Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/3130332e3135362e31362e302f32332d3234203d3e20313431303737.roa
File:                     3130332e3135362e31362e302f32332d3234203d3e20313431303737.roa (raw, json)
Hash identifier:          xpg71b3kpnQSGJPj2sU9VopRbKel8YsV3A2Q00O2D1E=
Subject key identifier:   7C:A9:52:FA:01:34:0C:FC:AA:B1:E2:21:D1:3C:C6:44:74:2E:5B:D5
Certificate issuer:       /CN=C25D5056A69CE0D0685BAD8E48F33A4A62A5C582
Certificate serial:       7F784B0B4867813ADDF3445A5BD236AE31B445C0
Authority key identifier: C2:5D:50:56:A6:9C:E0:D0:68:5B:AD:8E:48:F3:3A:4A:62:A5:C5:82
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/3130332e3135362e31362e302f32332d3234203d3e20313431303737.roa
Signing time:             Fri 04 Oct 2024 16:00:02 +0000
ROA not before:           Fri 04 Oct 2024 15:55:02 +0000
ROA not after:            Fri 03 Oct 2025 16:00:02 +0000
asID:                     141077
IP address blocks:        103.156.16.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.crl
                          rsync://repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 26 Nov 2024 21:27:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:78:4b:0b:48:67:81:3a:dd:f3:44:5a:5b:d2:36:ae:31:b4:45:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C25D5056A69CE0D0685BAD8E48F33A4A62A5C582
        Validity
            Not Before: Oct  4 15:55:02 2024 GMT
            Not After : Oct  3 16:00:02 2025 GMT
        Subject: CN=7CA952FA01340CFCAAB1E221D13CC644742E5BD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:40:6c:43:20:6f:de:15:a3:84:36:da:46:f2:
                    2c:3e:3a:99:1b:94:5d:e1:bf:e7:2e:38:86:45:e5:
                    8c:ce:77:e4:ae:65:c3:ea:39:f5:54:02:50:78:4e:
                    ba:dd:cc:35:d3:a8:71:92:aa:b1:00:4a:fc:d5:dd:
                    c1:22:c9:0b:78:ad:be:89:29:a4:b9:8a:55:00:19:
                    f7:76:2d:f8:8a:09:62:75:d1:55:93:28:fa:c9:29:
                    28:e9:4f:78:10:74:4f:be:5d:02:12:d0:5e:16:7a:
                    33:54:b3:3f:ee:19:5a:9e:b8:a2:f6:1d:4d:bb:d4:
                    00:45:2d:12:fb:14:23:e5:d8:3a:27:a6:ea:1c:39:
                    60:14:20:0a:c3:89:74:d1:31:09:af:4b:cd:dc:c1:
                    19:4f:03:96:8c:f0:f0:dd:a6:6e:2a:b7:27:1b:9e:
                    78:1d:91:93:93:8b:55:e5:e6:31:92:7b:e3:7b:24:
                    5a:9f:5e:86:0b:2e:f7:41:4f:01:52:4c:5b:8e:4f:
                    e1:84:fc:7d:a4:ff:6c:0b:99:42:2e:16:de:7a:88:
                    ee:7d:60:3c:5a:db:16:56:67:51:09:f5:0a:e0:8a:
                    1d:da:07:9e:59:01:6e:d1:16:db:e8:40:65:ed:72:
                    1a:66:d6:da:78:2c:42:8f:0d:90:b1:df:a3:b3:58:
                    5b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A9:52:FA:01:34:0C:FC:AA:B1:E2:21:D1:3C:C6:44:74:2E:5B:D5
            X509v3 Authority Key Identifier:
                keyid:C2:5D:50:56:A6:9C:E0:D0:68:5B:AD:8E:48:F3:3A:4A:62:A5:C5:82

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C25D5056A69CE0D0685BAD8E48F33A4A62A5C582.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f96401e3-9f62-4b3c-bffb-783355ae6770/0/3130332e3135362e31362e302f32332d3234203d3e20313431303737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.156.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:b8:57:e4:17:5f:b7:81:d5:a8:e5:68:2b:55:4e:81:5c:1f:
         ff:f4:b7:73:0a:95:a9:eb:58:81:e0:79:3e:1a:d5:20:cd:f0:
         8e:f9:2f:e8:23:fc:e2:60:33:d0:22:1c:46:85:8d:80:24:b7:
         1a:58:3d:f2:41:c8:aa:73:ee:67:33:fd:01:f9:bf:95:db:d0:
         a6:13:2c:b0:ee:99:be:fe:6c:cb:5b:f8:a4:4f:1a:8e:5d:8c:
         f2:7a:b4:f6:fc:77:3b:2c:d5:60:44:21:07:91:33:52:85:cf:
         da:ba:d9:20:a2:ad:55:34:84:24:3d:f3:6b:0e:3c:ca:1f:04:
         ce:02:11:f8:81:2c:c4:1f:a4:df:03:75:0b:97:63:69:b4:b5:
         14:18:a6:c9:31:cc:ff:93:60:2e:53:ca:4a:49:70:08:7e:30:
         1e:b3:84:bd:3d:ec:29:42:c7:82:53:d2:4f:2f:7d:32:6a:3f:
         4d:f4:ba:98:74:d0:98:e8:cd:66:35:f8:b4:23:e4:dd:56:5b:
         41:43:be:0e:a4:0c:98:c7:1a:ab:23:fa:40:e7:8d:8d:bf:ab:
         95:d7:d6:4b:3c:8e:98:e9:9a:38:e0:23:d2:70:71:df:b0:4c:
         a8:b2:6c:df:17:80:02:1c:93:73:15:b2:8d:d1:dd:be:69:22:
         24:47:5c:6e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUf3hLC0hngTrd80RaW9I2rjG0RcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzI1RDUwNTZBNjlDRTBEMDY4NUJBRDhFNDhGMzNBNEE2
MkE1QzU4MjAeFw0yNDEwMDQxNTU1MDJaFw0yNTEwMDMxNjAwMDJaMDMxMTAvBgNV
BAMTKDdDQTk1MkZBMDEzNDBDRkNBQUIxRTIyMUQxM0NDNjQ0NzQyRTVCRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbQGxDIG/eFaOENtpG8iw+Opkb
lF3hv+cuOIZF5YzOd+SuZcPqOfVUAlB4TrrdzDXTqHGSqrEASvzV3cEiyQt4rb6J
KaS5ilUAGfd2LfiKCWJ10VWTKPrJKSjpT3gQdE++XQIS0F4WejNUsz/uGVqeuKL2
HU271ABFLRL7FCPl2DonpuocOWAUIArDiXTRMQmvS83cwRlPA5aM8PDdpm4qtycb
nngdkZOTi1Xl5jGSe+N7JFqfXoYLLvdBTwFSTFuOT+GE/H2k/2wLmUIuFt56iO59
YDxa2xZWZ1EJ9Qrgih3aB55ZAW7RFtvoQGXtchpm1tp4LEKPDZCx36OzWFvZAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUfKlS+gE0DPyqseIh0TzGRHQuW9UwHwYDVR0j
BBgwFoAUwl1QVqac4NBoW62OSPM6SmKlxYIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
OTY0MDFlMy05ZjYyLTRiM2MtYmZmYi03ODMzNTVhZTY3NzAvMC9DMjVENTA1NkE2
OUNFMEQwNjg1QkFEOEU0OEYzM0E0QTYyQTVDNTgyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzI1RDUwNTZBNjlDRTBEMDY4NUJBRDhFNDhGMzNBNEE2MkE1
QzU4Mi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2Y5NjQwMWUzLTlmNjItNGIzYy1i
ZmZiLTc4MzM1NWFlNjc3MC8wLzMxMzAzMzJlMzEzNTM2MmUzMTM2MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzNDMxMzAzNzM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ5wQMA0GCSqG
SIb3DQEBCwUAA4IBAQAguFfkF1+3gdWo5WgrVU6BXB//9LdzCpWp61iB4Hk+GtUg
zfCO+S/oI/ziYDPQIhxGhY2AJLcaWD3yQciqc+5nM/0B+b+V29CmEyyw7pm+/mzL
W/ikTxqOXYzyerT2/Hc7LNVgRCEHkTNShc/autkgoq1VNIQkPfNrDjzKHwTOAhH4
gSzEH6TfA3ULl2NptLUUGKbJMcz/k2AuU8pKSXAIfjAes4S9PewpQseCU9JPL30y
aj9N9LqYdNCY6M1mNfi0I+TdVltBQ74OpAyYxxqrI/pA542Nv6uV19ZLPI6Y6Zo4
4CPScHHfsEyosmzfF4ACHJNzFbKN0d2+aSIkR1xu
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:59:34 2024 by rpki-client on console-ams.rpki-client.org