Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/3130332e32312e38342e302f32322d3234203d3e203435373836.roa
File:                     3130332e32312e38342e302f32322d3234203d3e203435373836.roa (raw, json)
Hash identifier:          ev9kwx7xYfGQ0wqa7vOCRk3KIttSxKV6RHvfveIzVEs=
Subject key identifier:   CD:4D:67:15:6F:4F:FD:11:A5:D5:0D:BD:DB:A7:58:28:B4:82:B9:03
Certificate issuer:       /CN=BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B
Certificate serial:       4DD492B7F60F2BE35129658813801C75C894E4AB
Authority key identifier: BF:07:6E:A2:4A:68:CF:15:2C:32:3C:7A:3D:FD:3F:92:AF:E8:AA:2B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/3130332e32312e38342e302f32322d3234203d3e203435373836.roa
Signing time:             Thu 22 Aug 2024 10:00:01 +0000
ROA not before:           Thu 22 Aug 2024 09:55:01 +0000
ROA not after:            Thu 21 Aug 2025 10:00:01 +0000
asID:                     45786
IP address blocks:        103.21.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.crl
                          rsync://repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Mar 2025 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d4:92:b7:f6:0f:2b:e3:51:29:65:88:13:80:1c:75:c8:94:e4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B
        Validity
            Not Before: Aug 22 09:55:01 2024 GMT
            Not After : Aug 21 10:00:01 2025 GMT
        Subject: CN=CD4D67156F4FFD11A5D50DBDDBA75828B482B903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2c:de:cd:89:f1:af:d9:e7:30:3f:be:dc:f5:
                    a6:71:91:68:72:07:76:dd:7b:cb:d2:82:77:e5:53:
                    b3:da:73:c4:35:0e:4f:ae:60:7e:26:95:2b:2d:8a:
                    67:67:8c:3c:ad:f5:90:e4:d2:16:8c:c6:e2:3b:d7:
                    46:fe:83:f2:87:7a:cf:2a:a9:66:53:b3:65:08:8f:
                    60:06:9c:c0:8d:ae:29:ca:1d:e8:73:d0:4c:51:38:
                    9f:b7:3b:c7:5a:82:86:61:31:c3:db:8c:d4:5a:a8:
                    72:17:7c:74:1a:3f:b5:34:f0:1d:da:6f:90:97:cd:
                    b6:34:0f:11:16:75:0a:41:2c:f7:d2:75:0e:8f:76:
                    d4:e5:95:cb:84:5a:8d:d8:9d:aa:18:f1:59:d5:a1:
                    4a:c1:b7:9f:3c:c8:71:c6:61:a9:58:7a:24:46:9a:
                    d7:93:ab:05:bc:ce:c8:b9:87:d7:c9:a3:82:29:fa:
                    51:20:c5:0b:ed:a6:96:95:66:cf:fd:1f:b7:bc:cb:
                    d2:38:3d:d1:99:f6:89:3a:7d:6d:b9:61:2c:1e:94:
                    72:33:12:5b:9b:76:86:9c:72:ba:2f:a1:0f:4e:6a:
                    a0:62:99:05:9c:9f:22:b8:3c:87:5b:cc:47:00:87:
                    04:a8:6b:02:6d:61:cc:23:b2:69:0c:dc:15:8d:ff:
                    2c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:4D:67:15:6F:4F:FD:11:A5:D5:0D:BD:DB:A7:58:28:B4:82:B9:03
            X509v3 Authority Key Identifier:
                keyid:BF:07:6E:A2:4A:68:CF:15:2C:32:3C:7A:3D:FD:3F:92:AF:E8:AA:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF076EA24A68CF152C323C7A3DFD3F92AFE8AA2B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/e50da447-a138-4625-a420-a711ac243519/0/3130332e32312e38342e302f32322d3234203d3e203435373836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:f0:47:fd:0e:3f:e3:07:89:24:dc:9e:be:9c:38:25:ea:39:
         b2:bf:6f:e4:8e:44:3d:2e:96:62:9a:83:a9:0d:ec:45:5b:ec:
         28:23:fa:f4:32:cd:59:68:91:ed:06:66:e5:b7:45:8c:c9:de:
         6c:b3:9f:75:b4:cb:d0:7f:7e:67:cd:89:15:de:f1:24:10:e9:
         f7:38:fc:13:da:32:d4:98:90:a8:38:fc:8e:89:46:ac:26:51:
         7b:6b:47:88:33:bb:b3:7c:71:5f:50:b6:90:ea:b6:9e:6d:a6:
         69:7e:b3:d3:ce:dc:bd:da:91:ad:77:5f:c1:35:ab:01:fe:76:
         8a:b1:72:4d:51:f7:ae:62:96:9f:8d:4b:c8:fa:c4:53:d3:3a:
         d6:35:4b:bf:62:67:3c:47:90:99:52:19:4d:27:39:ed:52:89:
         8d:a5:90:07:c4:7e:be:53:e7:80:0d:20:73:0f:43:57:1a:9d:
         51:0a:48:f6:80:37:be:a1:23:b0:c7:aa:eb:35:d2:62:68:3d:
         a8:d8:ce:02:a9:48:66:8d:0a:b0:df:a3:4f:f8:a3:fa:80:fc:
         cf:ee:31:d9:69:5d:30:b0:93:ec:ee:25:66:c0:34:b8:c1:73:
         c9:d6:50:d0:6a:93:c2:5a:ac:91:ba:b0:7d:bf:3e:8c:32:f0:
         f9:03:f6:97
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUTdSSt/YPK+NRKWWIE4AcdciU5KswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkYwNzZFQTI0QTY4Q0YxNTJDMzIzQzdBM0RGRDNGOTJB
RkU4QUEyQjAeFw0yNDA4MjIwOTU1MDFaFw0yNTA4MjExMDAwMDFaMDMxMTAvBgNV
BAMTKENENEQ2NzE1NkY0RkZEMTFBNUQ1MERCRERCQTc1ODI4QjQ4MkI5MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2LN7NifGv2ecwP77c9aZxkWhy
B3bde8vSgnflU7Pac8Q1Dk+uYH4mlSstimdnjDyt9ZDk0haMxuI710b+g/KHes8q
qWZTs2UIj2AGnMCNrinKHehz0ExROJ+3O8dagoZhMcPbjNRaqHIXfHQaP7U08B3a
b5CXzbY0DxEWdQpBLPfSdQ6PdtTllcuEWo3YnaoY8VnVoUrBt588yHHGYalYeiRG
mteTqwW8zsi5h9fJo4Ip+lEgxQvtppaVZs/9H7e8y9I4PdGZ9ok6fW25YSwelHIz
ElubdoaccrovoQ9OaqBimQWcnyK4PIdbzEcAhwSoawJtYcwjsmkM3BWN/ywDAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUzU1nFW9P/RGl1Q2926dYKLSCuQMwHwYDVR0j
BBgwFoAUvwduokpozxUsMjx6Pf0/kq/oqiswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
NTBkYTQ0Ny1hMTM4LTQ2MjUtYTQyMC1hNzExYWMyNDM1MTkvMC9CRjA3NkVBMjRB
NjhDRjE1MkMzMjNDN0EzREZEM0Y5MkFGRThBQTJCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQkYwNzZFQTI0QTY4Q0YxNTJDMzIzQzdBM0RGRDNGOTJBRkU4
QUEyQi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2U1MGRhNDQ3LWExMzgtNDYyNS1h
NDIwLWE3MTFhYzI0MzUxOS8wLzMxMzAzMzJlMzIzMTJlMzgzNDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDM0MzUzNzM4MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJnFVQwDQYJKoZIhvcN
AQELBQADggEBABfwR/0OP+MHiSTcnr6cOCXqObK/b+SORD0ulmKag6kN7EVb7Cgj
+vQyzVloke0GZuW3RYzJ3myzn3W0y9B/fmfNiRXe8SQQ6fc4/BPaMtSYkKg4/I6J
RqwmUXtrR4gzu7N8cV9QtpDqtp5tpml+s9PO3L3aka13X8E1qwH+doqxck1R965i
lp+NS8j6xFPTOtY1S79iZzxHkJlSGU0nOe1SiY2lkAfEfr5T54ANIHMPQ1canVEK
SPaAN76hI7DHqus10mJoPajYzgKpSGaNCrDfo0/4o/qA/M/uMdlpXTCwk+zuJWbA
NLjBc8nWUNBqk8JarJG6sH2/Powy8PkD9pc=
-----END CERTIFICATE-----
Generated at Sun Mar 16 00:38:06 2025 by rpki-client