Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e332e302f32342d3234203d3e20313335343435.roa
File:                     3130332e3232332e332e302f32342d3234203d3e20313335343435.roa (raw, json)
Hash identifier:          KcveW1tF5J1kRaw/n683TrvF/jXOMRLG7zEuLu61cBQ=
Subject key identifier:   8E:3B:55:EF:5A:FF:F2:28:08:0A:30:8F:20:C8:C5:86:55:0C:C6:BA
Certificate issuer:       /CN=6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B
Certificate serial:       2EEF1C6807818629739A97A41435FD7E0616F14B
Authority key identifier: 6B:4D:14:FC:6D:37:4A:FC:CA:B1:90:C5:4D:DF:3A:1A:9D:4D:93:0B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e332e302f32342d3234203d3e20313335343435.roa
Signing time:             Wed 27 Mar 2024 17:00:02 +0000
ROA not before:           Wed 27 Mar 2024 16:55:02 +0000
ROA not after:            Wed 26 Mar 2025 17:00:02 +0000
asID:                     135445
IP address blocks:        103.223.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.crl
                          rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ef:1c:68:07:81:86:29:73:9a:97:a4:14:35:fd:7e:06:16:f1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B
        Validity
            Not Before: Mar 27 16:55:02 2024 GMT
            Not After : Mar 26 17:00:02 2025 GMT
        Subject: CN=8E3B55EF5AFFF228080A308F20C8C586550CC6BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e8:e9:c1:3b:12:10:f4:79:03:a3:d1:f2:7c:
                    2b:c9:43:8c:8c:fc:34:4d:9a:0b:77:45:ff:dc:f5:
                    c8:71:83:6c:b4:13:c1:70:55:2c:fc:f0:7b:bd:01:
                    66:6c:77:f2:7e:d2:7e:b2:46:aa:88:17:02:18:64:
                    ad:c0:47:88:0c:d6:06:ce:f1:a8:fa:56:0e:9f:1b:
                    65:4d:67:74:5e:95:ce:aa:1a:a0:a6:a0:ac:35:a8:
                    65:59:62:a4:36:2a:f9:6d:a8:41:60:e0:7b:24:44:
                    b8:3d:0d:ec:6b:56:95:07:fc:00:46:5a:88:5b:71:
                    1f:34:e1:98:26:7c:d3:53:05:09:b2:aa:83:b7:e5:
                    ef:ee:22:cc:b9:5f:90:9c:f2:72:b3:11:22:d4:56:
                    f6:dd:b1:30:93:c6:2f:7b:b4:bf:ab:d4:1e:89:33:
                    77:61:c2:c5:02:76:ff:3f:be:2f:ce:81:5c:ab:b3:
                    24:fc:6a:81:26:4e:5a:4a:9d:31:5f:fc:bc:b5:18:
                    a8:44:89:dd:bd:54:51:6e:99:15:19:d2:fe:d3:6a:
                    1c:dd:4b:39:78:f3:e5:7e:fa:61:81:0d:10:a0:0c:
                    87:12:c9:de:08:df:ab:b8:8a:3e:79:2e:d8:32:c3:
                    f6:8e:46:f5:cc:55:d9:c4:78:01:7c:c8:52:e1:1f:
                    4b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:3B:55:EF:5A:FF:F2:28:08:0A:30:8F:20:C8:C5:86:55:0C:C6:BA
            X509v3 Authority Key Identifier:
                keyid:6B:4D:14:FC:6D:37:4A:FC:CA:B1:90:C5:4D:DF:3A:1A:9D:4D:93:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6B4D14FC6D374AFCCAB190C54DDF3A1A9D4D930B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b7545b85-9274-470a-ad27-2469e9d155bc/0/3130332e3232332e332e302f32342d3234203d3e20313335343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.223.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:14:5e:19:da:a5:d5:e9:64:57:f9:5b:29:49:0b:06:e8:e2:
         f5:1f:88:ec:01:bc:db:90:50:4d:9d:06:64:04:8d:0b:23:c0:
         57:b4:f7:63:22:75:f5:de:a7:48:63:72:0b:f7:8c:1a:de:23:
         d7:6d:5d:6b:bc:fa:d5:52:ad:0d:c3:cd:32:d4:44:17:7c:0d:
         15:87:af:0a:53:0a:e8:c4:53:5e:a8:61:83:31:43:a0:9e:d5:
         ad:51:da:01:02:79:2e:f2:f2:dc:31:ec:af:48:5c:57:74:42:
         a4:f6:cd:68:97:47:45:ef:06:a1:2a:44:63:c4:51:e9:55:8c:
         b5:ed:b0:e0:c9:64:c6:fe:4a:b7:b4:fd:2c:d9:3a:b5:78:37:
         38:f4:69:f7:2c:be:cb:3f:99:13:99:bf:3c:e4:78:ef:6f:be:
         e3:96:3f:fa:53:15:1f:7c:2b:e9:1b:a9:dc:3c:da:81:8e:83:
         94:4f:5f:57:69:c1:e5:de:e6:e1:fc:16:61:7c:be:08:97:2c:
         f7:8e:3d:01:cd:13:7e:9c:65:cf:49:52:48:66:d2:3f:e9:45:
         e9:e6:43:a7:c8:c9:e1:21:33:8b:64:14:d7:d4:c3:39:13:8e:
         1c:a8:92:18:a0:f2:ef:db:b7:a5:4f:0d:21:10:b3:92:07:80:
         ee:0c:7c:17
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIULu8caAeBhilzmpekFDX9fgYW8UswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkI0RDE0RkM2RDM3NEFGQ0NBQjE5MEM1NERERjNBMUE5
RDREOTMwQjAeFw0yNDAzMjcxNjU1MDJaFw0yNTAzMjYxNzAwMDJaMDMxMTAvBgNV
BAMTKDhFM0I1NUVGNUFGRkYyMjgwODBBMzA4RjIwQzhDNTg2NTUwQ0M2QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq6OnBOxIQ9HkDo9HyfCvJQ4yM
/DRNmgt3Rf/c9chxg2y0E8FwVSz88Hu9AWZsd/J+0n6yRqqIFwIYZK3AR4gM1gbO
8aj6Vg6fG2VNZ3Relc6qGqCmoKw1qGVZYqQ2KvltqEFg4HskRLg9DexrVpUH/ABG
WohbcR804ZgmfNNTBQmyqoO35e/uIsy5X5Cc8nKzESLUVvbdsTCTxi97tL+r1B6J
M3dhwsUCdv8/vi/OgVyrsyT8aoEmTlpKnTFf/Ly1GKhEid29VFFumRUZ0v7Tahzd
Szl48+V++mGBDRCgDIcSyd4I36u4ij55Ltgyw/aORvXMVdnEeAF8yFLhH0sHAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUjjtV71r/8igICjCPIMjFhlUMxrowHwYDVR0j
BBgwFoAUa00U/G03SvzKsZDFTd86Gp1NkwswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
NzU0NWI4NS05Mjc0LTQ3MGEtYWQyNy0yNDY5ZTlkMTU1YmMvMC82QjREMTRGQzZE
Mzc0QUZDQ0FCMTkwQzU0RERGM0ExQTlENEQ5MzBCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkI0RDE0RkM2RDM3NEFGQ0NBQjE5MEM1NERERjNBMUE5RDRE
OTMwQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2I3NTQ1Yjg1LTkyNzQtNDcwYS1h
ZDI3LTI0NjllOWQxNTViYy8wLzMxMzAzMzJlMzIzMjMzMmUzMzJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzNTM0MzQzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGffAzANBgkqhkiG
9w0BAQsFAAOCAQEAMRReGdql1elkV/lbKUkLBuji9R+I7AG825BQTZ0GZASNCyPA
V7T3YyJ19d6nSGNyC/eMGt4j121da7z61VKtDcPNMtREF3wNFYevClMK6MRTXqhh
gzFDoJ7VrVHaAQJ5LvLy3DHsr0hcV3RCpPbNaJdHRe8GoSpEY8RR6VWMte2w4Mlk
xv5Kt7T9LNk6tXg3OPRp9yy+yz+ZE5m/POR472++45Y/+lMVH3wr6Rup3DzagY6D
lE9fV2nB5d7m4fwWYXy+CJcs9449Ac0Tfpxlz0lSSGbSP+lF6eZDp8jJ4SEzi2QU
19TDOROOHKiSGKDy79u3pU8NIRCzkgeA7gx8Fw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:41:55 2024 by rpki-client on console-fra.rpki-client.org