Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e362e302f32332d3233203d3e203338373738.roa
File:                     3230322e3134382e362e302f32332d3233203d3e203338373738.roa (raw, json)
Hash identifier:          2gVhPUhqKxJlm+soCAvHmDhdNT4ZcFFcZwPNzbFrnnQ=
Subject key identifier:   F4:D8:E9:EB:E1:38:7B:80:00:65:8C:B2:D8:66:35:FA:AE:28:7B:1D
Certificate issuer:       /CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
Certificate serial:       3ED8E4F9AE3F306A438FF9B608ECF7C136626505
Authority key identifier: 09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e362e302f32332d3233203d3e203338373738.roa
Signing time:             Mon 31 Jul 2023 00:03:52 +0000
ROA not before:           Sun 30 Jul 2023 23:58:52 +0000
ROA not after:            Mon 29 Jul 2024 00:03:52 +0000
asID:                     38778
IP address blocks:        202.148.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl
                          rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 03:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:d8:e4:f9:ae:3f:30:6a:43:8f:f9:b6:08:ec:f7:c1:36:62:65:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
        Validity
            Not Before: Jul 30 23:58:52 2023 GMT
            Not After : Jul 29 00:03:52 2024 GMT
        Subject: CN=F4D8E9EBE1387B8000658CB2D86635FAAE287B1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:fd:c6:84:95:6d:eb:8f:9d:f5:69:bc:24:13:
                    67:31:a9:c0:8c:01:b5:d0:61:2c:25:13:ac:5c:5d:
                    b8:2d:b8:bc:7d:d1:80:0f:02:e7:b4:94:5a:ec:a9:
                    e1:b6:0f:8b:7d:0c:33:df:b2:e3:2d:ee:3b:0c:5a:
                    15:7f:59:5f:d7:a7:13:7c:d8:81:40:52:93:8f:17:
                    5c:9f:96:21:6e:6c:5e:cf:ea:12:67:d2:2d:e2:5a:
                    09:f0:ef:26:ba:9a:59:b7:57:4f:2b:f1:63:f0:38:
                    fb:d3:b4:4f:1e:2f:40:0a:80:3e:ce:57:93:80:b9:
                    b0:93:85:3b:91:a1:95:b4:4d:c8:38:d4:37:89:54:
                    3a:0d:d8:40:d1:d9:1b:f3:8e:22:d8:23:17:f6:0c:
                    c2:e1:a1:93:75:39:85:3f:32:d2:1f:6b:05:42:5a:
                    58:04:d3:24:07:89:3b:db:f1:53:97:ed:57:7a:43:
                    61:37:19:8a:c6:f2:4e:0b:26:f2:28:d2:78:10:b5:
                    58:1b:6f:8c:c1:f9:c2:65:d7:6e:f9:5a:04:6e:56:
                    8c:b9:35:21:ad:f1:2d:b8:17:9a:36:f8:78:7f:f1:
                    52:02:9f:22:d1:b1:c0:ec:13:67:1e:7f:14:ab:97:
                    87:ea:95:df:52:a2:6a:c2:a8:1f:f8:f6:a4:71:28:
                    70:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D8:E9:EB:E1:38:7B:80:00:65:8C:B2:D8:66:35:FA:AE:28:7B:1D
            X509v3 Authority Key Identifier:
                keyid:09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e362e302f32332d3233203d3e203338373738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.148.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:f4:5f:2d:cf:e0:f4:f7:37:c2:31:09:8f:04:10:ad:35:1b:
         e0:b0:af:ed:94:19:7e:0e:54:30:0d:bc:ef:77:c0:0f:b3:33:
         dd:92:05:c7:3f:07:9c:9b:c6:bb:f4:4c:5a:2d:df:3c:ac:f7:
         ec:62:c9:8f:f8:f6:34:43:06:2d:e8:c8:66:d5:d7:04:4f:2a:
         73:99:be:9d:e4:7e:c8:cb:70:e7:94:b8:da:28:70:fa:a6:10:
         ad:c0:97:59:d7:eb:e3:f8:e0:ec:7c:74:0a:5f:54:20:18:95:
         03:35:61:45:ae:da:27:f5:0d:7e:54:57:6d:ae:e3:2b:ec:78:
         45:51:64:3d:3f:61:f6:03:71:22:20:7e:ee:16:f1:68:be:6b:
         0d:76:ea:de:61:2c:50:30:3a:b5:38:8d:f2:f8:ef:fc:87:42:
         c5:eb:9a:5c:98:dd:44:69:42:13:61:d4:7c:d6:ef:f8:c8:ef:
         cb:2d:e3:60:08:44:b3:10:c6:dd:f8:9c:e3:f4:76:25:24:fe:
         a2:70:3d:93:4b:76:20:63:04:c7:c9:72:97:d4:d9:9f:bd:5a:
         81:6a:fd:f3:3d:d3:98:a5:49:0e:0c:4a:2f:71:25:d2:ba:91:
         fe:b3:75:72:2d:68:07:75:f2:e4:66:5d:7f:85:28:db:d5:a5:
         bf:fa:12:8c
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUPtjk+a4/MGpDj/m2COz3wTZiZQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3
NjNDRjM2MTAeFw0yMzA3MzAyMzU4NTJaFw0yNDA3MjkwMDAzNTJaMDMxMTAvBgNV
BAMTKEY0RDhFOUVCRTEzODdCODAwMDY1OENCMkQ4NjYzNUZBQUUyODdCMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp/caElW3rj531abwkE2cxqcCM
AbXQYSwlE6xcXbgtuLx90YAPAue0lFrsqeG2D4t9DDPfsuMt7jsMWhV/WV/XpxN8
2IFAUpOPF1yfliFubF7P6hJn0i3iWgnw7ya6mlm3V08r8WPwOPvTtE8eL0AKgD7O
V5OAubCThTuRoZW0Tcg41DeJVDoN2EDR2RvzjiLYIxf2DMLhoZN1OYU/MtIfawVC
WlgE0yQHiTvb8VOX7Vd6Q2E3GYrG8k4LJvIo0ngQtVgbb4zB+cJl1275WgRuVoy5
NSGt8S24F5o2+Hh/8VICnyLRscDsE2cefxSrl4fqld9SomrCqB/49qRxKHCJAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQU9Njp6+E4e4AAZYyy2GY1+q4oex0wHwYDVR0j
BBgwFoAUCabx+k/FMta04TRi/CNMnHY882EwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
MzRlY2M0MC02Yjg0LTQ5ZTgtYjYwYi02ZTk5MDQxMjhjYTgvMC8wOUE2RjFGQTRG
QzUzMkQ2QjRFMTM0NjJGQzIzNEM5Qzc2M0NGMzYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3NjND
RjM2MS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2YzNGVjYzQwLTZiODQtNDllOC1i
NjBiLTZlOTkwNDEyOGNhOC8wLzMyMzAzMjJlMzEzNDM4MmUzNjJlMzAyZjMyMzMy
ZDMyMzMyMDNkM2UyMDMzMzgzNzM3Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKlAYwDQYJKoZIhvcN
AQELBQADggEBAJv0Xy3P4PT3N8IxCY8EEK01G+Cwr+2UGX4OVDANvO93wA+zM92S
Bcc/B5ybxrv0TFot3zys9+xiyY/49jRDBi3oyGbV1wRPKnOZvp3kfsjLcOeUuNoo
cPqmEK3Al1nX6+P44Ox8dApfVCAYlQM1YUWu2if1DX5UV22u4yvseEVRZD0/YfYD
cSIgfu4W8Wi+aw126t5hLFAwOrU4jfL47/yHQsXrmlyY3URpQhNh1HzW7/jI78st
42AIRLMQxt34nOP0diUk/qJwPZNLdiBjBMfJcpfU2Z+9WoFq/fM905ilSQ4MSi9x
JdK6kf6zdXItaAd18uRmXX+FKNvVpb/6Eow=
-----END CERTIFICATE-----
Generated at Thu Mar 28 05:42:48 2024 by rpki-client on console-ams.rpki-client.org