Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/3230322e3135392e35302e302f32332d3234203d3e203435373239.roa
File:                     3230322e3135392e35302e302f32332d3234203d3e203435373239.roa (raw, json)
Hash identifier:          365nzesmvHwhIV5hJEM505IuqEHCVnE1duLMcrxJq44=
Subject key identifier:   F4:8B:AA:DB:F8:2A:39:94:BC:3A:D1:C4:82:B2:88:EB:30:06:53:FD
Certificate issuer:       /CN=B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308
Certificate serial:       276841A82FC543291962EF1BEF6798EE6C8AF9A7
Authority key identifier: B8:C2:A2:B1:B2:11:64:AF:8E:AE:E3:87:C7:D9:A5:D9:4D:4F:83:08
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/3230322e3135392e35302e302f32332d3234203d3e203435373239.roa
Signing time:             Fri 15 Mar 2024 10:00:01 +0000
ROA not before:           Fri 15 Mar 2024 09:55:01 +0000
ROA not after:            Fri 14 Mar 2025 10:00:01 +0000
asID:                     45729
IP address blocks:        202.159.50.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.crl
                          rsync://repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 18:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:68:41:a8:2f:c5:43:29:19:62:ef:1b:ef:67:98:ee:6c:8a:f9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308
        Validity
            Not Before: Mar 15 09:55:01 2024 GMT
            Not After : Mar 14 10:00:01 2025 GMT
        Subject: CN=F48BAADBF82A3994BC3AD1C482B288EB300653FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:54:b0:0a:7e:e1:d7:f5:cb:6a:39:71:a7:1f:
                    69:f9:99:97:a3:8b:46:f4:db:da:1e:a3:ba:41:32:
                    92:c4:fa:c8:4b:b4:06:97:79:38:9c:52:da:82:a1:
                    72:f1:98:c2:de:2a:63:41:64:17:39:50:0a:0e:44:
                    23:33:8e:2e:3a:6e:d0:e4:c1:eb:2f:85:64:b3:33:
                    e2:0c:b8:be:2e:08:bf:35:d4:1c:53:17:7a:86:f4:
                    14:40:d4:77:ba:b8:9f:6a:48:e5:21:49:d8:58:7f:
                    1a:08:49:8d:f2:94:f4:d5:0c:39:5b:8d:1c:01:0b:
                    a9:4e:00:30:ea:f3:a7:52:f8:89:8c:34:95:d2:4d:
                    a0:e0:d2:55:7d:93:63:af:3b:bd:79:36:9b:4d:ea:
                    1a:54:c0:ed:c1:1a:d1:b6:7b:f0:3d:09:a7:ba:53:
                    fa:49:f3:8d:5c:c8:21:9d:49:08:cf:72:d8:56:9f:
                    90:17:b4:90:16:44:61:5a:38:16:12:1f:a9:cd:c2:
                    35:9b:7a:88:ed:17:a5:c9:eb:a6:8c:f2:03:95:fb:
                    d2:b0:75:7f:0a:db:54:5a:47:c6:1b:c8:3f:a8:83:
                    b5:94:f1:01:27:03:83:26:b6:37:5a:11:99:ad:76:
                    7f:b3:62:49:f3:58:d4:9b:19:04:87:8a:d6:d3:10:
                    69:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8B:AA:DB:F8:2A:39:94:BC:3A:D1:C4:82:B2:88:EB:30:06:53:FD
            X509v3 Authority Key Identifier:
                keyid:B8:C2:A2:B1:B2:11:64:AF:8E:AE:E3:87:C7:D9:A5:D9:4D:4F:83:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B8C2A2B1B21164AF8EAEE387C7D9A5D94D4F8308.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/e5b1e57e-a0f1-467f-a46f-55a3157b0d65/0/3230322e3135392e35302e302f32332d3234203d3e203435373239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.159.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:ae:5b:7a:12:9f:48:9c:a5:13:9d:21:42:d4:47:c4:ff:17:
         bf:e6:37:44:f2:ea:fa:a4:3b:4e:07:d7:c0:1c:10:a1:0f:5e:
         0a:22:c3:b9:5b:57:a3:72:72:b2:37:9c:2d:1f:27:a8:53:f1:
         f1:87:39:cc:47:bd:de:95:07:ef:49:28:e4:38:ac:76:eb:24:
         1c:83:6e:c0:11:42:01:9a:35:f1:5f:88:a3:14:76:62:6c:17:
         3d:83:84:17:94:56:ae:c5:98:f7:80:22:03:ad:a1:41:31:ea:
         48:3a:17:eb:26:41:bb:58:d2:21:d5:b2:40:76:41:b9:e9:96:
         f1:7f:0d:cb:77:a0:70:25:56:0b:82:ea:c7:3c:3d:39:ed:e5:
         83:68:13:8a:62:64:b8:d7:23:a4:b6:ae:b1:90:a0:96:77:ea:
         f2:37:61:88:48:5e:5f:b6:40:90:4f:d3:53:30:9e:36:a1:e5:
         9e:23:7d:bb:dd:b7:85:9c:d7:cc:f3:aa:bd:e1:35:70:6c:91:
         77:48:5a:62:7c:35:34:6d:56:3d:b1:49:ea:08:9e:d5:f8:eb:
         3d:51:16:d4:b4:9e:db:f7:ee:95:89:a5:83:0c:e9:ac:3b:de:
         a5:ce:a3:2c:ac:53:ca:bf:d0:e9:ef:06:19:fb:63:ec:76:2e:
         fe:91:61:17
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUJ2hBqC/FQykZYu8b72eY7myK+acwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjhDMkEyQjFCMjExNjRBRjhFQUVFMzg3QzdEOUE1RDk0
RDRGODMwODAeFw0yNDAzMTUwOTU1MDFaFw0yNTAzMTQxMDAwMDFaMDMxMTAvBgNV
BAMTKEY0OEJBQURCRjgyQTM5OTRCQzNBRDFDNDgyQjI4OEVCMzAwNjUzRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcVLAKfuHX9ctqOXGnH2n5mZej
i0b029oeo7pBMpLE+shLtAaXeTicUtqCoXLxmMLeKmNBZBc5UAoORCMzji46btDk
wesvhWSzM+IMuL4uCL811BxTF3qG9BRA1He6uJ9qSOUhSdhYfxoISY3ylPTVDDlb
jRwBC6lOADDq86dS+ImMNJXSTaDg0lV9k2OvO715NptN6hpUwO3BGtG2e/A9Cae6
U/pJ841cyCGdSQjPcthWn5AXtJAWRGFaOBYSH6nNwjWbeojtF6XJ66aM8gOV+9Kw
dX8K21RaR8YbyD+og7WU8QEnA4MmtjdaEZmtdn+zYknzWNSbGQSHitbTEGnhAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU9Iuq2/gqOZS8OtHEgrKI6zAGU/0wHwYDVR0j
BBgwFoAUuMKisbIRZK+OruOHx9ml2U1PgwgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
NWIxZTU3ZS1hMGYxLTQ2N2YtYTQ2Zi01NWEzMTU3YjBkNjUvMC9COEMyQTJCMUIy
MTE2NEFGOEVBRUUzODdDN0Q5QTVEOTRENEY4MzA4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjhDMkEyQjFCMjExNjRBRjhFQUVFMzg3QzdEOUE1RDk0RDRG
ODMwOC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2U1YjFlNTdlLWEwZjEtNDY3Zi1h
NDZmLTU1YTMxNTdiMGQ2NS8wLzMyMzAzMjJlMzEzNTM5MmUzNTMwMmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNTM3MzIzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcqfMjANBgkqhkiG
9w0BAQsFAAOCAQEAm65behKfSJylE50hQtRHxP8Xv+Y3RPLq+qQ7TgfXwBwQoQ9e
CiLDuVtXo3JysjecLR8nqFPx8Yc5zEe93pUH70ko5DisduskHINuwBFCAZo18V+I
oxR2YmwXPYOEF5RWrsWY94AiA62hQTHqSDoX6yZBu1jSIdWyQHZBuemW8X8Ny3eg
cCVWC4Lqxzw9Oe3lg2gTimJkuNcjpLausZCglnfq8jdhiEheX7ZAkE/TUzCeNqHl
niN9u923hZzXzPOqveE1cGyRd0haYnw1NG1WPbFJ6gie1fjrPVEW1LSe2/fulYml
gwzprDvepc6jLKxTyr/Q6e8GGftj7HYu/pFhFw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:50:11 2024 by rpki-client on console-fra.rpki-client.org