Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e302e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e302e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          TW2qfwk3IyXXvVlUvaAuu++R07uPcCvy5DroHQeD+Lk=
Subject key identifier:   38:7E:84:B4:18:79:8B:4A:19:6C:AA:5A:93:DE:31:9C:EF:CD:80:4B
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       64BEE7D798D884D65A6A27A09498CB7404CA4077
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e302e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:24 +0000
ROA not before:           Wed 23 Jul 2025 10:57:24 +0000
ROA not after:            Wed 22 Jul 2026 11:02:24 +0000
asID:                     4434
IP address blocks:        202.154.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:be:e7:d7:98:d8:84:d6:5a:6a:27:a0:94:98:cb:74:04:ca:40:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:24 2025 GMT
            Not After : Jul 22 11:02:24 2026 GMT
        Subject: CN=387E84B418798B4A196CAA5A93DE319CEFCD804B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:99:28:4f:87:2f:e4:ff:22:9c:b5:df:e7:21:
                    ac:07:03:2d:0e:3f:2c:23:a7:5e:81:d4:ab:5d:a3:
                    be:44:83:62:8a:60:9e:86:21:e6:94:e9:9d:f2:29:
                    7a:ac:17:d0:0b:39:be:ad:24:72:ec:93:06:8a:f2:
                    85:e5:60:a3:e1:47:01:7d:66:d4:2e:8a:f1:45:c1:
                    c5:04:ba:b3:9d:d2:77:c2:ce:43:fb:33:e4:83:36:
                    3e:89:13:4c:fc:c5:4e:5a:2c:a8:f0:95:9e:30:02:
                    8f:a9:81:0a:9d:a3:8d:0f:8a:af:00:7e:d9:90:24:
                    4b:8c:9d:78:2d:63:17:42:1e:8d:ab:22:f3:dc:71:
                    2a:df:c5:08:99:d6:84:ae:75:cb:3d:e3:bd:6c:e4:
                    5c:8c:94:00:57:9b:4d:e5:f7:49:b1:ff:d0:b4:4e:
                    9b:4d:3f:d1:6c:e4:26:bb:d1:98:a5:e4:ad:e9:a9:
                    cf:22:28:2c:ae:c1:da:64:6e:ea:da:11:78:91:fe:
                    ad:81:12:c5:31:33:4d:8b:d1:39:68:0f:4c:fc:bc:
                    dc:e2:84:7b:21:f3:43:16:09:c4:75:5f:59:b1:b9:
                    da:10:9c:d1:74:27:81:cc:74:db:f0:d9:c7:a3:b9:
                    e4:aa:77:80:c9:35:11:0c:e9:d8:ae:63:4e:67:d2:
                    89:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:7E:84:B4:18:79:8B:4A:19:6C:AA:5A:93:DE:31:9C:EF:CD:80:4B
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e302e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:ff:46:70:00:9f:a7:a2:c5:f4:93:c6:45:72:7c:44:08:a7:
         d5:9a:dc:22:c5:56:65:0d:61:56:1e:6d:17:b0:8f:7c:ee:17:
         22:b2:93:4b:14:bc:a9:7f:8a:8d:6a:ae:87:be:83:cc:f7:7c:
         f4:f0:d8:7f:9f:4b:38:be:96:c4:6e:8f:bc:6c:aa:de:df:89:
         4c:8c:4c:56:ca:55:ea:47:6f:c2:8d:8c:08:fc:f8:2d:f4:0f:
         1d:9d:88:4b:c0:c9:6c:1a:b5:5e:1d:24:6f:83:72:6e:45:73:
         09:b1:61:d5:d8:2a:c5:13:22:a1:fd:f4:71:e0:07:27:6c:1e:
         87:2f:dc:2a:5b:db:f6:88:8d:fb:46:33:03:3e:b5:0c:ba:b0:
         70:34:9a:87:3b:20:a0:d3:64:f6:90:c9:03:fb:a6:10:89:41:
         7a:0a:e2:31:84:77:5b:b7:9d:36:7c:0d:32:22:d7:be:8c:02:
         de:16:87:e0:4f:93:9f:fa:33:cc:c0:25:9a:7c:dc:9b:e3:22:
         3f:1d:66:03:8c:e0:89:10:08:50:a9:0e:3a:17:05:1f:fb:40:
         f9:08:25:e1:a1:c8:fd:ec:66:63:c9:3d:fe:91:b2:cd:4d:5a:
         70:88:fc:6d:5c:ef:a9:15:43:be:b6:14:dc:79:67:c5:10:39:
         ff:e4:85:83
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUZL7n15jYhNZaaieglJjLdATKQHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjRaFw0yNjA3MjIxMTAyMjRaMDMxMTAvBgNV
BAMTKDM4N0U4NEI0MTg3OThCNEExOTZDQUE1QTkzREUzMTlDRUZDRDgwNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4mShPhy/k/yKctd/nIawHAy0O
Pywjp16B1Ktdo75Eg2KKYJ6GIeaU6Z3yKXqsF9ALOb6tJHLskwaK8oXlYKPhRwF9
ZtQuivFFwcUEurOd0nfCzkP7M+SDNj6JE0z8xU5aLKjwlZ4wAo+pgQqdo40Piq8A
ftmQJEuMnXgtYxdCHo2rIvPccSrfxQiZ1oSudcs9471s5FyMlABXm03l90mx/9C0
TptNP9Fs5Ca70Zil5K3pqc8iKCyuwdpkburaEXiR/q2BEsUxM02L0TloD0z8vNzi
hHsh80MWCcR1X1mxudoQnNF0J4HMdNvw2cejueSqd4DJNREM6diuY05n0oknAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUOH6EtBh5i0oZbKpak94xnO/NgEswHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vNWMwYzE0YTktM2E3Ny00OWUyLTkx
OTQtNDhkMDkxMzQ1OGIyLzAvMzIzMDMyMmUzMTM1MzQyZTMwMmUzMDJmMzIzMzJk
MzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmgAwDQYJKoZIhvcNAQEL
BQADggEBABH/RnAAn6eixfSTxkVyfEQIp9Wa3CLFVmUNYVYebRewj3zuFyKyk0sU
vKl/io1qroe+g8z3fPTw2H+fSzi+lsRuj7xsqt7fiUyMTFbKVepHb8KNjAj8+C30
Dx2diEvAyWwatV4dJG+Dcm5FcwmxYdXYKsUTIqH99HHgBydsHocv3Cpb2/aIjftG
MwM+tQy6sHA0moc7IKDTZPaQyQP7phCJQXoK4jGEd1u3nTZ8DTIi176MAt4Wh+BP
k5/6M8zAJZp83JvjIj8dZgOM4IkQCFCpDjoXBR/7QPkIJeGhyP3sZmPJPf6Rss1N
WnCI/G1c76kVQ762FNx5Z8UQOf/khYM=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:13:02 2025 by rpki-client