Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/3130332e3132312e39382e302f32332d3234203d3e20313335343738.roa
File:                     3130332e3132312e39382e302f32332d3234203d3e20313335343738.roa (raw, json)
Hash identifier:          bmysxcOeAMJ3fwlyTYmlbIgtCpadnSCaOEoAvn7FUqk=
Subject key identifier:   06:75:65:03:08:B7:11:60:72:EE:44:47:9E:1A:D6:52:25:A5:E9:32
Certificate issuer:       /CN=AE12581F3D20A87088DAAE24374CC2D8FE34FA12
Certificate serial:       312170B7EC46AE650C833A1B9197EC7A2E25A020
Authority key identifier: AE:12:58:1F:3D:20:A8:70:88:DA:AE:24:37:4C:C2:D8:FE:34:FA:12
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/3130332e3132312e39382e302f32332d3234203d3e20313335343738.roa
Signing time:             Wed 03 Jan 2024 05:02:02 +0000
ROA not before:           Wed 03 Jan 2024 04:57:02 +0000
ROA not after:            Wed 01 Jan 2025 05:02:02 +0000
asID:                     135478
IP address blocks:        103.121.98.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.crl
                          rsync://repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 01:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:21:70:b7:ec:46:ae:65:0c:83:3a:1b:91:97:ec:7a:2e:25:a0:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AE12581F3D20A87088DAAE24374CC2D8FE34FA12
        Validity
            Not Before: Jan  3 04:57:02 2024 GMT
            Not After : Jan  1 05:02:02 2025 GMT
        Subject: CN=0675650308B7116072EE44479E1AD65225A5E932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:92:f3:ed:6b:d6:92:8c:c7:cc:4f:8f:af:1b:
                    05:db:aa:5a:93:11:73:1f:0f:81:ae:1a:98:7a:45:
                    4a:cc:d1:27:09:01:47:84:14:a1:ca:5e:5f:ba:92:
                    9f:ee:bd:3f:f2:94:37:82:ea:cf:d4:e8:68:db:bc:
                    f4:eb:b5:60:0a:3a:a2:50:f0:2d:af:3d:91:68:4f:
                    5a:28:54:cb:2b:d9:ee:51:fd:b1:4d:27:2a:f1:68:
                    51:55:dd:a3:f3:55:e0:f1:fc:1c:ac:ea:83:42:2f:
                    8b:d0:a1:35:60:9b:0c:a9:23:02:13:e4:3d:14:ab:
                    7b:5d:ff:79:2f:f8:1d:20:6a:a7:d7:59:3e:f2:d1:
                    85:cf:6b:7d:f5:95:8d:8f:00:90:51:b4:43:ba:d0:
                    1d:e7:39:ac:8a:e6:1c:f6:93:b1:75:31:e5:b3:43:
                    17:90:7d:4b:64:6a:9e:d8:07:38:3e:f7:b3:5e:85:
                    3f:c1:f5:2e:48:d6:50:de:25:7f:f1:6c:73:cd:21:
                    b0:6a:5e:46:0a:c0:2c:1f:e5:15:63:cb:33:1b:f7:
                    1c:0f:de:25:ef:5e:34:db:3e:07:05:7f:57:69:5c:
                    8a:39:5c:a9:db:99:4c:7f:68:30:7f:e5:ab:be:bf:
                    6a:92:56:1a:75:3a:1a:5d:fa:c2:4e:ed:5d:7d:13:
                    27:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:75:65:03:08:B7:11:60:72:EE:44:47:9E:1A:D6:52:25:A5:E9:32
            X509v3 Authority Key Identifier:
                keyid:AE:12:58:1F:3D:20:A8:70:88:DA:AE:24:37:4C:C2:D8:FE:34:FA:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AE12581F3D20A87088DAAE24374CC2D8FE34FA12.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b377461d-fe4f-4961-92e5-9655af25754a/0/3130332e3132312e39382e302f32332d3234203d3e20313335343738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:c8:54:25:8c:6e:d6:91:4c:89:82:03:a4:41:4f:76:16:9b:
         e6:10:ee:8b:73:d3:41:00:7b:1d:c2:a8:7b:26:25:32:0a:36:
         74:8a:b2:b3:c1:c0:ad:02:95:71:86:aa:d0:73:18:34:3c:81:
         03:30:3b:bf:92:73:44:6e:67:fd:f7:d9:15:f3:1c:2a:81:65:
         2f:6d:98:e0:be:2f:72:57:8b:27:86:24:92:bb:9b:04:26:a6:
         42:37:d1:38:23:96:6e:35:3e:51:fe:00:7f:3f:3c:cc:7f:85:
         60:d8:17:02:6e:f5:79:c2:73:75:75:d0:5e:d7:87:dc:94:a2:
         cb:0c:6d:37:44:7b:c2:0d:cf:f4:21:16:1e:56:18:8c:28:26:
         cf:f7:9c:29:36:c3:5f:f3:d8:65:7f:ba:4a:47:c6:1e:19:f9:
         5a:a4:a0:c4:e7:95:7d:d6:7b:09:84:4d:63:7e:0b:24:d2:1b:
         2e:5a:38:4e:63:2f:69:b8:95:d8:db:10:7e:36:8e:e7:0b:b2:
         46:e1:c1:91:b6:19:b1:75:85:40:28:b5:fe:47:03:8f:cf:de:
         41:12:30:e8:9c:e0:e4:ae:e8:94:3f:18:1f:43:87:cd:d2:f3:
         4d:d9:2f:34:ec:d3:0a:b3:12:86:bc:d1:f1:67:e2:46:5e:d4:
         e8:65:ff:7b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUMSFwt+xGrmUMgzobkZfsei4loCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUUxMjU4MUYzRDIwQTg3MDg4REFBRTI0Mzc0Q0MyRDhG
RTM0RkExMjAeFw0yNDAxMDMwNDU3MDJaFw0yNTAxMDEwNTAyMDJaMDMxMTAvBgNV
BAMTKDA2NzU2NTAzMDhCNzExNjA3MkVFNDQ0NzlFMUFENjUyMjVBNUU5MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8kvPta9aSjMfMT4+vGwXbqlqT
EXMfD4GuGph6RUrM0ScJAUeEFKHKXl+6kp/uvT/ylDeC6s/U6GjbvPTrtWAKOqJQ
8C2vPZFoT1ooVMsr2e5R/bFNJyrxaFFV3aPzVeDx/Bys6oNCL4vQoTVgmwypIwIT
5D0Uq3td/3kv+B0gaqfXWT7y0YXPa331lY2PAJBRtEO60B3nOayK5hz2k7F1MeWz
QxeQfUtkap7YBzg+97NehT/B9S5I1lDeJX/xbHPNIbBqXkYKwCwf5RVjyzMb9xwP
3iXvXjTbPgcFf1dpXIo5XKnbmUx/aDB/5au+v2qSVhp1Ohpd+sJO7V19EyctAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUBnVlAwi3EWBy7kRHnhrWUiWl6TIwHwYDVR0j
BBgwFoAUrhJYHz0gqHCI2q4kN0zC2P40+hIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
Mzc3NDYxZC1mZTRmLTQ5NjEtOTJlNS05NjU1YWYyNTc1NGEvMC9BRTEyNTgxRjNE
MjBBODcwODhEQUFFMjQzNzRDQzJEOEZFMzRGQTEyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQUUxMjU4MUYzRDIwQTg3MDg4REFBRTI0Mzc0Q0MyRDhGRTM0
RkExMi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2IzNzc0NjFkLWZlNGYtNDk2MS05
MmU1LTk2NTVhZjI1NzU0YS8wLzMxMzAzMzJlMzEzMjMxMmUzOTM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzMzM1MzQzNzM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ3liMA0GCSqG
SIb3DQEBCwUAA4IBAQAkyFQljG7WkUyJggOkQU92FpvmEO6Lc9NBAHsdwqh7JiUy
CjZ0irKzwcCtApVxhqrQcxg0PIEDMDu/knNEbmf999kV8xwqgWUvbZjgvi9yV4sn
hiSSu5sEJqZCN9E4I5ZuNT5R/gB/PzzMf4Vg2BcCbvV5wnN1ddBe14fclKLLDG03
RHvCDc/0IRYeVhiMKCbP95wpNsNf89hlf7pKR8YeGflapKDE55V91nsJhE1jfgsk
0hsuWjhOYy9puJXY2xB+No7nC7JG4cGRthmxdYVAKLX+RwOPz95BEjDonODkruiU
PxgfQ4fN0vNN2S807NMKsxKGvNHxZ+JGXtToZf97
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:33:00 2024 by rpki-client on console-ams.rpki-client.org