Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37392e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e37392e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          JlV82roW0wq9X2Q7J+tUUs8b8oUVk7NAH3mIbLD0we8=
Subject key identifier:   A3:EE:16:30:4C:A6:58:D6:EA:29:F2:05:80:F6:07:2A:36:8A:7C:55
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       01BCA0B9B1EBA3E00C6E8CBF8BBB500BCAB6B4E1
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37392e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 17 Sep 2024 16:00:02 +0000
ROA not before:           Tue 17 Sep 2024 15:55:02 +0000
ROA not after:            Tue 16 Sep 2025 16:00:02 +0000
asID:                     23695
IP address blocks:        202.173.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 15 Nov 2024 19:34:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:bc:a0:b9:b1:eb:a3:e0:0c:6e:8c:bf:8b:bb:50:0b:ca:b6:b4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 17 15:55:02 2024 GMT
            Not After : Sep 16 16:00:02 2025 GMT
        Subject: CN=A3EE16304CA658D6EA29F20580F6072A368A7C55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cf:dd:b9:6a:b0:89:87:35:35:1c:17:f5:fc:
                    8e:30:d9:f1:a4:55:2b:6b:a4:03:23:46:0c:99:14:
                    71:df:83:69:b8:30:2e:8e:0f:c0:e5:47:c9:9c:ac:
                    d6:3b:c2:04:b7:35:6e:1c:02:e2:b1:30:3a:6e:3a:
                    e5:df:1c:e6:ad:94:1f:e5:98:2d:45:a3:0b:04:ae:
                    cf:fb:14:63:49:90:6f:52:84:18:c7:3f:1e:36:b0:
                    e1:f9:84:1c:4c:a0:7b:6d:35:51:ad:70:9a:0f:36:
                    61:4b:14:82:e4:71:aa:74:0a:74:9f:f8:0d:b0:c6:
                    1d:c1:a5:3b:21:14:07:0a:61:ef:99:d1:98:be:ef:
                    cd:e8:60:f9:24:5e:19:4d:df:9d:a7:10:c9:a4:81:
                    54:d7:54:16:02:d5:9c:73:5a:87:05:88:e6:27:8a:
                    89:93:b4:c8:16:3c:a6:1f:df:db:17:c4:ad:ed:e0:
                    ba:13:0d:1e:1b:2d:9d:22:7a:c0:1a:b7:b5:81:43:
                    9f:9c:ee:43:cb:4b:76:5c:1d:b5:dc:d7:bb:c2:ff:
                    2a:c3:0d:d3:48:7d:8e:4b:17:ac:c9:16:29:ea:c7:
                    65:72:05:68:51:df:af:85:b9:8d:15:35:56:cc:40:
                    50:ea:92:0d:96:d5:7c:86:ff:dd:1c:89:3b:57:29:
                    17:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:EE:16:30:4C:A6:58:D6:EA:29:F2:05:80:F6:07:2A:36:8A:7C:55
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37392e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:fe:d3:2f:7f:bc:73:a7:9b:6c:77:59:05:01:ac:40:06:a6:
         da:ee:7c:f4:fa:3f:15:61:d1:65:69:c6:ee:3f:5d:22:15:6e:
         c3:f0:87:60:79:cf:ec:f7:b6:ed:ce:1c:6b:5b:32:a8:02:bf:
         8f:bf:07:5a:68:b0:d5:a5:63:6f:f6:48:48:e9:e6:97:36:db:
         ff:b8:d4:b1:6e:5d:3e:40:4b:9c:28:49:5a:3d:3d:d2:e6:07:
         7d:d7:42:4a:a4:9b:2f:9a:58:a8:05:de:b2:da:85:de:01:d3:
         18:a6:59:b4:a6:88:65:18:dd:0e:ca:9f:3e:d1:1a:57:91:51:
         10:7a:94:b5:87:c6:3a:a3:3f:40:e7:d7:4d:93:a1:bc:0b:f4:
         00:32:8c:16:e9:29:55:ef:ac:e2:7e:52:8f:ff:8e:04:2b:c2:
         a8:14:73:91:61:7c:d7:ec:5f:a8:b9:7f:2e:80:ad:7b:ee:94:
         73:99:cf:01:4d:1c:20:80:59:03:fa:da:47:7a:d6:37:7b:d1:
         86:4e:15:22:38:00:60:37:e2:fc:99:c2:15:73:55:8d:e2:7b:
         9d:e7:2e:46:94:ec:b3:93:5b:ae:06:31:8c:9e:e8:93:03:07:
         09:4f:85:41:a7:85:4f:dd:83:d2:44:4b:a1:64:d7:f5:41:b5:
         60:99:7d:e1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUAbygubHro+AMboy/i7tQC8q2tOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTcxNTU1MDJaFw0yNTA5MTYxNjAwMDJaMDMxMTAvBgNV
BAMTKEEzRUUxNjMwNENBNjU4RDZFQTI5RjIwNTgwRjYwNzJBMzY4QTdDNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsz925arCJhzU1HBf1/I4w2fGk
VStrpAMjRgyZFHHfg2m4MC6OD8DlR8mcrNY7wgS3NW4cAuKxMDpuOuXfHOatlB/l
mC1FowsErs/7FGNJkG9ShBjHPx42sOH5hBxMoHttNVGtcJoPNmFLFILkcap0CnSf
+A2wxh3BpTshFAcKYe+Z0Zi+783oYPkkXhlN352nEMmkgVTXVBYC1ZxzWocFiOYn
iomTtMgWPKYf39sXxK3t4LoTDR4bLZ0iesAat7WBQ5+c7kPLS3ZcHbXc17vC/yrD
DdNIfY5LF6zJFinqx2VyBWhR36+FuY0VNVbMQFDqkg2W1XyG/90ciTtXKRcZAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUo+4WMEymWNbqKfIFgPYHKjaKfFUwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzNzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtTzANBgkqhkiG
9w0BAQsFAAOCAQEAkP7TL3+8c6ebbHdZBQGsQAam2u589Po/FWHRZWnG7j9dIhVu
w/CHYHnP7Pe27c4ca1syqAK/j78HWmiw1aVjb/ZISOnmlzbb/7jUsW5dPkBLnChJ
Wj090uYHfddCSqSbL5pYqAXestqF3gHTGKZZtKaIZRjdDsqfPtEaV5FREHqUtYfG
OqM/QOfXTZOhvAv0ADKMFukpVe+s4n5Sj/+OBCvCqBRzkWF81+xfqLl/LoCte+6U
c5nPAU0cIIBZA/raR3rWN3vRhk4VIjgAYDfi/JnCFXNVjeJ7necuRpTss5NbrgYx
jJ7okwMHCU+FQaeFT92D0kRLoWTX9UG1YJl94Q==
-----END CERTIFICATE-----
Generated at Tue Nov 12 21:03:09 2024 by rpki-client on console-ams.rpki-client.org