Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/3230322e3135312e382e302f32322d3234203d3e2039373835.roa
File:                     3230322e3135312e382e302f32322d3234203d3e2039373835.roa (raw, json)
Hash identifier:          tIGGo5XgnM0dHxNrHkJQRnlvxQQ+H+0ml8ldNkicIvA=
Subject key identifier:   34:E1:58:4F:01:B8:A5:A6:DE:E7:64:A5:E7:01:80:50:63:85:FD:38
Certificate issuer:       /CN=BF3B675AEBEE64D00B323056545D1F630F1C489E
Certificate serial:       4DEEE061001F0DE2680379AAF9970517DD685465
Authority key identifier: BF:3B:67:5A:EB:EE:64:D0:0B:32:30:56:54:5D:1F:63:0F:1C:48:9E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF3B675AEBEE64D00B323056545D1F630F1C489E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/3230322e3135312e382e302f32322d3234203d3e2039373835.roa
Signing time:             Mon 31 Jul 2023 00:13:34 +0000
ROA not before:           Mon 31 Jul 2023 00:08:34 +0000
ROA not after:            Mon 29 Jul 2024 00:13:34 +0000
asID:                     9785
IP address blocks:        202.151.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/BF3B675AEBEE64D00B323056545D1F630F1C489E.crl
                          rsync://repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/BF3B675AEBEE64D00B323056545D1F630F1C489E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF3B675AEBEE64D00B323056545D1F630F1C489E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 13:57:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:ee:e0:61:00:1f:0d:e2:68:03:79:aa:f9:97:05:17:dd:68:54:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BF3B675AEBEE64D00B323056545D1F630F1C489E
        Validity
            Not Before: Jul 31 00:08:34 2023 GMT
            Not After : Jul 29 00:13:34 2024 GMT
        Subject: CN=34E1584F01B8A5A6DEE764A5E70180506385FD38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:ed:7d:15:2c:cd:56:1a:9b:d6:b2:36:d3:
                    8d:28:f0:08:d5:bf:df:c7:9a:84:5f:23:76:92:43:
                    58:d3:8c:4c:6b:32:e8:ac:6f:c0:2b:f6:d0:67:8b:
                    0d:86:61:3f:77:21:2f:6d:9c:0c:89:5f:d3:1b:33:
                    4e:14:d2:8f:4e:4f:d4:a7:af:b4:dc:78:db:f3:ce:
                    75:60:fa:df:65:42:99:d1:0d:56:ac:0f:29:97:f9:
                    44:b1:42:d2:a0:f9:89:e0:3e:70:44:36:e7:2d:3b:
                    0b:08:ba:26:ae:bc:ac:9e:de:d6:cb:e5:07:d0:63:
                    6d:4a:3f:e6:fe:08:98:23:24:df:56:8a:90:ca:e2:
                    81:d6:2d:48:00:2f:a8:38:7d:98:48:3e:6b:5a:9b:
                    84:ed:28:0e:8a:95:df:8c:5e:59:9e:c7:f9:a0:f8:
                    d8:4e:48:b8:d0:4e:4c:3e:e6:d2:53:c8:71:ba:2e:
                    3b:83:0b:99:8d:4d:9b:b9:b8:a5:12:ba:66:f2:97:
                    d4:3a:da:9c:de:b4:eb:90:8e:83:50:06:1b:db:e3:
                    74:93:68:96:4b:f2:20:d5:3c:65:21:37:1c:a2:11:
                    b8:74:af:33:0e:7a:39:f3:ae:52:41:49:69:2b:ef:
                    56:de:a2:90:7b:92:cf:ab:5b:9c:88:2a:ba:08:ed:
                    89:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E1:58:4F:01:B8:A5:A6:DE:E7:64:A5:E7:01:80:50:63:85:FD:38
            X509v3 Authority Key Identifier:
                keyid:BF:3B:67:5A:EB:EE:64:D0:0B:32:30:56:54:5D:1F:63:0F:1C:48:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/BF3B675AEBEE64D00B323056545D1F630F1C489E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BF3B675AEBEE64D00B323056545D1F630F1C489E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/690c9009-ad53-4fa6-a183-34b3457bea03/0/3230322e3135312e382e302f32322d3234203d3e2039373835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.151.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:c5:83:94:e5:64:45:41:08:66:83:cc:86:46:c4:57:8e:2a:
         20:e4:5b:5f:eb:73:d1:18:b7:73:01:05:b9:61:98:86:f6:73:
         a0:74:78:d5:bb:16:ba:b7:9b:3e:e9:38:c0:f7:eb:63:76:7a:
         5b:e4:0d:57:cf:e0:52:82:0b:3d:94:72:5d:ec:37:6f:27:3b:
         1e:12:32:60:d3:6c:83:44:b4:27:9a:54:f2:25:e6:4d:ae:3a:
         d6:f7:4b:0f:a3:ac:b1:88:e5:10:5e:b3:bc:5f:6b:c4:a6:18:
         f8:b9:fd:37:75:40:30:b0:a1:a6:d9:bd:f0:27:57:92:2a:9f:
         8b:9a:94:d3:a0:7a:de:1f:65:e3:e4:38:04:82:c7:fd:4a:69:
         5b:55:07:0b:79:6d:dc:eb:4d:5b:d0:8b:e5:f9:b0:d4:67:0b:
         dd:ae:c6:b2:ea:9a:12:e4:6e:40:68:c9:f5:0c:b3:12:49:50:
         07:87:1c:f0:8c:0e:e2:ae:f9:10:88:63:bd:70:7a:a9:d8:f6:
         de:3b:0d:54:04:03:d7:eb:1e:36:1d:97:f9:73:90:f6:ba:59:
         b0:bd:90:93:ac:ec:72:7a:29:13:76:96:5d:d7:ee:be:e9:e3:
         27:76:a2:d0:91:ed:45:2e:64:7f:ee:a5:de:a7:f3:05:4d:e6:
         d4:74:b5:57
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUTe7gYQAfDeJoA3mq+ZcFF91oVGUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkYzQjY3NUFFQkVFNjREMDBCMzIzMDU2NTQ1RDFGNjMw
RjFDNDg5RTAeFw0yMzA3MzEwMDA4MzRaFw0yNDA3MjkwMDEzMzRaMDMxMTAvBgNV
BAMTKDM0RTE1ODRGMDFCOEE1QTZERUU3NjRBNUU3MDE4MDUwNjM4NUZEMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1m+19FSzNVhqb1rI2040o8AjV
v9/HmoRfI3aSQ1jTjExrMuisb8Ar9tBniw2GYT93IS9tnAyJX9MbM04U0o9OT9Sn
r7TceNvzznVg+t9lQpnRDVasDymX+USxQtKg+YngPnBENuctOwsIuiauvKye3tbL
5QfQY21KP+b+CJgjJN9WipDK4oHWLUgAL6g4fZhIPmtam4TtKA6Kld+MXlmex/mg
+NhOSLjQTkw+5tJTyHG6LjuDC5mNTZu5uKUSumbyl9Q62pzetOuQjoNQBhvb43ST
aJZL8iDVPGUhNxyiEbh0rzMOejnzrlJBSWkr71beopB7ks+rW5yIKroI7YmzAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUNOFYTwG4pabe52Sl5wGAUGOF/TgwHwYDVR0j
BBgwFoAUvztnWuvuZNALMjBWVF0fYw8cSJ4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
OTBjOTAwOS1hZDUzLTRmYTYtYTE4My0zNGIzNDU3YmVhMDMvMC9CRjNCNjc1QUVC
RUU2NEQwMEIzMjMwNTY1NDVEMUY2MzBGMUM0ODlFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQkYzQjY3NUFFQkVFNjREMDBCMzIzMDU2NTQ1RDFGNjMwRjFD
NDg5RS5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vNjkwYzkwMDktYWQ1My00ZmE2LWEx
ODMtMzRiMzQ1N2JlYTAzLzAvMzIzMDMyMmUzMTM1MzEyZTM4MmUzMDJmMzIzMjJk
MzIzNDIwM2QzZTIwMzkzNzM4MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALKlwgwDQYJKoZIhvcNAQEL
BQADggEBADLFg5TlZEVBCGaDzIZGxFeOKiDkW1/rc9EYt3MBBblhmIb2c6B0eNW7
Frq3mz7pOMD362N2elvkDVfP4FKCCz2Ucl3sN28nOx4SMmDTbINEtCeaVPIl5k2u
Otb3Sw+jrLGI5RBes7xfa8SmGPi5/Td1QDCwoabZvfAnV5Iqn4ualNOget4fZePk
OASCx/1KaVtVBwt5bdzrTVvQi+X5sNRnC92uxrLqmhLkbkBoyfUMsxJJUAeHHPCM
DuKu+RCIY71weqnY9t47DVQEA9frHjYdl/lzkPa6WbC9kJOs7HJ6KRN2ll3X7r7p
4yd2otCR7UUuZH/upd6n8wVN5tR0tVc=
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:02:29 2024 by rpki-client on console-ams.rpki-client.org