Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa
File:                     3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa (raw, json)
Hash identifier:          HZ2RlTa0ShtMozsl632wUCBjGvdspqNpWVFnePh2zho=
Subject key identifier:   E1:CA:62:45:FA:35:F1:9E:41:9A:F8:E3:2C:A7:B9:54:68:A9:16:DD
Certificate issuer:       /CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
Certificate serial:       31A97605E243EE2023054C999D6698FC5022BA38
Authority key identifier: 66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa
Signing time:             Fri 14 Jun 2024 11:01:29 +0000
ROA not before:           Fri 14 Jun 2024 10:56:29 +0000
ROA not after:            Fri 13 Jun 2025 11:01:29 +0000
asID:                     17440
IP address blocks:        103.209.250.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl
                          rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Feb 2025 18:46:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a9:76:05:e2:43:ee:20:23:05:4c:99:9d:66:98:fc:50:22:ba:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
        Validity
            Not Before: Jun 14 10:56:29 2024 GMT
            Not After : Jun 13 11:01:29 2025 GMT
        Subject: CN=E1CA6245FA35F19E419AF8E32CA7B95468A916DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:65:06:6c:3e:60:56:c2:b7:fc:5d:e6:1c:be:
                    c0:08:b3:af:39:66:46:79:75:5d:86:20:3d:44:a5:
                    cf:55:16:dd:29:ce:f9:dd:31:1c:62:bf:9c:e3:ee:
                    19:8e:9b:da:c3:d3:55:f4:59:7c:2d:a6:fd:52:df:
                    7e:14:ae:50:c3:d2:5c:b3:1b:1b:ce:ed:2b:fb:58:
                    70:d4:a6:d7:48:23:73:7d:1e:60:d1:12:7d:cb:f2:
                    a6:66:54:64:f3:86:a2:c9:9e:2d:27:91:8d:a6:a7:
                    43:b6:67:c0:ed:bc:c1:49:c5:e4:03:e0:32:82:0a:
                    4c:8f:19:92:81:e3:99:f7:77:bc:1d:e1:07:09:b8:
                    7f:3c:86:56:6a:46:19:2e:89:f3:b2:49:c2:09:1d:
                    a9:fd:dc:aa:bc:61:fa:99:15:37:65:ea:29:b6:fd:
                    e1:51:09:91:ce:9f:39:bd:ed:18:8a:11:72:02:7a:
                    19:d3:72:ef:6a:27:d1:a9:15:09:34:9f:a0:3e:ec:
                    1f:5d:e0:a9:0f:34:e2:67:dd:d6:4e:33:ba:db:ab:
                    28:67:ab:87:4c:4f:84:c2:b4:09:1b:13:9d:40:ca:
                    01:e5:dc:17:28:ba:d2:ce:c6:dc:fa:22:bd:72:af:
                    73:e8:38:25:54:c9:96:ec:ee:83:f9:d2:0a:79:c6:
                    ad:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CA:62:45:FA:35:F1:9E:41:9A:F8:E3:2C:A7:B9:54:68:A9:16:DD
            X509v3 Authority Key Identifier:
                keyid:66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.209.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:de:7d:13:3e:eb:02:82:bd:c2:ec:c9:fa:d0:d7:17:e8:fb:
         ff:2c:40:d8:52:68:7f:9b:37:f4:9e:80:1f:d5:38:17:ff:4e:
         1f:ca:6b:fa:33:59:da:ca:54:54:76:33:14:87:32:da:54:1b:
         24:85:73:09:32:a3:7c:5e:8d:d5:0e:39:a9:33:92:6e:d2:92:
         95:71:8a:39:0b:f1:47:46:8c:78:53:18:49:1e:ff:57:03:e9:
         2c:d7:86:13:33:ba:63:81:59:66:2b:16:6e:fd:ad:8f:7b:98:
         9c:81:67:d6:7b:49:d0:db:f3:10:ae:bc:0f:35:5e:97:16:48:
         6a:61:e7:f0:03:bb:ec:24:d2:22:11:89:6e:26:1b:f2:3a:a5:
         c0:39:bc:1c:32:bc:e6:c4:52:1e:bc:df:53:9c:95:d7:20:96:
         61:12:99:06:18:5f:63:a4:bb:a7:66:f0:36:76:09:99:41:72:
         60:7d:13:c8:2d:0f:b4:10:d4:07:1a:e9:01:a8:3b:58:9a:d1:
         19:dd:ec:49:35:ef:11:dc:d0:d0:f9:77:3c:b1:d2:b4:de:7b:
         60:00:96:2f:47:a2:fb:0b:74:94:a4:49:b3:b7:89:16:a1:ac:
         5a:23:80:42:52:6a:20:f4:a9:3c:35:37:80:4b:e4:74:dc:e3:
         77:15:98:e7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUMal2BeJD7iAjBUyZnWaY/FAiujgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5
QkU1NzBFNzAeFw0yNDA2MTQxMDU2MjlaFw0yNTA2MTMxMTAxMjlaMDMxMTAvBgNV
BAMTKEUxQ0E2MjQ1RkEzNUYxOUU0MTlBRjhFMzJDQTdCOTU0NjhBOTE2REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiZQZsPmBWwrf8XeYcvsAIs685
ZkZ5dV2GID1Epc9VFt0pzvndMRxiv5zj7hmOm9rD01X0WXwtpv1S334UrlDD0lyz
GxvO7Sv7WHDUptdII3N9HmDREn3L8qZmVGTzhqLJni0nkY2mp0O2Z8DtvMFJxeQD
4DKCCkyPGZKB45n3d7wd4QcJuH88hlZqRhkuifOyScIJHan93Kq8YfqZFTdl6im2
/eFRCZHOnzm97RiKEXICehnTcu9qJ9GpFQk0n6A+7B9d4KkPNOJn3dZOM7rbqyhn
q4dMT4TCtAkbE51AygHl3BcoutLOxtz6Ir1yr3PoOCVUyZbs7oP50gp5xq2BAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU4cpiRfo18Z5BmvjjLKe5VGipFt0wHwYDVR0j
BBgwFoAUZqa2DOAPOdPTwigCTIfSeZvlcOcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
YzA3NGNkOC0yODMwLTRlYWItYmRkNC1hODA3ZWM1MTE1ZGEvMC82NkE2QjYwQ0Uw
MEYzOUQzRDNDMjI4MDI0Qzg3RDI3OTlCRTU3MEU3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5QkU1
NzBFNy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdjMDc0Y2Q4LTI4MzAtNGVhYi1i
ZGQ0LWE4MDdlYzUxMTVkYS8wLzMxMzAzMzJlMzIzMDM5MmUzMjM1MzAyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzMTM3MzQzNDMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ9H6MA0GCSqG
SIb3DQEBCwUAA4IBAQCd3n0TPusCgr3C7Mn60NcX6Pv/LEDYUmh/mzf0noAf1TgX
/04fymv6M1naylRUdjMUhzLaVBskhXMJMqN8Xo3VDjmpM5Ju0pKVcYo5C/FHRox4
UxhJHv9XA+ks14YTM7pjgVlmKxZu/a2Pe5icgWfWe0nQ2/MQrrwPNV6XFkhqYefw
A7vsJNIiEYluJhvyOqXAObwcMrzmxFIevN9TnJXXIJZhEpkGGF9jpLunZvA2dgmZ
QXJgfRPILQ+0ENQHGukBqDtYmtEZ3exJNe8R3NDQ+Xc8sdK03ntgAJYvR6L7C3SU
pEmzt4kWoaxaI4BCUmog9Kk8NTeAS+R03ON3FZjn
-----END CERTIFICATE-----
Generated at Fri Feb 21 10:59:45 2025 by rpki-client