Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/3230322e3138322e3136302e302f31392d3234203d3e2039383735.roa
File:                     3230322e3138322e3136302e302f31392d3234203d3e2039383735.roa (raw, json)
Hash identifier:          m13+pmOCObVx0zG5+sqZgyv+7v27+shyvjNVNVwWYnA=
Subject key identifier:   40:95:3E:60:74:D2:FC:C5:E3:3D:2D:86:83:7B:7D:A7:90:AD:E3:C1
Certificate issuer:       /CN=F33127B2252454B491C5DC9FE3937C56F28F8066
Certificate serial:       3E7851F4DB8819D2453EF252151BBC40F5784767
Authority key identifier: F3:31:27:B2:25:24:54:B4:91:C5:DC:9F:E3:93:7C:56:F2:8F:80:66
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F33127B2252454B491C5DC9FE3937C56F28F8066.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/3230322e3138322e3136302e302f31392d3234203d3e2039383735.roa
Signing time:             Sat 02 Mar 2024 11:02:03 +0000
ROA not before:           Sat 02 Mar 2024 10:57:03 +0000
ROA not after:            Sat 01 Mar 2025 11:02:03 +0000
asID:                     9875
IP address blocks:        202.182.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/F33127B2252454B491C5DC9FE3937C56F28F8066.crl
                          rsync://repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/F33127B2252454B491C5DC9FE3937C56F28F8066.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F33127B2252454B491C5DC9FE3937C56F28F8066.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 05:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:78:51:f4:db:88:19:d2:45:3e:f2:52:15:1b:bc:40:f5:78:47:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F33127B2252454B491C5DC9FE3937C56F28F8066
        Validity
            Not Before: Mar  2 10:57:03 2024 GMT
            Not After : Mar  1 11:02:03 2025 GMT
        Subject: CN=40953E6074D2FCC5E33D2D86837B7DA790ADE3C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c1:93:43:08:7d:23:35:5f:d4:66:d6:3e:84:
                    b3:04:e7:38:df:56:1d:91:e2:87:50:e4:8a:42:1a:
                    87:22:ba:76:41:cb:4b:f5:83:06:f9:4a:1f:af:37:
                    e0:ab:0e:41:3b:c1:74:59:c3:77:bc:77:fa:30:4b:
                    8d:a9:d0:15:74:ff:de:50:4c:d8:a4:33:9e:69:74:
                    99:a8:b7:61:0f:0e:f6:04:23:55:91:61:6e:51:c9:
                    ad:8d:91:0a:5a:02:18:2e:cc:16:cb:f7:45:69:2c:
                    3d:eb:28:07:42:b7:95:27:57:d2:03:9a:30:e6:80:
                    69:e3:05:85:e4:ce:55:27:87:27:9b:74:e5:17:08:
                    ad:a7:ef:45:a2:af:1b:5c:da:72:fe:36:c5:b0:2d:
                    7b:18:38:20:4d:c4:50:53:4c:fd:a2:1f:3a:8a:24:
                    ba:04:b4:5f:50:18:1c:65:e0:e8:3b:9b:8c:87:e9:
                    e1:5e:99:fe:9e:73:ef:ef:c5:46:fe:2a:a0:1f:2c:
                    31:1d:8c:fe:dc:86:df:f3:6a:1c:3f:7d:86:e1:00:
                    94:70:f5:4a:ae:0e:cb:1a:05:cb:9d:37:42:d0:7e:
                    b3:5a:72:7a:b9:d4:47:51:eb:12:00:ff:30:79:cd:
                    ab:bd:e7:c3:51:b8:48:9e:2a:82:ad:87:86:b2:e3:
                    51:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:95:3E:60:74:D2:FC:C5:E3:3D:2D:86:83:7B:7D:A7:90:AD:E3:C1
            X509v3 Authority Key Identifier:
                keyid:F3:31:27:B2:25:24:54:B4:91:C5:DC:9F:E3:93:7C:56:F2:8F:80:66

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/F33127B2252454B491C5DC9FE3937C56F28F8066.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F33127B2252454B491C5DC9FE3937C56F28F8066.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/ebbfe776-00a3-4776-bf3f-5211946101c3/0/3230322e3138322e3136302e302f31392d3234203d3e2039383735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.182.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a8:b8:32:2a:73:09:82:3f:f8:cf:6b:30:f2:45:68:b6:9b:66:
         26:ac:89:3c:a7:17:ef:ce:9d:d3:9c:e5:fd:06:f0:0b:41:95:
         ff:0c:c3:2d:69:66:4e:a6:66:30:76:c7:7c:b2:48:20:44:bf:
         6d:0f:32:89:c0:bf:8d:30:35:c8:36:7e:5c:6b:8b:8d:cc:2f:
         37:9e:e0:88:23:db:5c:a0:6d:d6:a9:19:4a:c1:14:e4:24:0b:
         53:e1:8d:88:d1:ab:6e:f6:69:25:05:a3:50:73:74:ef:7f:59:
         86:7b:df:74:d8:67:ca:56:53:0e:a1:74:4d:15:4e:94:9c:32:
         3b:c1:de:69:a3:52:2c:ed:bc:f6:a1:f3:81:e1:33:a1:b4:5f:
         b9:46:56:2b:a2:67:08:fb:8d:6a:5a:f9:4e:a6:1e:ab:4a:5b:
         49:ae:6d:ac:a3:2e:e0:4b:e3:57:e8:d4:74:bf:b4:a4:c1:1a:
         34:61:da:5b:92:f1:b4:36:6f:7a:29:f1:e6:f2:ce:03:27:fa:
         44:a9:56:16:8a:2e:48:1a:f8:b2:2f:ea:bd:0c:cb:9f:2c:9f:
         e0:05:66:83:0d:0b:a3:22:b1:24:08:10:14:85:20:78:f0:ff:
         d4:a9:e2:b4:9d:78:5b:ff:10:e7:38:af:cb:6e:be:64:b0:57:
         17:28:be:a7
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUPnhR9NuIGdJFPvJSFRu8QPV4R2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjMzMTI3QjIyNTI0NTRCNDkxQzVEQzlGRTM5MzdDNTZG
MjhGODA2NjAeFw0yNDAzMDIxMDU3MDNaFw0yNTAzMDExMTAyMDNaMDMxMTAvBgNV
BAMTKDQwOTUzRTYwNzREMkZDQzVFMzNEMkQ4NjgzN0I3REE3OTBBREUzQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/wZNDCH0jNV/UZtY+hLME5zjf
Vh2R4odQ5IpCGociunZBy0v1gwb5Sh+vN+CrDkE7wXRZw3e8d/owS42p0BV0/95Q
TNikM55pdJmot2EPDvYEI1WRYW5Rya2NkQpaAhguzBbL90VpLD3rKAdCt5UnV9ID
mjDmgGnjBYXkzlUnhyebdOUXCK2n70Wirxtc2nL+NsWwLXsYOCBNxFBTTP2iHzqK
JLoEtF9QGBxl4Og7m4yH6eFemf6ec+/vxUb+KqAfLDEdjP7cht/zahw/fYbhAJRw
9UquDssaBcudN0LQfrNacnq51EdR6xIA/zB5zau958NRuEieKoKth4ay41G3AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUQJU+YHTS/MXjPS2Gg3t9p5Ct48EwHwYDVR0j
BBgwFoAU8zEnsiUkVLSRxdyf45N8VvKPgGYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
YmJmZTc3Ni0wMGEzLTQ3NzYtYmYzZi01MjExOTQ2MTAxYzMvMC9GMzMxMjdCMjI1
MjQ1NEI0OTFDNURDOUZFMzkzN0M1NkYyOEY4MDY2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRjMzMTI3QjIyNTI0NTRCNDkxQzVEQzlGRTM5MzdDNTZGMjhG
ODA2Ni5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2ViYmZlNzc2LTAwYTMtNDc3Ni1i
ZjNmLTUyMTE5NDYxMDFjMy8wLzMyMzAzMjJlMzEzODMyMmUzMTM2MzAyZTMwMmYz
MTM5MmQzMjM0MjAzZDNlMjAzOTM4MzczNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBcq2oDANBgkqhkiG
9w0BAQsFAAOCAQEAqLgyKnMJgj/4z2sw8kVotptmJqyJPKcX786d05zl/QbwC0GV
/wzDLWlmTqZmMHbHfLJIIES/bQ8yicC/jTA1yDZ+XGuLjcwvN57giCPbXKBt1qkZ
SsEU5CQLU+GNiNGrbvZpJQWjUHN0739ZhnvfdNhnylZTDqF0TRVOlJwyO8HeaaNS
LO289qHzgeEzobRfuUZWK6JnCPuNalr5TqYeq0pbSa5trKMu4EvjV+jUdL+0pMEa
NGHaW5LxtDZveinx5vLOAyf6RKlWFoouSBr4si/qvQzLnyyf4AVmgw0LoyKxJAgQ
FIUgePD/1KnitJ14W/8Q5zivy26+ZLBXFyi+pw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:56:26 2024 by rpki-client on console-fra.rpki-client.org