Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3130332e3139312e3134312e302f32342d3234203d3e20313439393232.roa
File:                     3130332e3139312e3134312e302f32342d3234203d3e20313439393232.roa (raw, json)
Hash identifier:          uJ4UndaAGVEWTS0CGBzHtyefGbyYsYBo80wyV0nM7O4=
Subject key identifier:   CE:B5:A6:1F:71:AD:AA:E7:10:41:3F:49:47:C6:4E:D3:42:1B:E7:C1
Certificate issuer:       /CN=3E648E6A8623C5C5DDF001526D0FDC0FF200F613
Certificate serial:       66A260451A6D4603C6A05A435132C1E97AE37A2F
Authority key identifier: 3E:64:8E:6A:86:23:C5:C5:DD:F0:01:52:6D:0F:DC:0F:F2:00:F6:13
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3130332e3139312e3134312e302f32342d3234203d3e20313439393232.roa
Signing time:             Wed 26 Jun 2024 05:00:02 +0000
ROA not before:           Wed 26 Jun 2024 04:55:02 +0000
ROA not after:            Wed 25 Jun 2025 05:00:02 +0000
asID:                     149922
IP address blocks:        103.191.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.crl
                          rsync://repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:a2:60:45:1a:6d:46:03:c6:a0:5a:43:51:32:c1:e9:7a:e3:7a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3E648E6A8623C5C5DDF001526D0FDC0FF200F613
        Validity
            Not Before: Jun 26 04:55:02 2024 GMT
            Not After : Jun 25 05:00:02 2025 GMT
        Subject: CN=CEB5A61F71ADAAE710413F4947C64ED3421BE7C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4a:0c:60:75:c2:1c:c0:12:f0:37:07:1d:21:
                    fa:95:f4:83:3e:b8:53:40:92:c7:70:d3:d0:19:75:
                    67:7e:af:f3:15:7e:eb:08:61:78:9b:bf:c1:39:3c:
                    da:58:25:8d:59:f0:22:ca:9d:dd:19:cc:8a:d9:e3:
                    0a:83:80:ab:b0:1b:a6:cb:91:c9:d9:02:92:80:10:
                    67:c8:53:56:61:d9:7f:ba:0c:8e:0c:40:54:7f:16:
                    38:70:08:fc:29:a1:36:f9:0f:f4:19:d5:50:7c:bc:
                    5f:8f:88:30:32:bb:60:6d:58:40:39:e0:30:a2:fa:
                    d4:d3:e2:56:c5:f8:1f:4d:12:91:d7:75:9d:21:a0:
                    bd:1f:67:41:42:28:af:1f:ae:05:60:c7:92:85:bd:
                    e1:3b:41:7d:cc:dd:23:a9:c3:1c:d2:8a:0f:12:b1:
                    b9:13:e1:f7:e9:71:ab:2c:8d:64:ab:44:fa:94:db:
                    c6:e7:14:5a:d2:ae:ba:f8:af:e2:89:d9:4a:4a:20:
                    62:53:cf:0f:25:12:58:f4:6e:bc:a1:ef:d7:27:75:
                    62:ce:d5:36:93:b7:a3:89:77:4e:fa:34:7c:e4:37:
                    ec:72:70:ed:93:86:8a:41:de:84:c7:24:ff:62:27:
                    52:47:ae:a3:41:71:70:2e:2a:1f:c1:2f:98:c4:19:
                    d5:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B5:A6:1F:71:AD:AA:E7:10:41:3F:49:47:C6:4E:D3:42:1B:E7:C1
            X509v3 Authority Key Identifier:
                keyid:3E:64:8E:6A:86:23:C5:C5:DD:F0:01:52:6D:0F:DC:0F:F2:00:F6:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3E648E6A8623C5C5DDF001526D0FDC0FF200F613.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/621f3fae-d0cb-4a17-a548-1ba6631b1e09/0/3130332e3139312e3134312e302f32342d3234203d3e20313439393232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.191.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:45:f5:d2:19:b2:72:73:15:c4:fb:32:82:b8:2a:15:d5:0f:
         23:51:82:b8:55:38:b3:fd:70:ba:84:3f:b3:bd:16:a3:73:8c:
         4d:c1:7b:f8:c4:8d:7d:bc:e2:fc:03:62:0c:24:0a:1b:c1:a9:
         d7:be:05:15:7c:77:68:85:0e:71:99:a9:19:4d:b3:12:6b:dc:
         14:a3:da:5b:6e:ac:ec:15:b3:42:bc:ad:17:79:45:97:f1:98:
         6a:00:b6:d5:c8:c9:05:bf:ba:85:b1:f3:04:54:ed:b1:7d:1f:
         48:c3:2a:5a:e9:9c:6f:fe:c9:90:b7:9a:74:da:f4:1b:ba:37:
         71:55:6e:3a:cc:ec:69:ce:b0:58:8b:15:40:1d:35:b7:33:bc:
         16:7b:35:5e:8f:39:53:10:34:7a:1b:45:7d:ae:85:ce:47:3e:
         81:45:4f:f3:49:eb:54:c0:65:74:0c:60:d3:70:39:7e:e8:de:
         67:6a:62:8a:20:48:a2:5e:86:d5:69:74:41:bb:32:d4:2d:87:
         c9:63:3e:c3:29:60:3d:3c:d1:5c:c9:cb:4d:74:cd:8b:56:70:
         3d:70:91:a3:5c:42:88:c8:bd:b0:7f:34:c8:3c:9f:ec:2b:f4:
         2c:6a:cb:18:75:3e:41:1b:db:c6:e2:ee:2b:a8:2f:ea:7d:81:
         18:07:f8:b8
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUZqJgRRptRgPGoFpDUTLB6Xrjei8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0U2NDhFNkE4NjIzQzVDNURERjAwMTUyNkQwRkRDMEZG
MjAwRjYxMzAeFw0yNDA2MjYwNDU1MDJaFw0yNTA2MjUwNTAwMDJaMDMxMTAvBgNV
BAMTKENFQjVBNjFGNzFBREFBRTcxMDQxM0Y0OTQ3QzY0RUQzNDIxQkU3QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3SgxgdcIcwBLwNwcdIfqV9IM+
uFNAksdw09AZdWd+r/MVfusIYXibv8E5PNpYJY1Z8CLKnd0ZzIrZ4wqDgKuwG6bL
kcnZApKAEGfIU1Zh2X+6DI4MQFR/FjhwCPwpoTb5D/QZ1VB8vF+PiDAyu2BtWEA5
4DCi+tTT4lbF+B9NEpHXdZ0hoL0fZ0FCKK8frgVgx5KFveE7QX3M3SOpwxzSig8S
sbkT4ffpcassjWSrRPqU28bnFFrSrrr4r+KJ2UpKIGJTzw8lElj0bryh79cndWLO
1TaTt6OJd076NHzkN+xycO2ThopB3oTHJP9iJ1JHrqNBcXAuKh/BL5jEGdXFAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUzrWmH3GtqucQQT9JR8ZO00Ib58EwHwYDVR0j
BBgwFoAUPmSOaoYjxcXd8AFSbQ/cD/IA9hMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
MjFmM2ZhZS1kMGNiLTRhMTctYTU0OC0xYmE2NjMxYjFlMDkvMC8zRTY0OEU2QTg2
MjNDNUM1RERGMDAxNTI2RDBGREMwRkYyMDBGNjEzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvM0U2NDhFNkE4NjIzQzVDNURERjAwMTUyNkQwRkRDMEZGMjAw
RjYxMy5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzYyMWYzZmFlLWQwY2ItNGExNy1h
NTQ4LTFiYTY2MzFiMWUwOS8wLzMxMzAzMzJlMzEzOTMxMmUzMTM0MzEyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMTM0MzkzOTMyMzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnv40wDQYJ
KoZIhvcNAQELBQADggEBAEVF9dIZsnJzFcT7MoK4KhXVDyNRgrhVOLP9cLqEP7O9
FqNzjE3Be/jEjX284vwDYgwkChvBqde+BRV8d2iFDnGZqRlNsxJr3BSj2lturOwV
s0K8rRd5RZfxmGoAttXIyQW/uoWx8wRU7bF9H0jDKlrpnG/+yZC3mnTa9Bu6N3FV
bjrM7GnOsFiLFUAdNbczvBZ7NV6POVMQNHobRX2uhc5HPoFFT/NJ61TAZXQMYNNw
OX7o3mdqYoogSKJehtVpdEG7MtQth8ljPsMpYD080VzJy010zYtWcD1wkaNcQojI
vbB/NMg8n+wr9Cxqyxh1PkEb28bi7iuoL+p9gRgH+Lg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:19:26 2024 by rpki-client on console-ams.rpki-client.org