Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/3130332e3133392e39382e302f32332d3234203d3e20313338383632.roa
File:                     3130332e3133392e39382e302f32332d3234203d3e20313338383632.roa (raw, json)
Hash identifier:          5oQbJ6mK4sPz0uTg4aXk3zz/9To4mydaJp9vn+QeMP0=
Subject key identifier:   D9:66:E6:4E:1F:11:9D:C7:B5:D9:07:10:AA:B3:DC:68:47:E7:CD:AC
Certificate issuer:       /CN=88D56B9372987974D75D5FEB6C48FA491B771DE6
Certificate serial:       145168FE407C77000E37718E9F25D0204BF46958
Authority key identifier: 88:D5:6B:93:72:98:79:74:D7:5D:5F:EB:6C:48:FA:49:1B:77:1D:E6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88D56B9372987974D75D5FEB6C48FA491B771DE6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/3130332e3133392e39382e302f32332d3234203d3e20313338383632.roa
Signing time:             Wed 24 Jan 2024 04:09:39 +0000
ROA not before:           Wed 24 Jan 2024 04:04:39 +0000
ROA not after:            Wed 22 Jan 2025 04:09:39 +0000
asID:                     138862
IP address blocks:        103.139.98.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/88D56B9372987974D75D5FEB6C48FA491B771DE6.crl
                          rsync://repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/88D56B9372987974D75D5FEB6C48FA491B771DE6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88D56B9372987974D75D5FEB6C48FA491B771DE6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:51:68:fe:40:7c:77:00:0e:37:71:8e:9f:25:d0:20:4b:f4:69:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88D56B9372987974D75D5FEB6C48FA491B771DE6
        Validity
            Not Before: Jan 24 04:04:39 2024 GMT
            Not After : Jan 22 04:09:39 2025 GMT
        Subject: CN=D966E64E1F119DC7B5D90710AAB3DC6847E7CDAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ef:2c:1a:82:73:19:09:5b:06:9c:57:19:da:
                    2e:7e:b0:d6:7b:92:ab:6e:aa:72:95:10:06:de:26:
                    94:12:ce:c0:03:2b:f0:68:7b:ce:b4:33:b7:18:66:
                    91:70:61:f0:84:ba:7e:9f:fb:ad:af:82:83:49:a0:
                    48:4e:89:c5:47:8a:b1:35:be:c8:07:91:23:60:a3:
                    64:68:3e:33:1a:20:91:f3:2e:cb:65:81:31:ae:a6:
                    67:ed:8e:e7:1b:16:05:46:a4:ae:c5:36:ce:25:a1:
                    ca:ac:1a:d3:98:50:e3:c0:d6:92:5b:ea:96:ec:34:
                    b0:b3:a5:18:c7:2a:f9:f4:2a:1d:a5:ed:76:d0:42:
                    5e:1f:7c:a8:9e:c8:66:b4:56:b5:73:0d:e6:5f:6d:
                    de:2e:21:03:c0:05:d9:a2:3f:f5:3b:64:fb:f9:b1:
                    af:f4:4a:08:0b:a3:f0:67:a8:73:51:a1:98:6c:bf:
                    8d:c5:5c:e4:ab:79:f9:0f:6c:9f:3d:76:bd:ab:91:
                    e6:33:84:e7:4b:24:90:3f:f2:d2:20:b3:cf:0d:8f:
                    87:e4:df:2d:e7:28:00:a6:6b:cc:16:cf:71:01:d4:
                    43:07:72:5b:e0:8f:4a:47:19:6e:e3:8b:d0:b5:77:
                    a3:5c:f5:58:68:bb:59:30:85:59:38:db:bf:62:49:
                    5d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:66:E6:4E:1F:11:9D:C7:B5:D9:07:10:AA:B3:DC:68:47:E7:CD:AC
            X509v3 Authority Key Identifier:
                keyid:88:D5:6B:93:72:98:79:74:D7:5D:5F:EB:6C:48:FA:49:1B:77:1D:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/88D56B9372987974D75D5FEB6C48FA491B771DE6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88D56B9372987974D75D5FEB6C48FA491B771DE6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/450633fc-fe23-4d82-ba64-bb7ee6dd6e06/0/3130332e3133392e39382e302f32332d3234203d3e20313338383632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:55:01:8a:92:55:d6:f7:53:6c:26:ed:e4:23:6c:e2:38:c7:
         5a:4d:26:eb:68:3a:af:4f:09:e2:23:ab:c6:5f:4d:9b:99:33:
         fd:f4:06:8a:dc:99:b0:1e:93:25:6b:e8:80:bc:c6:4d:48:1e:
         59:7c:8d:84:4c:bd:56:ad:9d:f6:fa:19:76:33:76:4f:29:03:
         a5:79:95:82:8b:80:f1:61:54:dc:cc:ee:b1:99:7b:0b:42:50:
         64:60:81:44:c3:99:e4:b3:c9:f2:f8:4e:30:6e:9d:96:db:64:
         c3:c7:13:16:10:b3:6f:87:5b:68:39:e5:46:6a:db:a6:5d:03:
         a1:ae:fc:ff:37:9d:32:ff:52:63:5e:09:8d:68:64:11:94:c5:
         a7:fa:2c:cf:20:da:99:5b:f1:5f:54:df:f2:3e:6b:06:f3:56:
         14:6a:70:89:c1:42:52:b7:32:ad:5f:bf:fd:88:8f:08:9a:a9:
         ac:e6:ac:f9:3e:52:66:30:b1:81:68:8a:2c:9c:40:47:41:97:
         7c:a4:81:f1:92:d4:f4:40:76:11:de:6c:5d:18:fa:f9:94:43:
         dd:f9:4a:06:9f:39:ee:6a:9a:bb:f6:0f:62:d8:31:2c:57:28:
         d3:71:80:8d:29:a7:f2:ff:3d:13:33:65:71:71:9f:f3:a8:d8:
         a6:1b:33:53
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUFFFo/kB8dwAON3GOnyXQIEv0aVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhENTZCOTM3Mjk4Nzk3NEQ3NUQ1RkVCNkM0OEZBNDkx
Qjc3MURFNjAeFw0yNDAxMjQwNDA0MzlaFw0yNTAxMjIwNDA5MzlaMDMxMTAvBgNV
BAMTKEQ5NjZFNjRFMUYxMTlEQzdCNUQ5MDcxMEFBQjNEQzY4NDdFN0NEQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV7ywagnMZCVsGnFcZ2i5+sNZ7
kqtuqnKVEAbeJpQSzsADK/Boe860M7cYZpFwYfCEun6f+62vgoNJoEhOicVHirE1
vsgHkSNgo2RoPjMaIJHzLstlgTGupmftjucbFgVGpK7FNs4locqsGtOYUOPA1pJb
6pbsNLCzpRjHKvn0Kh2l7XbQQl4ffKieyGa0VrVzDeZfbd4uIQPABdmiP/U7ZPv5
sa/0SggLo/BnqHNRoZhsv43FXOSrefkPbJ89dr2rkeYzhOdLJJA/8tIgs88Nj4fk
3y3nKACma8wWz3EB1EMHclvgj0pHGW7ji9C1d6Nc9Vhou1kwhVk4279iSV3JAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU2WbmTh8Rnce12QcQqrPcaEfnzawwHwYDVR0j
BBgwFoAUiNVrk3KYeXTXXV/rbEj6SRt3HeYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby80
NTA2MzNmYy1mZTIzLTRkODItYmE2NC1iYjdlZTZkZDZlMDYvMC84OEQ1NkI5Mzcy
OTg3OTc0RDc1RDVGRUI2QzQ4RkE0OTFCNzcxREU2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvODhENTZCOTM3Mjk4Nzk3NEQ3NUQ1RkVCNkM0OEZBNDkxQjc3
MURFNi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzQ1MDYzM2ZjLWZlMjMtNGQ4Mi1i
YTY0LWJiN2VlNmRkNmUwNi8wLzMxMzAzMzJlMzEzMzM5MmUzOTM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzMzM4MzgzNjMyLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ4tiMA0GCSqG
SIb3DQEBCwUAA4IBAQDAVQGKklXW91NsJu3kI2ziOMdaTSbraDqvTwniI6vGX02b
mTP99AaK3JmwHpMla+iAvMZNSB5ZfI2ETL1WrZ32+hl2M3ZPKQOleZWCi4DxYVTc
zO6xmXsLQlBkYIFEw5nks8ny+E4wbp2W22TDxxMWELNvh1toOeVGatumXQOhrvz/
N50y/1JjXgmNaGQRlMWn+izPINqZW/FfVN/yPmsG81YUanCJwUJStzKtX7/9iI8I
mqms5qz5PlJmMLGBaIosnEBHQZd8pIHxktT0QHYR3mxdGPr5lEPd+UoGnznuapq7
9g9i2DEsVyjTcYCNKafy/z0TM2VxcZ/zqNimGzNT
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:22:18 2024 by rpki-client on console-fra.rpki-client.org