Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38382e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e38382e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          kWaiaFCi5F4TW6LYG0q3VELQGQNXbZe+dclFyLeSNAY=
Subject key identifier:   F2:C1:F5:2F:23:29:C6:67:00:85:E4:A3:4D:07:64:06:A1:8B:A7:C1
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       759D80D69083B41C459A8FD58F460A5F01243416
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38382e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 10 Sep 2024 04:00:02 +0000
ROA not before:           Tue 10 Sep 2024 03:55:02 +0000
ROA not after:            Tue 09 Sep 2025 04:00:02 +0000
asID:                     23695
IP address blocks:        202.173.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 06:07:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:9d:80:d6:90:83:b4:1c:45:9a:8f:d5:8f:46:0a:5f:01:24:34:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 10 03:55:02 2024 GMT
            Not After : Sep  9 04:00:02 2025 GMT
        Subject: CN=F2C1F52F2329C6670085E4A34D076406A18BA7C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:7d:fc:d9:19:52:41:6c:98:61:20:3b:48:0f:
                    15:27:b5:80:5d:f1:56:a2:04:18:8b:7f:1c:03:71:
                    3d:ce:f7:b3:ab:54:da:c9:ab:c5:d7:83:3e:7f:02:
                    91:6d:6d:76:6a:80:bc:3b:67:03:60:53:f9:dd:32:
                    5c:22:d2:c0:9a:f0:b9:af:60:17:f1:36:d7:6d:12:
                    a1:94:54:52:df:4f:39:ea:e4:5c:47:7b:dc:90:b0:
                    54:28:40:26:26:8d:19:a1:55:52:0d:bb:00:aa:67:
                    b9:0c:45:7b:9c:ff:41:f4:62:6e:70:ab:10:62:db:
                    7a:44:55:b1:60:2d:67:44:0d:f6:fe:99:0f:53:02:
                    0d:5e:ea:63:3a:07:6e:e5:6c:58:e6:bc:27:1d:91:
                    bd:ff:e7:30:03:8e:2e:07:16:fb:e0:a3:d7:b2:6d:
                    44:e4:d1:d7:b6:f9:3d:c1:c2:8f:f7:ac:66:d5:36:
                    49:9c:28:36:53:3e:7a:1f:89:43:2a:85:95:d7:5b:
                    0e:f7:09:6f:2e:0e:6f:86:1b:27:c2:23:16:84:70:
                    ad:ba:a9:31:c0:b9:cc:dd:5d:fc:cf:4f:20:56:59:
                    af:3b:0f:e9:c6:d2:a9:c8:23:da:0a:b4:f2:47:b9:
                    f4:1c:3d:49:9b:ce:7e:e3:0a:ba:ab:a8:51:bc:ba:
                    f8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C1:F5:2F:23:29:C6:67:00:85:E4:A3:4D:07:64:06:A1:8B:A7:C1
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38382e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:1e:02:f3:08:1e:aa:07:7b:aa:36:66:11:2d:7d:47:fe:c6:
         fe:b8:40:af:f2:fc:f4:5e:d4:69:80:15:fb:f3:78:5b:12:f8:
         38:5a:08:db:d5:79:f3:cb:40:94:31:18:89:5f:63:1f:b8:c2:
         40:c6:a8:90:48:03:7a:4c:87:81:9d:db:4e:4d:69:22:b1:73:
         3d:ae:87:2d:9c:20:84:ac:51:c4:ee:8a:d2:33:53:1e:55:00:
         42:8d:4e:0a:6a:a1:f3:b2:5b:9b:ca:e1:f6:15:a7:b5:14:12:
         b9:06:77:e0:01:a7:86:e4:d9:16:d0:65:4a:36:71:e4:90:6c:
         2c:22:7c:cc:de:34:8a:ad:4d:6d:1f:e3:a4:dd:6b:f2:d6:74:
         8c:5e:fc:1e:59:47:3c:51:49:32:cf:93:ec:4f:a1:91:0f:00:
         1d:76:89:04:d9:a4:04:1a:0c:ad:b2:f2:0b:86:ed:22:c3:43:
         84:7b:c0:fd:39:1f:d1:d2:33:c5:bf:45:cb:1a:5e:92:cc:23:
         d8:44:a0:89:c7:3c:db:d4:9b:2b:9b:68:ad:89:23:58:15:4e:
         c7:62:9b:6c:3b:15:53:60:61:9c:43:05:46:73:ae:61:e2:cd:
         a3:ab:bf:8c:cd:56:5f:b8:09:de:9f:ec:52:b5:a6:1e:f4:8c:
         1f:bc:29:c2
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUdZ2A1pCDtBxFmo/Vj0YKXwEkNBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTAwMzU1MDJaFw0yNTA5MDkwNDAwMDJaMDMxMTAvBgNV
BAMTKEYyQzFGNTJGMjMyOUM2NjcwMDg1RTRBMzREMDc2NDA2QTE4QkE3QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3ffzZGVJBbJhhIDtIDxUntYBd
8VaiBBiLfxwDcT3O97OrVNrJq8XXgz5/ApFtbXZqgLw7ZwNgU/ndMlwi0sCa8Lmv
YBfxNtdtEqGUVFLfTznq5FxHe9yQsFQoQCYmjRmhVVINuwCqZ7kMRXuc/0H0Ym5w
qxBi23pEVbFgLWdEDfb+mQ9TAg1e6mM6B27lbFjmvCcdkb3/5zADji4HFvvgo9ey
bUTk0de2+T3Bwo/3rGbVNkmcKDZTPnofiUMqhZXXWw73CW8uDm+GGyfCIxaEcK26
qTHAuczdXfzPTyBWWa87D+nG0qnII9oKtPJHufQcPUmbzn7jCrqrqFG8uvjzAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU8sH1LyMpxmcAheSjTQdkBqGLp8EwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzODM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtWDANBgkqhkiG
9w0BAQsFAAOCAQEAHx4C8wgeqgd7qjZmES19R/7G/rhAr/L89F7UaYAV+/N4WxL4
OFoI29V588tAlDEYiV9jH7jCQMaokEgDekyHgZ3bTk1pIrFzPa6HLZwghKxRxO6K
0jNTHlUAQo1OCmqh87Jbm8rh9hWntRQSuQZ34AGnhuTZFtBlSjZx5JBsLCJ8zN40
iq1NbR/jpN1r8tZ0jF78HllHPFFJMs+T7E+hkQ8AHXaJBNmkBBoMrbLyC4btIsND
hHvA/Tkf0dIzxb9Fyxpekswj2ESgicc829SbK5torYkjWBVOx2KbbDsVU2BhnEMF
RnOuYeLNo6u/jM1WX7gJ3p/sUrWmHvSMH7wpwg==
-----END CERTIFICATE-----
Generated at Thu Nov 28 03:43:12 2024 by rpki-client on console-fra.rpki-client.org