Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e322e302f32342d3234203d3e20313335343435.roa
File:                     3130332e3232332e322e302f32342d3234203d3e20313335343435.roa (raw, json)
Hash identifier:          zi0Ugpvz9AGZzkDJpuMaff1tYTfM/hzQCHiRBA1mbg8=
Subject key identifier:   DC:C0:0E:4F:6D:DE:30:AD:50:D5:D9:BB:FB:BA:C6:99:12:0C:31:C0
Certificate issuer:       /CN=6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B
Certificate serial:       757526A45D2644097201D56819085C588093E3D9
Authority key identifier: 6B:4D:14:FC:6D:37:4A:FC:CA:B1:90:C5:4D:DF:3A:1A:9D:4D:93:0B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e322e302f32342d3234203d3e20313335343435.roa
Signing time:             Wed 27 Mar 2024 17:00:02 +0000
ROA not before:           Wed 27 Mar 2024 16:55:02 +0000
ROA not after:            Wed 26 Mar 2025 17:00:02 +0000
asID:                     135445
IP address blocks:        103.223.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.crl
                          rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:75:26:a4:5d:26:44:09:72:01:d5:68:19:08:5c:58:80:93:e3:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B
        Validity
            Not Before: Mar 27 16:55:02 2024 GMT
            Not After : Mar 26 17:00:02 2025 GMT
        Subject: CN=DCC00E4F6DDE30AD50D5D9BBFBBAC699120C31C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:40:a0:3f:ed:58:e0:8f:91:77:d9:d2:c4:a9:
                    ca:1e:69:ff:d3:7f:96:33:b5:2e:e8:f7:87:46:6c:
                    e0:5b:68:0a:61:a6:00:40:14:47:5d:25:4d:35:b1:
                    82:ab:87:d0:75:83:e0:b7:80:c9:f5:99:87:fa:10:
                    19:2a:95:66:18:db:fa:f2:fd:3c:9a:fe:0c:65:94:
                    4e:72:27:e9:2a:7f:ad:ad:21:be:0f:cb:46:a9:d8:
                    a9:41:9e:46:7a:25:47:75:87:5c:22:fe:80:22:e1:
                    48:9e:83:9c:9a:9a:c6:09:e3:32:ab:ba:0c:28:ea:
                    29:fb:63:0d:e9:c4:1f:aa:41:19:c8:4f:75:24:e7:
                    43:44:86:c8:83:ce:83:a4:08:32:2e:81:95:4a:1b:
                    25:37:a9:20:74:86:b2:4c:24:b9:39:44:59:34:2f:
                    45:ba:35:40:b7:d3:5f:c6:b8:06:bc:dd:25:bb:b8:
                    73:95:9a:5b:69:7f:9f:e0:4e:75:2e:d3:6a:ef:4b:
                    8e:da:2e:38:37:06:55:35:dd:da:6d:0c:c0:60:4d:
                    62:58:74:a6:41:6c:b2:0a:0c:3c:e3:41:25:79:e4:
                    49:d8:1d:1b:e9:07:93:94:55:82:7f:d4:57:f5:a4:
                    dd:f4:09:e7:08:1b:8f:68:5e:ee:82:b1:09:8d:4b:
                    93:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C0:0E:4F:6D:DE:30:AD:50:D5:D9:BB:FB:BA:C6:99:12:0C:31:C0
            X509v3 Authority Key Identifier:
                keyid:6B:4D:14:FC:6D:37:4A:FC:CA:B1:90:C5:4D:DF:3A:1A:9D:4D:93:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e322e302f32342d3234203d3e20313335343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.223.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:32:ae:98:5a:19:76:29:77:1f:c5:25:ea:13:73:44:ec:23:
         24:a2:11:4b:c9:a9:8a:45:29:33:67:b0:37:2e:a5:31:53:cc:
         55:52:a1:03:61:28:38:64:c3:70:cc:69:12:3a:a2:2a:52:0c:
         92:8e:4e:41:7a:3b:4b:65:75:d4:3c:91:d8:49:57:12:6a:62:
         6e:75:3b:bb:d3:d5:cc:be:fe:3c:5e:7c:28:be:93:29:15:a4:
         88:31:5a:b2:e6:f5:55:32:37:ff:a9:cf:73:a7:0e:e7:da:56:
         92:e0:7d:d0:c3:64:24:af:6b:25:d8:3d:38:e5:03:04:56:e1:
         ec:09:f8:53:f9:81:18:df:c1:1a:d2:4c:da:69:52:52:17:cc:
         5c:cd:6d:27:8e:76:2c:e9:b4:3f:ac:76:b9:9e:43:d4:f5:0b:
         c9:9e:35:a4:1f:3d:c7:b5:58:16:c5:4d:5f:58:ef:60:c7:16:
         19:c2:e6:de:f5:f7:af:8e:88:bf:0c:af:04:01:0a:a6:13:51:
         06:ba:3a:bf:90:e1:1d:27:8f:a2:be:90:71:6c:ba:b1:cf:83:
         31:67:9f:c8:e8:59:ad:20:ef:e3:9d:b3:64:3d:b1:9d:5e:29:
         ec:93:83:02:1c:8e:04:d5:34:d5:94:15:10:13:79:57:b5:97:
         a0:30:74:39
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUdXUmpF0mRAlyAdVoGQhcWICT49kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkI0RDE0RkM2RDM3NEFGQ0NBQjE5MEM1NERERjNBMUE5
RDREOTMwQjAeFw0yNDAzMjcxNjU1MDJaFw0yNTAzMjYxNzAwMDJaMDMxMTAvBgNV
BAMTKERDQzAwRTRGNkRERTMwQUQ1MEQ1RDlCQkZCQkFDNjk5MTIwQzMxQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgQKA/7Vjgj5F32dLEqcoeaf/T
f5YztS7o94dGbOBbaAphpgBAFEddJU01sYKrh9B1g+C3gMn1mYf6EBkqlWYY2/ry
/Tya/gxllE5yJ+kqf62tIb4Py0ap2KlBnkZ6JUd1h1wi/oAi4Uieg5yamsYJ4zKr
ugwo6in7Yw3pxB+qQRnIT3Uk50NEhsiDzoOkCDIugZVKGyU3qSB0hrJMJLk5RFk0
L0W6NUC301/GuAa83SW7uHOVmltpf5/gTnUu02rvS47aLjg3BlU13dptDMBgTWJY
dKZBbLIKDDzjQSV55EnYHRvpB5OUVYJ/1Ff1pN30CecIG49oXu6CsQmNS5NxAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU3MAOT23eMK1Q1dm7+7rGmRIMMcAwHwYDVR0j
BBgwFoAUa00U/G03SvzKsZDFTd86Gp1NkwswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
NzU0NWI4NS05Mjc0LTQ3MGEtYWQyNy0yNDY5ZTlkMTU1YmMvMC82QjREMTRGQzZE
Mzc0QUZDQ0FCMTkwQzU0RERGM0ExQTlENEQ5MzBCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkI0RDE0RkM2RDM3NEFGQ0NBQjE5MEM1NERERjNBMUE5RDRE
OTMwQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2I3NTQ1Yjg1LTkyNzQtNDcwYS1h
ZDI3LTI0NjllOWQxNTViYy8wLzMxMzAzMzJlMzIzMjMzMmUzMjJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzNTM0MzQzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGffAjANBgkqhkiG
9w0BAQsFAAOCAQEAoDKumFoZdil3H8Ul6hNzROwjJKIRS8mpikUpM2ewNy6lMVPM
VVKhA2EoOGTDcMxpEjqiKlIMko5OQXo7S2V11DyR2ElXEmpibnU7u9PVzL7+PF58
KL6TKRWkiDFasub1VTI3/6nPc6cO59pWkuB90MNkJK9rJdg9OOUDBFbh7An4U/mB
GN/BGtJM2mlSUhfMXM1tJ452LOm0P6x2uZ5D1PULyZ41pB89x7VYFsVNX1jvYMcW
GcLm3vX3r46IvwyvBAEKphNRBro6v5DhHSePor6QcWy6sc+DMWefyOhZrSDv452z
ZD2xnV4p7JODAhyOBNU01ZQVEBN5V7WXoDB0OQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:43:51 2024 by rpki-client on console-ams.rpki-client.org