjUQWDSi3qQGvWYTKf7yJzBstD
BkEySrQXtL3MEkFTQ8zdgkZhiE5LR2lH8KLTV6cW6pr+EXAdD9qm8tx5o27HVW7h
5WVDWS6o+HjV4MZfqtqADAnE3VSN0S1y7gqT8spQt0GDQb8kjPRxOwG/ZMEJAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUnsk8V7pQbvkRi4Q9nCGGMwOu5LEwHwYDVR0j
BBgwFoAUIo51K7+4wWs7RvPTiOztUM+aZHMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MTdlZmQyYS0wMmFiLTQyMDItOTcwZi1mNjk5ZGZmOTdkZTUvMC8yMjhFNzUyQkJG
QjhDMTZCM0I0NkYzRDM4OEVDRUQ1MENGOUE2NDczLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBDRjlB
NjQ3My5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMxN2VmZDJhLTAyYWItNDIwMi05
NzBmLWY2OTlkZmY5N2RlNS8wLzMxMzEzOTJlMzQzNzJlMzgzODJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMzMzgzNTMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAB3L1gwDQYJKoZIhvcN
AQELBQADggEBAFgS+6TF9TX9tkHZ7JV3LVX2PfRvXre9IVeBm9EOrqlSGlxcaNdq
9in27Nty0Nr+eMkOy+igDSuQBROs19Y6AuT4+l3KzY9vRk88KETLjbPRgBhNobSH
a6zpumBmyqUnvFDhy6vXDk6sJ35lWiiu1z7xSr21lot8zTh75Z1hstWc20/OEQhE
Jz3HnLL1de6+Tnjt6F5NjJFuBa8ls2nxo5/2mMbHiGLzr0ttavOlRD1IlpgbpTnM
FijozlbzyJrASTSLfyOb95LRFeG35oPjIIxw9ll2kbemnGpYiI4Px/iJefWCevwK
EvF4tTXxGyp7ItTx4BshmCUxcEtJ+ErKtQg=
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:42:24 2024 by rpki-client on console-ams.rpki-client.org