Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32342e302f32342d3234203d3e20313430343639.roa
File:                     3230322e35372e32342e302f32342d3234203d3e20313430343639.roa (raw, json)
Hash identifier:          W2CLhFrYGcyK1RWFDJHHPDpgB1KfrpTWYgmbo5Kq/a8=
Subject key identifier:   00:9B:68:22:4B:FA:94:5C:AD:90:67:2D:94:89:3E:2E:27:97:79:D0
Certificate issuer:       /CN=1F969EE9B0838D22156118A888B81BF27B859BD5
Certificate serial:       2ABBC049A7199C85D11A3C361D667612F64B657C
Authority key identifier: 1F:96:9E:E9:B0:83:8D:22:15:61:18:A8:88:B8:1B:F2:7B:85:9B:D5
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32342e302f32342d3234203d3e20313430343639.roa
Signing time:             Mon 04 Dec 2023 15:00:01 +0000
ROA not before:           Mon 04 Dec 2023 14:55:01 +0000
ROA not after:            Mon 02 Dec 2024 15:00:01 +0000
asID:                     140469
IP address blocks:        202.57.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.crl
                          rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:bb:c0:49:a7:19:9c:85:d1:1a:3c:36:1d:66:76:12:f6:4b:65:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1F969EE9B0838D22156118A888B81BF27B859BD5
        Validity
            Not Before: Dec  4 14:55:01 2023 GMT
            Not After : Dec  2 15:00:01 2024 GMT
        Subject: CN=009B68224BFA945CAD90672D94893E2E279779D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6e:cc:45:00:3f:39:51:ca:d3:7b:d5:59:62:
                    4b:5d:16:0b:67:f1:4b:3a:02:e5:b6:c9:27:72:80:
                    1c:96:bb:88:03:55:e0:32:07:29:cf:01:cb:b3:5a:
                    a6:4e:9f:5e:f5:08:1a:17:17:b1:37:da:e1:0d:8e:
                    27:82:80:3f:ec:bf:a2:30:26:44:ac:ab:d7:3a:d9:
                    6d:e4:1b:df:a4:d4:5c:df:72:75:58:e4:46:9e:fb:
                    11:9b:18:28:19:f6:a7:97:37:ed:ff:c4:fe:f1:0b:
                    e6:a4:c2:5c:c8:da:dd:6c:12:a0:1f:08:6f:f6:f4:
                    34:4a:d4:c4:0e:8f:4e:30:08:71:18:1a:46:16:43:
                    dd:3e:10:2b:4f:fb:44:09:fb:1d:58:e6:b2:ef:ab:
                    54:e2:b5:89:96:eb:aa:d7:f0:9d:ea:49:a5:90:98:
                    78:3e:82:e2:d0:90:a0:34:9b:ec:56:37:35:a4:d0:
                    55:fc:d8:47:c7:bc:5d:36:25:7d:5a:9a:f2:e5:06:
                    bd:29:cd:5d:d9:e4:30:ca:db:64:66:9e:2c:97:89:
                    60:e9:8f:03:35:58:f2:1b:29:c2:c1:71:76:11:16:
                    83:13:9d:b5:d4:6f:44:73:cf:0b:7c:3f:73:74:2d:
                    41:ac:f6:92:b3:34:ac:0c:fa:ea:9f:fc:cb:8b:3e:
                    4f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:9B:68:22:4B:FA:94:5C:AD:90:67:2D:94:89:3E:2E:27:97:79:D0
            X509v3 Authority Key Identifier:
                keyid:1F:96:9E:E9:B0:83:8D:22:15:61:18:A8:88:B8:1B:F2:7B:85:9B:D5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/1F969EE9B0838D22156118A888B81BF27B859BD5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1F969EE9B0838D22156118A888B81BF27B859BD5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/0d3f095b-7130-4122-af25-7d2e7a11b1b1/0/3230322e35372e32342e302f32342d3234203d3e20313430343639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.57.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:4c:51:6b:7f:7b:b2:4e:04:be:1c:1a:9f:e5:9c:ec:db:a5:
         c4:0a:12:5e:39:b1:6c:f8:ad:09:95:66:47:2c:48:7c:da:64:
         c8:e3:b7:d2:ca:a8:d6:af:e8:15:80:81:29:25:45:d8:9e:1e:
         8d:92:8f:73:7e:c1:96:c9:79:98:6d:39:06:16:79:47:5e:56:
         b0:00:2f:d8:f8:80:2a:8a:09:c2:16:dd:7f:d3:38:34:e5:9d:
         cf:3f:d3:00:ac:b1:6a:ca:6f:e1:42:ba:a1:b6:ef:91:32:a4:
         e4:ce:b8:b3:6a:f9:3f:07:64:df:58:79:1a:b9:5a:0f:fb:e0:
         04:b8:3a:e1:18:3e:d3:32:8d:71:8a:10:84:55:6f:7b:ed:e2:
         10:c1:06:fe:68:cd:29:60:58:b9:3f:d2:68:78:53:77:7a:39:
         2d:24:f7:33:4e:19:04:88:40:e7:9d:83:b2:c6:b8:6e:06:da:
         ce:78:a3:47:4e:47:6f:84:a4:94:f7:59:40:38:0b:f8:e2:70:
         76:9f:a5:b4:70:1e:5c:eb:87:72:90:53:e1:b4:10:9d:7c:5f:
         e0:1e:0a:8c:27:ac:63:6b:68:b8:27:cb:29:37:3d:e3:ef:cf:
         5a:4f:c5:da:98:01:17:e3:8c:2f:4e:e2:a9:38:4c:cd:2b:98:
         7a:57:b4:b1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUKrvASacZnIXRGjw2HWZ2EvZLZXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUY5NjlFRTlCMDgzOEQyMjE1NjExOEE4ODhCODFCRjI3
Qjg1OUJENTAeFw0yMzEyMDQxNDU1MDFaFw0yNDEyMDIxNTAwMDFaMDMxMTAvBgNV
BAMTKDAwOUI2ODIyNEJGQTk0NUNBRDkwNjcyRDk0ODkzRTJFMjc5Nzc5RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClbsxFAD85UcrTe9VZYktdFgtn
8Us6AuW2ySdygByWu4gDVeAyBynPAcuzWqZOn171CBoXF7E32uENjieCgD/sv6Iw
JkSsq9c62W3kG9+k1FzfcnVY5Eae+xGbGCgZ9qeXN+3/xP7xC+akwlzI2t1sEqAf
CG/29DRK1MQOj04wCHEYGkYWQ90+ECtP+0QJ+x1Y5rLvq1TitYmW66rX8J3qSaWQ
mHg+guLQkKA0m+xWNzWk0FX82EfHvF02JX1amvLlBr0pzV3Z5DDK22RmniyXiWDp
jwM1WPIbKcLBcXYRFoMTnbXUb0Rzzwt8P3N0LUGs9pKzNKwM+uqf/MuLPk9PAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUAJtoIkv6lFytkGctlIk+LieXedAwHwYDVR0j
BBgwFoAUH5ae6bCDjSIVYRioiLgb8nuFm9UwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
ZDNmMDk1Yi03MTMwLTQxMjItYWYyNS03ZDJlN2ExMWIxYjEvMC8xRjk2OUVFOUIw
ODM4RDIyMTU2MTE4QTg4OEI4MUJGMjdCODU5QkQ1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMUY5NjlFRTlCMDgzOEQyMjE1NjExOEE4ODhCODFCRjI3Qjg1
OUJENS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzBkM2YwOTViLTcxMzAtNDEyMi1h
ZjI1LTdkMmU3YTExYjFiMS8wLzMyMzAzMjJlMzUzNzJlMzIzNDJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzQzMDM0MzYzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMo5GDANBgkqhkiG
9w0BAQsFAAOCAQEAxkxRa397sk4Evhwan+Wc7NulxAoSXjmxbPitCZVmRyxIfNpk
yOO30sqo1q/oFYCBKSVF2J4ejZKPc37Blsl5mG05BhZ5R15WsAAv2PiAKooJwhbd
f9M4NOWdzz/TAKyxaspv4UK6obbvkTKk5M64s2r5Pwdk31h5GrlaD/vgBLg64Rg+
0zKNcYoQhFVve+3iEMEG/mjNKWBYuT/SaHhTd3o5LST3M04ZBIhA552Dssa4bgba
znijR05Hb4SklPdZQDgL+OJwdp+ltHAeXOuHcpBT4bQQnXxf4B4KjCesY2touCfL
KTc94+/PWk/F2pgBF+OML07iqThMzSuYele0sQ==
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:14:19 2024 by rpki-client on console-fra.rpki-client.org