Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/3230332e3230372e35322e302f32322d3234203d3e203138333531.roa
File:                     3230332e3230372e35322e302f32322d3234203d3e203138333531.roa (raw, json)
Hash identifier:          GF58KQK/qbqE8ylrVO00EKC2E0xN3y+Zyb89u6vyMfU=
Subject key identifier:   7F:C0:52:E3:1F:1A:D5:A8:7A:DE:50:44:9D:D2:B8:44:D0:1D:C0:90
Certificate issuer:       /CN=D296B71263A794DB76A99329A0A6CD91F03F997C
Certificate serial:       45B372A734816F5D760E134DAC801AD1C87F9A00
Authority key identifier: D2:96:B7:12:63:A7:94:DB:76:A9:93:29:A0:A6:CD:91:F0:3F:99:7C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D296B71263A794DB76A99329A0A6CD91F03F997C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/3230332e3230372e35322e302f32322d3234203d3e203138333531.roa
Signing time:             Mon 31 Jul 2023 00:05:26 +0000
ROA not before:           Mon 31 Jul 2023 00:00:26 +0000
ROA not after:            Mon 29 Jul 2024 00:05:26 +0000
asID:                     18351
IP address blocks:        203.207.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/D296B71263A794DB76A99329A0A6CD91F03F997C.crl
                          rsync://repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/D296B71263A794DB76A99329A0A6CD91F03F997C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D296B71263A794DB76A99329A0A6CD91F03F997C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 13:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:b3:72:a7:34:81:6f:5d:76:0e:13:4d:ac:80:1a:d1:c8:7f:9a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D296B71263A794DB76A99329A0A6CD91F03F997C
        Validity
            Not Before: Jul 31 00:00:26 2023 GMT
            Not After : Jul 29 00:05:26 2024 GMT
        Subject: CN=7FC052E31F1AD5A87ADE50449DD2B844D01DC090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:35:21:06:66:4d:ca:66:47:ae:c1:7a:0e:33:
                    76:b6:2a:42:37:72:b0:16:22:3b:f6:91:74:9b:d4:
                    7a:88:1d:79:9c:77:b9:11:5d:fc:07:bf:0c:7a:23:
                    e6:89:cc:fb:23:d1:44:a5:7a:8e:22:d7:08:9c:fd:
                    fd:af:35:77:79:44:ee:ee:2a:63:e2:bd:54:e8:eb:
                    bc:66:97:77:bd:22:ef:5e:7b:e1:67:8d:7f:2c:e5:
                    67:1a:f9:40:f5:92:6c:1c:0d:56:c0:6b:94:21:e6:
                    24:ed:27:a3:f4:14:3f:3a:93:c8:4a:6f:d2:66:74:
                    78:47:50:61:de:e1:7b:87:7e:5b:c3:3f:4a:23:eb:
                    8d:62:c6:ba:86:1c:bc:da:fe:ab:21:f3:c2:ae:9e:
                    72:2e:51:46:ab:75:a3:7f:22:2b:e0:31:bc:83:1f:
                    81:68:91:fa:42:d8:aa:a8:d5:d0:15:c6:57:e8:dc:
                    f7:6c:74:43:61:fe:7c:51:45:68:b1:51:02:df:70:
                    8c:24:73:ae:b3:b2:91:65:11:43:98:92:8d:2b:27:
                    4a:5e:5f:dc:ce:46:18:97:9e:31:00:e0:49:e3:3f:
                    58:17:2d:64:26:b1:89:b1:b3:84:cd:2e:87:f5:6b:
                    a7:2c:76:41:10:e9:f8:03:bc:14:4f:a5:e3:15:5c:
                    60:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C0:52:E3:1F:1A:D5:A8:7A:DE:50:44:9D:D2:B8:44:D0:1D:C0:90
            X509v3 Authority Key Identifier:
                keyid:D2:96:B7:12:63:A7:94:DB:76:A9:93:29:A0:A6:CD:91:F0:3F:99:7C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/D296B71263A794DB76A99329A0A6CD91F03F997C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D296B71263A794DB76A99329A0A6CD91F03F997C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/53f75e98-14ef-4457-94f3-e5b73a922fc5/0/3230332e3230372e35322e302f32322d3234203d3e203138333531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.207.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:4c:21:5a:e8:91:1d:dc:52:9d:e3:ef:d0:06:5a:2a:33:44:
         2d:f0:c0:15:28:58:c4:26:16:29:6c:ee:4b:21:91:ea:1f:0d:
         0b:2a:84:bf:24:d4:d0:d4:a7:eb:23:f1:9c:1e:f2:5b:3e:19:
         7b:7d:57:66:9a:73:fc:02:31:8e:df:26:c2:dd:fb:92:76:25:
         90:cb:01:51:83:7a:ce:65:7f:c3:60:81:8c:7d:62:50:e5:8b:
         a6:06:be:66:69:72:b8:3c:31:94:53:2d:44:1a:0e:1b:36:c7:
         3f:e3:3e:fd:72:a0:d4:69:94:aa:df:15:03:1b:06:0b:35:37:
         08:8a:e5:9b:0d:b3:30:4c:e9:01:5f:26:03:ea:36:fd:d0:8a:
         4e:86:d4:5c:79:4e:4d:4b:4e:ac:20:31:a9:07:65:10:42:2d:
         c8:4d:d5:54:56:92:58:8b:a0:74:36:40:56:aa:b7:0d:39:5b:
         db:54:e8:64:af:45:40:9b:7e:72:e8:cc:5d:28:bd:47:7e:a7:
         2b:3e:c8:c7:09:94:a5:a4:89:39:20:4a:ab:91:df:a9:e3:de:
         63:1c:02:5c:f0:c1:45:c1:f3:97:30:40:29:ab:ee:2c:1c:97:
         a0:3c:71:e1:cf:9a:11:f7:28:6a:77:3a:dc:5c:52:62:17:3c:
         a5:d1:7f:36
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIURbNypzSBb112DhNNrIAa0ch/mgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDI5NkI3MTI2M0E3OTREQjc2QTk5MzI5QTBBNkNEOTFG
MDNGOTk3QzAeFw0yMzA3MzEwMDAwMjZaFw0yNDA3MjkwMDA1MjZaMDMxMTAvBgNV
BAMTKDdGQzA1MkUzMUYxQUQ1QTg3QURFNTA0NDlERDJCODQ0RDAxREMwOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaNSEGZk3KZkeuwXoOM3a2KkI3
crAWIjv2kXSb1HqIHXmcd7kRXfwHvwx6I+aJzPsj0USleo4i1wic/f2vNXd5RO7u
KmPivVTo67xml3e9Iu9ee+FnjX8s5Wca+UD1kmwcDVbAa5Qh5iTtJ6P0FD86k8hK
b9JmdHhHUGHe4XuHflvDP0oj641ixrqGHLza/qsh88KunnIuUUardaN/IivgMbyD
H4FokfpC2Kqo1dAVxlfo3PdsdENh/nxRRWixUQLfcIwkc66zspFlEUOYko0rJ0pe
X9zORhiXnjEA4EnjP1gXLWQmsYmxs4TNLof1a6csdkEQ6fgDvBRPpeMVXGAJAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUf8BS4x8a1ah63lBEndK4RNAdwJAwHwYDVR0j
BBgwFoAU0pa3EmOnlNt2qZMpoKbNkfA/mXwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
M2Y3NWU5OC0xNGVmLTQ0NTctOTRmMy1lNWI3M2E5MjJmYzUvMC9EMjk2QjcxMjYz
QTc5NERCNzZBOTkzMjlBMEE2Q0Q5MUYwM0Y5OTdDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRDI5NkI3MTI2M0E3OTREQjc2QTk5MzI5QTBBNkNEOTFGMDNG
OTk3Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzUzZjc1ZTk4LTE0ZWYtNDQ1Ny05
NGYzLWU1YjczYTkyMmZjNS8wLzMyMzAzMzJlMzIzMDM3MmUzNTMyMmUzMDJmMzIz
MjJkMzIzNDIwM2QzZTIwMzEzODMzMzUzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsvPNDANBgkqhkiG
9w0BAQsFAAOCAQEAJEwhWuiRHdxSnePv0AZaKjNELfDAFShYxCYWKWzuSyGR6h8N
CyqEvyTU0NSn6yPxnB7yWz4Ze31XZppz/AIxjt8mwt37knYlkMsBUYN6zmV/w2CB
jH1iUOWLpga+ZmlyuDwxlFMtRBoOGzbHP+M+/XKg1GmUqt8VAxsGCzU3CIrlmw2z
MEzpAV8mA+o2/dCKTobUXHlOTUtOrCAxqQdlEEItyE3VVFaSWIugdDZAVqq3DTlb
21ToZK9FQJt+cujMXSi9R36nKz7IxwmUpaSJOSBKq5HfqePeYxwCXPDBRcHzlzBA
KavuLByXoDxx4c+aEfcoanc63FxSYhc8pdF/Ng==
-----END CERTIFICATE-----
Generated at Wed Mar 27 13:04:16 2024 by rpki-client on console-ams.rpki-client.org