Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/3230322e35372e31372e302f32342d3234203d3e2039333431.roa
File:                     3230322e35372e31372e302f32342d3234203d3e2039333431.roa (raw, json)
Hash identifier:          Da5/UAQv+q+GsPcwtAEdhhW3WzS7dmUp6WDRMEDaLsc=
Subject key identifier:   65:32:02:5E:35:BF:30:BC:CA:4A:30:0D:91:6D:FC:E4:DE:1A:20:3D
Certificate issuer:       /CN=61566F205F7037962069571320603B274357CC6D
Certificate serial:       18CB6D31624C53868D7F185438252131E8EA7B39
Authority key identifier: 61:56:6F:20:5F:70:37:96:20:69:57:13:20:60:3B:27:43:57:CC:6D
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/61566F205F7037962069571320603B274357CC6D.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/3230322e35372e31372e302f32342d3234203d3e2039333431.roa
Signing time:             Mon 16 Sep 2024 05:00:01 +0000
ROA not before:           Mon 16 Sep 2024 04:55:01 +0000
ROA not after:            Mon 15 Sep 2025 05:00:01 +0000
asID:                     9341
IP address blocks:        202.57.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/61566F205F7037962069571320603B274357CC6D.crl
                          rsync://repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/61566F205F7037962069571320603B274357CC6D.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/61566F205F7037962069571320603B274357CC6D.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 03:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:cb:6d:31:62:4c:53:86:8d:7f:18:54:38:25:21:31:e8:ea:7b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61566F205F7037962069571320603B274357CC6D
        Validity
            Not Before: Sep 16 04:55:01 2024 GMT
            Not After : Sep 15 05:00:01 2025 GMT
        Subject: CN=6532025E35BF30BCCA4A300D916DFCE4DE1A203D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2c:d3:b2:94:ea:06:ee:22:29:ad:3a:1d:a5:
                    bb:f6:a5:53:be:dd:08:7b:3c:25:9e:f8:21:de:c4:
                    cb:1f:7e:52:81:e7:00:8d:0b:de:63:5d:5c:b0:60:
                    7e:2e:a8:e9:03:19:37:95:68:37:59:95:0f:25:0b:
                    87:fb:a6:15:bd:3d:87:94:91:58:96:54:c1:ef:04:
                    f0:4c:66:1a:35:a1:25:f5:2e:99:f2:b7:9f:1f:03:
                    ee:2e:16:c5:f1:cc:7c:e3:8c:6a:89:e6:f5:9a:60:
                    2b:8a:1d:e1:ff:09:3f:3a:63:c0:c0:ca:2f:87:ec:
                    fa:18:43:17:65:db:bd:93:80:0d:f0:c1:ce:c4:4b:
                    da:a1:36:ec:3a:ef:fd:54:6b:16:c6:67:86:29:4d:
                    e5:b4:11:7d:a9:9c:d2:a3:2f:2f:3b:63:cf:d9:f5:
                    4f:f8:ab:20:c8:ed:a0:55:0f:b1:96:85:b7:60:2e:
                    b3:67:f2:a1:61:dd:7a:5d:24:55:de:e5:76:5e:99:
                    16:2b:95:a4:1f:cd:25:7d:cc:67:87:b4:11:5d:92:
                    a8:b4:67:4f:51:d3:3e:38:18:31:c2:4e:00:2e:bb:
                    0d:0d:f7:5e:74:54:57:5b:2a:03:6e:98:92:42:05:
                    74:09:52:74:92:73:a0:41:32:80:a5:e9:49:30:62:
                    33:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:32:02:5E:35:BF:30:BC:CA:4A:30:0D:91:6D:FC:E4:DE:1A:20:3D
            X509v3 Authority Key Identifier:
                keyid:61:56:6F:20:5F:70:37:96:20:69:57:13:20:60:3B:27:43:57:CC:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/61566F205F7037962069571320603B274357CC6D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/61566F205F7037962069571320603B274357CC6D.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/73bdcbae-2e9d-4f3f-8ab9-3424e448484e/0/3230322e35372e31372e302f32342d3234203d3e2039333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.57.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:dc:7a:8b:43:ad:77:a0:18:c0:a3:15:29:95:e0:8f:cd:b6:
         78:97:41:8a:56:dd:27:a8:aa:09:a1:91:75:39:4e:d0:73:36:
         6d:bc:bd:a4:b9:c8:97:14:53:fa:2e:5a:41:2e:ed:01:53:b7:
         e6:15:50:25:f2:69:d2:48:a5:86:d0:72:06:f6:55:02:f2:6e:
         c4:3f:bb:04:6a:8c:00:b3:0c:b9:f8:2e:63:38:87:e1:94:3d:
         49:90:25:da:30:14:29:48:58:a8:1d:b5:58:b8:7a:a6:dc:07:
         e1:d8:38:aa:95:3c:96:5a:73:e4:71:72:cc:bd:8c:90:7f:63:
         91:e4:89:2f:bb:f1:6c:2a:81:59:f7:73:39:ab:04:93:f2:a6:
         e9:1d:55:dd:2e:eb:19:8e:49:cb:d0:24:32:31:d7:83:27:86:
         7f:62:f6:94:1f:0a:f1:ed:c9:ca:e5:64:7f:3b:29:eb:5d:64:
         ba:3e:c6:53:39:f4:ff:45:69:65:2f:d8:d2:54:81:71:fc:d8:
         a1:a0:51:90:35:40:ab:5c:60:58:d5:fb:28:1b:20:30:c5:28:
         c5:4d:f0:f9:b4:57:24:5c:f3:1e:6a:9e:d7:41:5d:16:f4:9e:
         f9:bd:25:0a:85:b6:25:a6:69:15:24:f2:31:75:e8:83:1f:3d:
         a7:fd:3e:84
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUGMttMWJMU4aNfxhUOCUhMejqezkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjE1NjZGMjA1RjcwMzc5NjIwNjk1NzEzMjA2MDNCMjc0
MzU3Q0M2RDAeFw0yNDA5MTYwNDU1MDFaFw0yNTA5MTUwNTAwMDFaMDMxMTAvBgNV
BAMTKDY1MzIwMjVFMzVCRjMwQkNDQTRBMzAwRDkxNkRGQ0U0REUxQTIwM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/LNOylOoG7iIprTodpbv2pVO+
3Qh7PCWe+CHexMsfflKB5wCNC95jXVywYH4uqOkDGTeVaDdZlQ8lC4f7phW9PYeU
kViWVMHvBPBMZho1oSX1Lpnyt58fA+4uFsXxzHzjjGqJ5vWaYCuKHeH/CT86Y8DA
yi+H7PoYQxdl272TgA3wwc7ES9qhNuw67/1UaxbGZ4YpTeW0EX2pnNKjLy87Y8/Z
9U/4qyDI7aBVD7GWhbdgLrNn8qFh3XpdJFXe5XZemRYrlaQfzSV9zGeHtBFdkqi0
Z09R0z44GDHCTgAuuw0N9150VFdbKgNumJJCBXQJUnSSc6BBMoCl6UkwYjMTAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUZTICXjW/MLzKSjANkW385N4aID0wHwYDVR0j
BBgwFoAUYVZvIF9wN5YgaVcTIGA7J0NXzG0wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
M2JkY2JhZS0yZTlkLTRmM2YtOGFiOS0zNDI0ZTQ0ODQ4NGUvMC82MTU2NkYyMDVG
NzAzNzk2MjA2OTU3MTMyMDYwM0IyNzQzNTdDQzZELmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjE1NjZGMjA1RjcwMzc5NjIwNjk1NzEzMjA2MDNCMjc0MzU3
Q0M2RC5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vNzNiZGNiYWUtMmU5ZC00ZjNmLThh
YjktMzQyNGU0NDg0ODRlLzAvMzIzMDMyMmUzNTM3MmUzMTM3MmUzMDJmMzIzNDJk
MzIzNDIwM2QzZTIwMzkzMzM0MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKOREwDQYJKoZIhvcNAQEL
BQADggEBAH7ceotDrXegGMCjFSmV4I/NtniXQYpW3SeoqgmhkXU5TtBzNm28vaS5
yJcUU/ouWkEu7QFTt+YVUCXyadJIpYbQcgb2VQLybsQ/uwRqjACzDLn4LmM4h+GU
PUmQJdowFClIWKgdtVi4eqbcB+HYOKqVPJZac+Rxcsy9jJB/Y5HkiS+78WwqgVn3
czmrBJPypukdVd0u6xmOScvQJDIx14Mnhn9i9pQfCvHtycrlZH87KetdZLo+xlM5
9P9FaWUv2NJUgXH82KGgUZA1QKtcYFjV+ygbIDDFKMVN8Pm0VyRc8x5qntdBXRb0
nvm9JQqFtiWmaRUk8jF16IMfPaf9PoQ=
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:24:17 2024 by rpki-client on console-ams.rpki-client.org