Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/3138302e3133312e3132392e302f32342d3234203d3e20313532303238.roa
File:                     3138302e3133312e3132392e302f32342d3234203d3e20313532303238.roa (raw, json)
Hash identifier:          ham3CevlCthR5zf32aym4G2m2qOgp6uooahhDHdIKYE=
Subject key identifier:   10:ED:CD:61:0D:ED:6C:6E:44:91:31:62:27:67:96:D8:17:11:02:82
Certificate issuer:       /CN=B16C4772F3D77045BBA997F94CEACA9E0DCC2865
Certificate serial:       348CC272DF1206A14EEF96580EF1AE5215A03381
Authority key identifier: B1:6C:47:72:F3:D7:70:45:BB:A9:97:F9:4C:EA:CA:9E:0D:CC:28:65
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/3138302e3133312e3132392e302f32342d3234203d3e20313532303238.roa
Signing time:             Wed 30 Oct 2024 06:02:01 +0000
ROA not before:           Wed 30 Oct 2024 05:57:01 +0000
ROA not after:            Wed 29 Oct 2025 06:02:01 +0000
asID:                     152028
IP address blocks:        180.131.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.crl
                          rsync://repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 26 Nov 2024 21:27:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:8c:c2:72:df:12:06:a1:4e:ef:96:58:0e:f1:ae:52:15:a0:33:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B16C4772F3D77045BBA997F94CEACA9E0DCC2865
        Validity
            Not Before: Oct 30 05:57:01 2024 GMT
            Not After : Oct 29 06:02:01 2025 GMT
        Subject: CN=10EDCD610DED6C6E44913162276796D817110282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5e:35:bc:e0:24:ea:33:50:df:ce:7c:39:a4:
                    83:c6:d3:db:f9:b2:2c:52:c2:d0:32:d9:92:8d:02:
                    1f:b8:ee:28:f9:0f:90:ac:b1:88:45:eb:54:04:4b:
                    64:19:52:84:90:cd:d9:46:62:f6:fb:cf:a2:63:e7:
                    18:55:81:b8:20:b2:2d:31:50:64:0d:39:38:0b:d4:
                    f2:ec:1a:c3:b7:ce:ad:62:49:90:eb:01:af:25:e7:
                    0c:85:77:9d:e0:f2:40:9c:d9:03:10:ca:67:f1:1b:
                    dd:24:81:7c:20:ad:81:79:bf:46:c1:61:49:e1:9b:
                    50:bc:02:c2:ec:39:43:12:3e:a5:b2:e3:b6:4e:15:
                    90:81:2d:2a:b9:0d:52:08:23:a0:cd:12:56:40:94:
                    83:9e:cd:78:e6:52:e9:ac:c8:ca:0f:d3:40:8a:aa:
                    f9:cb:e8:af:a2:2c:52:a7:2e:08:15:20:d4:de:41:
                    8b:16:a1:83:4e:4d:b7:6e:7b:aa:ce:ae:4c:bb:94:
                    60:bf:2a:24:6f:fb:e9:52:f0:c8:7f:58:ab:0d:9e:
                    ce:48:63:33:53:5a:41:35:c2:e7:1d:60:17:b2:af:
                    e6:5d:23:ed:1e:3a:79:15:7e:56:8a:cb:b3:b1:1a:
                    f8:df:d0:63:34:e3:64:d1:b6:78:13:8f:ce:1f:86:
                    53:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:ED:CD:61:0D:ED:6C:6E:44:91:31:62:27:67:96:D8:17:11:02:82
            X509v3 Authority Key Identifier:
                keyid:B1:6C:47:72:F3:D7:70:45:BB:A9:97:F9:4C:EA:CA:9E:0D:CC:28:65

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B16C4772F3D77045BBA997F94CEACA9E0DCC2865.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3c9941a4-28d2-47d1-91e7-acab59084462/0/3138302e3133312e3132392e302f32342d3234203d3e20313532303238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.131.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:dc:f4:92:da:31:da:24:8a:19:a5:82:b7:65:ca:9c:c8:14:
         11:3a:12:81:09:0c:9c:03:35:b0:45:a2:51:b8:41:ec:bf:a8:
         e5:eb:56:90:49:fa:e9:42:e5:87:a0:f3:32:96:0c:b5:6b:5e:
         68:9f:43:fb:d4:16:29:b4:82:9a:2f:d9:2f:c7:22:a9:0d:89:
         0d:b6:b0:55:a6:cc:8e:ad:0a:f1:bf:4e:e2:04:9d:e3:5e:86:
         dd:8b:a7:67:00:c0:19:9c:17:24:cf:5d:b5:9e:24:59:a5:0d:
         d9:e7:bd:23:31:05:11:11:55:65:81:fe:07:d5:fa:57:05:dc:
         bf:fb:34:49:43:00:08:be:7b:55:74:50:ab:2d:43:d9:be:fa:
         ad:d4:9e:10:07:75:79:41:99:fe:07:73:ad:39:7e:1a:8e:1a:
         ae:21:e3:53:fe:e3:00:65:1f:89:5c:eb:85:91:0e:c6:82:45:
         a1:97:2a:b7:73:4c:4c:d1:7c:7f:9c:17:3f:a6:2c:7d:16:51:
         21:a4:81:e2:f8:40:b8:1c:0d:11:d4:ae:bb:41:47:ff:81:6b:
         b2:55:9b:37:f7:d7:a5:e2:c0:d7:3a:2f:10:7d:97:2f:55:35:
         3f:44:87:c4:ac:2d:54:69:5f:7b:19:b8:66:be:63:a7:b4:a9:
         7a:24:43:b3
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUNIzCct8SBqFO75ZYDvGuUhWgM4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjE2QzQ3NzJGM0Q3NzA0NUJCQTk5N0Y5NENFQUNBOUUw
RENDMjg2NTAeFw0yNDEwMzAwNTU3MDFaFw0yNTEwMjkwNjAyMDFaMDMxMTAvBgNV
BAMTKDEwRURDRDYxMERFRDZDNkU0NDkxMzE2MjI3Njc5NkQ4MTcxMTAyODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrXjW84CTqM1Dfznw5pIPG09v5
sixSwtAy2ZKNAh+47ij5D5CssYhF61QES2QZUoSQzdlGYvb7z6Jj5xhVgbggsi0x
UGQNOTgL1PLsGsO3zq1iSZDrAa8l5wyFd53g8kCc2QMQymfxG90kgXwgrYF5v0bB
YUnhm1C8AsLsOUMSPqWy47ZOFZCBLSq5DVIII6DNElZAlIOezXjmUumsyMoP00CK
qvnL6K+iLFKnLggVINTeQYsWoYNOTbdue6rOrky7lGC/KiRv++lS8Mh/WKsNns5I
YzNTWkE1wucdYBeyr+ZdI+0eOnkVflaKy7OxGvjf0GM042TRtngTj84fhlPxAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUEO3NYQ3tbG5EkTFiJ2eW2BcRAoIwHwYDVR0j
BBgwFoAUsWxHcvPXcEW7qZf5TOrKng3MKGUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
Yzk5NDFhNC0yOGQyLTQ3ZDEtOTFlNy1hY2FiNTkwODQ0NjIvMC9CMTZDNDc3MkYz
RDc3MDQ1QkJBOTk3Rjk0Q0VBQ0E5RTBEQ0MyODY1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjE2QzQ3NzJGM0Q3NzA0NUJCQTk5N0Y5NENFQUNBOUUwREND
Mjg2NS5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNjOTk0MWE0LTI4ZDItNDdkMS05
MWU3LWFjYWI1OTA4NDQ2Mi8wLzMxMzgzMDJlMzEzMzMxMmUzMTMyMzkyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzMDMyMzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC0g4EwDQYJ
KoZIhvcNAQELBQADggEBAA7c9JLaMdokihmlgrdlypzIFBE6EoEJDJwDNbBFolG4
Qey/qOXrVpBJ+ulC5Yeg8zKWDLVrXmifQ/vUFim0gpov2S/HIqkNiQ22sFWmzI6t
CvG/TuIEneNeht2Lp2cAwBmcFyTPXbWeJFmlDdnnvSMxBRERVWWB/gfV+lcF3L/7
NElDAAi+e1V0UKstQ9m++q3UnhAHdXlBmf4Hc605fhqOGq4h41P+4wBlH4lc64WR
DsaCRaGXKrdzTEzRfH+cFz+mLH0WUSGkgeL4QLgcDRHUrrtBR/+Ba7JVmzf316Xi
wNc6LxB9ly9VNT9Eh8SsLVRpX3sZuGa+Y6e0qXokQ7M=
-----END CERTIFICATE-----
Generated at Sat Nov 23 23:38:10 2024 by rpki-client on console-fra.rpki-client.org