Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34392e302f32342d3234203d3e203435333132.roa
File:                     3230322e38312e34392e302f32342d3234203d3e203435333132.roa (raw, json)
Hash identifier:          n0D84xW0rftFuNcTZjnmp86aFLYrGNDiAY+/zEgA+X8=
Subject key identifier:   0E:6B:A3:41:C0:45:65:82:EA:81:CD:F7:39:35:C0:5C:33:7A:89:8B
Certificate issuer:       /CN=154EE03198467B96315FDB527FB3BBCCA0BFC441
Certificate serial:       75C9B22B16F698CF55B4F9DDA56879DAA97A74B5
Authority key identifier: 15:4E:E0:31:98:46:7B:96:31:5F:DB:52:7F:B3:BB:CC:A0:BF:C4:41
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34392e302f32342d3234203d3e203435333132.roa
Signing time:             Mon 31 Jul 2023 00:06:27 +0000
ROA not before:           Mon 31 Jul 2023 00:01:27 +0000
ROA not after:            Mon 29 Jul 2024 00:06:27 +0000
asID:                     45312
IP address blocks:        202.81.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.crl
                          rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 14:14:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c9:b2:2b:16:f6:98:cf:55:b4:f9:dd:a5:68:79:da:a9:7a:74:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=154EE03198467B96315FDB527FB3BBCCA0BFC441
        Validity
            Not Before: Jul 31 00:01:27 2023 GMT
            Not After : Jul 29 00:06:27 2024 GMT
        Subject: CN=0E6BA341C0456582EA81CDF73935C05C337A898B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:27:51:e9:52:af:de:5d:89:d1:98:cb:f6:8c:
                    26:a9:ba:27:1d:1f:f4:fd:a7:67:37:10:5d:3a:f9:
                    d0:74:b4:34:9d:ad:06:da:ff:af:74:3f:f6:ec:ee:
                    da:36:de:8f:fb:70:c8:a7:02:1e:30:9f:53:0f:69:
                    93:a1:bc:80:05:c5:eb:75:0c:22:c5:c6:b0:78:11:
                    81:4d:6f:e4:95:d6:2b:f5:2d:9d:23:a5:01:46:1e:
                    2c:1c:fe:b2:e8:ca:b9:58:ee:b9:53:d4:1a:bf:ed:
                    e3:11:fa:19:30:1f:97:31:4b:ec:5f:14:38:93:01:
                    dd:3a:46:d5:46:f7:ee:51:eb:2d:28:bc:2f:c0:c9:
                    e8:70:7a:30:73:ee:9a:74:97:89:53:f8:b5:7c:1a:
                    5e:34:5e:fb:66:c7:bd:b6:a3:5a:07:f8:db:64:71:
                    d8:2e:fa:45:a8:9c:c6:cd:52:74:17:03:7c:9f:50:
                    61:f7:22:25:4f:d1:3c:01:16:56:a6:ae:a9:fc:00:
                    da:05:79:3e:5c:a7:ca:da:e6:a0:b1:d8:a7:53:62:
                    1b:f9:b3:14:0b:b3:2c:21:bd:4b:cd:47:60:11:49:
                    8c:08:a8:8d:98:cf:36:e6:b8:97:d0:e4:3c:b7:2e:
                    c7:53:1b:a4:c0:a8:18:12:0e:b0:95:2c:68:03:58:
                    e6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6B:A3:41:C0:45:65:82:EA:81:CD:F7:39:35:C0:5C:33:7A:89:8B
            X509v3 Authority Key Identifier:
                keyid:15:4E:E0:31:98:46:7B:96:31:5F:DB:52:7F:B3:BB:CC:A0:BF:C4:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/154EE03198467B96315FDB527FB3BBCCA0BFC441.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/154EE03198467B96315FDB527FB3BBCCA0BFC441.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c621f753-a88e-4edf-a306-bd93d5a38fea/0/3230322e38312e34392e302f32342d3234203d3e203435333132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.81.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:5f:7a:7e:46:c3:fe:58:9a:bc:c1:db:53:7e:57:d9:05:21:
         11:5a:7e:3d:94:54:ea:b2:b7:1b:8d:7e:20:aa:15:f3:c2:91:
         c3:61:cf:58:24:bd:dc:3a:44:7c:62:8b:ff:6e:f1:5c:26:e7:
         d5:da:8e:e9:0a:9a:89:62:c7:4c:8f:39:8f:0b:a9:f0:66:d1:
         75:e2:ed:de:ee:02:25:86:b5:3f:e4:c5:e0:fa:bb:7a:4f:f0:
         be:f4:69:07:74:15:e4:28:a7:b4:88:72:09:f7:52:df:a6:84:
         15:6d:4c:45:d3:f6:11:10:fb:f1:7d:82:ca:92:a4:e2:8a:12:
         5c:28:a7:16:7e:36:6e:55:4c:32:9d:be:96:5e:fa:d7:f0:79:
         f8:bc:fa:49:0f:ef:a1:85:e1:32:c4:b9:dc:5b:22:93:80:4f:
         13:9a:03:92:6f:54:74:cd:52:a5:6b:a7:e6:55:75:8e:90:cf:
         75:d3:a6:9c:ce:1b:e0:66:b9:f1:7c:14:53:51:e0:0f:1e:63:
         1c:23:b4:20:7f:54:b1:66:77:4f:a3:5b:8a:3b:46:78:d0:e7:
         9a:3d:9f:84:32:bd:52:47:57:6a:a4:d5:ab:e4:49:3c:87:d4:
         df:96:d9:e1:ce:69:bb:5a:e7:bf:64:fc:87:b7:c2:26:9d:28:
         17:0c:ad:27
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUdcmyKxb2mM9VtPndpWh52ql6dLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTU0RUUwMzE5ODQ2N0I5NjMxNUZEQjUyN0ZCM0JCQ0NB
MEJGQzQ0MTAeFw0yMzA3MzEwMDAxMjdaFw0yNDA3MjkwMDA2MjdaMDMxMTAvBgNV
BAMTKDBFNkJBMzQxQzA0NTY1ODJFQTgxQ0RGNzM5MzVDMDVDMzM3QTg5OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEJ1HpUq/eXYnRmMv2jCapuicd
H/T9p2c3EF06+dB0tDSdrQba/690P/bs7to23o/7cMinAh4wn1MPaZOhvIAFxet1
DCLFxrB4EYFNb+SV1iv1LZ0jpQFGHiwc/rLoyrlY7rlT1Bq/7eMR+hkwH5cxS+xf
FDiTAd06RtVG9+5R6y0ovC/AyehwejBz7pp0l4lT+LV8Gl40Xvtmx722o1oH+Ntk
cdgu+kWonMbNUnQXA3yfUGH3IiVP0TwBFlamrqn8ANoFeT5cp8ra5qCx2KdTYhv5
sxQLsywhvUvNR2ARSYwIqI2YzzbmuJfQ5Dy3LsdTG6TAqBgSDrCVLGgDWOaBAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUDmujQcBFZYLqgc33OTXAXDN6iYswHwYDVR0j
BBgwFoAUFU7gMZhGe5YxX9tSf7O7zKC/xEEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
NjIxZjc1My1hODhlLTRlZGYtYTMwNi1iZDkzZDVhMzhmZWEvMC8xNTRFRTAzMTk4
NDY3Qjk2MzE1RkRCNTI3RkIzQkJDQ0EwQkZDNDQxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTU0RUUwMzE5ODQ2N0I5NjMxNUZEQjUyN0ZCM0JCQ0NBMEJG
QzQ0MS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2M2MjFmNzUzLWE4OGUtNGVkZi1h
MzA2LWJkOTNkNWEzOGZlYS8wLzMyMzAzMjJlMzgzMTJlMzQzOTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDM0MzUzMzMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKUTEwDQYJKoZIhvcN
AQELBQADggEBABlfen5Gw/5YmrzB21N+V9kFIRFafj2UVOqytxuNfiCqFfPCkcNh
z1gkvdw6RHxii/9u8Vwm59XajukKmolix0yPOY8LqfBm0XXi7d7uAiWGtT/kxeD6
u3pP8L70aQd0FeQop7SIcgn3Ut+mhBVtTEXT9hEQ+/F9gsqSpOKKElwopxZ+Nm5V
TDKdvpZe+tfwefi8+kkP76GF4TLEudxbIpOATxOaA5JvVHTNUqVrp+ZVdY6Qz3XT
ppzOG+BmufF8FFNR4A8eYxwjtCB/VLFmd0+jW4o7RnjQ55o9n4QyvVJHV2qk1avk
STyH1N+W2eHOabta579k/Ie3wiadKBcMrSc=
-----END CERTIFICATE-----
Generated at Wed Mar 27 15:34:04 2024 by rpki-client on console-ams.rpki-client.org