Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137332e302f32342d3234203d3e203338373738.roa
File:                     3230332e3230312e3137332e302f32342d3234203d3e203338373738.roa (raw, json)
Hash identifier:          ZScTQO9s2jOK2aH8uhT7eHx1B+QcjjSHupAdPfkQUOE=
Subject key identifier:   C6:96:8E:73:B6:99:85:45:CD:E6:EA:7D:90:B8:45:9A:41:7D:A9:D7
Certificate issuer:       /CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
Certificate serial:       6638C24E4B1935253407B7AFBAA82AD0B71B2F0D
Authority key identifier: 09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137332e302f32342d3234203d3e203338373738.roa
Signing time:             Mon 31 Jul 2023 00:03:47 +0000
ROA not before:           Sun 30 Jul 2023 23:58:47 +0000
ROA not after:            Mon 29 Jul 2024 00:03:47 +0000
asID:                     38778
IP address blocks:        203.201.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl
                          rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 03:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:38:c2:4e:4b:19:35:25:34:07:b7:af:ba:a8:2a:d0:b7:1b:2f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
        Validity
            Not Before: Jul 30 23:58:47 2023 GMT
            Not After : Jul 29 00:03:47 2024 GMT
        Subject: CN=C6968E73B6998545CDE6EA7D90B8459A417DA9D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:96:27:50:05:ef:61:af:87:33:d9:99:59:47:
                    25:62:4b:53:b4:45:44:c5:ca:c4:c6:45:2f:5c:c0:
                    96:06:68:7e:92:ca:b5:58:64:ac:b3:0f:9a:21:33:
                    5d:8a:61:b6:cf:05:6e:1f:82:05:7e:1f:cb:bf:fb:
                    b6:45:d8:a1:88:9e:40:42:2f:33:b4:17:7a:80:0b:
                    97:eb:82:72:20:ae:51:34:67:33:3d:c3:86:77:d7:
                    21:c6:d1:94:20:ad:32:07:cd:ef:37:91:f8:ee:ff:
                    c0:09:63:74:b8:c4:50:80:f5:44:3b:09:c0:57:79:
                    09:8b:a7:63:c4:2e:f3:2b:5a:ef:b2:55:1c:01:a0:
                    d5:a6:9a:66:57:ae:2c:62:ef:9e:bf:a3:cb:30:59:
                    23:15:c8:a6:e6:ec:fe:f8:49:e8:5a:a9:9a:25:50:
                    4e:a7:90:c5:92:58:50:ea:cc:1b:01:91:bc:cb:34:
                    d5:6b:05:2f:92:dd:e4:f1:96:42:b4:e4:76:27:6a:
                    76:30:f9:d6:cb:c6:42:a4:a8:f7:fa:a4:3d:8b:1c:
                    b8:92:72:a5:6c:28:0c:f0:82:9e:f0:4b:53:2b:51:
                    58:62:fc:12:4d:51:b2:94:78:1b:0f:d9:0b:39:d1:
                    6b:bc:b2:12:90:b3:0e:86:b0:4e:3d:6d:94:f7:2c:
                    85:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:96:8E:73:B6:99:85:45:CD:E6:EA:7D:90:B8:45:9A:41:7D:A9:D7
            X509v3 Authority Key Identifier:
                keyid:09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137332e302f32342d3234203d3e203338373738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.201.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:07:98:63:52:6f:11:10:f9:2c:99:cf:e7:9d:71:95:8d:af:
         dc:47:96:b7:3d:f3:74:de:d0:0c:6a:24:66:4e:58:21:df:62:
         ba:37:20:57:ac:4c:cc:5d:d5:30:fd:b2:19:35:ea:06:36:65:
         86:5b:61:8e:8e:1f:25:dc:1d:a6:5b:b6:66:83:41:11:08:e4:
         0d:75:71:c8:e3:ce:3b:ed:92:27:31:a4:8e:fc:e4:7c:f8:de:
         13:cb:bf:b9:7f:69:97:96:3f:51:4a:a8:cf:82:03:bd:c0:83:
         86:08:6c:19:d3:dd:5c:4d:d2:aa:4e:04:28:12:17:eb:9f:d0:
         69:49:bd:e1:b3:58:9b:d8:5f:70:43:11:a0:a4:3d:7a:04:0c:
         9a:0f:d6:35:70:38:af:32:6f:1a:07:88:a1:b3:76:11:de:55:
         12:df:6f:6e:3f:b9:ed:08:3c:e7:c5:de:f9:78:32:63:84:7f:
         1d:d5:aa:46:a0:bf:45:14:74:7d:c3:dd:d3:c7:db:0b:a0:a6:
         14:2b:48:8b:ca:e4:bb:bb:87:f1:89:49:d4:6e:1c:49:0e:4e:
         a7:a7:87:94:90:45:8f:0b:56:70:eb:a0:bd:4c:e8:3d:36:5a:
         1b:1f:e2:1a:5d:34:44:d6:59:a1:51:84:7d:94:c6:89:73:9f:
         84:87:22:df
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUZjjCTksZNSU0B7evuqgq0LcbLw0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3
NjNDRjM2MTAeFw0yMzA3MzAyMzU4NDdaFw0yNDA3MjkwMDAzNDdaMDMxMTAvBgNV
BAMTKEM2OTY4RTczQjY5OTg1NDVDREU2RUE3RDkwQjg0NTlBNDE3REE5RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/lidQBe9hr4cz2ZlZRyViS1O0
RUTFysTGRS9cwJYGaH6SyrVYZKyzD5ohM12KYbbPBW4fggV+H8u/+7ZF2KGInkBC
LzO0F3qAC5frgnIgrlE0ZzM9w4Z31yHG0ZQgrTIHze83kfju/8AJY3S4xFCA9UQ7
CcBXeQmLp2PELvMrWu+yVRwBoNWmmmZXrixi756/o8swWSMVyKbm7P74SehaqZol
UE6nkMWSWFDqzBsBkbzLNNVrBS+S3eTxlkK05HYnanYw+dbLxkKkqPf6pD2LHLiS
cqVsKAzwgp7wS1MrUVhi/BJNUbKUeBsP2Qs50Wu8shKQsw6GsE49bZT3LIU5AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUxpaOc7aZhUXN5up9kLhFmkF9qdcwHwYDVR0j
BBgwFoAUCabx+k/FMta04TRi/CNMnHY882EwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
MzRlY2M0MC02Yjg0LTQ5ZTgtYjYwYi02ZTk5MDQxMjhjYTgvMC8wOUE2RjFGQTRG
QzUzMkQ2QjRFMTM0NjJGQzIzNEM5Qzc2M0NGMzYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3NjND
RjM2MS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2YzNGVjYzQwLTZiODQtNDllOC1i
NjBiLTZlOTkwNDEyOGNhOC8wLzMyMzAzMzJlMzIzMDMxMmUzMTM3MzMyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMzM4MzczNzM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy8mtMA0GCSqG
SIb3DQEBCwUAA4IBAQC8B5hjUm8REPksmc/nnXGVja/cR5a3PfN03tAMaiRmTlgh
32K6NyBXrEzMXdUw/bIZNeoGNmWGW2GOjh8l3B2mW7Zmg0ERCOQNdXHI48477ZIn
MaSO/OR8+N4Ty7+5f2mXlj9RSqjPggO9wIOGCGwZ091cTdKqTgQoEhfrn9BpSb3h
s1ib2F9wQxGgpD16BAyaD9Y1cDivMm8aB4ihs3YR3lUS329uP7ntCDznxd75eDJj
hH8d1apGoL9FFHR9w93Tx9sLoKYUK0iLyuS7u4fxiUnUbhxJDk6np4eUkEWPC1Zw
66C9TOg9NlobH+IaXTRE1lmhUYR9lMaJc5+EhyLf
-----END CERTIFICATE-----
Generated at Thu Mar 28 05:42:48 2024 by rpki-client on console-ams.rpki-client.org