Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e382e302f32342d3234203d3e203338373738.roa
File:                     3230322e3134382e382e302f32342d3234203d3e203338373738.roa (raw, json)
Hash identifier:          qoQ63Xk0HmA8UgicrXwrgIbIIWc8/IBphPqfDnwdoIA=
Subject key identifier:   66:60:6B:17:BE:D2:D1:8F:AB:2C:E6:D9:A3:0E:22:14:D9:14:12:07
Certificate issuer:       /CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
Certificate serial:       44F40EA3C70C4738A392AEE4981174B508401530
Authority key identifier: 09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e382e302f32342d3234203d3e203338373738.roa
Signing time:             Mon 31 Jul 2023 00:03:45 +0000
ROA not before:           Sun 30 Jul 2023 23:58:45 +0000
ROA not after:            Mon 29 Jul 2024 00:03:45 +0000
asID:                     38778
IP address blocks:        202.148.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl
                          rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 03:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f4:0e:a3:c7:0c:47:38:a3:92:ae:e4:98:11:74:b5:08:40:15:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
        Validity
            Not Before: Jul 30 23:58:45 2023 GMT
            Not After : Jul 29 00:03:45 2024 GMT
        Subject: CN=66606B17BED2D18FAB2CE6D9A30E2214D9141207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1a:f6:9e:92:99:b9:6f:38:1d:f9:bc:7a:52:
                    23:4e:98:33:87:1b:3f:a7:75:a0:c1:c8:a9:41:7a:
                    40:c4:62:87:4f:73:b2:09:43:77:49:25:4a:5c:79:
                    43:e0:da:0c:23:05:41:3a:75:57:41:77:42:3a:19:
                    55:d8:8f:a5:0b:76:a6:18:57:d7:a2:ef:c0:b4:b1:
                    33:98:2b:9b:12:ea:44:43:32:be:36:2c:c8:7c:8d:
                    9a:c1:3f:12:a3:7c:90:05:87:9d:b5:3d:25:6b:0f:
                    2b:b8:a3:59:92:b3:3c:fe:50:a2:05:9e:0a:15:8d:
                    e7:a6:3f:e0:3a:4a:0f:07:ab:31:af:62:0d:9c:64:
                    24:79:63:7e:8b:43:f9:c7:77:4f:1f:1c:de:ac:af:
                    fa:32:d1:92:e9:d6:4a:91:76:9d:84:d6:b7:05:29:
                    c9:30:f0:15:9d:c2:a8:32:c2:a9:33:b0:ab:a8:ad:
                    c7:c0:76:d4:13:35:40:9f:64:ca:f7:23:9b:35:2c:
                    02:e2:b5:b5:ef:32:ab:88:0d:1f:ff:ae:29:9a:3b:
                    51:96:6d:15:95:09:f9:92:f7:a9:bc:fd:e9:8c:d4:
                    f2:5b:73:9a:c6:01:2a:4c:e7:05:3d:cf:29:84:1d:
                    62:e4:78:f4:ca:e6:08:49:ec:96:b9:85:b6:75:2b:
                    1c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:60:6B:17:BE:D2:D1:8F:AB:2C:E6:D9:A3:0E:22:14:D9:14:12:07
            X509v3 Authority Key Identifier:
                keyid:09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230322e3134382e382e302f32342d3234203d3e203338373738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.148.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:e5:f1:f5:74:16:02:b6:6b:bc:2e:8d:97:a5:15:51:0a:eb:
         70:79:68:19:c6:f7:10:6f:67:d7:6e:6b:87:e4:1d:1b:bb:85:
         24:ce:66:8b:85:9c:ac:79:22:ba:52:c6:2b:17:87:35:6f:3d:
         30:b0:06:de:4d:25:a2:77:ee:ea:0b:68:8d:28:42:2e:8f:5e:
         42:39:2c:1e:b2:bb:d1:46:a3:9d:b0:7c:3f:b7:6a:9f:b7:40:
         df:78:bb:30:ff:14:2a:2d:fe:05:f1:70:e5:25:f7:c2:79:0b:
         30:32:91:d9:fa:b6:ad:f6:de:4e:59:31:7b:eb:91:c1:d4:7f:
         b9:86:4e:c3:58:2f:55:68:17:64:b6:75:0f:11:3d:f8:b6:bf:
         77:31:c1:83:93:34:6d:cc:8b:ae:2f:ff:2c:69:e7:b6:32:0d:
         a6:49:05:84:1a:e4:93:58:05:45:83:57:57:d1:47:56:6b:e9:
         07:20:d7:77:19:fe:30:fb:e5:d9:c4:89:a5:56:ba:17:bd:0a:
         87:fe:ab:10:24:47:c0:4e:2c:e1:82:8d:3a:e6:6d:cc:3d:88:
         71:b2:02:f7:aa:0d:e0:18:6f:ef:29:d2:28:b8:d1:46:3c:6e:
         5d:09:2b:31:78:05:21:8b:ac:d2:3c:8f:34:ca:e6:e1:c6:c4:
         d3:02:6b:44
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIURPQOo8cMRzijkq7kmBF0tQhAFTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3
NjNDRjM2MTAeFw0yMzA3MzAyMzU4NDVaFw0yNDA3MjkwMDAzNDVaMDMxMTAvBgNV
BAMTKDY2NjA2QjE3QkVEMkQxOEZBQjJDRTZEOUEzMEUyMjE0RDkxNDEyMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJGvaekpm5bzgd+bx6UiNOmDOH
Gz+ndaDByKlBekDEYodPc7IJQ3dJJUpceUPg2gwjBUE6dVdBd0I6GVXYj6ULdqYY
V9ei78C0sTOYK5sS6kRDMr42LMh8jZrBPxKjfJAFh521PSVrDyu4o1mSszz+UKIF
ngoVjeemP+A6Sg8HqzGvYg2cZCR5Y36LQ/nHd08fHN6sr/oy0ZLp1kqRdp2E1rcF
Kckw8BWdwqgywqkzsKuorcfAdtQTNUCfZMr3I5s1LALitbXvMquIDR//rimaO1GW
bRWVCfmS96m8/emM1PJbc5rGASpM5wU9zymEHWLkePTK5ghJ7Ja5hbZ1KxyFAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUZmBrF77S0Y+rLObZow4iFNkUEgcwHwYDVR0j
BBgwFoAUCabx+k/FMta04TRi/CNMnHY882EwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
MzRlY2M0MC02Yjg0LTQ5ZTgtYjYwYi02ZTk5MDQxMjhjYTgvMC8wOUE2RjFGQTRG
QzUzMkQ2QjRFMTM0NjJGQzIzNEM5Qzc2M0NGMzYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3NjND
RjM2MS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2YzNGVjYzQwLTZiODQtNDllOC1i
NjBiLTZlOTkwNDEyOGNhOC8wLzMyMzAzMjJlMzEzNDM4MmUzODJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMzMzgzNzM3Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKlAgwDQYJKoZIhvcN
AQELBQADggEBAIvl8fV0FgK2a7wujZelFVEK63B5aBnG9xBvZ9dua4fkHRu7hSTO
ZouFnKx5IrpSxisXhzVvPTCwBt5NJaJ37uoLaI0oQi6PXkI5LB6yu9FGo52wfD+3
ap+3QN94uzD/FCot/gXxcOUl98J5CzAykdn6tq323k5ZMXvrkcHUf7mGTsNYL1Vo
F2S2dQ8RPfi2v3cxwYOTNG3Mi64v/yxp57YyDaZJBYQa5JNYBUWDV1fRR1Zr6Qcg
13cZ/jD75dnEiaVWuhe9Cof+qxAkR8BOLOGCjTrmbcw9iHGyAveqDeAYb+8p0ii4
0UY8bl0JKzF4BSGLrNI8jzTK5uHGxNMCa0Q=
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:01:00 2024 by rpki-client on console-fra.rpki-client.org