Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e39342e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e39342e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          kYREuhiT4n/pjRYISa3PHavGRxERDOS8izljvugeJrk=
Subject key identifier:   2F:D3:BB:8C:ED:AE:66:FA:57:6F:02:88:66:90:E5:69:AB:A0:1B:77
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       5EA9AA22108303BD376CB3B999E3AD39A7449A10
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e39342e302f32342d3234203d3e203233363935.roa
Signing time:             Tue 10 Sep 2024 04:00:02 +0000
ROA not before:           Tue 10 Sep 2024 03:55:02 +0000
ROA not after:            Tue 09 Sep 2025 04:00:02 +0000
asID:                     23695
IP address blocks:        202.173.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:a9:aa:22:10:83:03:bd:37:6c:b3:b9:99:e3:ad:39:a7:44:9a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Sep 10 03:55:02 2024 GMT
            Not After : Sep  9 04:00:02 2025 GMT
        Subject: CN=2FD3BB8CEDAE66FA576F02886690E569ABA01B77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:92:ac:83:4b:4f:4b:c3:db:9d:2a:9e:1e:bd:
                    f3:98:6b:9f:87:2f:fb:31:8d:52:a0:12:6a:06:90:
                    cc:7c:ba:75:19:e1:ca:05:92:9e:0a:4b:b2:10:4b:
                    cf:43:41:1c:0f:17:7e:3b:12:12:b3:66:f9:2c:7c:
                    74:6b:87:9c:6b:2b:6f:9b:19:6e:04:8e:69:0f:28:
                    cc:01:86:96:f1:c5:48:08:a8:86:dd:6a:d5:0a:8c:
                    c7:5b:b9:ce:e7:5f:e0:19:9f:68:e8:37:f2:74:18:
                    f8:8b:6e:2b:4a:a4:9b:86:05:15:e5:56:4d:00:0d:
                    22:19:bd:cd:02:13:21:07:0d:76:4b:1c:fd:9f:c2:
                    ef:d0:b9:eb:a1:54:f9:53:09:70:b0:31:8e:00:3f:
                    41:63:68:5c:12:b2:8f:ca:a2:d3:45:f5:3b:2b:e8:
                    bb:9a:cc:d0:d1:07:93:72:09:61:54:a5:7d:b5:be:
                    0e:2a:84:9e:78:15:87:ed:7d:48:d3:cd:eb:42:39:
                    ef:1e:fc:b6:35:88:0c:25:23:99:c9:79:99:c7:b4:
                    54:be:ae:75:e8:c9:54:53:2f:91:52:3e:e6:3a:28:
                    28:66:4b:28:6c:f2:7e:94:95:47:0b:df:94:fc:c4:
                    4d:7a:8a:79:5e:cd:4b:ba:bc:77:38:c6:61:d6:c5:
                    7e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:D3:BB:8C:ED:AE:66:FA:57:6F:02:88:66:90:E5:69:AB:A0:1B:77
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e39342e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:c0:e5:35:44:3f:bf:06:b7:f5:7d:ed:9c:81:f9:c0:64:95:
         05:d2:0e:17:54:2b:79:7a:9b:cb:5e:10:b5:7c:88:9d:1d:c7:
         4f:89:0e:b2:29:1e:e5:be:0c:2b:0a:ac:07:50:59:55:33:e2:
         72:1f:03:87:82:3e:4d:ae:13:3c:f2:1a:75:60:97:74:8f:06:
         00:a2:bf:65:e4:02:9b:03:dc:f1:59:12:89:2c:54:23:5f:e5:
         8c:cf:2e:3f:58:21:c9:a9:ea:f0:5c:16:94:d6:70:b3:dd:ba:
         34:d5:0c:97:7a:b8:64:da:8a:d1:37:61:c3:67:05:22:a9:df:
         8c:c4:e5:e2:14:66:e2:45:e2:e3:fe:05:e3:7f:12:fd:73:ff:
         08:ec:8f:37:fc:b1:be:63:6e:fd:06:61:dc:ab:38:bd:00:e7:
         74:66:81:32:55:95:e8:a9:0b:17:74:cd:03:02:a5:c8:cb:53:
         72:18:2c:86:70:c3:0a:9c:ba:d7:94:51:8b:2d:16:f4:de:ff:
         27:71:b2:95:66:63:25:38:9a:07:a2:d9:c2:ec:fc:0b:79:ca:
         fd:e0:2e:d5:42:11:ed:ab:6e:c7:6c:b3:4a:c6:bd:f1:29:c1:
         50:2f:65:6b:d7:ff:d7:05:58:c4:7e:b1:6a:70:fc:6b:24:d9:
         ef:92:62:61
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUXqmqIhCDA703bLO5meOtOadEmhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNDA5MTAwMzU1MDJaFw0yNTA5MDkwNDAwMDJaMDMxMTAvBgNV
BAMTKDJGRDNCQjhDRURBRTY2RkE1NzZGMDI4ODY2OTBFNTY5QUJBMDFCNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFkqyDS09Lw9udKp4evfOYa5+H
L/sxjVKgEmoGkMx8unUZ4coFkp4KS7IQS89DQRwPF347EhKzZvksfHRrh5xrK2+b
GW4EjmkPKMwBhpbxxUgIqIbdatUKjMdbuc7nX+AZn2joN/J0GPiLbitKpJuGBRXl
Vk0ADSIZvc0CEyEHDXZLHP2fwu/QueuhVPlTCXCwMY4AP0FjaFwSso/KotNF9Tsr
6LuazNDRB5NyCWFUpX21vg4qhJ54FYftfUjTzetCOe8e/LY1iAwlI5nJeZnHtFS+
rnXoyVRTL5FSPuY6KChmSyhs8n6UlUcL35T8xE16inlezUu6vHc4xmHWxX71AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUL9O7jO2uZvpXbwKIZpDlaaugG3cwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzOTM0MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtXjANBgkqhkiG
9w0BAQsFAAOCAQEAc8DlNUQ/vwa39X3tnIH5wGSVBdIOF1QreXqby14QtXyInR3H
T4kOsike5b4MKwqsB1BZVTPich8Dh4I+Ta4TPPIadWCXdI8GAKK/ZeQCmwPc8VkS
iSxUI1/ljM8uP1ghyanq8FwWlNZws926NNUMl3q4ZNqK0Tdhw2cFIqnfjMTl4hRm
4kXi4/4F438S/XP/COyPN/yxvmNu/QZh3Ks4vQDndGaBMlWV6KkLF3TNAwKlyMtT
chgshnDDCpy615RRiy0W9N7/J3GylWZjJTiaB6LZwuz8C3nK/eAu1UIR7atux2yz
Ssa98SnBUC9la9f/1wVYxH6xanD8ayTZ75JiYQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:31:14 2024 by rpki-client on console-ams.rpki-client.org