Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38332e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e38332e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          oDlDI6fU21fZbXJ7xjJnRhwvlH5l3glqD9qF8ZX5Ecs=
Subject key identifier:   F5:CB:82:AF:5E:6D:FC:C1:F4:76:6B:43:29:AB:F5:1D:46:B1:53:75
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       3CE31E68C216EB1E2C916C7A503D5A3B3E3AFF12
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38332e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 17 Sep 2024 16:00:02 +0000
ROA not before:           Tue 17 Sep 2024 15:55:02 +0000
ROA not after:            Tue 16 Sep 2025 16:00:02 +0000
asID:                     23695
IP address blocks:        202.173.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 15 Nov 2024 19:34:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:e3:1e:68:c2:16:eb:1e:2c:91:6c:7a:50:3d:5a:3b:3e:3a:ff:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 17 15:55:02 2024 GMT
            Not After : Sep 16 16:00:02 2025 GMT
        Subject: CN=F5CB82AF5E6DFCC1F4766B4329ABF51D46B15375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:18:49:8a:25:9d:86:f2:44:41:54:ab:72:21:
                    9b:76:c1:fb:7a:23:4b:b8:98:99:6d:bd:0d:a4:f9:
                    67:86:42:87:f6:3a:0b:c9:28:39:14:0d:1d:ba:4f:
                    21:2b:bf:5b:fc:46:5c:93:32:f6:33:35:ca:e4:1a:
                    94:65:68:3b:6e:e6:ba:26:d6:b1:aa:6c:3d:6d:0d:
                    e7:16:2e:e3:26:72:04:ee:0e:f3:00:2d:40:91:91:
                    8b:0c:75:87:39:7a:8b:84:ac:4a:f4:9b:45:07:64:
                    de:d0:ef:bb:fc:64:15:71:12:5d:d8:ba:28:5d:18:
                    7f:9f:71:3c:ed:9c:c0:ec:d3:87:f6:eb:0b:1a:bc:
                    4b:71:fc:4b:58:b7:d8:cd:e6:92:be:75:34:cf:c9:
                    98:48:65:4f:2a:19:05:83:a6:55:9d:61:63:69:7c:
                    b0:d3:fd:8f:f3:39:95:88:13:96:bf:39:52:ad:0a:
                    d8:4c:4b:b7:55:81:b0:0d:99:63:fe:ee:3a:ab:a4:
                    d4:fa:06:e7:7e:89:1a:73:0c:12:b4:14:68:08:9c:
                    ba:92:72:99:ab:1e:19:af:45:24:3d:79:c8:81:34:
                    3a:49:3c:78:33:55:4c:29:b3:80:49:86:ea:24:7d:
                    52:49:09:5b:02:7b:d7:da:75:3d:c3:31:b5:5d:49:
                    77:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CB:82:AF:5E:6D:FC:C1:F4:76:6B:43:29:AB:F5:1D:46:B1:53:75
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38332e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:97:b8:05:60:13:92:00:dc:8d:30:e3:40:d0:cd:61:e0:b8:
         46:ac:4c:b9:ab:38:93:f6:94:5d:a5:c6:88:a8:0a:6b:f6:1e:
         d7:52:76:8a:95:6e:df:dd:47:60:f4:b3:b5:04:e9:eb:34:b9:
         2d:78:0e:6d:b1:92:e3:76:15:03:27:bf:34:d9:32:b7:de:9c:
         b3:56:a7:1b:64:07:31:1d:04:1a:5b:02:dd:9d:09:16:dd:b8:
         a6:88:e2:70:fb:75:3a:40:f7:57:f3:c3:86:62:1d:fc:7f:05:
         d2:05:e2:a0:a5:f8:e1:82:4d:ad:b9:98:3b:7c:8a:fd:e6:09:
         f9:d0:93:2f:e8:d7:d1:b3:c5:89:a6:a9:05:e8:85:4f:fc:5f:
         b6:34:cf:93:6c:76:de:2a:c9:a8:3d:64:53:85:a8:7b:29:6c:
         23:75:ef:3f:12:40:e9:9a:e3:66:5d:ed:72:17:b6:06:e4:97:
         cb:5f:2e:3a:a8:cb:a5:83:53:62:0f:13:68:1f:3d:67:0c:f0:
         f2:be:99:bc:a1:d4:59:4a:a6:ae:79:05:2b:3d:47:15:17:9f:
         fb:c4:a4:84:da:1f:d3:36:d4:1b:df:c8:85:cd:91:c7:15:be:
         8b:3f:90:f2:1e:2d:7d:41:d9:4c:0f:0a:44:45:e3:c9:a9:d1:
         08:c3:e3:cb
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUPOMeaMIW6x4skWx6UD1aOz46/xIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTcxNTU1MDJaFw0yNTA5MTYxNjAwMDJaMDMxMTAvBgNV
BAMTKEY1Q0I4MkFGNUU2REZDQzFGNDc2NkI0MzI5QUJGNTFENDZCMTUzNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmGEmKJZ2G8kRBVKtyIZt2wft6
I0u4mJltvQ2k+WeGQof2OgvJKDkUDR26TyErv1v8RlyTMvYzNcrkGpRlaDtu5rom
1rGqbD1tDecWLuMmcgTuDvMALUCRkYsMdYc5eouErEr0m0UHZN7Q77v8ZBVxEl3Y
uihdGH+fcTztnMDs04f26wsavEtx/EtYt9jN5pK+dTTPyZhIZU8qGQWDplWdYWNp
fLDT/Y/zOZWIE5a/OVKtCthMS7dVgbANmWP+7jqrpNT6Bud+iRpzDBK0FGgInLqS
cpmrHhmvRSQ9eciBNDpJPHgzVUwps4BJhuokfVJJCVsCe9fadT3DMbVdSXcXAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU9cuCr15t/MH0dmtDKav1HUaxU3UwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzODMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtUzANBgkqhkiG
9w0BAQsFAAOCAQEAsJe4BWATkgDcjTDjQNDNYeC4RqxMuas4k/aUXaXGiKgKa/Ye
11J2ipVu391HYPSztQTp6zS5LXgObbGS43YVAye/NNkyt96cs1anG2QHMR0EGlsC
3Z0JFt24pojicPt1OkD3V/PDhmId/H8F0gXioKX44YJNrbmYO3yK/eYJ+dCTL+jX
0bPFiaapBeiFT/xftjTPk2x23irJqD1kU4WoeylsI3XvPxJA6ZrjZl3tche2BuSX
y18uOqjLpYNTYg8TaB89Zwzw8r6ZvKHUWUqmrnkFKz1HFRef+8SkhNof0zbUG9/I
hc2RxxW+iz+Q8h4tfUHZTA8KREXjyanRCMPjyw==
-----END CERTIFICATE-----
Generated at Tue Nov 12 21:03:09 2024 by rpki-client on console-ams.rpki-client.org