Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/3130312e35302e32302e302f32342d3234203d3e20313336313038.roa
File:                     3130312e35302e32302e302f32342d3234203d3e20313336313038.roa (raw, json)
Hash identifier:          sbbumi84flEjsJQkocCTy6nJIudEuXMOEV2v4QL2V+M=
Subject key identifier:   AD:F2:28:96:90:88:E9:B1:2B:E0:96:3E:CB:F2:F8:B2:DD:42:C1:37
Certificate issuer:       /CN=7E2CF346D5DE840DC0EE944C918EDC5137D6998A
Certificate serial:       686D3205FEA69D503A328689881470969FA6C678
Authority key identifier: 7E:2C:F3:46:D5:DE:84:0D:C0:EE:94:4C:91:8E:DC:51:37:D6:99:8A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/3130312e35302e32302e302f32342d3234203d3e20313336313038.roa
Signing time:             Mon 31 Jul 2023 00:02:26 +0000
ROA not before:           Sun 30 Jul 2023 23:57:26 +0000
ROA not after:            Mon 29 Jul 2024 00:02:26 +0000
asID:                     136108
IP address blocks:        101.50.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.crl
                          rsync://repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 00:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:6d:32:05:fe:a6:9d:50:3a:32:86:89:88:14:70:96:9f:a6:c6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7E2CF346D5DE840DC0EE944C918EDC5137D6998A
        Validity
            Not Before: Jul 30 23:57:26 2023 GMT
            Not After : Jul 29 00:02:26 2024 GMT
        Subject: CN=ADF228969088E9B12BE0963ECBF2F8B2DD42C137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:93:77:0f:a7:b0:06:a7:65:4a:13:1f:b8:a4:
                    74:45:9f:eb:d4:76:41:9a:91:eb:28:f1:9a:cf:06:
                    fc:58:ce:a7:d5:63:d6:58:f9:58:4d:1f:aa:b2:e5:
                    d1:2d:5b:cf:ca:f9:60:58:4f:1f:63:69:31:a1:08:
                    1a:59:c2:b0:ca:c2:ef:e1:61:7b:f6:59:5b:0b:be:
                    18:c1:95:83:9e:cd:b6:56:12:04:4c:65:bb:cd:76:
                    bc:c7:5f:17:8b:cd:00:8e:df:3b:ac:5e:d4:a2:7c:
                    2a:b3:d3:80:d0:cb:58:1e:a8:4c:f2:ce:2b:e8:b0:
                    42:d2:84:0f:0b:78:73:33:be:60:f4:8b:80:d5:83:
                    8c:51:71:55:8c:ab:5a:21:c0:f2:94:93:65:4e:db:
                    56:fb:15:65:b0:69:1b:24:7f:83:fa:f7:71:f7:e2:
                    9e:67:0c:20:a1:c4:c7:6f:2b:2d:e9:c4:1a:9a:28:
                    71:64:36:e6:05:a1:17:05:b1:ed:1f:69:ca:0b:ca:
                    e3:50:8a:00:f4:93:8c:8d:fd:01:af:46:fa:9f:fc:
                    00:fe:6d:c7:fa:0c:88:60:40:2d:49:66:b3:58:9c:
                    76:de:84:c1:0c:d6:ca:0e:8b:f7:10:bc:e0:6b:c3:
                    2d:bf:9b:38:90:9b:16:94:d1:09:52:07:d6:3a:b6:
                    a3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F2:28:96:90:88:E9:B1:2B:E0:96:3E:CB:F2:F8:B2:DD:42:C1:37
            X509v3 Authority Key Identifier:
                keyid:7E:2C:F3:46:D5:DE:84:0D:C0:EE:94:4C:91:8E:DC:51:37:D6:99:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7E2CF346D5DE840DC0EE944C918EDC5137D6998A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/ea702726-b2c6-46fc-8297-2dbdec6d6d5d/0/3130312e35302e32302e302f32342d3234203d3e20313336313038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.50.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:2c:5b:e5:36:05:5b:04:18:d8:d8:02:c0:6b:84:e3:2f:31:
         05:18:3d:f6:9e:06:10:90:9c:53:5e:57:2e:a1:54:4c:d5:51:
         af:af:92:cf:13:05:53:15:76:2b:40:84:14:83:12:21:9b:bf:
         52:b0:0a:4f:63:7c:30:ec:fe:2e:63:f5:a5:e0:19:bd:05:a8:
         9f:72:53:dd:ba:80:6a:c9:7a:66:2f:fb:67:71:af:98:6c:d7:
         10:26:7a:7f:7a:be:7f:17:e9:ba:1e:22:bc:47:a4:28:da:dc:
         af:da:83:3e:01:0b:e7:e1:2d:8f:68:82:d0:1b:a6:a7:af:9c:
         bd:77:dc:a9:6b:50:a4:4b:02:28:4a:d0:b2:f6:58:92:6f:2a:
         d5:dd:d9:03:ef:6c:43:18:62:86:e1:65:5e:35:6a:4c:b4:59:
         cf:e2:f2:d9:30:b7:6b:58:37:9a:ce:f8:7b:d7:fb:75:37:7c:
         07:b7:09:cb:15:34:be:69:39:a7:a5:0f:35:fe:62:93:ad:20:
         eb:ab:8a:ad:53:90:f2:59:4b:54:a5:1a:1b:eb:de:51:3a:18:
         00:87:39:ef:32:55:a4:04:f9:02:ac:fb:c3:90:78:6d:03:1b:
         fa:95:c7:cd:6a:a5:37:9a:4c:b4:21:a6:4e:e2:58:5a:a4:57:
         4e:a1:11:0e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUaG0yBf6mnVA6MoaJiBRwlp+mxngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0UyQ0YzNDZENURFODQwREMwRUU5NDRDOTE4RURDNTEz
N0Q2OTk4QTAeFw0yMzA3MzAyMzU3MjZaFw0yNDA3MjkwMDAyMjZaMDMxMTAvBgNV
BAMTKEFERjIyODk2OTA4OEU5QjEyQkUwOTYzRUNCRjJGOEIyREQ0MkMxMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZk3cPp7AGp2VKEx+4pHRFn+vU
dkGakeso8ZrPBvxYzqfVY9ZY+VhNH6qy5dEtW8/K+WBYTx9jaTGhCBpZwrDKwu/h
YXv2WVsLvhjBlYOezbZWEgRMZbvNdrzHXxeLzQCO3zusXtSifCqz04DQy1geqEzy
zivosELShA8LeHMzvmD0i4DVg4xRcVWMq1ohwPKUk2VO21b7FWWwaRskf4P693H3
4p5nDCChxMdvKy3pxBqaKHFkNuYFoRcFse0facoLyuNQigD0k4yN/QGvRvqf/AD+
bcf6DIhgQC1JZrNYnHbehMEM1soOi/cQvOBrwy2/mziQmxaU0QlSB9Y6tqP5AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUrfIolpCI6bEr4JY+y/L4st1CwTcwHwYDVR0j
BBgwFoAUfizzRtXehA3A7pRMkY7cUTfWmYowDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
YTcwMjcyNi1iMmM2LTQ2ZmMtODI5Ny0yZGJkZWM2ZDZkNWQvMC83RTJDRjM0NkQ1
REU4NDBEQzBFRTk0NEM5MThFREM1MTM3RDY5OThBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0UyQ0YzNDZENURFODQwREMwRUU5NDRDOTE4RURDNTEzN0Q2
OTk4QS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2VhNzAyNzI2LWIyYzYtNDZmYy04
Mjk3LTJkYmRlYzZkNmQ1ZC8wLzMxMzAzMTJlMzUzMDJlMzIzMDJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzNjMxMzAzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGUyFDANBgkqhkiG
9w0BAQsFAAOCAQEARCxb5TYFWwQY2NgCwGuE4y8xBRg99p4GEJCcU15XLqFUTNVR
r6+SzxMFUxV2K0CEFIMSIZu/UrAKT2N8MOz+LmP1peAZvQWon3JT3bqAasl6Zi/7
Z3GvmGzXECZ6f3q+fxfpuh4ivEekKNrcr9qDPgEL5+Etj2iC0Bump6+cvXfcqWtQ
pEsCKErQsvZYkm8q1d3ZA+9sQxhihuFlXjVqTLRZz+Ly2TC3a1g3ms74e9f7dTd8
B7cJyxU0vmk5p6UPNf5ik60g66uKrVOQ8llLVKUaG+veUToYAIc57zJVpAT5Aqz7
w5B4bQMb+pXHzWqlN5pMtCGmTuJYWqRXTqERDg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:30:41 2024 by rpki-client on console-fra.rpki-client.org