Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33342e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e33342e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          MzgA2YxM0khqae/ptQuHX/BFpukLulpQzzyxYbZDPG0=
Subject key identifier:   BD:DC:69:DC:95:6A:EB:F2:16:BC:80:7A:0D:8D:58:CB:CD:5D:25:5C
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       6803B9810A84BFAE67638DFA8F12AAF16D123E95
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33342e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:23 +0000
ROA not before:           Wed 23 Jul 2025 10:57:23 +0000
ROA not after:            Wed 22 Jul 2026 11:02:23 +0000
asID:                     4434
IP address blocks:        202.154.34.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:03:b9:81:0a:84:bf:ae:67:63:8d:fa:8f:12:aa:f1:6d:12:3e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:23 2025 GMT
            Not After : Jul 22 11:02:23 2026 GMT
        Subject: CN=BDDC69DC956AEBF216BC807A0D8D58CBCD5D255C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:42:34:c8:ac:f6:ba:90:84:8e:99:89:6e:1e:
                    66:d1:57:61:ec:b9:a2:9d:2c:32:bf:54:ef:38:25:
                    cc:ce:9e:72:c6:80:b2:03:95:2f:2f:cc:bb:71:98:
                    9b:8f:cc:f4:ce:df:20:6d:1f:36:35:4d:f6:85:ee:
                    b9:71:2f:6a:e9:b3:0a:d8:85:1f:e5:23:e4:49:d2:
                    0f:df:4f:e4:14:79:28:73:6b:a2:00:30:1a:e1:5a:
                    31:89:1b:cb:1d:ed:c1:05:b9:6e:34:4e:db:4b:fe:
                    58:48:13:fe:e8:2a:7b:0f:89:fa:b7:5a:8a:34:9a:
                    7d:b5:e8:ee:18:ce:d4:1b:9a:e0:7d:e6:38:a5:8f:
                    99:88:50:f6:47:d2:c3:a2:39:ef:25:0f:5d:ab:63:
                    30:d1:9e:e0:ee:c3:6f:e1:c4:41:04:be:16:6d:61:
                    f4:57:60:6f:5e:43:79:25:9b:c9:00:87:bb:6b:c7:
                    55:c0:f1:69:6a:27:0e:15:45:8c:de:7b:82:91:d1:
                    9a:ad:00:9e:f8:79:7a:f4:d7:4c:99:d1:41:f4:50:
                    66:19:ef:6c:d1:7c:e8:f1:68:05:57:ed:7b:d9:27:
                    ca:74:46:f7:82:24:04:86:8b:b0:fc:0d:45:58:9f:
                    5c:2c:6b:f4:ff:1f:2c:59:0c:82:b3:fb:01:42:4c:
                    0e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DC:69:DC:95:6A:EB:F2:16:BC:80:7A:0D:8D:58:CB:CD:5D:25:5C
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e33342e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:37:89:f5:d1:aa:6c:0f:4e:42:21:dc:16:1b:7b:15:ed:9e:
         6d:b9:bf:61:cb:86:cc:10:7e:02:52:11:62:ec:62:d2:73:c6:
         a4:d3:a8:ab:e5:4f:0c:e7:df:63:2b:b7:11:f5:51:de:f1:52:
         9e:17:d3:44:6e:91:84:da:e4:09:5e:d1:1f:86:4b:e4:6a:55:
         54:4c:a7:79:94:c3:ed:d9:07:a8:bb:27:4f:f2:b7:97:0d:74:
         24:8d:ca:17:43:5e:79:17:9a:2b:7a:6d:d5:f9:78:26:43:ca:
         30:07:89:5f:e7:d1:a3:4a:a2:26:a4:f2:56:a7:04:ec:46:f9:
         5b:c9:e1:e1:9a:e2:10:4a:ea:2e:54:e2:7e:59:4e:b0:d4:59:
         bf:da:2d:4a:4f:36:52:50:e2:5e:04:7f:3b:88:f0:18:80:18:
         f4:cd:b4:a5:39:f8:0e:8b:76:03:fa:5e:e6:54:82:94:93:43:
         07:8b:d4:f8:51:7a:fe:83:86:60:ad:ee:66:26:97:a3:81:f3:
         3b:0a:5b:83:e7:b6:56:9a:f3:a7:ae:eb:5c:8a:c2:28:a5:a6:
         bd:e5:d9:8c:d9:a8:72:7a:46:5e:4e:ac:bd:46:66:79:4f:d3:
         42:e7:1a:d3:c0:5b:68:40:07:f9:38:5a:7b:8f:b3:48:39:69:
         e7:95:07:6d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUaAO5gQqEv65nY436jxKq8W0SPpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjNaFw0yNjA3MjIxMTAyMjNaMDMxMTAvBgNV
BAMTKEJEREM2OURDOTU2QUVCRjIxNkJDODA3QTBEOEQ1OENCQ0Q1RDI1NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGQjTIrPa6kISOmYluHmbRV2Hs
uaKdLDK/VO84JczOnnLGgLIDlS8vzLtxmJuPzPTO3yBtHzY1TfaF7rlxL2rpswrY
hR/lI+RJ0g/fT+QUeShza6IAMBrhWjGJG8sd7cEFuW40TttL/lhIE/7oKnsPifq3
Woo0mn216O4YztQbmuB95jilj5mIUPZH0sOiOe8lD12rYzDRnuDuw2/hxEEEvhZt
YfRXYG9eQ3klm8kAh7trx1XA8WlqJw4VRYzee4KR0ZqtAJ74eXr010yZ0UH0UGYZ
72zRfOjxaAVX7XvZJ8p0RveCJASGi7D8DUVYn1wsa/T/HyxZDIKz+wFCTA4FAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUvdxp3JVq6/IWvIB6DY1Yy81dJVwwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzMzM0MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmiIwDQYJKoZIhvcN
AQELBQADggEBACs3ifXRqmwPTkIh3BYbexXtnm25v2HLhswQfgJSEWLsYtJzxqTT
qKvlTwzn32MrtxH1Ud7xUp4X00RukYTa5Ale0R+GS+RqVVRMp3mUw+3ZB6i7J0/y
t5cNdCSNyhdDXnkXmit6bdX5eCZDyjAHiV/n0aNKoiak8lanBOxG+VvJ4eGa4hBK
6i5U4n5ZTrDUWb/aLUpPNlJQ4l4EfzuI8BiAGPTNtKU5+A6LdgP6XuZUgpSTQweL
1PhRev6DhmCt7mYml6OB8zsKW4Pntlaa86eu61yKwiilpr3l2YzZqHJ6Rl5OrL1G
ZnlP00LnGtPAW2hAB/k4WnuPs0g5aeeVB20=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:22 2025 by rpki-client