Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38322e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e38322e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          8/H1q3EcizQtYAaVI5vaP4CIs/Srkv0IwoIGGhf07is=
Subject key identifier:   0D:59:7D:6F:FD:06:1E:E3:EE:1C:89:93:3E:2B:04:A7:C9:19:7C:85
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       0987008C89F62AE8D245F809329297A8CA48249E
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38322e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 17 Sep 2024 16:00:02 +0000
ROA not before:           Tue 17 Sep 2024 15:55:02 +0000
ROA not after:            Tue 16 Sep 2025 16:00:02 +0000
asID:                     23695
IP address blocks:        202.173.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:87:00:8c:89:f6:2a:e8:d2:45:f8:09:32:92:97:a8:ca:48:24:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 17 15:55:02 2024 GMT
            Not After : Sep 16 16:00:02 2025 GMT
        Subject: CN=0D597D6FFD061EE3EE1C89933E2B04A7C9197C85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:dd:e8:43:19:49:1f:f2:02:74:ca:6b:81:
                    c0:c6:d5:fe:e0:e0:72:fa:8d:84:70:c4:3a:ff:9e:
                    12:61:da:34:b1:e0:50:6d:bf:a3:ad:2c:e2:5b:0a:
                    60:26:6c:24:05:49:8e:1f:5f:b9:74:c7:9b:06:da:
                    11:2f:28:c4:ae:bd:2a:04:97:b6:43:b6:b4:f6:91:
                    14:64:eb:4a:fb:2a:70:a3:77:5d:f2:1a:e5:f3:81:
                    53:85:78:a7:e3:e1:26:7f:ac:c3:bd:1a:75:c3:42:
                    87:31:37:c1:37:40:99:93:ac:91:a0:16:27:ae:27:
                    09:05:73:83:76:ab:89:23:86:01:c7:ae:22:03:f8:
                    ce:ea:d3:b9:ba:24:f5:72:8f:49:8d:ad:4e:f3:16:
                    85:6c:df:0c:99:55:06:4f:e7:ce:02:46:a9:0a:39:
                    b0:92:7a:83:b7:b7:66:4f:9d:93:c6:0b:26:9b:75:
                    80:d2:05:96:ae:f3:f7:84:f1:89:1a:bf:43:c0:48:
                    4b:21:f7:09:6f:c6:3a:db:10:c7:0e:6b:21:c0:bd:
                    2f:94:d5:a0:7e:67:7c:68:a1:94:53:37:ef:72:93:
                    7e:9a:9f:b9:a0:6f:ad:68:1c:bc:80:b7:83:a2:dc:
                    44:4e:b7:64:89:f4:88:28:43:c3:14:bd:5b:94:b7:
                    49:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:59:7D:6F:FD:06:1E:E3:EE:1C:89:93:3E:2B:04:A7:C9:19:7C:85
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38322e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:62:8e:0f:00:69:e0:b7:f3:4a:fb:c9:3d:2e:0d:d6:d4:9b:
         39:83:97:94:1a:0f:27:78:84:83:d0:80:85:e5:b8:f9:24:3f:
         59:71:bc:bf:37:47:c2:fe:82:94:e6:07:07:ec:ef:ed:97:32:
         dd:d0:31:39:41:41:f1:74:83:c6:03:24:ca:67:0e:1f:f8:be:
         1f:6a:9d:b6:59:66:89:cf:7e:13:a9:8b:03:21:84:a0:b1:09:
         b7:e1:9e:93:c2:a0:f1:da:4a:cb:cf:78:0c:5b:93:54:ad:38:
         fb:b4:89:34:00:a0:d2:56:e0:dc:03:42:bd:73:da:1a:39:3e:
         02:37:c0:4f:85:26:d6:f2:df:ee:76:5a:6a:77:1f:6a:a6:f0:
         68:ec:f8:91:54:52:f2:6e:55:82:6d:85:05:d9:d9:9d:d8:7c:
         c3:d4:0e:f0:e4:d1:24:0c:b9:96:63:4e:b3:67:f2:9f:53:c7:
         96:24:91:ef:da:cd:eb:5a:e5:30:79:0d:8a:15:5a:bf:aa:01:
         80:78:55:cd:bb:b4:44:91:d7:b3:28:e6:fd:10:5d:38:0b:c0:
         3a:d6:d1:5d:72:61:8e:34:c2:b5:9b:4e:4c:3a:67:85:ce:be:
         c2:e3:42:aa:56:f5:bb:9d:2c:f4:ce:0f:7d:a3:7e:a5:b8:be:
         a1:16:b2:11
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUCYcAjIn2KujSRfgJMpKXqMpIJJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTcxNTU1MDJaFw0yNTA5MTYxNjAwMDJaMDMxMTAvBgNV
BAMTKDBENTk3RDZGRkQwNjFFRTNFRTFDODk5MzNFMkIwNEE3QzkxOTdDODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6N3oQxlJH/ICdMprgcDG1f7g
4HL6jYRwxDr/nhJh2jSx4FBtv6OtLOJbCmAmbCQFSY4fX7l0x5sG2hEvKMSuvSoE
l7ZDtrT2kRRk60r7KnCjd13yGuXzgVOFeKfj4SZ/rMO9GnXDQocxN8E3QJmTrJGg
FieuJwkFc4N2q4kjhgHHriID+M7q07m6JPVyj0mNrU7zFoVs3wyZVQZP584CRqkK
ObCSeoO3t2ZPnZPGCyabdYDSBZau8/eE8Ykav0PASEsh9wlvxjrbEMcOayHAvS+U
1aB+Z3xooZRTN+9yk36an7mgb61oHLyAt4Oi3EROt2SJ9IgoQ8MUvVuUt0nRAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUDVl9b/0GHuPuHImTPisEp8kZfIUwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzODMyMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtUjANBgkqhkiG
9w0BAQsFAAOCAQEAPGKODwBp4LfzSvvJPS4N1tSbOYOXlBoPJ3iEg9CAheW4+SQ/
WXG8vzdHwv6ClOYHB+zv7Zcy3dAxOUFB8XSDxgMkymcOH/i+H2qdtllmic9+E6mL
AyGEoLEJt+Gek8Kg8dpKy894DFuTVK04+7SJNACg0lbg3ANCvXPaGjk+AjfAT4Um
1vLf7nZaancfaqbwaOz4kVRS8m5Vgm2FBdnZndh8w9QO8OTRJAy5lmNOs2fyn1PH
liSR79rN61rlMHkNihVav6oBgHhVzbu0RJHXsyjm/RBdOAvAOtbRXXJhjjTCtZtO
TDpnhc6+wuNCqlb1u50s9M4PfaN+pbi+oRayEQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:02:30 2024 by rpki-client on console-fra.rpki-client.org