Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33302e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e33302e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          m2nps6x8EfBgsrcE+Om9IhpeYnfvgVJdaRLu8yl2PQk=
Subject key identifier:   74:94:FD:4D:0B:30:FF:22:7D:1E:4A:A9:DD:50:2F:97:26:A2:EF:DB
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       13EAA938CB1BB532F11B76979FF149FE6B065856
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33302e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:26 +0000
ROA not before:           Wed 23 Jul 2025 10:57:26 +0000
ROA not after:            Wed 22 Jul 2026 11:02:26 +0000
asID:                     4434
IP address blocks:        202.154.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ea:a9:38:cb:1b:b5:32:f1:1b:76:97:9f:f1:49:fe:6b:06:58:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:26 2025 GMT
            Not After : Jul 22 11:02:26 2026 GMT
        Subject: CN=7494FD4D0B30FF227D1E4AA9DD502F9726A2EFDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2f:a7:f2:26:bf:a1:a3:b9:96:17:7b:48:3d:
                    0b:b5:4a:c1:fe:b6:a5:90:b5:a9:13:51:32:c2:f0:
                    04:a2:d9:69:cf:2a:c1:69:69:d5:52:7a:08:d2:bf:
                    6b:8b:ea:b4:18:ea:8e:e1:f6:78:26:c2:58:09:51:
                    39:f1:15:e2:68:ca:76:83:93:d7:8c:c8:96:01:af:
                    86:50:6e:0c:5e:9e:89:c0:99:4b:36:fd:54:50:d3:
                    2f:f9:91:7b:46:5a:43:0b:fc:ea:8d:e8:cc:ed:e8:
                    b6:fd:a7:db:00:49:aa:00:b4:15:47:14:aa:a6:00:
                    ac:28:0a:20:23:87:33:43:8e:05:4f:bf:61:3f:7b:
                    53:fd:47:4d:fa:a2:4b:b0:29:ee:82:68:ab:06:1f:
                    dc:f3:ae:29:27:80:51:ff:40:b5:4f:4d:b6:62:5e:
                    a2:45:fd:46:53:b5:75:2f:bf:a4:b1:e5:55:7c:d9:
                    1d:ec:6e:38:2c:cb:60:ef:9a:ab:45:6e:38:6e:31:
                    22:26:f4:2a:39:3b:4e:f0:e6:e1:f3:fa:6a:6a:d1:
                    03:75:35:e7:06:33:d2:ab:58:07:03:5e:01:0b:d1:
                    ea:0b:a2:2e:60:a8:da:57:07:26:f7:02:40:46:6b:
                    6e:a8:51:19:7a:7b:b5:20:ce:38:2b:e7:45:89:98:
                    7d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:94:FD:4D:0B:30:FF:22:7D:1E:4A:A9:DD:50:2F:97:26:A2:EF:DB
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33302e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:31:a9:e4:b2:6f:09:36:9b:63:9d:e5:f2:87:99:84:c2:2e:
         a5:ae:5b:f1:8c:cf:93:5c:d5:8d:c7:5b:ad:a2:df:3e:4f:8c:
         b3:b6:44:81:fa:5c:b4:2d:14:e6:e3:4e:ff:8d:f7:d9:e9:21:
         74:e0:5e:b5:4d:87:7a:4f:43:f7:bd:d1:62:61:fc:fb:e4:e7:
         84:d3:2c:25:82:ed:ef:c3:82:56:de:10:0c:bf:ce:ac:04:f0:
         7f:59:c6:72:06:b0:5b:14:ee:83:04:2c:f9:5c:43:f4:10:77:
         2e:4a:be:eb:55:cb:45:35:0d:cf:21:5f:94:ce:23:57:fa:e6:
         65:1f:fc:b0:ae:2e:61:a1:72:bb:37:1f:29:8d:fd:02:9a:c9:
         03:3b:49:69:f0:af:7d:69:10:ba:c2:18:96:34:1b:3f:db:39:
         49:6e:29:fb:13:d8:6d:f5:8b:9f:24:77:cc:8b:b6:a2:27:4e:
         92:ad:8d:c9:4b:a0:a5:5a:7a:a3:27:da:2a:04:cd:0c:50:97:
         f6:75:8e:d6:8e:13:f3:8a:d1:a1:bc:71:2f:14:a6:a1:da:c7:
         e7:ef:8c:aa:8b:04:01:b9:e5:4b:3e:d8:79:d9:a4:16:3d:b8:
         81:2d:ee:c8:ff:10:2d:bc:22:82:62:5d:ee:8a:7e:10:f4:93:
         3c:e2:08:b5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUE+qpOMsbtTLxG3aXn/FJ/msGWFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjZaFw0yNjA3MjIxMTAyMjZaMDMxMTAvBgNV
BAMTKDc0OTRGRDREMEIzMEZGMjI3RDFFNEFBOURENTAyRjk3MjZBMkVGREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUL6fyJr+ho7mWF3tIPQu1SsH+
tqWQtakTUTLC8ASi2WnPKsFpadVSegjSv2uL6rQY6o7h9ngmwlgJUTnxFeJoynaD
k9eMyJYBr4ZQbgxenonAmUs2/VRQ0y/5kXtGWkML/OqN6Mzt6Lb9p9sASaoAtBVH
FKqmAKwoCiAjhzNDjgVPv2E/e1P9R036okuwKe6CaKsGH9zzrikngFH/QLVPTbZi
XqJF/UZTtXUvv6Sx5VV82R3sbjgsy2DvmqtFbjhuMSIm9Co5O07w5uHz+mpq0QN1
NecGM9KrWAcDXgEL0eoLoi5gqNpXByb3AkBGa26oURl6e7Ugzjgr50WJmH3dAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUdJT9TQsw/yJ9Hkqp3VAvlyai79swHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzMzMwMmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmh4wDQYJKoZIhvcN
AQELBQADggEBABkxqeSybwk2m2Od5fKHmYTCLqWuW/GMz5Nc1Y3HW62i3z5PjLO2
RIH6XLQtFObjTv+N99npIXTgXrVNh3pPQ/e90WJh/Pvk54TTLCWC7e/DglbeEAy/
zqwE8H9ZxnIGsFsU7oMELPlcQ/QQdy5KvutVy0U1Dc8hX5TOI1f65mUf/LCuLmGh
crs3HymN/QKayQM7SWnwr31pELrCGJY0Gz/bOUluKfsT2G31i58kd8yLtqInTpKt
jclLoKVaeqMn2ioEzQxQl/Z1jtaOE/OK0aG8cS8UpqHax+fvjKqLBAG55Us+2HnZ
pBY9uIEt7sj/EC28IoJiXe6KfhD0kzziCLU=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:31 2025 by rpki-client