Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32302e302f32342d3234203d3e203338353237.roa
File:                     3132342e3130392e32302e302f32342d3234203d3e203338353237.roa (raw, json)
Hash identifier:          nVBQut9cLfqGgtbiyks5zEITKa9iT1MH4ntzbKpfbZ8=
Subject key identifier:   D5:47:15:17:94:37:C6:B1:0B:4C:64:87:7A:1E:F5:EE:94:68:5A:24
Certificate issuer:       /CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
Certificate serial:       1F6C27CE075425E623B07E0CCB3008E0BCD0D592
Authority key identifier: 22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32302e302f32342d3234203d3e203338353237.roa
Signing time:             Wed 14 Feb 2024 12:00:02 +0000
ROA not before:           Wed 14 Feb 2024 11:55:02 +0000
ROA not after:            Wed 12 Feb 2025 12:00:02 +0000
asID:                     38527
IP address blocks:        124.109.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl
                          rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:6c:27:ce:07:54:25:e6:23:b0:7e:0c:cb:30:08:e0:bc:d0:d5:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
        Validity
            Not Before: Feb 14 11:55:02 2024 GMT
            Not After : Feb 12 12:00:02 2025 GMT
        Subject: CN=D54715179437C6B10B4C64877A1EF5EE94685A24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:58:d3:03:81:56:fe:1a:36:ef:28:1b:00:0d:
                    b5:43:cb:b0:71:db:78:64:86:c7:d4:a4:5a:c4:f4:
                    2e:f4:88:af:26:73:db:9b:5d:1a:40:6b:0c:d3:f9:
                    df:88:c0:fb:63:f0:f4:c5:d9:31:fd:db:96:0a:53:
                    bc:ba:4e:40:83:46:49:a1:d6:41:89:7c:38:0b:3f:
                    cd:0c:0b:13:60:20:b3:a1:bd:7b:8c:9f:89:fc:f4:
                    f2:9a:3d:ce:97:ce:c2:77:b5:b5:94:6c:8e:03:f3:
                    e1:7b:28:56:a8:ca:c8:fb:2f:d6:3c:09:57:4a:71:
                    ad:73:c8:b8:91:d6:3e:fb:fc:84:e6:69:46:20:42:
                    47:a3:2b:6c:dc:76:b7:35:7f:31:4e:57:ca:1d:6d:
                    58:34:71:6b:07:3f:f0:fc:f6:24:48:5f:22:5f:35:
                    f8:b4:fc:94:40:c3:52:b1:ea:2f:18:ef:46:a4:13:
                    0e:f9:77:0e:98:f1:74:de:4d:18:d2:15:a6:ca:6d:
                    03:b8:49:8c:11:a6:5a:3e:46:b1:b2:5c:c2:d0:cb:
                    08:06:14:73:ec:0f:2a:e3:41:98:d8:c0:e1:5e:0e:
                    59:2e:81:75:dd:70:0c:53:d0:a6:e6:a2:85:14:3a:
                    81:21:39:37:ea:0b:dc:85:c2:bf:6b:3e:fb:e9:6d:
                    8e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:47:15:17:94:37:C6:B1:0B:4C:64:87:7A:1E:F5:EE:94:68:5A:24
            X509v3 Authority Key Identifier:
                keyid:22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32302e302f32342d3234203d3e203338353237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.109.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:55:66:04:57:09:18:92:ab:92:d9:4b:5d:00:19:ac:ef:d4:
         c3:5c:22:a1:0c:06:51:25:24:53:8a:b6:3d:4a:77:04:cf:71:
         ab:b9:91:da:cf:9b:9e:87:4c:c3:74:7f:d4:7d:d9:71:1f:57:
         bc:99:7e:fe:c9:7b:a9:e4:86:6a:6d:2e:e4:ea:b8:e0:90:bd:
         08:06:ee:f7:0c:d8:12:0d:4e:c7:55:ef:2e:b9:cb:05:b0:ce:
         e8:69:83:34:17:5e:df:5c:71:9c:b3:fe:5d:44:41:c5:ac:a7:
         bc:bb:32:5a:72:39:5b:a6:fc:00:8e:59:8a:33:6c:4c:cf:63:
         a8:15:26:ad:96:df:9e:36:6f:89:96:c8:61:36:10:85:7e:31:
         be:b9:da:02:d2:8d:49:40:89:91:4f:36:fd:4a:18:37:98:ec:
         f2:65:a8:2b:ac:4b:76:61:c0:92:29:df:1f:6a:2d:6a:3b:6e:
         ca:55:85:6e:dc:c3:4e:78:d6:6a:e3:e3:c5:b0:a2:a3:21:79:
         f6:e8:8c:f3:89:14:42:1d:c4:ad:65:c3:55:63:71:2d:ad:24:
         d8:11:b6:6a:6f:6a:b2:82:39:f7:db:11:75:b0:ec:c1:de:e9:
         92:90:da:7f:ad:97:3d:50:7c:43:75:9f:47:42:5d:58:a5:ef:
         17:48:0f:3a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUH2wnzgdUJeYjsH4MyzAI4LzQ1ZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBD
RjlBNjQ3MzAeFw0yNDAyMTQxMTU1MDJaFw0yNTAyMTIxMjAwMDJaMDMxMTAvBgNV
BAMTKEQ1NDcxNTE3OTQzN0M2QjEwQjRDNjQ4NzdBMUVGNUVFOTQ2ODVBMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTWNMDgVb+GjbvKBsADbVDy7Bx
23hkhsfUpFrE9C70iK8mc9ubXRpAawzT+d+IwPtj8PTF2TH925YKU7y6TkCDRkmh
1kGJfDgLP80MCxNgILOhvXuMn4n89PKaPc6XzsJ3tbWUbI4D8+F7KFaoysj7L9Y8
CVdKca1zyLiR1j77/ITmaUYgQkejK2zcdrc1fzFOV8odbVg0cWsHP/D89iRIXyJf
Nfi0/JRAw1Kx6i8Y70akEw75dw6Y8XTeTRjSFabKbQO4SYwRplo+RrGyXMLQywgG
FHPsDyrjQZjYwOFeDlkugXXdcAxT0KbmooUUOoEhOTfqC9yFwr9rPvvpbY4tAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU1UcVF5Q3xrELTGSHeh717pRoWiQwHwYDVR0j
BBgwFoAUIo51K7+4wWs7RvPTiOztUM+aZHMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MTdlZmQyYS0wMmFiLTQyMDItOTcwZi1mNjk5ZGZmOTdkZTUvMC8yMjhFNzUyQkJG
QjhDMTZCM0I0NkYzRDM4OEVDRUQ1MENGOUE2NDczLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBDRjlB
NjQ3My5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMxN2VmZDJhLTAyYWItNDIwMi05
NzBmLWY2OTlkZmY5N2RlNS8wLzMxMzIzNDJlMzEzMDM5MmUzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzIzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHxtFDANBgkqhkiG
9w0BAQsFAAOCAQEAfFVmBFcJGJKrktlLXQAZrO/Uw1wioQwGUSUkU4q2PUp3BM9x
q7mR2s+bnodMw3R/1H3ZcR9XvJl+/sl7qeSGam0u5Oq44JC9CAbu9wzYEg1Ox1Xv
LrnLBbDO6GmDNBde31xxnLP+XURBxaynvLsyWnI5W6b8AI5ZijNsTM9jqBUmrZbf
njZviZbIYTYQhX4xvrnaAtKNSUCJkU82/UoYN5js8mWoK6xLdmHAkinfH2otajtu
ylWFbtzDTnjWauPjxbCioyF59uiM84kUQh3ErWXDVWNxLa0k2BG2am9qsoI599sR
dbDswd7pkpDaf62XPVB8Q3WfR0JdWKXvF0gPOg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:42:24 2024 by rpki-client on console-ams.rpki-client.org