Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32332e302f32342d3234203d3e203338353237.roa
File:                     3132342e3130392e32332e302f32342d3234203d3e203338353237.roa (raw, json)
Hash identifier:          iikxiNkTJKaYC4VLYjN4A5ypFehw5xOUrg7BMWrFLp0=
Subject key identifier:   AA:A6:5D:DD:76:6E:B3:52:A1:CB:7C:0E:EB:99:72:D3:55:0F:9D:92
Certificate issuer:       /CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
Certificate serial:       3159DBEB0D466B2902C403995CCE54665EB7E174
Authority key identifier: 22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32332e302f32342d3234203d3e203338353237.roa
Signing time:             Wed 14 Feb 2024 12:00:02 +0000
ROA not before:           Wed 14 Feb 2024 11:55:02 +0000
ROA not after:            Wed 12 Feb 2025 12:00:02 +0000
asID:                     38527
IP address blocks:        124.109.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl
                          rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:59:db:eb:0d:46:6b:29:02:c4:03:99:5c:ce:54:66:5e:b7:e1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=228E752BBFB8C16B3B46F3D388ECED50CF9A6473
        Validity
            Not Before: Feb 14 11:55:02 2024 GMT
            Not After : Feb 12 12:00:02 2025 GMT
        Subject: CN=AAA65DDD766EB352A1CB7C0EEB9972D3550F9D92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:59:a3:e5:ee:94:a5:43:b0:5b:ee:ee:b1:
                    69:71:03:97:c5:76:6f:99:03:2e:d2:e5:95:fe:87:
                    b3:43:d9:2e:0e:be:b5:eb:62:4d:84:0e:ad:96:06:
                    ea:47:63:42:1f:66:cb:85:c0:52:50:56:c2:d8:19:
                    f9:b5:a3:6d:ab:70:b7:12:8d:67:c1:24:a7:4a:5f:
                    06:58:44:65:26:0c:2c:32:7e:48:b5:1f:1b:d6:0d:
                    01:2b:be:1b:14:bc:18:55:6f:06:e7:57:f0:93:2a:
                    d6:e6:1c:2a:7d:4b:80:3f:f9:82:6a:f8:eb:39:f2:
                    8a:0e:28:7c:34:e8:d3:0c:39:78:6b:d6:f3:97:c8:
                    cf:9c:72:06:ba:c4:90:11:d8:6f:46:7b:1e:8a:79:
                    e8:05:db:6c:b1:0e:83:75:91:93:05:e5:2b:5c:b6:
                    cf:ea:69:0d:8d:68:5c:ff:6c:c5:ad:f5:55:2f:e2:
                    d9:a5:37:d3:b9:ca:33:d7:8d:55:51:6c:f9:17:0a:
                    e0:3e:44:4b:0e:8e:0b:35:e4:4e:19:d8:93:b4:76:
                    ef:25:9d:fa:a2:75:60:06:68:e8:ff:29:11:a0:ac:
                    70:0c:94:09:eb:77:eb:31:b7:eb:a8:d0:2b:5d:58:
                    c5:35:04:38:68:8c:fb:d7:28:6a:4a:d3:07:4c:a8:
                    b2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A6:5D:DD:76:6E:B3:52:A1:CB:7C:0E:EB:99:72:D3:55:0F:9D:92
            X509v3 Authority Key Identifier:
                keyid:22:8E:75:2B:BF:B8:C1:6B:3B:46:F3:D3:88:EC:ED:50:CF:9A:64:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/228E752BBFB8C16B3B46F3D388ECED50CF9A6473.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/317efd2a-02ab-4202-970f-f699dff97de5/0/3132342e3130392e32332e302f32342d3234203d3e203338353237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.109.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:8f:5d:33:ff:6d:56:56:b9:70:bc:8f:92:5f:33:b0:9e:d7:
         b0:ba:7a:da:c5:b5:2b:f9:e2:13:02:c8:ad:2e:61:56:64:5c:
         9d:4b:dd:10:c9:87:3c:37:27:63:fc:f9:d1:e5:2e:22:91:f4:
         16:ba:f6:ae:a0:65:41:45:7b:5b:b5:8e:a5:05:15:e5:59:9a:
         de:31:89:9a:e7:1b:7f:7f:be:65:08:fc:fa:91:f4:5d:0b:e3:
         88:6e:8f:3d:78:c2:59:64:3f:05:8c:88:6b:a8:09:af:71:f1:
         11:6d:bf:28:ae:41:37:3a:d6:48:27:f3:80:62:32:a5:64:6b:
         14:c7:34:e6:1e:b5:89:45:a5:51:15:51:25:bf:68:30:39:06:
         6b:23:bc:30:b3:c9:80:f1:e0:4a:8f:58:da:3a:e3:dc:04:bc:
         cf:bd:fb:7a:37:40:67:b2:ce:cf:94:d7:b9:7a:59:cf:e9:5c:
         ca:62:93:04:f7:1a:41:e7:6a:e0:88:fb:e7:ae:c8:68:26:49:
         f9:4f:71:1c:e9:82:16:07:67:56:e8:7a:40:c6:69:b5:82:0f:
         f1:11:b4:dc:03:ca:55:e4:08:61:f1:b4:0d:62:0c:ac:75:a2:
         c0:bc:3b:d9:74:3b:dd:cc:3e:4e:11:ff:27:16:79:88:9c:62:
         03:f5:34:e2
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUMVnb6w1GaykCxAOZXM5UZl634XQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBD
RjlBNjQ3MzAeFw0yNDAyMTQxMTU1MDJaFw0yNTAyMTIxMjAwMDJaMDMxMTAvBgNV
BAMTKEFBQTY1RERENzY2RUIzNTJBMUNCN0MwRUVCOTk3MkQzNTUwRjlEOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztlmj5e6UpUOwW+7usWlxA5fF
dm+ZAy7S5ZX+h7ND2S4OvrXrYk2EDq2WBupHY0IfZsuFwFJQVsLYGfm1o22rcLcS
jWfBJKdKXwZYRGUmDCwyfki1HxvWDQErvhsUvBhVbwbnV/CTKtbmHCp9S4A/+YJq
+Os58ooOKHw06NMMOXhr1vOXyM+ccga6xJAR2G9Gex6KeegF22yxDoN1kZMF5Stc
ts/qaQ2NaFz/bMWt9VUv4tmlN9O5yjPXjVVRbPkXCuA+REsOjgs15E4Z2JO0du8l
nfqidWAGaOj/KRGgrHAMlAnrd+sxt+uo0CtdWMU1BDhojPvXKGpK0wdMqLJPAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUqqZd3XZus1Khy3wO65ly01UPnZIwHwYDVR0j
BBgwFoAUIo51K7+4wWs7RvPTiOztUM+aZHMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MTdlZmQyYS0wMmFiLTQyMDItOTcwZi1mNjk5ZGZmOTdkZTUvMC8yMjhFNzUyQkJG
QjhDMTZCM0I0NkYzRDM4OEVDRUQ1MENGOUE2NDczLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI4RTc1MkJCRkI4QzE2QjNCNDZGM0QzODhFQ0VENTBDRjlB
NjQ3My5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMxN2VmZDJhLTAyYWItNDIwMi05
NzBmLWY2OTlkZmY5N2RlNS8wLzMxMzIzNDJlMzEzMDM5MmUzMjMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzIzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHxtFzANBgkqhkiG
9w0BAQsFAAOCAQEAaY9dM/9tVla5cLyPkl8zsJ7XsLp62sW1K/niEwLIrS5hVmRc
nUvdEMmHPDcnY/z50eUuIpH0Frr2rqBlQUV7W7WOpQUV5Vma3jGJmucbf3++ZQj8
+pH0XQvjiG6PPXjCWWQ/BYyIa6gJr3HxEW2/KK5BNzrWSCfzgGIypWRrFMc05h61
iUWlURVRJb9oMDkGayO8MLPJgPHgSo9Y2jrj3AS8z737ejdAZ7LOz5TXuXpZz+lc
ymKTBPcaQedq4Ij7567IaCZJ+U9xHOmCFgdnVuh6QMZptYIP8RG03APKVeQIYfG0
DWIMrHWiwLw72XQ73cw+ThH/JxZ5iJxiA/U04g==
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:42:24 2024 by rpki-client on console-ams.rpki-client.org