Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/3230322e36352e3132342e302f32322d3234203d3e203436303531.roa
File:                     3230322e36352e3132342e302f32322d3234203d3e203436303531.roa (raw, json)
Hash identifier:          nCRffZlynF4CiEOh2iuotIMhJ1K47T3UdPYWHYFk4iY=
Subject key identifier:   E8:67:52:0F:66:D6:0A:8B:5E:3C:B9:0D:4D:32:82:76:CD:60:27:40
Certificate issuer:       /CN=CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F
Certificate serial:       7C54ABED9B0366EC85EEF4D2A612E0C3643A0EF6
Authority key identifier: CA:35:BA:C7:A4:05:DF:1E:D9:ED:62:F0:9D:2F:4F:2E:14:3C:8E:8F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/3230322e36352e3132342e302f32322d3234203d3e203436303531.roa
Signing time:             Tue 22 Jul 2025 05:00:00 +0000
ROA not before:           Tue 22 Jul 2025 04:55:00 +0000
ROA not after:            Tue 21 Jul 2026 05:00:00 +0000
asID:                     46051
IP address blocks:        202.65.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.crl
                          rsync://repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 10:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:54:ab:ed:9b:03:66:ec:85:ee:f4:d2:a6:12:e0:c3:64:3a:0e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F
        Validity
            Not Before: Jul 22 04:55:00 2025 GMT
            Not After : Jul 21 05:00:00 2026 GMT
        Subject: CN=E867520F66D60A8B5E3CB90D4D328276CD602740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:25:f5:d8:17:da:65:30:58:72:18:54:57:d1:
                    df:cc:8c:9c:4b:7f:c6:44:d8:23:e5:bd:6d:20:1f:
                    97:93:c3:50:a6:d7:57:8e:c1:cf:4b:cf:37:cd:ff:
                    40:38:de:82:e6:de:d0:93:72:13:be:12:cd:5f:a4:
                    5d:73:9c:fe:ea:ef:f4:12:7a:8a:57:52:12:c4:52:
                    aa:97:db:62:86:d8:2b:31:52:32:1c:7e:68:8e:ed:
                    0c:53:c8:fd:f1:d5:67:f5:06:33:91:39:a8:13:31:
                    5b:2c:49:68:3b:a7:d8:3c:f5:0b:f0:26:e4:71:44:
                    c4:16:aa:95:84:de:10:11:7a:16:0d:f7:1a:58:64:
                    49:da:f4:4b:c0:cd:6a:d8:b5:1c:3b:ab:2f:2a:b5:
                    40:23:7b:73:71:54:06:07:1a:8f:10:b6:34:17:84:
                    a8:20:81:65:ea:3f:e0:d1:f3:03:28:5c:f5:da:df:
                    48:54:31:83:d3:1f:98:7c:67:3f:95:f1:86:c4:7c:
                    15:91:28:96:56:19:1c:34:2a:01:99:89:a5:29:10:
                    70:eb:70:ce:82:a0:87:e4:a7:cc:69:a1:41:43:28:
                    c1:e8:d7:be:27:bc:ee:ef:e4:c3:bb:d7:e9:3e:4a:
                    9b:0d:09:06:c8:7e:d6:bb:b7:31:c5:76:3c:84:81:
                    f3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:67:52:0F:66:D6:0A:8B:5E:3C:B9:0D:4D:32:82:76:CD:60:27:40
            X509v3 Authority Key Identifier:
                keyid:CA:35:BA:C7:A4:05:DF:1E:D9:ED:62:F0:9D:2F:4F:2E:14:3C:8E:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CA35BAC7A405DF1ED9ED62F09D2F4F2E143C8E8F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/1e6a7e46-b6ad-4a7d-b930-1ab0bf02dd5d/0/3230322e36352e3132342e302f32322d3234203d3e203436303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.65.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:35:60:d6:dd:6d:c7:d7:3d:9e:81:09:a6:4c:80:58:75:e5:
         53:d9:49:44:e0:b0:53:be:7d:cd:29:55:8b:b4:21:77:b1:f4:
         b8:f5:76:6e:2a:13:54:0d:49:08:b6:96:e5:57:a4:4f:c3:f5:
         b8:7a:88:4b:26:f6:4c:ff:19:f9:d0:30:ca:01:0f:9a:ab:50:
         4f:28:9b:18:ea:4d:e6:92:60:62:79:1e:b9:50:de:be:71:c0:
         cc:cf:9e:a6:dc:31:c7:fa:d3:76:aa:b9:f1:bf:f4:0c:fa:47:
         e8:15:6a:6d:af:44:7a:6e:24:05:f2:89:c2:b7:8c:01:ff:41:
         23:de:50:a8:c2:b8:ea:0a:6c:cb:fd:89:1b:e1:bf:bf:19:83:
         60:28:3a:3f:de:73:08:ba:ad:cd:6c:ed:7e:55:6b:97:73:a9:
         27:ff:61:15:81:85:9e:50:ef:8b:69:e1:9d:07:f6:bf:54:ea:
         0a:af:7c:6c:03:be:4d:fe:97:df:a8:21:2f:3e:ec:bd:fc:22:
         bc:e6:65:24:ed:98:92:51:22:34:a3:9c:99:b0:0f:9f:37:b5:
         b4:c5:64:b9:d9:30:58:c9:b1:ee:76:4b:f7:ff:a7:f1:d0:8e:
         c2:f1:ae:ae:0f:22:54:9f:56:b0:59:61:f9:8f:e9:3d:66:ec:
         25:e4:10:18
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUfFSr7ZsDZuyF7vTSphLgw2Q6DvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0EzNUJBQzdBNDA1REYxRUQ5RUQ2MkYwOUQyRjRGMkUx
NDNDOEU4RjAeFw0yNTA3MjIwNDU1MDBaFw0yNjA3MjEwNTAwMDBaMDMxMTAvBgNV
BAMTKEU4Njc1MjBGNjZENjBBOEI1RTNDQjkwRDREMzI4Mjc2Q0Q2MDI3NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPJfXYF9plMFhyGFRX0d/MjJxL
f8ZE2CPlvW0gH5eTw1Cm11eOwc9LzzfN/0A43oLm3tCTchO+Es1fpF1znP7q7/QS
eopXUhLEUqqX22KG2CsxUjIcfmiO7QxTyP3x1Wf1BjOROagTMVssSWg7p9g89Qvw
JuRxRMQWqpWE3hARehYN9xpYZEna9EvAzWrYtRw7qy8qtUAje3NxVAYHGo8QtjQX
hKgggWXqP+DR8wMoXPXa30hUMYPTH5h8Zz+V8YbEfBWRKJZWGRw0KgGZiaUpEHDr
cM6CoIfkp8xpoUFDKMHo174nvO7v5MO71+k+SpsNCQbIfta7tzHFdjyEgfMZAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU6GdSD2bWCotePLkNTTKCds1gJ0AwHwYDVR0j
BBgwFoAUyjW6x6QF3x7Z7WLwnS9PLhQ8jo8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
ZTZhN2U0Ni1iNmFkLTRhN2QtYjkzMC0xYWIwYmYwMmRkNWQvMC9DQTM1QkFDN0E0
MDVERjFFRDlFRDYyRjA5RDJGNEYyRTE0M0M4RThGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQ0EzNUJBQzdBNDA1REYxRUQ5RUQ2MkYwOUQyRjRGMkUxNDND
OEU4Ri5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzFlNmE3ZTQ2LWI2YWQtNGE3ZC1i
OTMwLTFhYjBiZjAyZGQ1ZC8wLzMyMzAzMjJlMzYzNTJlMzEzMjM0MmUzMDJmMzIz
MjJkMzIzNDIwM2QzZTIwMzQzNjMwMzUzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAspBfDANBgkqhkiG
9w0BAQsFAAOCAQEAqjVg1t1tx9c9noEJpkyAWHXlU9lJROCwU759zSlVi7Qhd7H0
uPV2bioTVA1JCLaW5VekT8P1uHqISyb2TP8Z+dAwygEPmqtQTyibGOpN5pJgYnke
uVDevnHAzM+eptwxx/rTdqq58b/0DPpH6BVqba9Eem4kBfKJwreMAf9BI95QqMK4
6gpsy/2JG+G/vxmDYCg6P95zCLqtzWztflVrl3OpJ/9hFYGFnlDvi2nhnQf2v1Tq
Cq98bAO+Tf6X36ghLz7svfwivOZlJO2YklEiNKOcmbAPnze1tMVkudkwWMmx7nZL
9/+n8dCOwvGurg8iVJ9WsFlh+Y/pPWbsJeQQGA==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:46:06 2025 by rpki-client