Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34382e302f32302d3230203d3e203435333132.roa
File:                     3230322e38312e34382e302f32302d3230203d3e203435333132.roa (raw, json)
Hash identifier:          p7KG6u8NuoYyurjuFxHKBcQtJ46Ul7YpMskNXgmjtTw=
Subject key identifier:   46:4C:D6:89:ED:51:DA:0A:B5:C3:37:B3:B0:D0:C0:90:08:E2:AA:5F
Certificate issuer:       /CN=154EE03198467B96315FDB527FB3BBCCA0BFC441
Certificate serial:       2E7F72747391D7CB972C2FC6B3C7B74AF29D2E75
Authority key identifier: 15:4E:E0:31:98:46:7B:96:31:5F:DB:52:7F:B3:BB:CC:A0:BF:C4:41
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34382e302f32302d3230203d3e203435333132.roa
Signing time:             Mon 31 Jul 2023 00:06:26 +0000
ROA not before:           Mon 31 Jul 2023 00:01:26 +0000
ROA not after:            Mon 29 Jul 2024 00:06:26 +0000
asID:                     45312
IP address blocks:        202.81.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.crl
                          rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 14:14:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:7f:72:74:73:91:d7:cb:97:2c:2f:c6:b3:c7:b7:4a:f2:9d:2e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=154EE03198467B96315FDB527FB3BBCCA0BFC441
        Validity
            Not Before: Jul 31 00:01:26 2023 GMT
            Not After : Jul 29 00:06:26 2024 GMT
        Subject: CN=464CD689ED51DA0AB5C337B3B0D0C09008E2AA5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:10:27:c9:b2:f0:ab:62:ec:72:d3:f6:36:61:
                    72:65:5d:33:53:8c:53:71:a6:35:06:ad:44:e7:c1:
                    ca:a0:e3:39:1d:54:c7:40:ec:63:39:80:68:b1:ec:
                    ef:43:b1:93:05:2f:3e:1b:cf:5e:ba:fe:2e:56:61:
                    3a:4e:e2:d0:bc:4c:82:1d:e3:ed:cb:42:a6:84:ae:
                    84:eb:a2:95:ca:22:eb:cb:b7:89:4d:19:bf:86:60:
                    1c:61:43:8c:6b:ad:7c:bf:91:8b:3d:1b:c4:1e:88:
                    bf:28:9c:d6:3c:6e:37:4d:57:9a:b1:4d:6f:b5:0a:
                    95:4a:2b:1d:de:02:8c:01:d3:04:a1:aa:4a:12:4d:
                    3f:e9:ec:cf:3c:cf:ba:eb:f4:e5:42:d9:87:56:ac:
                    26:d0:26:bf:12:10:1a:92:1c:bd:4a:61:df:94:05:
                    74:8e:ae:82:55:61:f3:2b:58:ff:e9:1c:5c:bc:e0:
                    18:f2:13:27:0a:3b:85:4a:5d:49:af:f4:68:37:70:
                    04:13:c3:8b:14:00:a1:70:3f:02:7c:31:af:d3:f9:
                    28:88:7d:fb:ff:09:21:cb:29:ea:92:d1:64:3e:4a:
                    fe:ce:8a:96:1c:66:a0:2c:f1:1c:27:27:d7:4e:fc:
                    01:c1:26:cb:05:75:94:76:3e:d5:5a:a5:a8:f0:9b:
                    1d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:4C:D6:89:ED:51:DA:0A:B5:C3:37:B3:B0:D0:C0:90:08:E2:AA:5F
            X509v3 Authority Key Identifier:
                keyid:15:4E:E0:31:98:46:7B:96:31:5F:DB:52:7F:B3:BB:CC:A0:BF:C4:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34382e302f32302d3230203d3e203435333132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.81.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7d:1e:86:ac:71:b2:a9:3e:d8:79:bb:07:aa:a4:d9:07:46:83:
         b3:23:00:89:63:d3:99:35:fd:91:67:56:4b:39:39:9f:57:61:
         68:d6:81:f6:17:db:d1:65:70:58:37:f5:de:d4:5e:37:1c:23:
         89:d8:2c:85:09:9a:99:97:13:2e:61:59:e8:f2:d4:7e:1a:ed:
         3a:3b:4d:ae:97:23:be:59:9a:e8:69:04:88:e9:aa:4b:90:4c:
         b0:4d:ee:0c:06:e5:44:a0:3f:7a:31:d7:04:7e:fe:ac:3e:52:
         1d:ec:c3:9d:10:44:3b:e0:91:e9:22:ca:87:ac:bc:5d:7c:3a:
         bc:5b:9c:a6:22:22:66:52:03:5a:6d:96:b0:b2:64:3b:14:6a:
         46:e1:10:16:89:50:93:17:e8:f0:ac:c7:ef:7a:06:3d:88:98:
         dc:a8:43:6d:d9:35:74:88:ab:b9:ad:b1:96:cd:3b:46:9f:b5:
         b4:8c:7f:82:90:ab:8a:10:d5:19:ce:1c:88:0d:0b:17:ba:d3:
         47:7f:99:0f:c9:ff:2d:3f:a6:54:b8:d8:f8:f7:17:8b:ef:e5:
         84:16:04:c4:bc:19:6b:91:55:81:b5:c4:19:c8:a2:80:bd:39:
         5a:4a:d5:7e:03:c0:d0:45:c7:8a:e4:ff:cf:99:6a:66:b4:15:
         42:c2:e7:77
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIULn9ydHOR18uXLC/Gs8e3SvKdLnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTU0RUUwMzE5ODQ2N0I5NjMxNUZEQjUyN0ZCM0JCQ0NB
MEJGQzQ0MTAeFw0yMzA3MzEwMDAxMjZaFw0yNDA3MjkwMDA2MjZaMDMxMTAvBgNV
BAMTKDQ2NENENjg5RUQ1MURBMEFCNUMzMzdCM0IwRDBDMDkwMDhFMkFBNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzECfJsvCrYuxy0/Y2YXJlXTNT
jFNxpjUGrUTnwcqg4zkdVMdA7GM5gGix7O9DsZMFLz4bz166/i5WYTpO4tC8TIId
4+3LQqaEroTropXKIuvLt4lNGb+GYBxhQ4xrrXy/kYs9G8QeiL8onNY8bjdNV5qx
TW+1CpVKKx3eAowB0wShqkoSTT/p7M88z7rr9OVC2YdWrCbQJr8SEBqSHL1KYd+U
BXSOroJVYfMrWP/pHFy84BjyEycKO4VKXUmv9Gg3cAQTw4sUAKFwPwJ8Ma/T+SiI
ffv/CSHLKeqS0WQ+Sv7OipYcZqAs8RwnJ9dO/AHBJssFdZR2PtVapajwmx2zAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQURkzWie1R2gq1wzezsNDAkAjiql8wHwYDVR0j
BBgwFoAUFU7gMZhGe5YxX9tSf7O7zKC/xEEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
NjIxZjc1My1hODhlLTRlZGYtYTMwNi1iZDkzZDVhMzhmZWEvMC8xNTRFRTAzMTk4
NDY3Qjk2MzE1RkRCNTI3RkIzQkJDQ0EwQkZDNDQxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTU0RUUwMzE5ODQ2N0I5NjMxNUZEQjUyN0ZCM0JCQ0NBMEJG
QzQ0MS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2M2MjFmNzUzLWE4OGUtNGVkZi1h
MzA2LWJkOTNkNWEzOGZlYS8wLzMyMzAzMjJlMzgzMTJlMzQzODJlMzAyZjMyMzAy
ZDMyMzAyMDNkM2UyMDM0MzUzMzMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATKUTAwDQYJKoZIhvcN
AQELBQADggEBAH0ehqxxsqk+2Hm7B6qk2QdGg7MjAIlj05k1/ZFnVks5OZ9XYWjW
gfYX29FlcFg39d7UXjccI4nYLIUJmpmXEy5hWejy1H4a7To7Ta6XI75ZmuhpBIjp
qkuQTLBN7gwG5USgP3ox1wR+/qw+Uh3sw50QRDvgkekiyoesvF18OrxbnKYiImZS
A1ptlrCyZDsUakbhEBaJUJMX6PCsx+96Bj2ImNyoQ23ZNXSIq7mtsZbNO0aftbSM
f4KQq4oQ1RnOHIgNCxe600d/mQ/J/y0/plS42Pj3F4vv5YQWBMS8GWuRVYG1xBnI
ooC9OVpK1X4DwNBFx4rk/8+Zama0FULC53c=
-----END CERTIFICATE-----
Generated at Wed Mar 27 15:54:33 2024 by rpki-client on console-fra.rpki-client.org