Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/3230332e3135332e3231322e302f32322d3234203d3e20313331373238.roa
File:                     3230332e3135332e3231322e302f32322d3234203d3e20313331373238.roa (raw, json)
Hash identifier:          0MBF+GfF+4l1v/jRUWwvYU5e3fbh4JltC3WkHgzH814=
Subject key identifier:   FA:F6:E2:F1:89:26:C6:B1:49:72:AE:EA:F3:6F:EE:07:47:33:5E:F1
Certificate issuer:       /CN=DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4
Certificate serial:       69924FF0E152B6F153B6652B1283062C85566256
Authority key identifier: DB:72:5E:AC:2D:D1:E6:2B:7A:02:C5:4A:61:8D:7A:01:B9:58:E4:C4
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/3230332e3135332e3231322e302f32322d3234203d3e20313331373238.roa
Signing time:             Mon 22 Apr 2024 05:07:05 +0000
ROA not before:           Mon 22 Apr 2024 05:02:05 +0000
ROA not after:            Mon 21 Apr 2025 05:07:05 +0000
asID:                     131728
IP address blocks:        203.153.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.crl
                          rsync://repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 26 Nov 2024 21:27:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:92:4f:f0:e1:52:b6:f1:53:b6:65:2b:12:83:06:2c:85:56:62:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4
        Validity
            Not Before: Apr 22 05:02:05 2024 GMT
            Not After : Apr 21 05:07:05 2025 GMT
        Subject: CN=FAF6E2F18926C6B14972AEEAF36FEE0747335EF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e0:c3:a4:22:71:30:ed:0f:5f:6e:63:ad:4f:
                    03:53:e5:62:55:c4:92:9a:2b:ea:da:98:8f:a7:00:
                    f5:23:46:d2:9a:97:c0:24:83:e9:bc:b8:db:be:a5:
                    0d:00:7a:88:93:26:9d:af:35:a5:ef:27:f9:5f:5c:
                    22:39:93:06:a5:13:c9:76:9f:f9:56:f1:e0:17:ef:
                    10:b5:8c:24:a9:43:8b:d9:db:ea:52:56:1b:5a:86:
                    89:fb:50:d6:d2:38:83:79:a9:d6:b9:a8:15:67:5e:
                    01:e6:84:df:42:d2:47:84:cf:cd:18:24:b7:fd:b3:
                    f6:30:d2:f3:7d:af:93:6f:b3:3f:bd:ce:25:24:02:
                    da:3a:e3:c5:f7:b4:ff:56:09:bd:20:27:ee:53:30:
                    2d:99:1c:a7:8a:09:43:e7:1b:0f:e4:33:73:73:e9:
                    46:b7:5a:7b:55:2f:13:2c:20:7b:86:32:a2:b9:39:
                    1d:d3:e1:84:29:46:16:7c:45:af:34:4e:28:f7:b0:
                    7e:59:cc:e8:f2:12:11:14:44:63:1d:38:67:e5:26:
                    f2:3a:95:cc:a0:3a:16:5b:cf:34:00:0b:8f:15:ef:
                    0e:4a:04:db:38:b0:71:ed:13:0e:8d:2c:c6:ae:93:
                    38:36:56:64:2b:35:c0:63:90:fc:5c:61:de:31:0b:
                    e7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F6:E2:F1:89:26:C6:B1:49:72:AE:EA:F3:6F:EE:07:47:33:5E:F1
            X509v3 Authority Key Identifier:
                keyid:DB:72:5E:AC:2D:D1:E6:2B:7A:02:C5:4A:61:8D:7A:01:B9:58:E4:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DB725EAC2DD1E62B7A02C54A618D7A01B958E4C4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/8015a855-b29c-4502-af81-cbb8b4f7f0f7/0/3230332e3135332e3231322e302f32322d3234203d3e20313331373238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.153.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:45:41:c0:e4:5a:88:85:9e:21:0a:e1:ce:8a:13:98:74:04:
         0a:f9:0c:46:9d:fa:5b:4c:72:ed:e0:63:1b:c1:ec:ae:d4:e6:
         bc:29:0c:c9:6d:09:11:1b:b7:ee:38:5f:8b:4e:04:5d:49:a4:
         6d:76:d0:9e:34:91:6a:c6:b8:b1:8d:39:01:04:a7:8e:1c:a4:
         51:27:c4:a1:02:f6:d8:88:42:c1:f9:2d:0e:b7:8b:f3:48:13:
         c2:00:51:20:65:5b:2c:9d:01:93:b3:b1:e3:a6:00:41:5f:20:
         42:0f:1f:d0:1e:9a:b4:1c:36:c5:79:0c:51:cc:a6:f8:0d:7e:
         73:3d:e7:b6:ce:9f:6f:3e:ec:c1:d2:9c:ad:92:8e:66:cc:3d:
         b1:cb:28:17:0d:ed:36:6a:43:d2:87:f5:29:71:13:9f:9d:4d:
         ad:e3:e6:8b:54:69:2d:44:51:a4:05:69:55:cf:71:8d:66:6c:
         95:78:b1:6b:ee:c2:d1:56:16:ae:55:7c:25:56:3a:97:4b:6f:
         72:06:60:1d:f1:a2:bc:cb:cb:7c:2b:5e:d7:ab:e6:41:15:92:
         31:b0:2b:85:e5:f5:ab:43:ee:92:a2:58:f7:4d:4d:a7:8e:f4:
         44:3a:c6:df:c0:82:6b:ba:7a:8b:88:00:d1:9b:5c:73:1c:79:
         3f:2f:0b:96
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUaZJP8OFStvFTtmUrEoMGLIVWYlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREI3MjVFQUMyREQxRTYyQjdBMDJDNTRBNjE4RDdBMDFC
OTU4RTRDNDAeFw0yNDA0MjIwNTAyMDVaFw0yNTA0MjEwNTA3MDVaMDMxMTAvBgNV
BAMTKEZBRjZFMkYxODkyNkM2QjE0OTcyQUVFQUYzNkZFRTA3NDczMzVFRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4MOkInEw7Q9fbmOtTwNT5WJV
xJKaK+ramI+nAPUjRtKal8Akg+m8uNu+pQ0AeoiTJp2vNaXvJ/lfXCI5kwalE8l2
n/lW8eAX7xC1jCSpQ4vZ2+pSVhtahon7UNbSOIN5qda5qBVnXgHmhN9C0keEz80Y
JLf9s/Yw0vN9r5Nvsz+9ziUkAto648X3tP9WCb0gJ+5TMC2ZHKeKCUPnGw/kM3Nz
6Ua3WntVLxMsIHuGMqK5OR3T4YQpRhZ8Ra80Tij3sH5ZzOjyEhEURGMdOGflJvI6
lcygOhZbzzQAC48V7w5KBNs4sHHtEw6NLMaukzg2VmQrNcBjkPxcYd4xC+d7AgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQU+vbi8YkmxrFJcq7q82/uB0czXvEwHwYDVR0j
BBgwFoAU23JerC3R5it6AsVKYY16AblY5MQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
MDE1YTg1NS1iMjljLTQ1MDItYWY4MS1jYmI4YjRmN2YwZjcvMC9EQjcyNUVBQzJE
RDFFNjJCN0EwMkM1NEE2MThEN0EwMUI5NThFNEM0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREI3MjVFQUMyREQxRTYyQjdBMDJDNTRBNjE4RDdBMDFCOTU4
RTRDNC5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzgwMTVhODU1LWIyOWMtNDUwMi1h
ZjgxLWNiYjhiNGY3ZjBmNy8wLzMyMzAzMzJlMzEzNTMzMmUzMjMxMzIyZTMwMmYz
MjMyMmQzMjM0MjAzZDNlMjAzMTMzMzEzNzMyMzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALLmdQwDQYJ
KoZIhvcNAQELBQADggEBAC9FQcDkWoiFniEK4c6KE5h0BAr5DEad+ltMcu3gYxvB
7K7U5rwpDMltCREbt+44X4tOBF1JpG120J40kWrGuLGNOQEEp44cpFEnxKEC9tiI
QsH5LQ63i/NIE8IAUSBlWyydAZOzseOmAEFfIEIPH9AemrQcNsV5DFHMpvgNfnM9
57bOn28+7MHSnK2SjmbMPbHLKBcN7TZqQ9KH9SlxE5+dTa3j5otUaS1EUaQFaVXP
cY1mbJV4sWvuwtFWFq5VfCVWOpdLb3IGYB3xorzLy3wrXter5kEVkjGwK4Xl9atD
7pKiWPdNTaeO9EQ6xt/Agmu6eouIANGbXHMceT8vC5Y=
-----END CERTIFICATE-----
Generated at Sun Nov 24 18:33:16 2024 by rpki-client on console-fra.rpki-client.org