Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37312e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e37312e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          Xthgw31h3s+GW8ypk/PRH8TnEVJQ++dwiKocGGYj4NY=
Subject key identifier:   1D:89:58:70:5F:DA:DB:95:CC:54:5E:E0:DF:BC:91:88:3E:68:AE:77
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       278C30C76238AE050EE03EC10B4D9B0F1872E444
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37312e302f32342d3234203d3e203233363935.roa
Signing time:             Wed 28 Aug 2024 04:02:15 +0000
ROA not before:           Wed 28 Aug 2024 03:57:15 +0000
ROA not after:            Wed 27 Aug 2025 04:02:15 +0000
asID:                     23695
IP address blocks:        202.173.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 15 Nov 2024 19:34:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:8c:30:c7:62:38:ae:05:0e:e0:3e:c1:0b:4d:9b:0f:18:72:e4:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Aug 28 03:57:15 2024 GMT
            Not After : Aug 27 04:02:15 2025 GMT
        Subject: CN=1D8958705FDADB95CC545EE0DFBC91883E68AE77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:78:d5:70:c0:72:e2:ad:58:4e:60:71:a8:
                    5c:96:5a:66:7b:86:9a:6e:4b:5c:ab:a4:a5:5e:e8:
                    8e:7e:70:06:0d:61:4f:d0:c8:6a:85:bd:5e:53:ea:
                    85:57:24:e4:1e:6c:80:35:0d:38:86:78:53:70:5a:
                    03:1d:96:d6:6b:61:27:65:0e:9d:91:8e:7d:33:c6:
                    f9:0c:ba:1d:36:3f:57:d7:6d:d2:fd:21:d7:ae:c3:
                    bf:c6:05:2d:cf:d6:12:c4:f5:92:10:a2:fa:fb:c0:
                    d1:aa:10:9d:00:99:ae:10:87:ae:9f:fc:0b:ab:7b:
                    d9:ed:b6:d0:7c:90:e2:6e:01:54:47:77:38:55:cd:
                    ba:7a:42:46:17:57:f0:0b:ea:7e:23:5a:2a:be:fc:
                    f3:21:e8:fe:8f:41:bb:f5:36:56:b3:6b:65:2d:70:
                    64:2d:a7:cc:9d:f9:dc:fa:fd:b1:6b:2c:95:7c:9f:
                    58:e9:3e:65:b7:c8:df:89:c3:64:05:6e:3a:69:13:
                    71:10:8d:24:8b:9c:2b:49:28:44:71:88:d0:99:2b:
                    26:6c:66:cf:f6:10:49:fa:c6:fd:69:49:8f:c3:9e:
                    2b:5e:5d:c5:77:c2:d4:47:2b:68:a5:ed:ab:d3:2d:
                    f4:a2:28:a8:ad:d5:51:75:aa:73:3f:ad:4b:00:03:
                    48:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:89:58:70:5F:DA:DB:95:CC:54:5E:E0:DF:BC:91:88:3E:68:AE:77
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37312e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:1e:81:d1:ec:6c:91:cf:a0:3a:fd:71:ac:40:39:6b:88:70:
         34:0b:63:b3:8f:bd:c6:22:80:6f:e8:1c:17:b4:33:fa:d7:3d:
         b2:71:32:49:c6:5b:de:4d:23:26:a5:ba:ce:9a:0d:7c:46:75:
         66:75:dc:54:19:ca:a3:e7:76:2d:1e:b6:47:7f:10:89:a5:23:
         19:f2:7c:ab:89:c0:78:fa:86:80:f2:e4:2c:48:04:28:04:a9:
         36:2c:7c:1b:e6:94:20:e9:ef:95:0c:81:24:5e:24:7d:fd:fa:
         70:00:77:de:ec:49:6d:82:ca:fa:d8:b0:8c:d6:3b:12:fa:b8:
         b5:37:07:79:e6:c1:e6:9a:5c:4a:99:fe:c2:19:1c:d5:05:c2:
         24:e8:61:54:14:17:30:6a:c3:fa:c0:53:43:ba:18:aa:be:44:
         df:d8:45:fd:d9:c7:b5:31:bf:54:ca:7f:2a:c6:71:58:2a:ed:
         0b:aa:03:2f:ac:fe:72:f2:07:02:97:1f:24:e7:48:24:57:1f:
         be:82:49:20:ff:23:8b:25:5c:3f:74:d4:36:be:45:c3:f1:59:
         bd:00:62:97:4b:bf:ad:c4:5d:84:46:23:29:8a:6a:72:c7:ef:
         e1:7a:55:fb:fe:cf:f3:64:cb:be:03:e3:27:6b:18:c1:ba:1e:
         71:73:3a:80
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUJ4wwx2I4rgUO4D7BC02bDxhy5EQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA4MjgwMzU3MTVaFw0yNTA4MjcwNDAyMTVaMDMxMTAvBgNV
BAMTKDFEODk1ODcwNUZEQURCOTVDQzU0NUVFMERGQkM5MTg4M0U2OEFFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uXjVcMBy4q1YTmBxqFyWWmZ7
hppuS1yrpKVe6I5+cAYNYU/QyGqFvV5T6oVXJOQebIA1DTiGeFNwWgMdltZrYSdl
Dp2Rjn0zxvkMuh02P1fXbdL9Ideuw7/GBS3P1hLE9ZIQovr7wNGqEJ0Ama4Qh66f
/Aure9ntttB8kOJuAVRHdzhVzbp6QkYXV/AL6n4jWiq+/PMh6P6PQbv1Nlaza2Ut
cGQtp8yd+dz6/bFrLJV8n1jpPmW3yN+Jw2QFbjppE3EQjSSLnCtJKERxiNCZKyZs
Zs/2EEn6xv1pSY/DniteXcV3wtRHK2il7avTLfSiKKit1VF1qnM/rUsAA0gXAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUHYlYcF/a25XMVF7g37yRiD5orncwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzNzMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtRzANBgkqhkiG
9w0BAQsFAAOCAQEAlB6B0exskc+gOv1xrEA5a4hwNAtjs4+9xiKAb+gcF7Qz+tc9
snEyScZb3k0jJqW6zpoNfEZ1ZnXcVBnKo+d2LR62R38QiaUjGfJ8q4nAePqGgPLk
LEgEKASpNix8G+aUIOnvlQyBJF4kff36cAB33uxJbYLK+tiwjNY7Evq4tTcHeebB
5ppcSpn+whkc1QXCJOhhVBQXMGrD+sBTQ7oYqr5E39hF/dnHtTG/VMp/KsZxWCrt
C6oDL6z+cvIHApcfJOdIJFcfvoJJIP8jiyVcP3TUNr5Fw/FZvQBil0u/rcRdhEYj
KYpqcsfv4XpV+/7P82TLvgPjJ2sYwboecXM6gA==
-----END CERTIFICATE-----
Generated at Tue Nov 12 21:03:09 2024 by rpki-client on console-ams.rpki-client.org