Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e31302e302f32342d3234203d3e2034343334.roa
File:                     3230322e3135342e31302e302f32342d3234203d3e2034343334.roa (raw, json)
Hash identifier:          pnwu5dYlD3OB20NKuyrhB7Yn5CWVKSACtOFhy4ysI5I=
Subject key identifier:   F3:FA:4D:0A:F7:3B:FF:64:00:48:0F:98:31:D0:A9:55:1E:A9:4D:26
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       1B264CF15312D5EE972443627B43C0497654E8A4
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e31302e302f32342d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:24 +0000
ROA not before:           Wed 23 Jul 2025 10:57:24 +0000
ROA not after:            Wed 22 Jul 2026 11:02:24 +0000
asID:                     4434
IP address blocks:        202.154.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:26:4c:f1:53:12:d5:ee:97:24:43:62:7b:43:c0:49:76:54:e8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:24 2025 GMT
            Not After : Jul 22 11:02:24 2026 GMT
        Subject: CN=F3FA4D0AF73BFF6400480F9831D0A9551EA94D26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b5:d4:ec:79:12:20:c4:57:37:5d:4e:ec:bf:
                    4c:73:ac:d2:d7:78:ae:b2:35:ae:66:e4:85:16:f0:
                    04:12:68:12:dd:98:c9:2d:a3:9e:6d:30:ba:c9:ee:
                    2a:1d:98:47:99:6f:8b:24:06:4d:f9:e7:65:89:b3:
                    bd:71:61:48:0e:d3:13:9e:8b:26:89:3a:30:fc:bb:
                    d0:50:c8:eb:bb:78:0b:9b:c4:c1:46:72:a2:4a:3e:
                    82:6f:bb:e0:b1:59:bb:14:ec:48:f3:73:3c:02:4c:
                    86:97:c8:9b:36:1e:05:fd:13:02:21:b4:92:d3:29:
                    7f:fe:36:4d:d4:fd:8d:5f:55:4c:cd:a4:56:7d:f0:
                    4d:27:af:80:ab:ac:43:56:69:c4:d0:c5:c3:f8:b9:
                    ef:45:d5:a3:58:81:69:55:e7:dd:40:54:d4:71:9e:
                    ed:bf:22:14:5f:e4:76:9f:5b:69:e5:8c:87:b7:8a:
                    2c:40:9f:f2:19:79:e3:5c:23:c9:50:f4:a5:af:02:
                    a3:3c:3d:32:dc:b0:8d:3a:98:17:d2:8d:7f:f1:4e:
                    68:10:cc:44:2f:11:1f:ba:71:02:13:06:54:d8:38:
                    98:e5:7b:6c:44:3d:11:44:ac:c7:fa:f2:84:40:44:
                    46:14:1c:fd:fd:7c:2b:7a:e0:fb:8b:ac:2a:0a:80:
                    c3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:FA:4D:0A:F7:3B:FF:64:00:48:0F:98:31:D0:A9:55:1E:A9:4D:26
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e31302e302f32342d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:74:1a:3c:65:4f:c3:69:58:96:f7:01:ca:b9:bf:cd:d2:a0:
         48:2e:33:04:10:68:d6:94:99:19:47:5b:aa:02:f2:d1:88:2b:
         7a:4e:a0:f6:84:ec:db:3a:5b:93:06:a8:68:cd:ba:9b:e1:19:
         58:c6:9b:c8:27:4b:8c:5e:63:af:6c:7a:f7:02:36:a7:73:e5:
         7a:0c:5c:5e:36:14:0d:9f:50:61:60:99:32:22:45:ec:12:09:
         3c:e3:ea:fb:de:5d:1d:cd:5f:97:81:07:9d:6b:ae:74:48:c5:
         b4:ae:36:b2:7a:79:fd:16:c2:a7:c5:0e:8a:79:a8:8c:29:d5:
         7f:d7:ae:28:64:a4:e8:57:56:fd:da:50:4f:7c:a2:11:ff:f8:
         a3:4d:68:01:46:c6:95:c5:b2:a6:fa:f7:3b:6f:41:54:20:39:
         8c:03:b2:60:8f:c3:24:cc:04:aa:84:13:49:ce:b1:63:92:e5:
         45:40:7a:74:3f:fe:7d:09:06:0d:57:75:ff:e4:c5:7d:f8:c1:
         6e:13:1d:d5:00:f5:06:c9:55:88:c3:8b:ef:3b:69:52:fc:1d:
         5e:97:1b:bc:61:5c:b5:c5:28:c1:d9:1c:cf:3d:e5:06:1a:cf:
         23:45:1a:4d:c2:37:f0:85:2d:fe:e7:1d:91:34:11:9e:54:e1:
         0a:25:76:95
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUGyZM8VMS1e6XJENie0PASXZU6KQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjRaFw0yNjA3MjIxMTAyMjRaMDMxMTAvBgNV
BAMTKEYzRkE0RDBBRjczQkZGNjQwMDQ4MEY5ODMxRDBBOTU1MUVBOTREMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjtdTseRIgxFc3XU7sv0xzrNLX
eK6yNa5m5IUW8AQSaBLdmMkto55tMLrJ7iodmEeZb4skBk3552WJs71xYUgO0xOe
iyaJOjD8u9BQyOu7eAubxMFGcqJKPoJvu+CxWbsU7EjzczwCTIaXyJs2HgX9EwIh
tJLTKX/+Nk3U/Y1fVUzNpFZ98E0nr4CrrENWacTQxcP4ue9F1aNYgWlV591AVNRx
nu2/IhRf5HafW2nljIe3iixAn/IZeeNcI8lQ9KWvAqM8PTLcsI06mBfSjX/xTmgQ
zEQvER+6cQITBlTYOJjle2xEPRFErMf68oRAREYUHP39fCt64PuLrCoKgMMJAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQU8/pNCvc7/2QASA+YMdCpVR6pTSYwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzMTMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKmgowDQYJKoZIhvcN
AQELBQADggEBAB10GjxlT8NpWJb3Acq5v83SoEguMwQQaNaUmRlHW6oC8tGIK3pO
oPaE7Ns6W5MGqGjNupvhGVjGm8gnS4xeY69sevcCNqdz5XoMXF42FA2fUGFgmTIi
RewSCTzj6vveXR3NX5eBB51rrnRIxbSuNrJ6ef0WwqfFDop5qIwp1X/XrihkpOhX
Vv3aUE98ohH/+KNNaAFGxpXFsqb69ztvQVQgOYwDsmCPwyTMBKqEE0nOsWOS5UVA
enQ//n0JBg1Xdf/kxX34wW4THdUA9QbJVYjDi+87aVL8HV6XG7xhXLXFKMHZHM89
5QYazyNFGk3CN/CFLf7nHZE0EZ5U4QoldpU=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:13:08 2025 by rpki-client