Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/3230322e3136392e3235342e302f32332d3234203d3e203338313433.roa
File:                     3230322e3136392e3235342e302f32332d3234203d3e203338313433.roa (raw, json)
Hash identifier:          p7swydDsWURtiFQmZODeY4QE27/x4EblgyEQL83pXus=
Subject key identifier:   B5:D8:6D:55:71:61:94:4C:82:27:87:62:29:E1:64:D1:8F:C5:D5:4D
Certificate issuer:       /CN=342061B97FF97E5180511F38B0A0DCBAB1CE0325
Certificate serial:       221CE0FABECA2120F80BDBE2D76ACCA0ACD3FF14
Authority key identifier: 34:20:61:B9:7F:F9:7E:51:80:51:1F:38:B0:A0:DC:BA:B1:CE:03:25
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/342061B97FF97E5180511F38B0A0DCBAB1CE0325.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/3230322e3136392e3235342e302f32332d3234203d3e203338313433.roa
Signing time:             Tue 20 May 2025 11:00:00 +0000
ROA not before:           Tue 20 May 2025 10:55:00 +0000
ROA not after:            Tue 19 May 2026 11:00:00 +0000
asID:                     38143
IP address blocks:        202.169.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/342061B97FF97E5180511F38B0A0DCBAB1CE0325.crl
                          rsync://repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/342061B97FF97E5180511F38B0A0DCBAB1CE0325.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/342061B97FF97E5180511F38B0A0DCBAB1CE0325.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 12:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:1c:e0:fa:be:ca:21:20:f8:0b:db:e2:d7:6a:cc:a0:ac:d3:ff:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=342061B97FF97E5180511F38B0A0DCBAB1CE0325
        Validity
            Not Before: May 20 10:55:00 2025 GMT
            Not After : May 19 11:00:00 2026 GMT
        Subject: CN=B5D86D557161944C8227876229E164D18FC5D54D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:be:e3:ef:47:52:c8:2e:9f:52:1c:4d:a8:68:
                    1c:cf:a7:b3:f4:90:22:0b:dc:9b:90:5c:cf:00:ec:
                    3e:da:36:be:56:0f:c7:1b:a0:c2:fd:5d:72:ec:86:
                    de:df:19:38:de:85:86:8f:68:c5:e7:e5:13:d6:3e:
                    2e:f5:99:f8:95:0a:93:a6:1f:e9:44:5e:c5:6b:fc:
                    6e:3b:b0:94:d0:3a:ed:1e:e4:dc:ef:29:94:2a:37:
                    a4:f1:76:4b:dc:9b:07:ab:c6:93:76:9c:c8:4b:08:
                    69:59:c5:73:89:58:b4:94:da:67:c2:93:bf:77:7e:
                    f9:8e:c4:11:45:b2:eb:5c:4f:94:f9:43:63:85:e6:
                    f0:f6:25:f9:49:0c:8c:df:e6:07:e0:ae:33:3e:52:
                    dc:85:30:e3:13:93:95:1a:88:d7:b0:b8:29:bf:89:
                    80:83:cb:4b:bc:b5:d1:9f:4e:e1:09:67:e5:89:32:
                    66:eb:cc:2a:6d:9f:c2:24:83:e1:7c:4f:cf:d6:f4:
                    b1:68:1c:3f:9f:96:59:fb:6a:92:29:95:37:15:57:
                    b3:99:95:07:aa:fe:51:57:f7:d5:7e:b5:a1:54:70:
                    60:38:19:4d:ab:a7:61:bd:94:f1:2c:3a:7e:d8:2a:
                    34:09:00:6a:ab:65:51:dd:ef:94:c1:2d:bf:cb:af:
                    0c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D8:6D:55:71:61:94:4C:82:27:87:62:29:E1:64:D1:8F:C5:D5:4D
            X509v3 Authority Key Identifier:
                keyid:34:20:61:B9:7F:F9:7E:51:80:51:1F:38:B0:A0:DC:BA:B1:CE:03:25

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/342061B97FF97E5180511F38B0A0DCBAB1CE0325.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/342061B97FF97E5180511F38B0A0DCBAB1CE0325.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/acb9a4b9-4ae3-467a-b919-410e142b679f/0/3230322e3136392e3235342e302f32332d3234203d3e203338313433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.169.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:e3:06:f4:74:dc:fb:eb:99:a2:c3:f7:b7:bc:9e:63:d4:ff:
         e2:a3:1b:c6:13:4b:15:f5:83:04:3a:15:24:0f:3a:7d:14:bd:
         52:18:e8:86:07:32:a3:a8:eb:54:64:c6:8f:18:8d:67:7c:30:
         93:e7:ae:e9:70:46:ea:d3:56:c2:03:82:22:f7:09:bc:7f:4d:
         b4:2b:59:f7:a0:9f:a7:5b:83:7b:ce:a0:83:2b:bc:f7:8b:eb:
         5a:4d:dc:fb:1b:ba:81:19:6b:1f:59:a9:15:cc:76:76:5f:55:
         67:0e:82:14:b8:cb:e4:ed:89:3d:21:ec:b2:f9:bc:22:05:d5:
         dc:47:30:ca:e4:30:b1:31:b2:c7:00:9e:21:74:ad:2a:f8:15:
         3d:42:76:ab:09:fc:d5:57:b3:65:bc:c1:5f:7b:0a:3f:0b:e4:
         f9:77:34:82:a9:31:94:15:d7:d1:5e:37:28:01:ee:e4:42:20:
         e3:a3:a1:8a:5b:15:e1:9c:76:d6:ed:45:51:4f:d0:a5:23:1b:
         22:51:b4:25:d9:5f:ae:40:35:07:88:d0:51:31:2f:d8:56:97:
         d1:f9:7c:50:f5:72:97:d3:69:c6:60:1e:c8:b9:4c:2f:83:55:
         f1:32:7c:ae:48:62:17:66:cf:82:55:25:c9:9c:93:19:5e:1c:
         c6:ee:ba:5a
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUIhzg+r7KISD4C9vi12rMoKzT/xQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzQyMDYxQjk3RkY5N0U1MTgwNTExRjM4QjBBMERDQkFC
MUNFMDMyNTAeFw0yNTA1MjAxMDU1MDBaFw0yNjA1MTkxMTAwMDBaMDMxMTAvBgNV
BAMTKEI1RDg2RDU1NzE2MTk0NEM4MjI3ODc2MjI5RTE2NEQxOEZDNUQ1NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgvuPvR1LILp9SHE2oaBzPp7P0
kCIL3JuQXM8A7D7aNr5WD8cboML9XXLsht7fGTjehYaPaMXn5RPWPi71mfiVCpOm
H+lEXsVr/G47sJTQOu0e5NzvKZQqN6TxdkvcmwerxpN2nMhLCGlZxXOJWLSU2mfC
k793fvmOxBFFsutcT5T5Q2OF5vD2JflJDIzf5gfgrjM+UtyFMOMTk5UaiNewuCm/
iYCDy0u8tdGfTuEJZ+WJMmbrzCptn8Ikg+F8T8/W9LFoHD+flln7apIplTcVV7OZ
lQeq/lFX99V+taFUcGA4GU2rp2G9lPEsOn7YKjQJAGqrZVHd75TBLb/LrwzNAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUtdhtVXFhlEyCJ4diKeFk0Y/F1U0wHwYDVR0j
BBgwFoAUNCBhuX/5flGAUR84sKDcurHOAyUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
Y2I5YTRiOS00YWUzLTQ2N2EtYjkxOS00MTBlMTQyYjY3OWYvMC8zNDIwNjFCOTdG
Rjk3RTUxODA1MTFGMzhCMEEwRENCQUIxQ0UwMzI1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzQyMDYxQjk3RkY5N0U1MTgwNTExRjM4QjBBMERDQkFCMUNF
MDMyNS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FjYjlhNGI5LTRhZTMtNDY3YS1i
OTE5LTQxMGUxNDJiNjc5Zi8wLzMyMzAzMjJlMzEzNjM5MmUzMjM1MzQyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMzM4MzEzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQByqn+MA0GCSqG
SIb3DQEBCwUAA4IBAQAt4wb0dNz765miw/e3vJ5j1P/ioxvGE0sV9YMEOhUkDzp9
FL1SGOiGBzKjqOtUZMaPGI1nfDCT567pcEbq01bCA4Ii9wm8f020K1n3oJ+nW4N7
zqCDK7z3i+taTdz7G7qBGWsfWakVzHZ2X1VnDoIUuMvk7Yk9Ieyy+bwiBdXcRzDK
5DCxMbLHAJ4hdK0q+BU9QnarCfzVV7NlvMFfewo/C+T5dzSCqTGUFdfRXjcoAe7k
QiDjo6GKWxXhnHbW7UVRT9ClIxsiUbQl2V+uQDUHiNBRMS/YVpfR+XxQ9XKX02nG
YB7IuUwvg1XxMnyuSGIXZs+CVSXJnJMZXhzG7rpa
-----END CERTIFICATE-----
Generated at Sun Jun 8 04:49:40 2025 by rpki-client