Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/3130332e3134392e33342e302f32342d3234203d3e203234353334.roa
File:                     3130332e3134392e33342e302f32342d3234203d3e203234353334.roa (raw, json)
Hash identifier:          36HKzFRtXgkpw637URQhXSsabEjYhyMw6xSrfDJZVCk=
Subject key identifier:   57:EF:8A:D0:CB:16:EC:21:49:25:29:B6:BE:49:62:3F:3E:69:FD:14
Certificate issuer:       /CN=AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7
Certificate serial:       376E016B711C534F0F60C0EDD26319F6113CF806
Authority key identifier: AE:A1:1B:A0:E9:BE:13:4F:2A:F5:C9:C6:9E:B1:FF:58:5E:4F:3A:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/3130332e3134392e33342e302f32342d3234203d3e203234353334.roa
Signing time:             Fri 26 Apr 2024 10:02:04 +0000
ROA not before:           Fri 26 Apr 2024 09:57:04 +0000
ROA not after:            Fri 25 Apr 2025 10:02:04 +0000
asID:                     24534
IP address blocks:        103.149.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.crl
                          rsync://repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 11:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:6e:01:6b:71:1c:53:4f:0f:60:c0:ed:d2:63:19:f6:11:3c:f8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7
        Validity
            Not Before: Apr 26 09:57:04 2024 GMT
            Not After : Apr 25 10:02:04 2025 GMT
        Subject: CN=57EF8AD0CB16EC21492529B6BE49623F3E69FD14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:d1:77:81:88:be:c4:c5:db:af:82:d1:cb:
                    27:66:8a:bb:80:f3:22:b3:ca:f3:d4:10:46:bb:8c:
                    00:03:5a:b8:d9:91:14:6e:9d:04:3c:6c:4f:a5:5d:
                    37:8e:cb:b0:f8:1d:5d:60:f3:16:49:86:36:80:48:
                    e4:4e:a5:3e:0d:b7:04:04:8d:cf:55:4b:4d:e9:73:
                    86:eb:0e:12:8b:af:af:9a:1c:16:01:68:ae:f5:8a:
                    19:1b:c2:0b:93:a8:a5:73:3b:ed:60:ce:d1:b6:e7:
                    63:c6:bf:12:37:7c:37:79:77:33:40:f2:88:04:cc:
                    34:eb:14:10:ad:3f:dc:b8:53:d0:06:a2:b0:a0:2e:
                    39:2c:b7:7b:82:4f:43:14:c7:87:97:e2:88:db:93:
                    ff:73:1d:99:8c:b2:8d:b0:54:26:da:fe:ab:26:fb:
                    1e:9c:6c:f2:1d:14:69:c8:c6:e8:77:00:15:42:ed:
                    c7:bd:0b:4b:75:ca:0f:40:28:6f:cb:4f:01:b9:02:
                    67:45:b8:d1:14:e2:a5:7b:6c:b7:5d:54:34:61:e9:
                    3b:71:36:36:49:c5:e3:bb:aa:4c:2c:98:a3:71:d1:
                    73:f9:eb:4e:70:77:8f:04:cc:ae:eb:cb:2f:1d:53:
                    e3:4f:8f:7c:0f:79:66:11:e6:82:e4:c6:ce:0c:20:
                    e7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EF:8A:D0:CB:16:EC:21:49:25:29:B6:BE:49:62:3F:3E:69:FD:14
            X509v3 Authority Key Identifier:
                keyid:AE:A1:1B:A0:E9:BE:13:4F:2A:F5:C9:C6:9E:B1:FF:58:5E:4F:3A:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AEA11BA0E9BE134F2AF5C9C69EB1FF585E4F3AB7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/63635e25-8599-48ae-bdcb-e323dfc896ec/0/3130332e3134392e33342e302f32342d3234203d3e203234353334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.149.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:cb:86:da:bb:c7:48:e8:b4:95:db:11:9f:71:94:a5:cb:59:
         91:dd:fb:c3:cb:8d:7b:b5:d3:6a:60:5c:5a:02:fc:55:45:d0:
         71:4f:fd:75:b2:56:b4:80:cd:fe:07:cd:36:6d:cf:92:ae:57:
         a8:3e:41:5a:b4:93:e2:77:32:e9:88:ce:28:45:e8:dc:ca:e9:
         7f:f1:4b:ce:63:f5:d7:66:fa:75:94:28:ab:54:81:a3:37:1b:
         51:8d:db:c6:6c:92:e1:06:bd:39:0d:61:f4:5e:fe:97:a6:0b:
         c2:e1:dd:01:de:a8:87:d9:b9:c3:21:b1:22:f1:31:01:b6:e0:
         e6:db:f9:c7:f8:7c:80:60:60:1b:b1:35:a3:65:c3:e9:b9:fe:
         b1:45:11:e2:8c:ab:45:b2:31:1e:e7:9d:4e:48:33:b6:0c:a8:
         9d:e4:f9:d0:84:d9:c2:c0:b0:e6:a8:18:8e:72:86:d4:75:fc:
         7f:9e:ef:9b:c0:e3:bf:16:5c:a8:5e:af:ae:7d:23:4c:05:12:
         6e:52:59:0f:0c:cc:bc:b8:ba:94:91:6b:d2:4c:39:14:ca:6b:
         83:87:46:76:30:e1:1c:5d:4b:88:c7:d3:d4:7c:d9:7e:7a:39:
         a0:34:a7:a8:37:c2:57:b1:41:f9:78:b1:c1:33:10:6f:05:88:
         89:7a:dc:63
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUN24Ba3EcU08PYMDt0mMZ9hE8+AYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUVBMTFCQTBFOUJFMTM0RjJBRjVDOUM2OUVCMUZGNTg1
RTRGM0FCNzAeFw0yNDA0MjYwOTU3MDRaFw0yNTA0MjUxMDAyMDRaMDMxMTAvBgNV
BAMTKDU3RUY4QUQwQ0IxNkVDMjE0OTI1MjlCNkJFNDk2MjNGM0U2OUZEMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB/tF3gYi+xMXbr4LRyydmiruA
8yKzyvPUEEa7jAADWrjZkRRunQQ8bE+lXTeOy7D4HV1g8xZJhjaASOROpT4NtwQE
jc9VS03pc4brDhKLr6+aHBYBaK71ihkbwguTqKVzO+1gztG252PGvxI3fDd5dzNA
8ogEzDTrFBCtP9y4U9AGorCgLjkst3uCT0MUx4eX4ojbk/9zHZmMso2wVCba/qsm
+x6cbPIdFGnIxuh3ABVC7ce9C0t1yg9AKG/LTwG5AmdFuNEU4qV7bLddVDRh6Ttx
NjZJxeO7qkwsmKNx0XP5605wd48EzK7ryy8dU+NPj3wPeWYR5oLkxs4MIOfpAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUV++K0MsW7CFJJSm2vkliPz5p/RQwHwYDVR0j
BBgwFoAUrqEboOm+E08q9cnGnrH/WF5POrcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
MzYzNWUyNS04NTk5LTQ4YWUtYmRjYi1lMzIzZGZjODk2ZWMvMC9BRUExMUJBMEU5
QkUxMzRGMkFGNUM5QzY5RUIxRkY1ODVFNEYzQUI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQUVBMTFCQTBFOUJFMTM0RjJBRjVDOUM2OUVCMUZGNTg1RTRG
M0FCNy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzYzNjM1ZTI1LTg1OTktNDhhZS1i
ZGNiLWUzMjNkZmM4OTZlYy8wLzMxMzAzMzJlMzEzNDM5MmUzMzM0MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzNDM1MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGeVIjANBgkqhkiG
9w0BAQsFAAOCAQEAC8uG2rvHSOi0ldsRn3GUpctZkd37w8uNe7XTamBcWgL8VUXQ
cU/9dbJWtIDN/gfNNm3Pkq5XqD5BWrST4ncy6YjOKEXo3Mrpf/FLzmP112b6dZQo
q1SBozcbUY3bxmyS4Qa9OQ1h9F7+l6YLwuHdAd6oh9m5wyGxIvExAbbg5tv5x/h8
gGBgG7E1o2XD6bn+sUUR4oyrRbIxHuedTkgztgyoneT50ITZwsCw5qgYjnKG1HX8
f57vm8DjvxZcqF6vrn0jTAUSblJZDwzMvLi6lJFr0kw5FMprg4dGdjDhHF1LiMfT
1HzZfno5oDSnqDfCV7FB+XixwTMQbwWIiXrcYw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 10:49:15 2024 by rpki-client on console-fra.rpki-client.org