Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3230322e39312e31322e302f32342d3234203d3e203338313530.roa
File:                     3230322e39312e31322e302f32342d3234203d3e203338313530.roa (raw, json)
Hash identifier:          UrBHpNvPUMt8pUbibo5q7snQWRrk3L82uEr66CpmGlY=
Subject key identifier:   D1:BA:32:E2:35:62:B2:1D:AE:FE:8E:6C:9A:AB:36:A3:B6:5A:23:6A
Certificate issuer:       /CN=2CA47487F72781733330A38C95FF8A5DF68CDBB9
Certificate serial:       4D5296647D6DB1E96EF1AC939122138884620BF4
Authority key identifier: 2C:A4:74:87:F7:27:81:73:33:30:A3:8C:95:FF:8A:5D:F6:8C:DB:B9
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3230322e39312e31322e302f32342d3234203d3e203338313530.roa
Signing time:             Mon 31 Jul 2023 00:05:04 +0000
ROA not before:           Mon 31 Jul 2023 00:00:04 +0000
ROA not after:            Mon 29 Jul 2024 00:05:04 +0000
asID:                     38150
IP address blocks:        202.91.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.crl
                          rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:52:96:64:7d:6d:b1:e9:6e:f1:ac:93:91:22:13:88:84:62:0b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2CA47487F72781733330A38C95FF8A5DF68CDBB9
        Validity
            Not Before: Jul 31 00:00:04 2023 GMT
            Not After : Jul 29 00:05:04 2024 GMT
        Subject: CN=D1BA32E23562B21DAEFE8E6C9AAB36A3B65A236A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:07:08:be:91:8a:46:a4:bd:a5:79:ef:e9:
                    5a:e4:f1:a0:79:bb:70:d2:5e:67:e1:0c:53:c7:c0:
                    55:a8:ba:a0:af:b4:41:8c:d7:11:df:e2:ad:d2:d1:
                    42:71:e6:94:16:96:85:84:6b:ef:a9:42:8c:d8:1c:
                    84:83:d2:ee:fc:8b:62:03:a7:fc:d2:be:99:9c:14:
                    1f:91:c9:ca:87:86:f6:67:1f:ae:3d:1b:22:b4:1f:
                    46:c0:e8:04:ab:99:15:0e:dd:c3:9d:aa:af:09:d6:
                    b8:43:23:03:78:4d:e0:a0:b1:48:b8:10:46:ff:c6:
                    84:de:3f:f0:5f:88:da:3f:5e:81:8f:d0:dc:53:bc:
                    a4:b8:42:31:35:90:ec:54:50:52:e6:c1:6f:d9:c1:
                    bf:bc:2b:35:e0:e5:dc:9d:e1:b5:07:ad:68:c7:5e:
                    80:ae:a5:61:3a:f8:de:5a:da:fc:fa:14:e7:28:27:
                    f7:e8:42:57:c9:b5:61:71:41:9d:80:ec:1e:c1:d7:
                    0c:ee:e0:cb:00:52:80:ef:e4:e2:b2:64:c4:3b:62:
                    d2:77:5b:c1:05:1c:83:9c:59:76:6c:b9:d6:7d:c9:
                    55:8d:87:13:49:f0:56:a1:d8:69:f9:9c:0d:fa:14:
                    8f:6c:6c:fa:c7:7a:af:99:fd:ac:ec:f4:d3:3d:00:
                    bd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BA:32:E2:35:62:B2:1D:AE:FE:8E:6C:9A:AB:36:A3:B6:5A:23:6A
            X509v3 Authority Key Identifier:
                keyid:2C:A4:74:87:F7:27:81:73:33:30:A3:8C:95:FF:8A:5D:F6:8C:DB:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/2CA47487F72781733330A38C95FF8A5DF68CDBB9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2CA47487F72781733330A38C95FF8A5DF68CDBB9.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/17e65b67-905c-403c-8c79-2315659668aa/0/3230322e39312e31322e302f32342d3234203d3e203338313530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.91.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:d5:86:5c:a1:38:2d:e2:ff:46:37:ab:83:09:7f:66:29:39:
         2f:9e:61:0e:55:57:88:9a:b3:b2:32:e3:7f:e8:13:e7:8b:d9:
         45:57:5c:33:b8:f9:1f:db:4e:ac:33:81:61:86:9c:7d:20:55:
         43:76:e0:32:18:14:5a:77:f4:95:65:e3:32:1f:58:5e:cc:22:
         5b:9d:79:84:1e:ad:f8:b2:a3:f3:33:5f:21:5f:88:21:98:b4:
         2e:02:6b:46:06:24:50:0d:34:8d:40:81:16:3a:9e:3d:f0:4d:
         e3:72:eb:56:21:04:e1:38:68:58:3b:a6:97:1f:e5:4c:ed:41:
         dd:98:cd:a9:7d:17:a2:57:c4:87:5c:86:56:0e:32:49:08:90:
         ab:a5:9a:8c:de:c3:29:31:61:3f:f2:73:95:bc:01:c4:1f:56:
         e8:10:0f:38:29:62:5d:62:34:c9:70:32:10:fc:a6:8e:d0:8a:
         39:d5:40:c3:f1:0f:3c:ae:72:12:0b:56:e0:a0:bc:6a:b5:77:
         34:a9:14:8c:3d:00:3b:3c:8d:2d:64:d8:00:f2:ec:59:9d:a5:
         15:75:47:96:fd:54:f1:5f:df:af:bf:fc:82:56:b9:65:63:51:
         43:99:84:fd:a7:5d:af:3d:15:8d:1b:a4:b0:03:f5:d0:08:3c:
         21:a1:ab:62
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUTVKWZH1tselu8ayTkSITiIRiC/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkNBNDc0ODdGNzI3ODE3MzMzMzBBMzhDOTVGRjhBNURG
NjhDREJCOTAeFw0yMzA3MzEwMDAwMDRaFw0yNDA3MjkwMDA1MDRaMDMxMTAvBgNV
BAMTKEQxQkEzMkUyMzU2MkIyMURBRUZFOEU2QzlBQUIzNkEzQjY1QTIzNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1mwcIvpGKRqS9pXnv6Vrk8aB5
u3DSXmfhDFPHwFWouqCvtEGM1xHf4q3S0UJx5pQWloWEa++pQozYHISD0u78i2ID
p/zSvpmcFB+RycqHhvZnH649GyK0H0bA6ASrmRUO3cOdqq8J1rhDIwN4TeCgsUi4
EEb/xoTeP/BfiNo/XoGP0NxTvKS4QjE1kOxUUFLmwW/Zwb+8KzXg5dyd4bUHrWjH
XoCupWE6+N5a2vz6FOcoJ/foQlfJtWFxQZ2A7B7B1wzu4MsAUoDv5OKyZMQ7YtJ3
W8EFHIOcWXZsudZ9yVWNhxNJ8Fah2Gn5nA36FI9sbPrHeq+Z/azs9NM9AL0bAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQU0boy4jVish2u/o5smqs2o7ZaI2owHwYDVR0j
BBgwFoAULKR0h/cngXMzMKOMlf+KXfaM27kwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
N2U2NWI2Ny05MDVjLTQwM2MtOGM3OS0yMzE1NjU5NjY4YWEvMC8yQ0E0NzQ4N0Y3
Mjc4MTczMzMzMEEzOEM5NUZGOEE1REY2OENEQkI5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMkNBNDc0ODdGNzI3ODE3MzMzMzBBMzhDOTVGRjhBNURGNjhD
REJCOS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE3ZTY1YjY3LTkwNWMtNDAzYy04
Yzc5LTIzMTU2NTk2NjhhYS8wLzMyMzAzMjJlMzkzMTJlMzEzMjJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMzMzgzMTM1MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKWwwwDQYJKoZIhvcN
AQELBQADggEBAGXVhlyhOC3i/0Y3q4MJf2YpOS+eYQ5VV4ias7Iy43/oE+eL2UVX
XDO4+R/bTqwzgWGGnH0gVUN24DIYFFp39JVl4zIfWF7MIludeYQerfiyo/MzXyFf
iCGYtC4Ca0YGJFANNI1AgRY6nj3wTeNy61YhBOE4aFg7ppcf5UztQd2Yzal9F6JX
xIdchlYOMkkIkKulmozewykxYT/yc5W8AcQfVugQDzgpYl1iNMlwMhD8po7QijnV
QMPxDzyuchILVuCgvGq1dzSpFIw9ADs8jS1k2ADy7FmdpRV1R5b9VPFf36+//IJW
uWVjUUOZhP2nXa89FY0bpLAD9dAIPCGhq2I=
-----END CERTIFICATE-----
Generated at Wed Mar 27 04:37:32 2024 by rpki-client on console-ams.rpki-client.org