Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137342e302f32342d3234203d3e203338373738.roa
File:                     3230332e3230312e3137342e302f32342d3234203d3e203338373738.roa (raw, json)
Hash identifier:          opnxGZEN/Av25N2GhQcFKgXSrYzwXR0C3I7dWoLQWew=
Subject key identifier:   87:C4:49:F2:96:28:C3:DB:89:AE:3F:C3:FD:A1:AC:9B:7A:89:75:CC
Certificate issuer:       /CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
Certificate serial:       21248EB357C5F9C0698B8DFD1BC9744C7386D2AE
Authority key identifier: 09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137342e302f32342d3234203d3e203338373738.roa
Signing time:             Mon 31 Jul 2023 00:03:45 +0000
ROA not before:           Sun 30 Jul 2023 23:58:45 +0000
ROA not after:            Mon 29 Jul 2024 00:03:45 +0000
asID:                     38778
IP address blocks:        203.201.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl
                          rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 03:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:24:8e:b3:57:c5:f9:c0:69:8b:8d:fd:1b:c9:74:4c:73:86:d2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09A6F1FA4FC532D6B4E13462FC234C9C763CF361
        Validity
            Not Before: Jul 30 23:58:45 2023 GMT
            Not After : Jul 29 00:03:45 2024 GMT
        Subject: CN=87C449F29628C3DB89AE3FC3FDA1AC9B7A8975CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f1:a6:5d:2c:da:68:6f:8d:37:ea:c7:b2:a9:
                    2c:40:df:eb:12:5d:44:0b:cd:70:4e:70:14:8f:c4:
                    3c:0b:8c:62:ee:4c:fc:9d:f5:73:80:fe:23:bc:c3:
                    a7:d4:7c:f1:85:72:55:e0:9a:01:c6:07:5b:d9:b0:
                    e7:e5:59:79:2f:6b:0e:3a:a7:2c:e0:9c:6f:31:49:
                    37:b6:9d:45:b6:0a:7d:11:ce:2c:9a:96:c9:59:89:
                    26:1e:de:de:71:20:76:e2:19:1e:a0:e8:58:27:ce:
                    25:29:95:19:ee:cc:47:3a:34:b6:dd:31:21:fd:1e:
                    c5:8b:63:78:43:e2:00:5c:69:a2:b6:43:1d:0a:da:
                    4a:7f:e7:9d:00:85:de:1b:dc:93:4f:96:db:98:db:
                    1f:05:cf:b9:fa:ff:3c:dc:5c:0b:2f:0d:6c:bb:b7:
                    25:99:15:9a:01:25:58:1d:b6:7e:59:34:b3:f7:1f:
                    92:72:6b:43:c3:50:6a:63:b6:0d:60:98:17:9b:b9:
                    7f:91:e0:a5:78:67:a4:8c:2a:a5:75:e0:ea:47:59:
                    2e:b7:d5:99:32:b7:a1:df:82:53:1e:e1:99:a9:98:
                    c9:dc:d0:3a:c0:2e:9b:07:54:e5:7a:5a:62:95:7d:
                    9f:98:44:a5:4c:72:d1:54:0d:1f:74:b3:79:69:ef:
                    13:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C4:49:F2:96:28:C3:DB:89:AE:3F:C3:FD:A1:AC:9B:7A:89:75:CC
            X509v3 Authority Key Identifier:
                keyid:09:A6:F1:FA:4F:C5:32:D6:B4:E1:34:62:FC:23:4C:9C:76:3C:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/09A6F1FA4FC532D6B4E13462FC234C9C763CF361.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f34ecc40-6b84-49e8-b60b-6e9904128ca8/0/3230332e3230312e3137342e302f32342d3234203d3e203338373738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.201.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:27:1a:13:18:3c:59:e0:68:91:b3:9a:38:2a:8e:61:8b:73:
         d7:43:99:f1:bd:d3:68:da:5b:5b:aa:b5:78:25:2b:bb:a7:7f:
         c7:42:fc:a3:13:ea:e8:15:2e:f3:e8:d1:33:d9:c0:a4:5c:31:
         0a:0e:bf:36:db:8c:e2:7f:7c:69:8d:b1:e5:5d:e4:1c:7e:a2:
         8d:04:a5:57:dc:27:a2:28:24:f2:e6:88:a2:ce:f2:ad:b6:32:
         6e:02:71:fb:82:f2:95:a7:d0:a5:22:32:aa:1f:23:c2:ac:30:
         1a:9d:e2:d9:e8:1c:81:57:d2:d4:7e:68:31:d2:d0:4a:76:cd:
         34:62:9b:f3:e6:17:13:a1:4c:eb:61:b5:3a:84:69:b5:9c:f5:
         70:fd:c2:92:c3:5d:ad:29:ce:d3:fc:2f:3e:61:df:84:0c:e6:
         9b:f0:77:13:cf:8c:c2:7b:cb:d2:d7:28:8d:0d:c3:1c:cc:1c:
         88:0a:13:dc:e3:eb:f5:cf:33:ba:4e:89:65:3e:37:7c:6c:0b:
         61:c4:d7:01:12:3b:a8:85:c9:c8:5e:14:ff:e3:e3:e4:6f:e3:
         b4:06:8f:44:33:40:09:f2:ec:f7:40:49:9b:19:85:90:92:bd:
         97:9d:bd:38:aa:d1:db:eb:28:2b:03:d9:db:f4:6c:ab:cf:0d:
         04:33:1a:59
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUISSOs1fF+cBpi439G8l0THOG0q4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3
NjNDRjM2MTAeFw0yMzA3MzAyMzU4NDVaFw0yNDA3MjkwMDAzNDVaMDMxMTAvBgNV
BAMTKDg3QzQ0OUYyOTYyOEMzREI4OUFFM0ZDM0ZEQTFBQzlCN0E4OTc1Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu8aZdLNpob4036seyqSxA3+sS
XUQLzXBOcBSPxDwLjGLuTPyd9XOA/iO8w6fUfPGFclXgmgHGB1vZsOflWXkvaw46
pyzgnG8xSTe2nUW2Cn0RziyalslZiSYe3t5xIHbiGR6g6FgnziUplRnuzEc6NLbd
MSH9HsWLY3hD4gBcaaK2Qx0K2kp/550Ahd4b3JNPltuY2x8Fz7n6/zzcXAsvDWy7
tyWZFZoBJVgdtn5ZNLP3H5Jya0PDUGpjtg1gmBebuX+R4KV4Z6SMKqV14OpHWS63
1Zkyt6HfglMe4ZmpmMnc0DrALpsHVOV6WmKVfZ+YRKVMctFUDR90s3lp7xMnAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUh8RJ8pYow9uJrj/D/aGsm3qJdcwwHwYDVR0j
BBgwFoAUCabx+k/FMta04TRi/CNMnHY882EwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
MzRlY2M0MC02Yjg0LTQ5ZTgtYjYwYi02ZTk5MDQxMjhjYTgvMC8wOUE2RjFGQTRG
QzUzMkQ2QjRFMTM0NjJGQzIzNEM5Qzc2M0NGMzYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDlBNkYxRkE0RkM1MzJENkI0RTEzNDYyRkMyMzRDOUM3NjND
RjM2MS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2YzNGVjYzQwLTZiODQtNDllOC1i
NjBiLTZlOTkwNDEyOGNhOC8wLzMyMzAzMzJlMzIzMDMxMmUzMTM3MzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMzM4MzczNzM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy8muMA0GCSqG
SIb3DQEBCwUAA4IBAQAPJxoTGDxZ4GiRs5o4Ko5hi3PXQ5nxvdNo2ltbqrV4JSu7
p3/HQvyjE+roFS7z6NEz2cCkXDEKDr8224zif3xpjbHlXeQcfqKNBKVX3CeiKCTy
5oiizvKttjJuAnH7gvKVp9ClIjKqHyPCrDAaneLZ6ByBV9LUfmgx0tBKds00Ypvz
5hcToUzrYbU6hGm1nPVw/cKSw12tKc7T/C8+Yd+EDOab8HcTz4zCe8vS1yiNDcMc
zByIChPc4+v1zzO6TollPjd8bAthxNcBEjuohcnIXhT/4+Pkb+O0Bo9EM0AJ8uz3
QEmbGYWQkr2Xnb04qtHb6ygrA9nb9Gyrzw0EMxpZ
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:01:00 2024 by rpki-client on console-fra.rpki-client.org