Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32312e302f32342d3234203d3e203338353237.roa
File:                     3132342e3130392e32312e302f32342d3234203d3e203338353237.roa (raw, json)
Hash identifier:          2eZReKxoWiqw15MwiLMpFmsr1Ax2kE3sD2eDpawCLD8=
Subject key identifier:   08:7A:9E:15:E8:42:B6:E1:E3:89:0C:FE:7B:D0:88:18:3C:08:9F:D6
Certificate issuer:       /CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
Certificate serial:       3E7E37908B354CE4C86BB15091225A77A6A0E0A2
Authority key identifier: 22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32312e302f32342d3234203d3e203338353237.roa
Signing time:             Wed 14 Feb 2024 12:00:02 +0000
ROA not before:           Wed 14 Feb 2024 11:55:02 +0000
ROA not after:            Wed 12 Feb 2025 12:00:02 +0000
asID:                     38527
IP address blocks:        124.109.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl
                          rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:7e:37:90:8b:35:4c:e4:c8:6b:b1:50:91:22:5a:77:a6:a0:e0:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
        Validity
            Not Before: Feb 14 11:55:02 2024 GMT
            Not After : Feb 12 12:00:02 2025 GMT
        Subject: CN=087A9E15E842B6E1E3890CFE7BD088183C089FD6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9b:79:06:1e:0c:18:b3:ec:d1:5f:49:46:dd:
                    ad:9e:07:3f:66:b0:31:c5:df:ce:a0:63:fe:76:96:
                    b6:c1:37:59:ac:01:34:9d:97:17:67:93:c5:f6:f4:
                    aa:d9:ca:77:a8:1a:6c:cd:dc:41:1b:4c:7c:9c:97:
                    bb:85:78:2b:09:9a:e9:05:f5:2e:31:b4:99:2a:27:
                    7e:68:b8:75:19:95:af:21:e6:8e:74:11:00:31:0b:
                    cc:1b:22:f7:45:f0:0b:ef:a7:67:bc:7e:a5:ad:5f:
                    9c:3e:03:c8:3f:eb:7c:8f:3a:b3:fc:93:59:bc:3d:
                    cb:eb:e9:0a:61:18:77:63:f9:ea:8d:09:a2:c1:a6:
                    28:d3:74:10:b8:ea:4d:7c:33:ba:df:b4:93:af:98:
                    1f:91:16:18:51:e3:80:e2:b1:a7:70:d6:a4:87:fb:
                    9f:e1:9c:ca:3f:a5:57:8f:09:7c:5f:64:ae:bd:52:
                    c3:7f:48:af:ae:a6:dd:f7:5c:04:74:be:cd:78:98:
                    a1:c5:8b:4a:98:6b:26:11:0b:bd:e7:00:03:72:a1:
                    0e:19:9b:b7:ee:f4:be:1c:f2:e7:96:db:8a:9e:9a:
                    bb:d5:e7:91:74:3c:e5:c4:e3:84:57:c4:71:a4:b5:
                    5a:d3:43:f5:40:72:d1:5f:46:9b:22:85:2d:aa:a6:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:7A:9E:15:E8:42:B6:E1:E3:89:0C:FE:7B:D0:88:18:3C:08:9F:D6
            X509v3 Authority Key Identifier:
                keyid:22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32312e302f32342d3234203d3e203338353237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.109.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:1a:8e:d2:76:d0:dd:ad:1a:a1:e1:07:de:9b:c0:79:90:2a:
         8b:6a:2b:b4:db:42:f8:01:d7:10:b7:c0:f1:b2:d2:71:da:e8:
         0e:8f:67:15:81:4e:16:24:f0:7d:48:0f:eb:31:f5:e6:74:2c:
         2d:cb:a5:74:e2:43:07:cf:5d:70:ad:95:e9:89:16:63:02:3d:
         9a:b8:1d:54:10:ce:c6:a0:06:2a:4f:8b:b7:ae:e9:96:ad:d8:
         9c:ab:f4:97:53:3c:b7:38:5b:cf:4c:37:95:cc:06:2d:5d:3c:
         82:72:5d:8f:9a:76:f6:9e:5b:a2:3d:6f:ce:f5:f9:92:72:d6:
         fe:71:1f:5d:24:ca:5f:22:2e:d1:e4:54:b8:24:7c:e8:22:3a:
         9f:38:36:01:6d:51:e0:b9:ab:89:8c:1f:46:5b:a4:d6:2f:d6:
         13:33:c2:37:38:dd:21:c3:0a:64:5c:61:66:62:a3:d9:2e:8c:
         7d:c6:fe:e0:6b:da:9a:67:40:9f:fe:71:d3:61:83:c9:90:26:
         a4:90:63:62:5b:f7:c4:8b:a7:88:c5:c6:74:50:27:61:f8:58:
         da:e2:46:37:1b:bb:0a:83:a9:be:9c:b7:ef:1e:0b:4d:ab:67:
         45:df:de:db:a7:25:1d:65:cb:48:23:fd:dc:10:0d:35:f3:cd:
         a9:08:45:62
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUPn43kIs1TOTIa7FQkSJad6ag4KIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBD
RjlBNjQ3MzAeFw0yNDAyMTQxMTU1MDJaFw0yNTAyMTIxMjAwMDJaMDMxMTAvBgNV
BAMTKDA4N0E5RTE1RTg0MkI2RTFFMzg5MENGRTdCRDA4ODE4M0MwODlGRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+m3kGHgwYs+zRX0lG3a2eBz9m
sDHF386gY/52lrbBN1msATSdlxdnk8X29KrZyneoGmzN3EEbTHycl7uFeCsJmukF
9S4xtJkqJ35ouHUZla8h5o50EQAxC8wbIvdF8Avvp2e8fqWtX5w+A8g/63yPOrP8
k1m8Pcvr6QphGHdj+eqNCaLBpijTdBC46k18M7rftJOvmB+RFhhR44Disadw1qSH
+5/hnMo/pVePCXxfZK69UsN/SK+upt33XAR0vs14mKHFi0qYayYRC73nAANyoQ4Z
m7fu9L4c8ueW24qemrvV55F0POXE44RXxHGktVrTQ/VActFfRpsihS2qpr6rAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUCHqeFehCtuHjiQz+e9CIGDwIn9YwHwYDVR0j
BBgwFoAUIo51K7+4wWs7RvPTiOztUM+aZHMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MTdlZmQyYS0wMmFiLTQyMDItOTcwZi1mNjk5ZGZmOTdkZTUvMC8yMjhFNzUyQkJG
QjhDMTZCM0I0NkYzRDM4OEVDRUQ1MENGOUE2NDczLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBDRjlB
NjQ3My5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMxN2VmZDJhLTAyYWItNDIwMi05
NzBmLWY2OTlkZmY5N2RlNS8wLzMxMzIzNDJlMzEzMDM5MmUzMjMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzIzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHxtFTANBgkqhkiG
9w0BAQsFAAOCAQEAoxqO0nbQ3a0aoeEH3pvAeZAqi2ortNtC+AHXELfA8bLScdro
Do9nFYFOFiTwfUgP6zH15nQsLculdOJDB89dcK2V6YkWYwI9mrgdVBDOxqAGKk+L
t67plq3YnKv0l1M8tzhbz0w3lcwGLV08gnJdj5p29p5boj1vzvX5knLW/nEfXSTK
XyIu0eRUuCR86CI6nzg2AW1R4LmriYwfRluk1i/WEzPCNzjdIcMKZFxhZmKj2S6M
fcb+4GvammdAn/5x02GDyZAmpJBjYlv3xIuniMXGdFAnYfhY2uJGNxu7CoOpvpy3
7x4LTatnRd/e26clHWXLSCP93BANNfPNqQhFYg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:42:24 2024 by rpki-client on console-ams.rpki-client.org