Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/3230322e34372e36372e302f32342d3234203d3e20313339393732.roa
File:                     3230322e34372e36372e302f32342d3234203d3e20313339393732.roa (raw, json)
Hash identifier:          gY3EDaLtZ/1U7gvhTRdh1C6zagnCWKVLvof0hmFQYPw=
Subject key identifier:   5F:A2:52:E3:1C:9A:E4:E0:0B:B1:0D:E2:07:47:27:F9:6C:C5:A8:03
Certificate issuer:       /CN=D0C90407CCD53717DFEA21D51A8921F20564AB25
Certificate serial:       7AF73B8E36CA01A1157211A86E8FCBEAD4665DCA
Authority key identifier: D0:C9:04:07:CC:D5:37:17:DF:EA:21:D5:1A:89:21:F2:05:64:AB:25
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D0C90407CCD53717DFEA21D51A8921F20564AB25.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/3230322e34372e36372e302f32342d3234203d3e20313339393732.roa
Signing time:             Tue 26 Nov 2024 02:51:04 +0000
ROA not before:           Tue 26 Nov 2024 02:46:04 +0000
ROA not after:            Tue 25 Nov 2025 02:51:04 +0000
asID:                     139972
IP address blocks:        202.47.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/D0C90407CCD53717DFEA21D51A8921F20564AB25.crl
                          rsync://repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/D0C90407CCD53717DFEA21D51A8921F20564AB25.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D0C90407CCD53717DFEA21D51A8921F20564AB25.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Mar 2025 03:30:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f7:3b:8e:36:ca:01:a1:15:72:11:a8:6e:8f:cb:ea:d4:66:5d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D0C90407CCD53717DFEA21D51A8921F20564AB25
        Validity
            Not Before: Nov 26 02:46:04 2024 GMT
            Not After : Nov 25 02:51:04 2025 GMT
        Subject: CN=5FA252E31C9AE4E00BB10DE2074727F96CC5A803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:32:37:31:f5:24:35:84:42:6e:8f:07:1a:51:
                    c5:e1:9e:02:a4:c2:90:68:f2:ec:f4:6b:17:d1:7f:
                    d3:34:21:80:68:a0:28:ce:e7:2e:5f:03:10:77:86:
                    f9:cd:ba:c2:b7:c9:b4:64:58:ae:50:1e:e1:b5:27:
                    d4:1f:5d:9d:fc:74:62:05:7d:dc:d6:34:30:24:c3:
                    e2:ec:a7:d9:ee:e7:3c:0b:a5:46:2e:cd:f6:a8:ce:
                    27:e1:2f:70:77:13:c4:48:51:99:bd:09:5b:51:e5:
                    55:2f:ea:19:78:3a:0f:0f:18:10:f3:f5:bd:eb:8d:
                    fa:6f:7c:ac:3a:5f:16:28:d9:d0:d2:6c:55:8b:0f:
                    96:b4:14:bd:20:5d:4a:98:86:90:e4:61:2a:ac:0e:
                    b8:9e:13:1e:9b:16:f8:34:35:59:54:c9:25:51:d3:
                    1a:2b:78:5a:b8:8a:89:4d:ad:23:2c:97:5d:f2:b3:
                    cd:6f:a0:89:ba:2b:ad:e5:8f:8d:4f:50:12:68:e0:
                    3e:ed:40:fd:f7:ba:d4:28:ec:b8:70:65:c6:28:b6:
                    4c:91:93:bb:81:a5:11:72:aa:ef:ba:6b:7c:bc:30:
                    4e:1d:ab:ae:e8:53:af:f6:19:a4:9b:a1:e9:3c:b5:
                    14:55:92:95:08:08:ad:49:f9:1a:17:8c:16:66:3d:
                    a3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A2:52:E3:1C:9A:E4:E0:0B:B1:0D:E2:07:47:27:F9:6C:C5:A8:03
            X509v3 Authority Key Identifier:
                keyid:D0:C9:04:07:CC:D5:37:17:DF:EA:21:D5:1A:89:21:F2:05:64:AB:25

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/D0C90407CCD53717DFEA21D51A8921F20564AB25.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D0C90407CCD53717DFEA21D51A8921F20564AB25.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/8cebf116-fe2a-491b-aac8-220ead0b54e2/0/3230322e34372e36372e302f32342d3234203d3e20313339393732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.47.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:6a:87:38:61:71:bb:6d:fc:f1:30:a4:10:99:8d:ed:ff:09:
         bd:a8:3c:e2:3d:00:f6:94:d1:c4:6d:ab:e0:b6:04:0f:52:a9:
         3c:98:58:32:72:94:75:8f:4d:b1:6e:6c:71:ba:11:9e:d4:ec:
         6b:9b:76:68:15:19:53:ab:54:c3:0e:83:36:46:a0:8a:1c:aa:
         8f:25:25:85:5e:e9:b9:d1:77:24:aa:4b:9e:35:17:fc:f6:88:
         5b:4e:e9:3c:93:5c:7e:00:82:d8:64:22:e5:06:f2:f1:8a:da:
         0f:3f:c0:1a:34:26:8a:58:07:d7:78:2c:02:43:8f:a9:76:35:
         6e:64:e1:ce:0a:f9:f5:e0:4c:80:9b:8f:86:b9:a8:c2:1c:b7:
         3a:c5:12:da:54:97:41:1b:03:3e:98:4d:78:4b:f7:f5:19:ef:
         c3:73:e1:6d:9c:91:f8:8f:3c:63:dd:fc:44:ee:f0:9b:a0:be:
         50:2b:94:05:b2:98:f3:e0:b4:19:38:3e:52:4d:df:09:5d:26:
         b1:40:c4:9f:55:04:d0:6a:b6:9f:7d:a9:29:42:15:00:22:c9:
         5a:2e:9e:b6:ea:07:24:9f:cf:3c:1b:6e:5f:60:67:9e:fa:4c:
         de:dc:30:cb:f6:4f:8c:92:f0:fa:23:96:c1:76:b9:62:6f:67:
         d6:ff:21:a2
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUevc7jjbKAaEVchGobo/L6tRmXcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDBDOTA0MDdDQ0Q1MzcxN0RGRUEyMUQ1MUE4OTIxRjIw
NTY0QUIyNTAeFw0yNDExMjYwMjQ2MDRaFw0yNTExMjUwMjUxMDRaMDMxMTAvBgNV
BAMTKDVGQTI1MkUzMUM5QUU0RTAwQkIxMERFMjA3NDcyN0Y5NkNDNUE4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Mjcx9SQ1hEJujwcaUcXhngKk
wpBo8uz0axfRf9M0IYBooCjO5y5fAxB3hvnNusK3ybRkWK5QHuG1J9QfXZ38dGIF
fdzWNDAkw+Lsp9nu5zwLpUYuzfaozifhL3B3E8RIUZm9CVtR5VUv6hl4Og8PGBDz
9b3rjfpvfKw6XxYo2dDSbFWLD5a0FL0gXUqYhpDkYSqsDrieEx6bFvg0NVlUySVR
0xoreFq4iolNrSMsl13ys81voIm6K63lj41PUBJo4D7tQP33utQo7LhwZcYotkyR
k7uBpRFyqu+6a3y8ME4dq67oU6/2GaSboek8tRRVkpUICK1J+RoXjBZmPaNLAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUX6JS4xya5OALsQ3iB0cn+WzFqAMwHwYDVR0j
BBgwFoAU0MkEB8zVNxff6iHVGokh8gVkqyUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
Y2ViZjExNi1mZTJhLTQ5MWItYWFjOC0yMjBlYWQwYjU0ZTIvMC9EMEM5MDQwN0ND
RDUzNzE3REZFQTIxRDUxQTg5MjFGMjA1NjRBQjI1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRDBDOTA0MDdDQ0Q1MzcxN0RGRUEyMUQ1MUE4OTIxRjIwNTY0
QUIyNS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzhjZWJmMTE2LWZlMmEtNDkxYi1h
YWM4LTIyMGVhZDBiNTRlMi8wLzMyMzAzMjJlMzQzNzJlMzYzNzJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzOTM5MzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMovQzANBgkqhkiG
9w0BAQsFAAOCAQEAWGqHOGFxu2388TCkEJmN7f8Jvag84j0A9pTRxG2r4LYED1Kp
PJhYMnKUdY9NsW5scboRntTsa5t2aBUZU6tUww6DNkagihyqjyUlhV7pudF3JKpL
njUX/PaIW07pPJNcfgCC2GQi5Qby8YraDz/AGjQmilgH13gsAkOPqXY1bmThzgr5
9eBMgJuPhrmowhy3OsUS2lSXQRsDPphNeEv39Rnvw3PhbZyR+I88Y938RO7wm6C+
UCuUBbKY8+C0GTg+Uk3fCV0msUDEn1UE0Gq2n32pKUIVACLJWi6etuoHJJ/PPBtu
X2BnnvpM3twwy/ZPjJLw+iOWwXa5Ym9n1v8hog==
-----END CERTIFICATE-----
Generated at Sat Mar 15 23:57:23 2025 by rpki-client