Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/3230322e37322e3139342e302f32342d3234203d3e203538353532.roa
File:                     3230322e37322e3139342e302f32342d3234203d3e203538353532.roa (raw, json)
Hash identifier:          /z9DoOR68bMWCTkoccQn2MachRQ/SIIqba8C10IJH9g=
Subject key identifier:   BE:63:6D:0C:F4:53:FF:FC:10:7D:68:63:05:BE:12:44:A9:DE:73:D2
Certificate issuer:       /CN=9EDE64DBC4098881F11B70123DF514D38F7881EE
Certificate serial:       0D3715D61F82A3B688B6CEBC513A60F6A90B0524
Authority key identifier: 9E:DE:64:DB:C4:09:88:81:F1:1B:70:12:3D:F5:14:D3:8F:78:81:EE
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EDE64DBC4098881F11B70123DF514D38F7881EE.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/3230322e37322e3139342e302f32342d3234203d3e203538353532.roa
Signing time:             Mon 31 Jul 2023 00:05:45 +0000
ROA not before:           Mon 31 Jul 2023 00:00:45 +0000
ROA not after:            Mon 29 Jul 2024 00:05:45 +0000
asID:                     58552
IP address blocks:        202.72.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/9EDE64DBC4098881F11B70123DF514D38F7881EE.crl
                          rsync://repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/9EDE64DBC4098881F11B70123DF514D38F7881EE.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EDE64DBC4098881F11B70123DF514D38F7881EE.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:37:15:d6:1f:82:a3:b6:88:b6:ce:bc:51:3a:60:f6:a9:0b:05:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9EDE64DBC4098881F11B70123DF514D38F7881EE
        Validity
            Not Before: Jul 31 00:00:45 2023 GMT
            Not After : Jul 29 00:05:45 2024 GMT
        Subject: CN=BE636D0CF453FFFC107D686305BE1244A9DE73D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:ba:df:8e:bf:df:08:18:44:ed:56:a9:09:6f:
                    85:fe:ff:dd:75:99:2e:8b:ee:b5:36:df:15:48:94:
                    df:59:f4:71:d8:dd:4f:90:83:c6:69:8d:a5:44:03:
                    92:c4:1b:fd:8c:1b:30:d5:ab:a6:d3:37:60:44:04:
                    9e:28:c4:03:29:b6:85:ce:60:59:47:ce:cb:b6:32:
                    e1:6a:bd:16:1f:47:ea:62:e6:d4:b8:a3:54:67:05:
                    ce:ba:0f:56:1a:70:37:c8:fa:3c:92:ff:e6:38:9d:
                    54:80:ec:5e:3f:8e:60:1d:24:05:fb:5e:e8:c0:bc:
                    35:91:95:92:2e:d1:9f:f1:79:be:f5:05:0e:f1:4d:
                    68:a5:5f:c7:cf:4f:98:73:c2:86:2d:9f:3a:6f:45:
                    ce:0d:71:f9:20:9d:08:bd:ef:12:22:a9:e4:85:6a:
                    95:4c:a8:c1:22:61:ea:51:e3:c7:30:1f:4e:0d:dd:
                    17:73:f3:92:f9:93:22:7a:94:24:8d:95:e5:ce:5c:
                    e4:09:cf:2c:07:b6:1d:c2:de:3a:73:59:cf:60:bb:
                    44:94:f5:da:c3:15:67:71:a8:fc:e8:98:c3:15:ef:
                    15:cb:66:ab:25:ca:50:68:05:f2:09:74:bd:f1:f2:
                    31:36:52:e8:60:57:ae:41:08:23:c5:a2:f6:e9:f9:
                    df:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:63:6D:0C:F4:53:FF:FC:10:7D:68:63:05:BE:12:44:A9:DE:73:D2
            X509v3 Authority Key Identifier:
                keyid:9E:DE:64:DB:C4:09:88:81:F1:1B:70:12:3D:F5:14:D3:8F:78:81:EE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/9EDE64DBC4098881F11B70123DF514D38F7881EE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9EDE64DBC4098881F11B70123DF514D38F7881EE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/69acb4a8-7804-4526-84d2-869b91a6719d/0/3230322e37322e3139342e302f32342d3234203d3e203538353532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.72.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8a:55:fd:ab:fb:e2:45:18:63:a7:b0:1b:d9:3b:74:1e:47:
         e1:b9:1d:ac:d8:96:85:ba:f9:2a:6b:29:0a:4c:a0:22:3e:7a:
         84:27:2e:c7:e8:30:93:86:d9:8c:ee:e2:04:bc:e0:90:fe:ee:
         bb:1a:d2:0d:f8:6c:8d:fb:0c:66:e9:b3:8a:67:75:e9:e1:55:
         57:4f:b2:dd:d8:b7:60:6d:e7:06:71:4f:97:a1:78:4d:d0:3e:
         30:aa:60:84:09:30:6c:ed:60:c5:5d:76:6d:5e:c6:7d:76:90:
         ef:a5:d6:d3:6f:50:da:c4:e6:ae:41:56:e0:8b:ec:7d:23:5b:
         bc:7a:3b:ad:69:f8:27:c5:67:eb:f3:a8:a2:ce:d1:5b:69:9c:
         8f:11:36:fc:63:7e:38:75:59:77:3d:01:a7:18:86:dd:b8:ee:
         52:10:ad:58:ea:2e:75:fc:d7:be:35:15:58:2a:74:a6:a2:f8:
         cb:0b:a4:94:2a:dc:0e:0a:e3:c0:d4:67:a4:e6:23:2a:33:8b:
         0f:9f:1a:be:b7:c4:9b:9b:a0:b2:71:b3:2b:3b:c9:58:5b:e1:
         7e:9e:b9:e5:3f:64:16:0d:bf:e3:23:3a:72:75:93:8b:cb:9f:
         b6:ea:a4:39:98:e6:73:17:b1:59:25:43:1e:75:c0:00:db:b5:
         bd:99:02:a6
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUDTcV1h+Co7aIts68UTpg9qkLBSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUVERTY0REJDNDA5ODg4MUYxMUI3MDEyM0RGNTE0RDM4
Rjc4ODFFRTAeFw0yMzA3MzEwMDAwNDVaFw0yNDA3MjkwMDA1NDVaMDMxMTAvBgNV
BAMTKEJFNjM2RDBDRjQ1M0ZGRkMxMDdENjg2MzA1QkUxMjQ0QTlERTczRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6ut+Ov98IGETtVqkJb4X+/911
mS6L7rU23xVIlN9Z9HHY3U+Qg8ZpjaVEA5LEG/2MGzDVq6bTN2BEBJ4oxAMptoXO
YFlHzsu2MuFqvRYfR+pi5tS4o1RnBc66D1YacDfI+jyS/+Y4nVSA7F4/jmAdJAX7
XujAvDWRlZIu0Z/xeb71BQ7xTWilX8fPT5hzwoYtnzpvRc4NcfkgnQi97xIiqeSF
apVMqMEiYepR48cwH04N3Rdz85L5kyJ6lCSNleXOXOQJzywHth3C3jpzWc9gu0SU
9drDFWdxqPzomMMV7xXLZqslylBoBfIJdL3x8jE2UuhgV65BCCPFovbp+d/XAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUvmNtDPRT//wQfWhjBb4SRKnec9IwHwYDVR0j
BBgwFoAUnt5k28QJiIHxG3ASPfUU0494ge4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
OWFjYjRhOC03ODA0LTQ1MjYtODRkMi04NjliOTFhNjcxOWQvMC85RURFNjREQkM0
MDk4ODgxRjExQjcwMTIzREY1MTREMzhGNzg4MUVFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUVERTY0REJDNDA5ODg4MUYxMUI3MDEyM0RGNTE0RDM4Rjc4
ODFFRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY5YWNiNGE4LTc4MDQtNDUyNi04
NGQyLTg2OWI5MWE2NzE5ZC8wLzMyMzAzMjJlMzczMjJlMzEzOTM0MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzODM1MzUzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMpIwjANBgkqhkiG
9w0BAQsFAAOCAQEAR4pV/av74kUYY6ewG9k7dB5H4bkdrNiWhbr5KmspCkygIj56
hCcux+gwk4bZjO7iBLzgkP7uuxrSDfhsjfsMZumzimd16eFVV0+y3di3YG3nBnFP
l6F4TdA+MKpghAkwbO1gxV12bV7GfXaQ76XW029Q2sTmrkFW4IvsfSNbvHo7rWn4
J8Vn6/Ooos7RW2mcjxE2/GN+OHVZdz0BpxiG3bjuUhCtWOoudfzXvjUVWCp0pqL4
ywuklCrcDgrjwNRnpOYjKjOLD58avrfEm5ugsnGzKzvJWFvhfp655T9kFg2/4yM6
cnWTi8uftuqkOZjmcxexWSVDHnXAANu1vZkCpg==
-----END CERTIFICATE-----
Generated at Tue Mar 26 18:22:29 2024 by rpki-client on console-fra.rpki-client.org