Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3130332e38342e342e302f32322d3234203d3e20313332363431.roa
File:                     3130332e38342e342e302f32322d3234203d3e20313332363431.roa (raw, json)
Hash identifier:          30S0JtpEKgdt/uAgAM495KNII+/wIqtPwmU7oqsku6M=
Subject key identifier:   37:A7:26:12:51:91:8E:22:11:E5:A3:09:BA:EA:53:17:B1:8A:32:12
Certificate issuer:       /CN=3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836
Certificate serial:       0C3373AD487774C7D49A670E3E937E848E95DCED
Authority key identifier: 3C:03:CF:95:17:81:97:0C:6D:0A:DB:E8:FA:CF:EC:6A:4C:DD:78:36
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3130332e38342e342e302f32322d3234203d3e20313332363431.roa
Signing time:             Wed 20 Mar 2024 10:00:01 +0000
ROA not before:           Wed 20 Mar 2024 09:55:01 +0000
ROA not after:            Wed 19 Mar 2025 10:00:01 +0000
asID:                     132641
IP address blocks:        103.84.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.crl
                          rsync://repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 26 Nov 2024 21:27:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:33:73:ad:48:77:74:c7:d4:9a:67:0e:3e:93:7e:84:8e:95:dc:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836
        Validity
            Not Before: Mar 20 09:55:01 2024 GMT
            Not After : Mar 19 10:00:01 2025 GMT
        Subject: CN=37A7261251918E2211E5A309BAEA5317B18A3212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:31:79:9b:69:18:c7:e4:d5:59:57:9b:eb:a4:
                    2c:76:ed:dd:5e:22:d6:5e:c2:ba:1d:73:59:23:6f:
                    54:16:e6:b5:85:ff:67:d1:78:42:9a:7a:75:8e:23:
                    73:3e:df:31:a5:b2:cd:10:d3:d4:bd:c9:e4:b8:bc:
                    ae:37:9b:71:9c:30:31:fb:a2:34:e1:7d:53:10:4b:
                    ca:67:e9:c3:9a:cd:84:2d:af:a0:80:88:86:a4:80:
                    b3:ca:e1:f5:a2:d1:04:8d:fc:f7:fb:a4:00:bd:16:
                    88:c6:66:ff:a9:67:bc:67:48:85:dc:81:7f:9b:56:
                    db:1d:a8:76:d3:cc:17:7c:69:69:00:96:fb:9a:e8:
                    6c:0c:72:d9:4c:15:f2:ca:e5:93:4b:2f:b1:56:04:
                    6a:54:19:01:46:88:04:ee:dc:25:23:c0:0c:77:fe:
                    f7:ec:6e:35:b2:61:1a:c2:70:2e:1c:97:80:4d:1d:
                    26:e6:d0:f1:06:83:41:38:e3:31:50:db:a0:1b:91:
                    ea:22:1e:db:56:e2:d8:91:ee:1d:5b:7d:58:82:54:
                    72:a0:e5:bd:7a:63:57:88:bb:e0:ea:8b:fb:e2:b2:
                    c1:40:65:1b:e0:d6:c8:5d:26:ca:3c:ed:2f:d8:aa:
                    7d:83:d2:60:5d:94:65:e6:37:11:74:3b:00:33:6b:
                    54:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A7:26:12:51:91:8E:22:11:E5:A3:09:BA:EA:53:17:B1:8A:32:12
            X509v3 Authority Key Identifier:
                keyid:3C:03:CF:95:17:81:97:0C:6D:0A:DB:E8:FA:CF:EC:6A:4C:DD:78:36

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3C03CF951781970C6D0ADBE8FACFEC6A4CDD7836.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f614cee0-5df6-4b2b-bb3d-f683213e7c33/0/3130332e38342e342e302f32322d3234203d3e20313332363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.84.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:89:41:10:d2:13:29:33:a5:1d:53:79:0f:90:ba:49:ac:9c:
         8b:b0:9b:3f:84:0a:4a:5b:8e:f0:3c:ea:a3:e6:b0:2c:18:25:
         ba:20:d1:d5:ca:95:7e:e7:16:66:83:14:39:19:30:1f:3f:e3:
         4f:7e:5a:8f:79:a4:4a:bc:9d:6d:b2:b8:ce:7b:9c:93:fe:97:
         39:d5:93:d3:21:7b:93:4b:ac:cd:0d:d3:cc:70:ca:16:89:ed:
         2f:ea:97:a5:b3:37:99:29:41:e1:b9:22:b4:e9:4a:1c:79:d9:
         bb:77:0a:52:2d:1a:c1:9d:9c:91:9b:00:30:9e:94:0c:e4:2b:
         62:8c:f3:e0:d2:59:55:c9:5a:e2:f8:c2:a0:fa:c7:48:67:95:
         af:bc:15:55:ad:94:b4:3d:e9:1c:a7:52:60:3c:45:4c:c9:92:
         8c:04:a7:20:52:63:21:5a:cf:2c:c3:e2:af:e2:40:3b:ae:21:
         34:ae:48:26:5a:ec:6c:f2:d3:25:72:ba:23:4c:83:8e:1b:ae:
         0b:a3:57:c6:9f:57:da:45:08:bc:c5:5b:54:a4:d3:31:92:88:
         b6:95:82:61:4c:72:9d:c8:7c:5e:80:ee:39:04:ef:6b:ee:5e:
         f4:85:14:de:1a:d6:ce:1c:de:59:6e:e3:f1:86:79:33:3a:26:
         85:fc:29:f3
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUDDNzrUh3dMfUmmcOPpN+hI6V3O0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0MwM0NGOTUxNzgxOTcwQzZEMEFEQkU4RkFDRkVDNkE0
Q0RENzgzNjAeFw0yNDAzMjAwOTU1MDFaFw0yNTAzMTkxMDAwMDFaMDMxMTAvBgNV
BAMTKDM3QTcyNjEyNTE5MThFMjIxMUU1QTMwOUJBRUE1MzE3QjE4QTMyMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfMXmbaRjH5NVZV5vrpCx27d1e
ItZewrodc1kjb1QW5rWF/2fReEKaenWOI3M+3zGlss0Q09S9yeS4vK43m3GcMDH7
ojThfVMQS8pn6cOazYQtr6CAiIakgLPK4fWi0QSN/Pf7pAC9FojGZv+pZ7xnSIXc
gX+bVtsdqHbTzBd8aWkAlvua6GwMctlMFfLK5ZNLL7FWBGpUGQFGiATu3CUjwAx3
/vfsbjWyYRrCcC4cl4BNHSbm0PEGg0E44zFQ26AbkeoiHttW4tiR7h1bfViCVHKg
5b16Y1eIu+Dqi/vissFAZRvg1shdJso87S/Yqn2D0mBdlGXmNxF0OwAza1TbAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUN6cmElGRjiIR5aMJuupTF7GKMhIwHwYDVR0j
BBgwFoAUPAPPlReBlwxtCtvo+s/sakzdeDYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
NjE0Y2VlMC01ZGY2LTRiMmItYmIzZC1mNjgzMjEzZTdjMzMvMC8zQzAzQ0Y5NTE3
ODE5NzBDNkQwQURCRThGQUNGRUM2QTRDREQ3ODM2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvM0MwM0NGOTUxNzgxOTcwQzZEMEFEQkU4RkFDRkVDNkE0Q0RE
NzgzNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2Y2MTRjZWUwLTVkZjYtNGIyYi1i
YjNkLWY2ODMyMTNlN2MzMy8wLzMxMzAzMzJlMzgzNDJlMzQyZTMwMmYzMjMyMmQz
MjM0MjAzZDNlMjAzMTMzMzIzNjM0MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJnVAQwDQYJKoZIhvcN
AQELBQADggEBAKiJQRDSEykzpR1TeQ+QukmsnIuwmz+ECkpbjvA86qPmsCwYJbog
0dXKlX7nFmaDFDkZMB8/409+Wo95pEq8nW2yuM57nJP+lznVk9Mhe5NLrM0N08xw
yhaJ7S/ql6WzN5kpQeG5IrTpShx52bt3ClItGsGdnJGbADCelAzkK2KM8+DSWVXJ
WuL4wqD6x0hnla+8FVWtlLQ96RynUmA8RUzJkowEpyBSYyFazyzD4q/iQDuuITSu
SCZa7Gzy0yVyuiNMg44brgujV8afV9pFCLzFW1Sk0zGSiLaVgmFMcp3IfF6A7jkE
72vuXvSFFN4a1s4c3llu4/GGeTM6JoX8KfM=
-----END CERTIFICATE-----
Generated at Sun Nov 24 00:53:31 2024 by rpki-client on console-fra.rpki-client.org