Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32302e302f32332d3233203d3e20313431363733.roa
File:                     3230322e35372e32302e302f32332d3233203d3e20313431363733.roa (raw, json)
Hash identifier:          tuC8MEUEcdj4aejYW8E3scwSN6FZSzAw4TVHzmh9NqA=
Subject key identifier:   0B:C0:7A:E6:B3:E3:39:EB:A4:C1:84:2B:AB:BA:F4:43:99:27:63:9A
Certificate issuer:       /CN=1F969EE9B0838D22156118A888B81BF27B859BD5
Certificate serial:       26DE7355463CF1DAEB6BD6C772281D34DF18286A
Authority key identifier: 1F:96:9E:E9:B0:83:8D:22:15:61:18:A8:88:B8:1B:F2:7B:85:9B:D5
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32302e302f32332d3233203d3e20313431363733.roa
Signing time:             Wed 13 Mar 2024 05:00:00 +0000
ROA not before:           Wed 13 Mar 2024 04:55:00 +0000
ROA not after:            Wed 12 Mar 2025 05:00:00 +0000
asID:                     141673
IP address blocks:        202.57.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.crl
                          rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 13:56:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:de:73:55:46:3c:f1:da:eb:6b:d6:c7:72:28:1d:34:df:18:28:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1F969EE9B0838D22156118A888B81BF27B859BD5
        Validity
            Not Before: Mar 13 04:55:00 2024 GMT
            Not After : Mar 12 05:00:00 2025 GMT
        Subject: CN=0BC07AE6B3E339EBA4C1842BABBAF4439927639A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:77:89:2f:fd:25:5f:b6:b1:fc:5f:17:49:e6:
                    1f:73:02:0b:bb:10:f0:b3:11:5b:00:4a:71:99:9f:
                    aa:0d:6d:b3:db:1e:8f:59:a2:a8:e1:2d:52:97:b7:
                    4d:66:dc:b0:7a:29:dd:c4:c5:ab:7f:03:1f:de:54:
                    fa:fc:43:ed:d7:f0:9c:e9:7b:ba:4b:d5:35:6a:1a:
                    df:38:06:fc:61:95:40:d4:4b:71:2e:e7:90:a5:86:
                    60:b0:40:30:c1:03:45:21:34:4d:5b:a1:c6:a1:e1:
                    3c:2c:6d:27:05:49:7f:bb:cc:b1:53:3d:80:50:98:
                    31:46:4f:5c:ff:0c:71:df:73:52:22:ea:7d:bf:9b:
                    57:e3:ea:08:b4:73:02:7f:8c:36:ba:82:ac:0c:62:
                    ac:df:c2:b2:74:13:06:4b:a8:b3:ff:74:40:48:0b:
                    c8:f7:3d:9d:28:5c:40:7d:28:80:53:6f:13:db:02:
                    50:bf:d9:7c:c3:32:e2:e9:5d:77:21:0c:4e:7a:69:
                    c0:c9:da:f2:e5:f4:19:b0:d7:58:38:0e:88:88:d9:
                    48:d4:23:09:fc:b3:ed:53:74:14:f4:21:40:5c:b6:
                    b0:79:c4:ee:0f:f0:af:c7:5b:59:d2:04:22:6d:9d:
                    b9:17:d8:3b:e7:a2:c7:94:ba:42:d5:2e:a3:a4:72:
                    18:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C0:7A:E6:B3:E3:39:EB:A4:C1:84:2B:AB:BA:F4:43:99:27:63:9A
            X509v3 Authority Key Identifier:
                keyid:1F:96:9E:E9:B0:83:8D:22:15:61:18:A8:88:B8:1B:F2:7B:85:9B:D5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32302e302f32332d3233203d3e20313431363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.57.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:bd:e8:92:c1:1e:76:29:51:a5:d8:07:3a:a2:9c:19:fb:d1:
         7f:bb:ae:94:96:e8:98:16:59:1f:14:16:58:85:18:53:79:b8:
         12:f1:32:9d:29:78:f8:4f:41:a2:55:a3:d7:55:6c:e0:7a:02:
         0d:ae:fb:13:69:f8:34:dd:6d:21:28:b7:c4:3e:87:f9:14:e7:
         13:59:cf:08:fd:a1:f7:ec:86:87:96:0d:1f:9f:cc:c7:97:1b:
         3b:db:9b:a8:87:32:47:e9:29:d0:1d:b4:27:1a:53:cf:d0:1d:
         5b:0b:8d:7e:9c:f5:12:64:2d:c2:78:58:dd:66:1f:b3:89:fd:
         1a:58:27:d4:b7:7a:79:74:c3:91:18:46:60:e6:40:cf:e1:30:
         04:9b:9d:30:14:28:d9:09:fc:d2:b0:66:d7:6b:af:da:88:70:
         a6:97:62:15:f4:b6:40:b4:9f:22:8e:b1:c5:03:2f:e3:46:6f:
         f1:81:83:41:16:a4:da:27:5a:6d:59:c0:32:4c:fa:f8:a9:7d:
         7c:1e:4f:17:c6:70:6d:62:89:0b:6c:8b:dd:29:e4:29:53:09:
         77:fc:05:7a:7a:12:0d:25:b8:84:dd:df:07:84:3f:30:af:db:
         cb:8d:51:41:27:3d:f3:ef:6d:ec:ec:d1:fb:8a:86:e2:31:09:
         06:40:57:67
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUJt5zVUY88drra9bHcigdNN8YKGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUY5NjlFRTlCMDgzOEQyMjE1NjExOEE4ODhCODFCRjI3
Qjg1OUJENTAeFw0yNDAzMTMwNDU1MDBaFw0yNTAzMTIwNTAwMDBaMDMxMTAvBgNV
BAMTKDBCQzA3QUU2QjNFMzM5RUJBNEMxODQyQkFCQkFGNDQzOTkyNzYzOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5d4kv/SVftrH8XxdJ5h9zAgu7
EPCzEVsASnGZn6oNbbPbHo9ZoqjhLVKXt01m3LB6Kd3Exat/Ax/eVPr8Q+3X8Jzp
e7pL1TVqGt84BvxhlUDUS3Eu55ClhmCwQDDBA0UhNE1bocah4TwsbScFSX+7zLFT
PYBQmDFGT1z/DHHfc1Ii6n2/m1fj6gi0cwJ/jDa6gqwMYqzfwrJ0EwZLqLP/dEBI
C8j3PZ0oXEB9KIBTbxPbAlC/2XzDMuLpXXchDE56acDJ2vLl9Bmw11g4DoiI2UjU
Iwn8s+1TdBT0IUBctrB5xO4P8K/HW1nSBCJtnbkX2DvnoseUukLVLqOkchhZAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUC8B65rPjOeukwYQrq7r0Q5knY5owHwYDVR0j
BBgwFoAUH5ae6bCDjSIVYRioiLgb8nuFm9UwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
ZDNmMDk1Yi03MTMwLTQxMjItYWYyNS03ZDJlN2ExMWIxYjEvMC8xRjk2OUVFOUIw
ODM4RDIyMTU2MTE4QTg4OEI4MUJGMjdCODU5QkQ1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMUY5NjlFRTlCMDgzOEQyMjE1NjExOEE4ODhCODFCRjI3Qjg1
OUJENS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzBkM2YwOTViLTcxMzAtNDEyMi1h
ZjI1LTdkMmU3YTExYjFiMS8wLzMyMzAzMjJlMzUzNzJlMzIzMDJlMzAyZjMyMzMy
ZDMyMzMyMDNkM2UyMDMxMzQzMTM2MzczMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAco5FDANBgkqhkiG
9w0BAQsFAAOCAQEAJ73oksEedilRpdgHOqKcGfvRf7uulJbomBZZHxQWWIUYU3m4
EvEynSl4+E9BolWj11Vs4HoCDa77E2n4NN1tISi3xD6H+RTnE1nPCP2h9+yGh5YN
H5/Mx5cbO9ubqIcyR+kp0B20JxpTz9AdWwuNfpz1EmQtwnhY3WYfs4n9Glgn1Ld6
eXTDkRhGYOZAz+EwBJudMBQo2Qn80rBm12uv2ohwppdiFfS2QLSfIo6xxQMv40Zv
8YGDQRak2idabVnAMkz6+Kl9fB5PF8ZwbWKJC2yL3SnkKVMJd/wFenoSDSW4hN3f
B4Q/MK/by41RQSc98+9t7OzR+4qG4jEJBkBXZw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:19:26 2024 by rpki-client on console-ams.rpki-client.org