Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/3130332e3137302e3130302e302f32332d3234203d3e20313432333634.roa
File:                     3130332e3137302e3130302e302f32332d3234203d3e20313432333634.roa (raw, json)
Hash identifier:          oLa9cCei9pKiGWr8BFNqh/B/YQHv8J1MAtYIK4feuIY=
Subject key identifier:   0A:A6:81:42:3F:BF:60:BE:FB:57:E1:00:76:9D:81:F8:C7:3B:76:C7
Certificate issuer:       /CN=CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F
Certificate serial:       5B08F99B43221BE28513559EEF283DD38F39C869
Authority key identifier: CE:C5:FE:18:3A:39:10:5C:9E:27:02:CC:2B:F0:89:1F:C3:5E:1E:4F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/3130332e3137302e3130302e302f32332d3234203d3e20313432333634.roa
Signing time:             Wed 13 Mar 2024 16:00:02 +0000
ROA not before:           Wed 13 Mar 2024 15:55:02 +0000
ROA not after:            Wed 12 Mar 2025 16:00:02 +0000
asID:                     142364
IP address blocks:        103.170.100.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.crl
                          rsync://repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 09:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:08:f9:9b:43:22:1b:e2:85:13:55:9e:ef:28:3d:d3:8f:39:c8:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F
        Validity
            Not Before: Mar 13 15:55:02 2024 GMT
            Not After : Mar 12 16:00:02 2025 GMT
        Subject: CN=0AA681423FBF60BEFB57E100769D81F8C73B76C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:fc:a6:89:27:cb:0b:24:2a:7a:45:1a:0a:1c:
                    c3:47:13:a7:fe:19:58:26:25:b6:1c:d3:de:a0:82:
                    b9:f6:53:47:82:29:fc:84:fb:fb:13:7f:af:33:a0:
                    0e:17:ab:94:5a:09:96:b5:ef:cb:ca:7b:da:8f:5e:
                    36:b7:da:bf:b9:d4:7c:a6:f6:b4:34:2d:ff:be:5d:
                    ed:cf:e4:92:37:c0:ae:cf:cf:0a:7b:da:f2:ee:eb:
                    4f:c1:2b:25:bf:99:ad:45:87:8c:27:4b:92:34:fd:
                    22:4d:c3:e6:40:73:1d:28:90:d7:45:a1:8a:35:64:
                    ca:70:a2:58:ae:dd:49:19:9f:46:2e:4c:ab:79:fb:
                    c3:55:3b:4b:c7:eb:a8:6a:ee:74:98:11:45:54:90:
                    6b:2b:2a:e0:40:42:69:ac:f7:2f:89:a3:b2:5f:3d:
                    64:b3:0f:28:fc:b8:b5:bf:b6:b9:4c:46:f4:a5:0e:
                    29:68:85:28:b9:c3:7a:72:eb:6e:5a:df:72:14:90:
                    59:d6:d2:50:47:d6:e9:b5:f0:18:a1:75:74:76:b1:
                    d9:b6:e6:76:07:9e:92:be:a2:2d:3a:6d:71:98:7d:
                    69:5d:9e:b0:11:0b:35:8f:5e:11:d1:59:0a:9a:c8:
                    9d:f8:d5:05:36:89:1c:46:f4:08:6e:2a:8a:03:83:
                    3f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A6:81:42:3F:BF:60:BE:FB:57:E1:00:76:9D:81:F8:C7:3B:76:C7
            X509v3 Authority Key Identifier:
                keyid:CE:C5:FE:18:3A:39:10:5C:9E:27:02:CC:2B:F0:89:1F:C3:5E:1E:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CEC5FE183A39105C9E2702CC2BF0891FC35E1E4F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/561cf777-8adf-4ef1-8d6f-9862c55620ea/0/3130332e3137302e3130302e302f32332d3234203d3e20313432333634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.170.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:29:f1:65:e9:90:a1:a4:03:9f:a2:6d:69:c1:d7:a4:ae:2b:
         de:dc:66:1c:84:78:8e:b4:d9:ec:81:78:bd:fe:ff:35:7b:db:
         b0:94:47:f2:c5:1e:9f:87:13:c4:40:7e:12:63:2f:ab:d7:28:
         a4:d2:61:77:79:c5:8e:e5:ad:fe:88:5a:f0:33:42:74:ee:11:
         0a:c9:14:08:10:81:4e:c7:41:9c:58:de:76:4c:ae:3a:03:34:
         78:97:f1:5b:0a:e7:8e:b6:2d:bd:0a:39:a1:13:9c:7e:f4:28:
         4b:9a:68:64:3f:70:4b:0b:bb:ce:f7:d5:f2:2e:d9:8b:da:fd:
         c0:5d:0e:e4:69:93:e4:21:a5:e3:a2:77:44:dd:59:bc:22:e0:
         72:8d:3a:96:33:ca:60:d7:7e:9d:12:d6:41:bb:8d:bf:ff:9d:
         2e:0a:39:e2:f4:61:23:09:35:e3:c2:d9:09:36:19:96:40:32:
         8a:df:ea:f1:9a:20:cc:72:f1:97:96:1d:e5:37:0d:11:06:3c:
         cf:ed:40:92:d1:ff:1e:e6:13:8a:ec:77:f0:b2:65:61:48:cc:
         fd:f7:52:a2:ed:75:39:a4:ea:5f:84:54:c7:ae:d8:a9:87:99:
         fa:01:57:65:23:c1:07:0d:06:e5:53:60:9a:0c:77:4b:3f:94:
         9f:0f:c4:d6
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUWwj5m0MiG+KFE1We7yg90485yGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0VDNUZFMTgzQTM5MTA1QzlFMjcwMkNDMkJGMDg5MUZD
MzVFMUU0RjAeFw0yNDAzMTMxNTU1MDJaFw0yNTAzMTIxNjAwMDJaMDMxMTAvBgNV
BAMTKDBBQTY4MTQyM0ZCRjYwQkVGQjU3RTEwMDc2OUQ4MUY4QzczQjc2QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj/KaJJ8sLJCp6RRoKHMNHE6f+
GVgmJbYc096ggrn2U0eCKfyE+/sTf68zoA4Xq5RaCZa178vKe9qPXja32r+51Hym
9rQ0Lf++Xe3P5JI3wK7Pzwp72vLu60/BKyW/ma1Fh4wnS5I0/SJNw+ZAcx0okNdF
oYo1ZMpwoliu3UkZn0YuTKt5+8NVO0vH66hq7nSYEUVUkGsrKuBAQmms9y+Jo7Jf
PWSzDyj8uLW/trlMRvSlDilohSi5w3py625a33IUkFnW0lBH1um18BihdXR2sdm2
5nYHnpK+oi06bXGYfWldnrARCzWPXhHRWQqayJ341QU2iRxG9AhuKooDgz9JAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUCqaBQj+/YL77V+EAdp2B+Mc7dscwHwYDVR0j
BBgwFoAUzsX+GDo5EFyeJwLMK/CJH8NeHk8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
NjFjZjc3Ny04YWRmLTRlZjEtOGQ2Zi05ODYyYzU1NjIwZWEvMC9DRUM1RkUxODNB
MzkxMDVDOUUyNzAyQ0MyQkYwODkxRkMzNUUxRTRGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQ0VDNUZFMTgzQTM5MTA1QzlFMjcwMkNDMkJGMDg5MUZDMzVF
MUU0Ri5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzU2MWNmNzc3LThhZGYtNGVmMS04
ZDZmLTk4NjJjNTU2MjBlYS8wLzMxMzAzMzJlMzEzNzMwMmUzMTMwMzAyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTM0MzIzMzM2MzQucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnqmQwDQYJ
KoZIhvcNAQELBQADggEBADUp8WXpkKGkA5+ibWnB16SuK97cZhyEeI602eyBeL3+
/zV727CUR/LFHp+HE8RAfhJjL6vXKKTSYXd5xY7lrf6IWvAzQnTuEQrJFAgQgU7H
QZxY3nZMrjoDNHiX8VsK5462Lb0KOaETnH70KEuaaGQ/cEsLu8731fIu2Yva/cBd
DuRpk+QhpeOid0TdWbwi4HKNOpYzymDXfp0S1kG7jb//nS4KOeL0YSMJNePC2Qk2
GZZAMorf6vGaIMxy8ZeWHeU3DREGPM/tQJLR/x7mE4rsd/CyZWFIzP33UqLtdTmk
6l+EVMeu2KmHmfoBV2UjwQcNBuVTYJoMd0s/lJ8PxNY=
-----END CERTIFICATE-----
Generated at Thu Nov 21 13:37:46 2024 by rpki-client on console-ams.rpki-client.org