Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e32342e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e32342e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          h2s96Qstcyq7E0bAgUdcFLvK8+Ts47MJxuRaUmmKHN8=
Subject key identifier:   1A:B5:FE:73:FB:8A:EE:0F:19:09:3C:E1:B9:07:BD:56:3C:62:F5:7A
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       1B868908B9526148824DB27AFAB8B712CD1CC6C5
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e32342e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:23 +0000
ROA not before:           Wed 23 Jul 2025 10:57:23 +0000
ROA not after:            Wed 22 Jul 2026 11:02:23 +0000
asID:                     4434
IP address blocks:        202.154.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:86:89:08:b9:52:61:48:82:4d:b2:7a:fa:b8:b7:12:cd:1c:c6:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:23 2025 GMT
            Not After : Jul 22 11:02:23 2026 GMT
        Subject: CN=1AB5FE73FB8AEE0F19093CE1B907BD563C62F57A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cb:4b:91:e8:df:bc:a7:a4:de:d2:b7:13:cc:
                    d4:4a:73:5e:0c:97:c3:65:1b:02:42:1f:31:ce:32:
                    61:48:40:51:58:40:99:b8:a9:c6:ea:9e:bc:a9:a5:
                    37:0f:c9:f7:20:7f:fe:f6:0f:9f:96:be:27:e4:13:
                    4a:e9:f1:b2:34:26:df:b9:1a:ed:d5:bd:6c:8b:65:
                    45:20:c0:b8:8b:be:1d:24:af:a5:9d:e0:81:45:e2:
                    03:28:2e:4f:64:bb:22:12:29:96:98:23:c2:e3:40:
                    d3:af:88:09:ec:08:19:81:38:ae:56:c6:8b:f4:56:
                    87:98:63:93:e1:92:8f:5f:47:b5:1e:b2:fb:32:91:
                    24:bb:99:99:d5:ed:a4:bd:aa:a1:57:f5:06:53:11:
                    30:ce:67:c4:4d:c3:e4:df:56:09:64:fb:2c:b6:7f:
                    da:be:57:bc:07:8d:19:6c:f9:3d:9a:d9:6f:a5:72:
                    ab:31:22:3e:65:b5:27:45:77:b9:08:aa:d9:ec:da:
                    12:36:61:9b:34:7f:de:3d:91:41:dd:6b:a6:3e:fd:
                    e2:88:18:9d:bd:96:6d:f8:2c:6a:4a:80:30:f3:c1:
                    cd:1f:e0:43:33:9c:3f:49:ee:32:b9:11:3a:35:2b:
                    c0:c5:4d:2c:f1:63:71:e8:01:0d:e0:e8:18:c8:63:
                    58:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:B5:FE:73:FB:8A:EE:0F:19:09:3C:E1:B9:07:BD:56:3C:62:F5:7A
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e32342e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:17:1b:81:2c:30:a3:97:7e:3a:d8:b0:fc:d1:96:40:6d:1b:
         d4:51:5e:59:b3:23:bd:04:c6:31:b5:7b:c7:d7:0e:b9:72:aa:
         f3:a5:90:ee:c2:8f:96:91:98:5e:50:6d:9b:74:56:44:ce:ed:
         6a:3c:f7:8d:2c:2c:42:9a:14:96:db:7d:53:cd:64:b1:6d:6f:
         98:7d:59:93:06:7d:ef:37:26:e0:da:2d:47:ae:d5:be:ab:72:
         c1:fd:e3:86:fe:26:c9:c5:d7:55:ec:72:c4:21:31:8b:b7:c6:
         4c:a5:39:23:80:8c:d8:c9:dc:08:ec:0c:58:e4:35:5e:52:f8:
         f2:80:e7:e6:06:b6:d7:49:58:a4:35:28:2e:1a:e4:05:24:38:
         27:dc:51:f1:5f:96:45:72:3b:2c:12:91:ff:bd:f9:ef:ae:d5:
         af:4d:6f:f6:cd:4a:40:e2:27:71:a5:3b:21:43:75:e2:87:26:
         20:32:31:9f:d9:46:b2:f6:39:3e:12:02:51:04:b0:d8:ae:9b:
         e0:fe:c9:4d:03:65:da:a8:69:74:2e:8b:ed:f4:1d:dc:b7:12:
         dc:e2:91:bd:af:95:90:40:e6:c0:44:00:c5:80:9b:5f:31:e7:
         59:63:2d:9f:2d:13:b4:df:b9:84:59:af:1d:ce:67:01:24:2f:
         b8:2b:ce:35
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUG4aJCLlSYUiCTbJ6+ri3Es0cxsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjNaFw0yNjA3MjIxMTAyMjNaMDMxMTAvBgNV
BAMTKDFBQjVGRTczRkI4QUVFMEYxOTA5M0NFMUI5MDdCRDU2M0M2MkY1N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyy0uR6N+8p6Te0rcTzNRKc14M
l8NlGwJCHzHOMmFIQFFYQJm4qcbqnryppTcPyfcgf/72D5+WvifkE0rp8bI0Jt+5
Gu3VvWyLZUUgwLiLvh0kr6Wd4IFF4gMoLk9kuyISKZaYI8LjQNOviAnsCBmBOK5W
xov0VoeYY5Phko9fR7UesvsykSS7mZnV7aS9qqFX9QZTETDOZ8RNw+TfVglk+yy2
f9q+V7wHjRls+T2a2W+lcqsxIj5ltSdFd7kIqtns2hI2YZs0f949kUHda6Y+/eKI
GJ29lm34LGpKgDDzwc0f4EMznD9J7jK5ETo1K8DFTSzxY3HoAQ3g6BjIY1hhAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUGrX+c/uK7g8ZCTzhuQe9Vjxi9XowHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzMjM0MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmhgwDQYJKoZIhvcN
AQELBQADggEBAGEXG4EsMKOXfjrYsPzRlkBtG9RRXlmzI70ExjG1e8fXDrlyqvOl
kO7Cj5aRmF5QbZt0VkTO7Wo8940sLEKaFJbbfVPNZLFtb5h9WZMGfe83JuDaLUeu
1b6rcsH944b+JsnF11XscsQhMYu3xkylOSOAjNjJ3AjsDFjkNV5S+PKA5+YGttdJ
WKQ1KC4a5AUkOCfcUfFflkVyOywSkf+9+e+u1a9Nb/bNSkDiJ3GlOyFDdeKHJiAy
MZ/ZRrL2OT4SAlEEsNium+D+yU0DZdqoaXQui+30Hdy3Etzikb2vlZBA5sBEAMWA
m18x51ljLZ8tE7TfuYRZrx3OZwEkL7grzjU=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:31 2025 by rpki-client