Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/3230332e3136312e32302e302f32342d3234203d3e20313333383430.roa
File:                     3230332e3136312e32302e302f32342d3234203d3e20313333383430.roa (raw, json)
Hash identifier:          mQ/4XFIYa1A38Ro0fJCYLXI5KmUXmqvDK2RQAjg8Atg=
Subject key identifier:   82:36:49:5D:0D:15:4E:4B:B7:CB:25:3C:CD:85:85:3E:29:F7:3D:79
Certificate issuer:       /CN=B6F0131510E62F73E5F29246F9C8F691811A704D
Certificate serial:       57ADB4499E57BC15AA1F9344CA15308447E83B09
Authority key identifier: B6:F0:13:15:10:E6:2F:73:E5:F2:92:46:F9:C8:F6:91:81:1A:70:4D
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B6F0131510E62F73E5F29246F9C8F691811A704D.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/3230332e3136312e32302e302f32342d3234203d3e20313333383430.roa
Signing time:             Thu 25 Jan 2024 09:00:02 +0000
ROA not before:           Thu 25 Jan 2024 08:55:02 +0000
ROA not after:            Thu 23 Jan 2025 09:00:02 +0000
asID:                     133840
IP address blocks:        203.161.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/B6F0131510E62F73E5F29246F9C8F691811A704D.crl
                          rsync://repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/B6F0131510E62F73E5F29246F9C8F691811A704D.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B6F0131510E62F73E5F29246F9C8F691811A704D.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 03:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:ad:b4:49:9e:57:bc:15:aa:1f:93:44:ca:15:30:84:47:e8:3b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B6F0131510E62F73E5F29246F9C8F691811A704D
        Validity
            Not Before: Jan 25 08:55:02 2024 GMT
            Not After : Jan 23 09:00:02 2025 GMT
        Subject: CN=8236495D0D154E4BB7CB253CCD85853E29F73D79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4f:4a:73:cb:e0:49:ff:e8:af:3a:6b:fc:71:
                    06:b5:04:15:f5:96:3c:f7:31:da:cd:ab:8e:6b:80:
                    86:1a:dd:e7:67:a6:70:d2:97:ab:29:4a:07:8f:0f:
                    aa:72:15:44:a6:e3:30:61:66:e5:3b:a5:1f:68:cc:
                    5b:a8:5f:e4:0c:02:34:da:b1:97:51:62:1e:cf:e2:
                    96:d1:e6:de:29:23:7e:5b:ef:5b:34:1f:cc:b3:dd:
                    92:a7:1d:0d:61:64:5a:48:3c:6b:bb:48:01:7c:68:
                    77:f9:18:18:ba:25:c3:70:6b:b9:8a:20:02:2c:45:
                    c2:b9:07:de:aa:b6:12:af:8f:92:92:3d:51:b5:e8:
                    71:40:d1:b0:5c:f1:a3:0c:24:e4:fa:21:6e:2b:bf:
                    8d:fc:12:e8:24:92:c2:64:bf:1b:a0:b7:38:f4:ef:
                    14:43:a0:be:8d:5f:f5:bc:92:23:76:61:9e:57:0f:
                    a0:3f:1d:00:1c:a2:36:87:01:6b:a4:ef:d5:d2:f3:
                    57:b1:5c:bf:36:53:06:6a:81:0b:8b:d2:5a:0b:53:
                    ad:17:0c:d2:10:2e:91:b5:bf:6f:e6:0a:60:20:d5:
                    fc:1b:0e:6a:c9:83:9e:09:2a:77:c4:b6:be:5e:c3:
                    65:36:c8:14:b9:64:0f:c1:16:5b:5e:fa:04:9c:d6:
                    56:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:36:49:5D:0D:15:4E:4B:B7:CB:25:3C:CD:85:85:3E:29:F7:3D:79
            X509v3 Authority Key Identifier:
                keyid:B6:F0:13:15:10:E6:2F:73:E5:F2:92:46:F9:C8:F6:91:81:1A:70:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/B6F0131510E62F73E5F29246F9C8F691811A704D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B6F0131510E62F73E5F29246F9C8F691811A704D.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/85d8dab4-8bb6-4ed0-8dab-5a406167b99d/0/3230332e3136312e32302e302f32342d3234203d3e20313333383430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.161.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:14:be:9f:8f:df:0e:11:9b:37:05:21:a4:0a:dd:ea:90:40:
         ad:41:29:d3:d3:2f:f8:fa:a1:5d:84:6b:c7:a7:74:32:be:57:
         66:e1:6a:e9:66:18:f6:65:80:7a:a2:e7:7b:92:d1:65:da:7e:
         40:6b:71:ed:b7:13:6b:f2:10:e1:c8:02:cd:e6:9f:c0:7c:52:
         af:cc:97:58:e1:ec:f8:2d:b4:55:a4:60:a8:04:75:2f:8e:30:
         e0:10:70:18:64:e6:30:c4:78:45:87:07:d8:c7:e0:cf:22:40:
         43:9e:3b:09:8e:08:ce:06:d7:ad:5c:06:2a:f8:57:ff:d4:b1:
         9e:a4:2a:9b:59:fa:76:fc:e6:4b:a4:02:ae:52:55:0e:c0:49:
         f9:fe:28:87:20:5a:0e:f3:e8:21:d0:9e:ef:89:cd:73:80:58:
         c8:91:3c:e9:27:1c:6f:70:c6:84:29:32:ff:13:21:4c:a7:d2:
         a0:ba:42:c2:5f:c1:5c:c7:9d:70:56:84:cb:f5:4f:f6:af:2b:
         d4:f0:3b:6e:81:11:4f:fb:c5:4c:ed:88:56:1e:a0:63:34:af:
         e4:64:24:c2:fe:cb:a2:52:7e:eb:5f:54:66:a2:8c:d4:03:c4:
         ae:96:2d:21:e0:b0:72:f9:19:d2:a8:9d:49:d6:6e:2d:cd:ad:
         c2:38:aa:de
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUV620SZ5XvBWqH5NEyhUwhEfoOwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjZGMDEzMTUxMEU2MkY3M0U1RjI5MjQ2RjlDOEY2OTE4
MTFBNzA0RDAeFw0yNDAxMjUwODU1MDJaFw0yNTAxMjMwOTAwMDJaMDMxMTAvBgNV
BAMTKDgyMzY0OTVEMEQxNTRFNEJCN0NCMjUzQ0NEODU4NTNFMjlGNzNENzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwT0pzy+BJ/+ivOmv8cQa1BBX1
ljz3MdrNq45rgIYa3ednpnDSl6spSgePD6pyFUSm4zBhZuU7pR9ozFuoX+QMAjTa
sZdRYh7P4pbR5t4pI35b71s0H8yz3ZKnHQ1hZFpIPGu7SAF8aHf5GBi6JcNwa7mK
IAIsRcK5B96qthKvj5KSPVG16HFA0bBc8aMMJOT6IW4rv438EugkksJkvxugtzj0
7xRDoL6NX/W8kiN2YZ5XD6A/HQAcojaHAWuk79XS81exXL82UwZqgQuL0loLU60X
DNIQLpG1v2/mCmAg1fwbDmrJg54JKnfEtr5ew2U2yBS5ZA/BFlte+gSc1lZ5AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUgjZJXQ0VTku3yyU8zYWFPin3PXkwHwYDVR0j
BBgwFoAUtvATFRDmL3Pl8pJG+cj2kYEacE0wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
NWQ4ZGFiNC04YmI2LTRlZDAtOGRhYi01YTQwNjE2N2I5OWQvMC9CNkYwMTMxNTEw
RTYyRjczRTVGMjkyNDZGOUM4RjY5MTgxMUE3MDRELmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjZGMDEzMTUxMEU2MkY3M0U1RjI5MjQ2RjlDOEY2OTE4MTFB
NzA0RC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzg1ZDhkYWI0LThiYjYtNGVkMC04
ZGFiLTVhNDA2MTY3Yjk5ZC8wLzMyMzAzMzJlMzEzNjMxMmUzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzMzMzMzgzNDMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy6EUMA0GCSqG
SIb3DQEBCwUAA4IBAQA/FL6fj98OEZs3BSGkCt3qkECtQSnT0y/4+qFdhGvHp3Qy
vldm4WrpZhj2ZYB6oud7ktFl2n5Aa3HttxNr8hDhyALN5p/AfFKvzJdY4ez4LbRV
pGCoBHUvjjDgEHAYZOYwxHhFhwfYx+DPIkBDnjsJjgjOBtetXAYq+Ff/1LGepCqb
Wfp2/OZLpAKuUlUOwEn5/iiHIFoO8+gh0J7vic1zgFjIkTzpJxxvcMaEKTL/EyFM
p9KgukLCX8Fcx51wVoTL9U/2ryvU8DtugRFP+8VM7YhWHqBjNK/kZCTC/suiUn7r
X1RmoozUA8Suli0h4LBy+RnSqJ1J1m4tza3COKre
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:52:02 2024 by rpki-client on console-ams.rpki-client.org