Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38352e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e38352e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          UlX0UeHxNwDo/jIJmlDlRnsp3ZbSu9xVDF7FdNoezxw=
Subject key identifier:   68:B4:22:B2:F2:1C:37:A9:E2:7E:A4:D1:24:80:ED:8C:9F:7F:07:EA
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       59452DF2C57BBE813DB3FA9974D5E9A2C5FA7E61
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38352e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 17 Sep 2024 17:00:01 +0000
ROA not before:           Tue 17 Sep 2024 16:55:01 +0000
ROA not after:            Tue 16 Sep 2025 17:00:01 +0000
asID:                     23695
IP address blocks:        202.173.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 15 Nov 2024 19:34:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:45:2d:f2:c5:7b:be:81:3d:b3:fa:99:74:d5:e9:a2:c5:fa:7e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 17 16:55:01 2024 GMT
            Not After : Sep 16 17:00:01 2025 GMT
        Subject: CN=68B422B2F21C37A9E27EA4D12480ED8C9F7F07EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2d:6b:54:e1:0f:97:c8:3f:58:2c:92:88:e7:
                    ad:d8:d0:60:b3:5b:27:07:1f:d9:64:98:f7:93:96:
                    b3:c5:68:d3:52:fb:68:90:f0:11:8c:03:55:bc:11:
                    49:2a:4f:06:b6:c5:75:e4:ed:ec:ba:a3:e8:75:74:
                    b3:37:d4:90:08:d1:2b:f9:23:4e:79:1f:05:19:ce:
                    d1:e0:5a:a8:83:a7:b2:3e:5e:68:f9:e1:22:70:90:
                    e2:f5:24:b8:d0:ca:77:ee:c6:54:04:aa:a9:d6:58:
                    ef:90:6e:09:05:fa:0f:d3:ed:4f:04:37:ea:5e:56:
                    d1:39:58:ad:5d:43:d3:88:9c:f7:a4:47:fd:45:76:
                    1e:26:ba:c3:f8:27:df:57:5d:a7:7e:12:ea:99:8e:
                    27:c2:ea:86:3d:35:65:3b:fd:5d:41:62:1e:87:f6:
                    35:15:25:18:fc:04:d6:30:fd:74:4a:9b:28:3a:17:
                    42:79:b9:01:f9:c5:82:4f:ce:12:60:bf:47:2f:2e:
                    ce:0d:79:60:9f:7f:6b:0c:5e:87:58:e0:f8:e8:86:
                    2a:91:e7:2d:31:f1:61:a4:bb:ff:69:83:a8:4f:f7:
                    f1:98:9c:41:1a:55:dc:02:d6:c6:92:0e:91:48:26:
                    51:ac:2f:05:7b:ea:b4:cc:a4:1a:52:47:3c:bb:b7:
                    f2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B4:22:B2:F2:1C:37:A9:E2:7E:A4:D1:24:80:ED:8C:9F:7F:07:EA
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38352e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:07:45:5b:fc:7c:45:1b:d9:e8:1e:f5:c5:c0:0e:ad:e0:98:
         50:48:84:71:e1:d0:53:c5:a1:6b:51:08:4f:b7:4a:92:58:27:
         9a:9f:ce:d2:b6:68:14:36:1f:65:75:63:94:51:da:d0:ae:f3:
         d8:c0:8d:34:3d:17:0e:ec:62:d0:b3:c8:53:44:a8:a9:a7:b8:
         07:43:52:a7:84:59:ad:da:67:5a:c0:6a:73:0f:2b:26:33:02:
         6a:0a:21:f0:b6:a6:c7:84:b2:c1:39:71:e4:29:d7:50:41:ad:
         02:20:c9:d5:43:2d:b2:fc:c5:a7:9b:48:16:e5:bd:56:18:85:
         fd:9d:c3:9d:d4:44:d9:74:43:c1:a1:82:8b:03:a1:4b:4b:97:
         2f:f1:99:87:71:d5:96:09:a9:14:2c:6c:24:2e:44:96:be:8e:
         a3:cb:c4:87:66:d2:a2:fe:56:53:1e:60:eb:df:4b:9f:c8:a0:
         ac:a2:55:fd:cf:d0:e9:90:06:58:d4:b9:3e:0e:27:7f:6b:ae:
         2f:16:f8:fa:94:20:be:3a:d1:3d:5a:a6:b4:55:1e:73:69:35:
         f7:b4:11:fe:d5:4c:c8:8f:0b:84:8d:6d:0b:dc:20:ae:77:4d:
         14:05:88:57:fc:fc:da:5d:25:a4:1a:04:d1:91:7e:cc:85:5f:
         05:fc:d8:d2
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUWUUt8sV7voE9s/qZdNXposX6fmEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTcxNjU1MDFaFw0yNTA5MTYxNzAwMDFaMDMxMTAvBgNV
BAMTKDY4QjQyMkIyRjIxQzM3QTlFMjdFQTREMTI0ODBFRDhDOUY3RjA3RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLWtU4Q+XyD9YLJKI563Y0GCz
WycHH9lkmPeTlrPFaNNS+2iQ8BGMA1W8EUkqTwa2xXXk7ey6o+h1dLM31JAI0Sv5
I055HwUZztHgWqiDp7I+Xmj54SJwkOL1JLjQynfuxlQEqqnWWO+QbgkF+g/T7U8E
N+peVtE5WK1dQ9OInPekR/1Fdh4musP4J99XXad+EuqZjifC6oY9NWU7/V1BYh6H
9jUVJRj8BNYw/XRKmyg6F0J5uQH5xYJPzhJgv0cvLs4NeWCff2sMXodY4PjohiqR
5y0x8WGku/9pg6hP9/GYnEEaVdwC1saSDpFIJlGsLwV76rTMpBpSRzy7t/IHAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUaLQisvIcN6nifqTRJIDtjJ9/B+owHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzODM1MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtVTANBgkqhkiG
9w0BAQsFAAOCAQEASAdFW/x8RRvZ6B71xcAOreCYUEiEceHQU8Wha1EIT7dKklgn
mp/O0rZoFDYfZXVjlFHa0K7z2MCNND0XDuxi0LPIU0Soqae4B0NSp4RZrdpnWsBq
cw8rJjMCagoh8Lamx4SywTlx5CnXUEGtAiDJ1UMtsvzFp5tIFuW9VhiF/Z3DndRE
2XRDwaGCiwOhS0uXL/GZh3HVlgmpFCxsJC5Elr6Oo8vEh2bSov5WUx5g699Ln8ig
rKJV/c/Q6ZAGWNS5Pg4nf2uuLxb4+pQgvjrRPVqmtFUec2k197QR/tVMyI8LhI1t
C9wgrndNFAWIV/z82l0lpBoE0ZF+zIVfBfzY0g==
-----END CERTIFICATE-----
Generated at Tue Nov 12 21:03:09 2024 by rpki-client on console-ams.rpki-client.org