Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/3130332e3130372e3137362e302f32332d3234203d3e20313530393434.roa
File:                     3130332e3130372e3137362e302f32332d3234203d3e20313530393434.roa (raw, json)
Hash identifier:          /vVJsz9H1rrdPu3+MBJisVglzroKo7J977BqjWWW1JA=
Subject key identifier:   D6:AA:A3:29:07:8F:6B:6A:80:C1:65:6E:5E:4B:F8:13:2C:B7:72:17
Certificate issuer:       /CN=1D4A7562F096F3F753E388C14594BA75AE09E7F3
Certificate serial:       5BC8ED76111840612E2751993E3F68B527153D04
Authority key identifier: 1D:4A:75:62:F0:96:F3:F7:53:E3:88:C1:45:94:BA:75:AE:09:E7:F3
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1D4A7562F096F3F753E388C14594BA75AE09E7F3.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/3130332e3130372e3137362e302f32332d3234203d3e20313530393434.roa
Signing time:             Tue 09 Apr 2024 10:02:02 +0000
ROA not before:           Tue 09 Apr 2024 09:57:02 +0000
ROA not after:            Tue 08 Apr 2025 10:02:02 +0000
asID:                     150944
IP address blocks:        103.107.176.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/1D4A7562F096F3F753E388C14594BA75AE09E7F3.crl
                          rsync://repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/1D4A7562F096F3F753E388C14594BA75AE09E7F3.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1D4A7562F096F3F753E388C14594BA75AE09E7F3.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 26 Nov 2024 21:27:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:c8:ed:76:11:18:40:61:2e:27:51:99:3e:3f:68:b5:27:15:3d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1D4A7562F096F3F753E388C14594BA75AE09E7F3
        Validity
            Not Before: Apr  9 09:57:02 2024 GMT
            Not After : Apr  8 10:02:02 2025 GMT
        Subject: CN=D6AAA329078F6B6A80C1656E5E4BF8132CB77217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:c7:c5:ca:10:c1:cc:ff:ba:22:81:eb:0f:
                    83:95:fd:93:85:27:c4:33:67:bb:a0:bc:bd:a2:ae:
                    b7:de:ac:79:e2:62:9f:cd:f2:51:54:f1:3e:23:bb:
                    47:09:5d:ee:6a:df:32:0f:b8:99:e0:fb:cb:14:35:
                    33:8c:4a:57:10:92:38:fb:9a:35:31:f2:b8:59:d0:
                    b4:05:e9:a8:00:28:3a:09:dd:ac:5d:da:04:14:c7:
                    fb:0d:e4:5e:d4:97:c2:b8:e8:9b:26:21:5b:75:28:
                    e3:44:91:c1:96:19:74:94:96:dc:57:b8:90:8d:52:
                    c9:07:7d:8b:7a:a2:4c:96:dc:36:a9:51:d6:7e:e6:
                    c1:04:91:be:52:e0:b3:bb:2d:ea:af:fc:56:f6:d4:
                    c4:bc:55:e8:92:37:0a:78:67:3f:f5:7f:01:f9:d5:
                    84:70:ac:c8:01:30:81:c3:ce:f5:aa:eb:a4:c1:65:
                    e6:0c:e5:40:d6:e4:27:27:d2:8e:93:be:eb:32:84:
                    8f:55:97:71:d9:b9:70:f4:49:a0:0b:77:f4:ad:80:
                    24:d6:a8:7c:b5:76:49:f7:be:92:39:4b:11:7a:b3:
                    cd:df:fb:7d:03:b2:83:2f:28:a9:01:14:e8:42:a7:
                    1b:44:f5:9f:8b:0b:68:48:48:42:be:db:86:00:15:
                    1a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AA:A3:29:07:8F:6B:6A:80:C1:65:6E:5E:4B:F8:13:2C:B7:72:17
            X509v3 Authority Key Identifier:
                keyid:1D:4A:75:62:F0:96:F3:F7:53:E3:88:C1:45:94:BA:75:AE:09:E7:F3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/1D4A7562F096F3F753E388C14594BA75AE09E7F3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1D4A7562F096F3F753E388C14594BA75AE09E7F3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d36ab04d-68c7-4249-b109-46b28cf803f3/0/3130332e3130372e3137362e302f32332d3234203d3e20313530393434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.107.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:90:a9:e9:94:cb:fa:a2:2b:da:09:79:51:2e:b5:26:32:b0:
         cc:6f:73:92:91:65:ab:20:db:a4:91:29:05:de:93:c4:2a:d5:
         bc:66:7d:db:f5:27:df:c8:e4:b0:76:b8:ad:8a:77:90:19:fd:
         0a:9c:86:58:7d:d9:a8:ad:44:c5:fc:f1:7e:22:56:55:15:9c:
         04:66:5a:47:72:35:29:34:89:2a:d1:ae:7e:8b:9e:7e:7d:2e:
         f4:b6:b2:4c:6c:bf:16:2c:b5:c1:3c:5b:76:ef:b6:c0:69:50:
         15:46:26:30:13:78:25:73:ea:6d:a3:34:eb:9a:14:a0:b7:30:
         ba:ab:05:bf:9e:5c:54:97:69:1b:33:fb:2b:9d:71:14:6b:39:
         9e:37:1f:b5:5d:30:35:f5:b8:60:f8:1b:f6:f5:6f:9f:c7:e8:
         74:2f:f8:94:c4:a1:3b:5a:1c:a2:1d:b4:b5:09:d5:e1:bd:08:
         29:96:45:61:d1:42:e7:3c:27:7c:48:ec:38:46:71:14:e1:ce:
         d2:42:86:1b:0d:54:d3:97:59:5e:59:aa:18:65:d8:e8:9b:18:
         52:d3:1b:41:f1:fa:c8:bf:40:3d:db:cf:14:09:21:d0:c8:b2:
         72:9a:a6:58:b3:b0:1b:fe:c9:d4:b6:9b:9e:f3:76:87:09:01:
         75:f5:a3:f4
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUW8jtdhEYQGEuJ1GZPj9otScVPQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUQ0QTc1NjJGMDk2RjNGNzUzRTM4OEMxNDU5NEJBNzVB
RTA5RTdGMzAeFw0yNDA0MDkwOTU3MDJaFw0yNTA0MDgxMDAyMDJaMDMxMTAvBgNV
BAMTKEQ2QUFBMzI5MDc4RjZCNkE4MEMxNjU2RTVFNEJGODEzMkNCNzcyMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3uMfFyhDBzP+6IoHrD4OV/ZOF
J8QzZ7ugvL2irrferHniYp/N8lFU8T4ju0cJXe5q3zIPuJng+8sUNTOMSlcQkjj7
mjUx8rhZ0LQF6agAKDoJ3axd2gQUx/sN5F7Ul8K46JsmIVt1KONEkcGWGXSUltxX
uJCNUskHfYt6okyW3DapUdZ+5sEEkb5S4LO7Leqv/Fb21MS8VeiSNwp4Zz/1fwH5
1YRwrMgBMIHDzvWq66TBZeYM5UDW5Ccn0o6TvusyhI9Vl3HZuXD0SaALd/StgCTW
qHy1dkn3vpI5SxF6s83f+30DsoMvKKkBFOhCpxtE9Z+LC2hISEK+24YAFRoLAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQU1qqjKQePa2qAwWVuXkv4Eyy3chcwHwYDVR0j
BBgwFoAUHUp1YvCW8/dT44jBRZS6da4J5/MwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MzZhYjA0ZC02OGM3LTQyNDktYjEwOS00NmIyOGNmODAzZjMvMC8xRDRBNzU2MkYw
OTZGM0Y3NTNFMzg4QzE0NTk0QkE3NUFFMDlFN0YzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMUQ0QTc1NjJGMDk2RjNGNzUzRTM4OEMxNDU5NEJBNzVBRTA5
RTdGMy5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QzNmFiMDRkLTY4YzctNDI0OS1i
MTA5LTQ2YjI4Y2Y4MDNmMy8wLzMxMzAzMzJlMzEzMDM3MmUzMTM3MzYyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTM1MzAzOTM0MzQucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFna7AwDQYJ
KoZIhvcNAQELBQADggEBAFuQqemUy/qiK9oJeVEutSYysMxvc5KRZasg26SRKQXe
k8Qq1bxmfdv1J9/I5LB2uK2Kd5AZ/Qqchlh92aitRMX88X4iVlUVnARmWkdyNSk0
iSrRrn6Lnn59LvS2skxsvxYstcE8W3bvtsBpUBVGJjATeCVz6m2jNOuaFKC3MLqr
Bb+eXFSXaRsz+yudcRRrOZ43H7VdMDX1uGD4G/b1b5/H6HQv+JTEoTtaHKIdtLUJ
1eG9CCmWRWHRQuc8J3xI7DhGcRThztJChhsNVNOXWV5Zqhhl2OibGFLTG0Hx+si/
QD3bzxQJIdDIsnKaplizsBv+ydS2m57zdocJAXX1o/Q=
-----END CERTIFICATE-----
Generated at Sun Nov 24 08:01:26 2024 by rpki-client on console-fra.rpki-client.org