Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/3130332e3133352e3135322e302f32322d3234203d3e203338333230.roa
File:                     3130332e3133352e3135322e302f32322d3234203d3e203338333230.roa (raw, json)
Hash identifier:          bESiVh1gzvoB5pX1Ez8u5t1dFZk82mVkGTr2T1T7baQ=
Subject key identifier:   9B:77:37:D3:96:99:66:F1:8B:61:4B:39:49:27:4F:7F:46:BA:E7:70
Certificate issuer:       /CN=BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B
Certificate serial:       518945A1A89534504011C341581357E07093DCF9
Authority key identifier: BB:8E:14:FC:AD:3A:F2:EF:30:A8:F5:69:63:39:D6:F7:DF:5D:73:5B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/3130332e3133352e3135322e302f32322d3234203d3e203338333230.roa
Signing time:             Thu 16 May 2024 03:02:02 +0000
ROA not before:           Thu 16 May 2024 02:57:02 +0000
ROA not after:            Thu 15 May 2025 03:02:02 +0000
asID:                     38320
IP address blocks:        103.135.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.crl
                          rsync://repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:89:45:a1:a8:95:34:50:40:11:c3:41:58:13:57:e0:70:93:dc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B
        Validity
            Not Before: May 16 02:57:02 2024 GMT
            Not After : May 15 03:02:02 2025 GMT
        Subject: CN=9B7737D3969966F18B614B3949274F7F46BAE770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cd:71:80:91:19:cf:62:60:4b:80:e9:0f:b2:
                    29:74:46:7a:b1:f4:bb:31:d6:6d:67:18:f6:f1:87:
                    9f:82:39:1f:90:ae:4c:b7:0a:ef:15:88:f4:13:0a:
                    8f:14:28:5f:16:28:39:be:d2:ba:9a:17:80:f7:26:
                    40:d3:b8:58:55:c6:a8:9a:31:1f:e6:a8:b9:ec:02:
                    56:c2:d6:2a:08:be:99:3c:e9:4d:7e:90:a8:1a:94:
                    3d:d4:6e:7d:fc:c5:b1:87:e2:9f:c1:43:aa:e0:b7:
                    9b:78:0b:f8:5b:3f:33:6a:7c:de:44:89:7a:4d:84:
                    d6:aa:09:06:41:58:af:d1:52:24:c4:93:39:44:79:
                    81:e5:06:fd:9a:f3:51:fd:6a:75:17:88:f5:20:81:
                    3d:6b:a8:0f:17:f3:91:21:ea:78:82:e6:e1:1c:6e:
                    34:c0:f5:a5:f4:0d:47:5e:3b:c3:f5:56:c2:ec:d6:
                    47:28:69:d0:36:ce:38:38:6b:db:ce:90:f3:29:98:
                    11:94:f3:8b:d4:47:4b:ef:cb:c6:93:25:41:38:5a:
                    d6:96:fe:48:98:e9:73:4b:c6:61:be:a4:84:7a:de:
                    94:78:9b:f1:a6:e8:88:28:ec:ff:ad:59:67:27:af:
                    06:f1:da:4c:73:6f:2d:77:0c:ee:83:54:8a:3f:68:
                    25:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:77:37:D3:96:99:66:F1:8B:61:4B:39:49:27:4F:7F:46:BA:E7:70
            X509v3 Authority Key Identifier:
                keyid:BB:8E:14:FC:AD:3A:F2:EF:30:A8:F5:69:63:39:D6:F7:DF:5D:73:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BB8E14FCAD3AF2EF30A8F5696339D6F7DF5D735B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5da4ef71-f0e0-4252-8160-505321fa5089/0/3130332e3133352e3135322e302f32322d3234203d3e203338333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.135.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:96:21:a4:09:f0:5b:9a:5f:c4:83:58:58:bb:31:4e:ff:26:
         72:1f:8e:63:00:1d:16:4a:52:f8:00:ac:c8:ba:13:99:50:6b:
         41:1c:0a:46:3e:76:09:f4:9e:91:a8:6e:2e:9c:44:ce:b0:4b:
         64:33:52:cc:c0:e8:0c:42:d3:bc:23:52:14:3a:68:1c:d9:a9:
         95:6b:1e:a0:ee:84:c1:c3:f5:c8:97:d5:de:c5:75:08:45:83:
         de:68:ed:81:16:fe:ac:5a:cc:69:89:5a:aa:6a:27:fb:7a:7a:
         88:fc:ea:af:59:02:d3:ce:75:a2:21:cd:c0:8f:e3:11:ed:8f:
         0a:2c:8a:b5:cd:67:fa:ae:d3:74:f9:7b:8f:18:7b:aa:8d:16:
         3a:6a:9f:6f:bb:7e:4c:3e:0a:1d:db:90:67:ec:cd:25:e3:de:
         7a:42:bb:95:f3:65:72:8f:82:b6:f2:49:a3:f4:f6:83:81:0e:
         d2:05:d6:33:ce:d2:7a:18:d4:3a:43:57:91:87:b7:50:d2:05:
         2b:36:d9:59:e8:1b:e6:53:fb:51:c4:72:41:eb:f4:d4:18:df:
         25:69:ef:36:44:9d:97:2d:34:99:49:a0:9c:27:b9:67:a4:61:
         0f:63:46:5e:7a:1f:a1:ff:85:7c:41:93:a2:13:73:1a:77:a4:
         5c:77:05:11
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUUYlFoaiVNFBAEcNBWBNX4HCT3PkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkI4RTE0RkNBRDNBRjJFRjMwQThGNTY5NjMzOUQ2RjdE
RjVENzM1QjAeFw0yNDA1MTYwMjU3MDJaFw0yNTA1MTUwMzAyMDJaMDMxMTAvBgNV
BAMTKDlCNzczN0QzOTY5OTY2RjE4QjYxNEIzOTQ5Mjc0RjdGNDZCQUU3NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMzXGAkRnPYmBLgOkPsil0Rnqx
9Lsx1m1nGPbxh5+COR+Qrky3Cu8ViPQTCo8UKF8WKDm+0rqaF4D3JkDTuFhVxqia
MR/mqLnsAlbC1ioIvpk86U1+kKgalD3Ubn38xbGH4p/BQ6rgt5t4C/hbPzNqfN5E
iXpNhNaqCQZBWK/RUiTEkzlEeYHlBv2a81H9anUXiPUggT1rqA8X85Eh6niC5uEc
bjTA9aX0DUdeO8P1VsLs1kcoadA2zjg4a9vOkPMpmBGU84vUR0vvy8aTJUE4WtaW
/kiY6XNLxmG+pIR63pR4m/Gm6Igo7P+tWWcnrwbx2kxzby13DO6DVIo/aCUlAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUm3c305aZZvGLYUs5SSdPf0a653AwHwYDVR0j
BBgwFoAUu44U/K068u8wqPVpYznW999dc1swDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
ZGE0ZWY3MS1mMGUwLTQyNTItODE2MC01MDUzMjFmYTUwODkvMC9CQjhFMTRGQ0FE
M0FGMkVGMzBBOEY1Njk2MzM5RDZGN0RGNUQ3MzVCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQkI4RTE0RkNBRDNBRjJFRjMwQThGNTY5NjMzOUQ2RjdERjVE
NzM1Qi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVkYTRlZjcxLWYwZTAtNDI1Mi04
MTYwLTUwNTMyMWZhNTA4OS8wLzMxMzAzMzJlMzEzMzM1MmUzMTM1MzIyZTMwMmYz
MjMyMmQzMjM0MjAzZDNlMjAzMzM4MzMzMjMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZ4eYMA0GCSqG
SIb3DQEBCwUAA4IBAQAUliGkCfBbml/Eg1hYuzFO/yZyH45jAB0WSlL4AKzIuhOZ
UGtBHApGPnYJ9J6RqG4unETOsEtkM1LMwOgMQtO8I1IUOmgc2amVax6g7oTBw/XI
l9XexXUIRYPeaO2BFv6sWsxpiVqqaif7enqI/OqvWQLTznWiIc3Aj+MR7Y8KLIq1
zWf6rtN0+XuPGHuqjRY6ap9vu35MPgod25Bn7M0l4956QruV82Vyj4K28kmj9PaD
gQ7SBdYzztJ6GNQ6Q1eRh7dQ0gUrNtlZ6BvmU/tRxHJB6/TUGN8lae82RJ2XLTSZ
SaCcJ7lnpGEPY0Zeeh+h/4V8QZOiE3Mad6RcdwUR
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:48:39 2024 by rpki-client on console-fra.rpki-client.org