Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/3230322e34332e3232382e302f32322d3234203d3e2039343232.roa
File:                     3230322e34332e3232382e302f32322d3234203d3e2039343232.roa (raw, json)
Hash identifier:          RBKmP+8qRU8R2NGKr56dkUHUhcp3iiJG1FPRqESRMSk=
Subject key identifier:   A0:2A:84:A3:94:45:E2:0A:D7:FC:53:9E:12:BF:E1:61:42:A6:5B:90
Certificate issuer:       /CN=295CEF87CDB74B1A43287E630C3FE568272D2F33
Certificate serial:       51C1601AC269E098F0C7EA1D149572CD7267CD67
Authority key identifier: 29:5C:EF:87:CD:B7:4B:1A:43:28:7E:63:0C:3F:E5:68:27:2D:2F:33
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/295CEF87CDB74B1A43287E630C3FE568272D2F33.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/3230322e34332e3232382e302f32322d3234203d3e2039343232.roa
Signing time:             Mon 31 Jul 2023 00:08:39 +0000
ROA not before:           Mon 31 Jul 2023 00:03:39 +0000
ROA not after:            Mon 29 Jul 2024 00:08:39 +0000
asID:                     9422
IP address blocks:        202.43.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/295CEF87CDB74B1A43287E630C3FE568272D2F33.crl
                          rsync://repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/295CEF87CDB74B1A43287E630C3FE568272D2F33.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/295CEF87CDB74B1A43287E630C3FE568272D2F33.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:c1:60:1a:c2:69:e0:98:f0:c7:ea:1d:14:95:72:cd:72:67:cd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295CEF87CDB74B1A43287E630C3FE568272D2F33
        Validity
            Not Before: Jul 31 00:03:39 2023 GMT
            Not After : Jul 29 00:08:39 2024 GMT
        Subject: CN=A02A84A39445E20AD7FC539E12BFE16142A65B90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7e:17:03:44:96:81:17:08:08:16:86:82:21:
                    f9:2e:9f:84:19:ed:e3:25:c6:24:e6:30:6c:0e:d6:
                    49:cd:94:c9:1a:51:aa:00:f3:8f:18:c8:59:23:0b:
                    e7:d3:ba:da:73:23:8f:fc:a1:e2:d1:d2:93:c8:ca:
                    32:7c:31:0b:a4:3f:8c:e3:d8:75:38:dd:a6:49:1b:
                    08:e2:f8:e8:f6:6f:37:3d:ae:e3:77:d7:d0:c5:17:
                    23:fc:5a:be:da:89:9e:15:88:44:50:06:c8:52:d3:
                    1f:50:6e:88:13:50:a2:10:6f:0e:87:aa:c8:f5:57:
                    d7:ac:dc:17:3e:00:0f:1f:cd:d4:5f:9c:70:b6:d1:
                    99:c2:ec:b0:48:bb:0b:1b:44:c9:31:bf:7d:38:ec:
                    c3:2b:bb:35:8c:00:62:73:d1:9a:1c:87:ef:be:75:
                    2b:85:46:b1:cc:d5:30:9b:da:09:e8:0c:d8:4e:ac:
                    3f:a2:90:34:3c:cc:a8:f3:70:00:ca:03:54:9d:73:
                    f5:fa:b9:7a:52:52:ae:59:88:59:2c:04:1c:95:7e:
                    a9:59:5c:ab:64:6d:15:a5:bc:77:3d:1f:a2:40:21:
                    1e:ab:6b:c9:49:11:32:41:ca:05:42:af:40:68:ce:
                    31:d9:4e:49:5a:5d:a2:e5:fd:e2:16:c4:8a:81:07:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2A:84:A3:94:45:E2:0A:D7:FC:53:9E:12:BF:E1:61:42:A6:5B:90
            X509v3 Authority Key Identifier:
                keyid:29:5C:EF:87:CD:B7:4B:1A:43:28:7E:63:0C:3F:E5:68:27:2D:2F:33

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/295CEF87CDB74B1A43287E630C3FE568272D2F33.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/295CEF87CDB74B1A43287E630C3FE568272D2F33.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/187d79ba-fb55-49a5-967b-1edc749d0128/0/3230322e34332e3232382e302f32322d3234203d3e2039343232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.43.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:ed:ee:11:a0:99:5d:a0:00:bb:25:84:d3:23:b1:2e:54:7d:
         6e:b3:ed:be:bf:72:77:2f:9f:78:2f:1f:f2:98:bb:38:cc:7e:
         d8:b0:94:29:3e:24:de:30:a8:ae:d1:ac:e4:17:19:3d:dc:20:
         c1:3b:28:0c:77:b3:3a:43:d3:bd:30:1b:e3:62:58:26:95:56:
         31:20:29:60:d7:3c:49:1e:e4:d8:32:6b:06:7b:e2:63:93:20:
         83:2f:70:16:23:65:66:53:31:c7:ba:bb:8c:2c:8e:f3:86:48:
         d8:8d:f6:6e:5a:7f:49:f7:a3:bf:e2:0b:d2:89:34:31:e6:53:
         e9:77:28:ba:10:2b:fb:74:82:b6:2e:82:6d:11:74:29:77:94:
         2f:ac:f1:41:c8:f3:25:57:d7:5c:3f:15:21:a7:b9:69:97:80:
         e0:05:d1:52:35:73:4e:eb:a9:86:c9:7b:41:6c:6f:83:70:6c:
         dc:db:94:54:51:08:08:37:f9:b2:a6:48:b6:ee:56:73:8f:06:
         8e:cd:56:3c:aa:f6:15:5b:22:5a:1c:41:ae:d6:18:66:e0:b2:
         fa:29:0b:30:9d:b1:8c:81:c8:70:1f:df:40:02:ad:0e:ec:f6:
         6e:29:ec:46:2f:03:d5:bb:16:57:d5:e4:e0:8e:4f:4f:8f:d7:
         da:28:d4:76
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUUcFgGsJp4Jjwx+odFJVyzXJnzWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjk1Q0VGODdDREI3NEIxQTQzMjg3RTYzMEMzRkU1Njgy
NzJEMkYzMzAeFw0yMzA3MzEwMDAzMzlaFw0yNDA3MjkwMDA4MzlaMDMxMTAvBgNV
BAMTKEEwMkE4NEEzOTQ0NUUyMEFEN0ZDNTM5RTEyQkZFMTYxNDJBNjVCOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKfhcDRJaBFwgIFoaCIfkun4QZ
7eMlxiTmMGwO1knNlMkaUaoA848YyFkjC+fTutpzI4/8oeLR0pPIyjJ8MQukP4zj
2HU43aZJGwji+Oj2bzc9ruN319DFFyP8Wr7aiZ4ViERQBshS0x9QbogTUKIQbw6H
qsj1V9es3Bc+AA8fzdRfnHC20ZnC7LBIuwsbRMkxv3047MMruzWMAGJz0Zoch+++
dSuFRrHM1TCb2gnoDNhOrD+ikDQ8zKjzcADKA1Sdc/X6uXpSUq5ZiFksBByVfqlZ
XKtkbRWlvHc9H6JAIR6ra8lJETJBygVCr0BozjHZTklaXaLl/eIWxIqBB+BfAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUoCqEo5RF4grX/FOeEr/hYUKmW5AwHwYDVR0j
BBgwFoAUKVzvh823SxpDKH5jDD/laCctLzMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
ODdkNzliYS1mYjU1LTQ5YTUtOTY3Yi0xZWRjNzQ5ZDAxMjgvMC8yOTVDRUY4N0NE
Qjc0QjFBNDMyODdFNjMwQzNGRTU2ODI3MkQyRjMzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjk1Q0VGODdDREI3NEIxQTQzMjg3RTYzMEMzRkU1NjgyNzJE
MkYzMy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE4N2Q3OWJhLWZiNTUtNDlhNS05
NjdiLTFlZGM3NDlkMDEyOC8wLzMyMzAzMjJlMzQzMzJlMzIzMjM4MmUzMDJmMzIz
MjJkMzIzNDIwM2QzZTIwMzkzNDMyMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALKK+QwDQYJKoZIhvcN
AQELBQADggEBAGrt7hGgmV2gALslhNMjsS5UfW6z7b6/cncvn3gvH/KYuzjMftiw
lCk+JN4wqK7RrOQXGT3cIME7KAx3szpD070wG+NiWCaVVjEgKWDXPEke5NgyawZ7
4mOTIIMvcBYjZWZTMce6u4wsjvOGSNiN9m5af0n3o7/iC9KJNDHmU+l3KLoQK/t0
grYugm0RdCl3lC+s8UHI8yVX11w/FSGnuWmXgOAF0VI1c07rqYbJe0Fsb4NwbNzb
lFRRCAg3+bKmSLbuVnOPBo7NVjyq9hVbIlocQa7WGGbgsvopCzCdsYyByHAf30AC
rQ7s9m4p7EYvA9W7FlfV5OCOT0+P19oo1HY=
-----END CERTIFICATE-----
Generated at Wed Mar 27 01:50:18 2024 by rpki-client on console-ams.rpki-client.org