Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34362e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e34362e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          OWGMoEG1lPBEVjHdWPD2zCFlFFjFg3fE02fnHF45KEQ=
Subject key identifier:   2B:CB:71:FE:66:E0:96:26:63:33:FA:60:13:93:0F:DE:E7:DF:8C:82
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       7058300B10BB9BE452F8278C8983DC09F1DF0366
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34362e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:25 +0000
ROA not before:           Wed 23 Jul 2025 10:57:25 +0000
ROA not after:            Wed 22 Jul 2026 11:02:25 +0000
asID:                     4434
IP address blocks:        202.154.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:58:30:0b:10:bb:9b:e4:52:f8:27:8c:89:83:dc:09:f1:df:03:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:25 2025 GMT
            Not After : Jul 22 11:02:25 2026 GMT
        Subject: CN=2BCB71FE66E096266333FA6013930FDEE7DF8C82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d8:ab:2e:68:03:7d:56:ec:d3:5d:1d:cc:07:
                    69:1b:0d:db:9b:da:d5:e5:6c:02:12:83:01:3b:26:
                    a8:50:03:da:57:26:11:95:f7:e1:3c:0e:3d:c2:14:
                    f3:60:83:50:a0:0a:28:98:d6:b9:68:45:d7:75:f1:
                    ce:cc:8f:4e:b7:2e:06:81:e4:85:e6:e6:1d:3a:e6:
                    1d:0a:1b:84:97:32:28:fd:ac:64:d0:05:e4:8d:4a:
                    e5:ee:6a:c0:2d:ce:56:09:14:8e:84:99:31:d3:52:
                    6a:90:95:22:05:7c:d0:20:dd:36:30:5d:c5:3c:d1:
                    8e:ea:e6:9f:7e:49:a5:35:71:a1:9f:26:4f:57:2f:
                    a1:1a:3b:01:85:8d:41:a8:a4:a4:6f:9c:a7:95:d9:
                    f6:96:3d:b8:c2:c1:1e:53:9f:3a:f7:6e:d3:3f:ba:
                    12:34:85:28:d6:27:f7:7d:70:26:9e:6c:61:1f:5b:
                    de:91:de:b1:d4:ff:a0:19:5c:b0:2f:d0:29:4e:f0:
                    0b:4c:36:07:ce:d5:70:8c:16:ea:26:82:9d:6d:8f:
                    04:b0:18:0f:9f:24:2f:4b:f5:28:cf:b5:2f:48:23:
                    85:2d:4a:e5:09:89:80:4f:26:66:10:8c:6a:a9:8f:
                    40:9c:d8:0e:54:ac:11:8b:5f:40:45:08:17:1e:15:
                    6c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:CB:71:FE:66:E0:96:26:63:33:FA:60:13:93:0F:DE:E7:DF:8C:82
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34362e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:c4:0d:a8:be:bb:a4:ad:95:f1:db:1d:47:12:ed:e0:c5:ff:
         a3:ae:c7:26:0c:c7:18:fb:16:9e:e5:b7:0f:28:99:71:84:ed:
         49:f6:87:af:85:de:54:45:db:2f:56:38:da:d4:58:47:38:6c:
         93:ff:a1:0a:80:e0:07:c5:61:d2:ee:64:24:e2:d3:29:0b:6a:
         92:5e:60:10:a0:56:5e:7b:b5:21:8a:2b:81:73:8c:75:f3:15:
         37:72:a5:92:96:89:35:f1:a7:b9:27:5b:96:83:88:3a:7d:4e:
         1f:15:51:17:ae:e3:6c:8b:ac:60:07:6e:5c:22:ab:3b:e6:60:
         ad:88:02:32:f7:eb:dd:1b:04:11:84:2b:27:2f:1a:80:12:34:
         dd:ac:26:b8:67:8c:b4:5a:cd:87:25:3e:80:df:42:1b:93:41:
         f6:6d:8e:44:21:72:c3:17:2c:4d:c1:b1:94:a0:79:dd:bb:57:
         94:23:24:bd:0a:b4:1d:d5:4b:a4:50:86:09:a4:60:56:4b:70:
         9e:bd:a9:d9:40:4f:b5:e2:ed:d7:4d:cd:dc:7b:c3:b1:b6:eb:
         e9:ea:98:54:62:04:48:f9:4b:61:a6:b1:b8:50:75:0a:1e:3d:
         ca:c8:c4:2b:bb:23:5f:2a:bd:a9:ff:eb:cf:6c:6d:32:02:3e:
         98:28:61:2f
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUcFgwCxC7m+RS+CeMiYPcCfHfA2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjVaFw0yNjA3MjIxMTAyMjVaMDMxMTAvBgNV
BAMTKDJCQ0I3MUZFNjZFMDk2MjY2MzMzRkE2MDEzOTMwRkRFRTdERjhDODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2KsuaAN9VuzTXR3MB2kbDdub
2tXlbAISgwE7JqhQA9pXJhGV9+E8Dj3CFPNgg1CgCiiY1rloRdd18c7Mj063LgaB
5IXm5h065h0KG4SXMij9rGTQBeSNSuXuasAtzlYJFI6EmTHTUmqQlSIFfNAg3TYw
XcU80Y7q5p9+SaU1caGfJk9XL6EaOwGFjUGopKRvnKeV2faWPbjCwR5Tnzr3btM/
uhI0hSjWJ/d9cCaebGEfW96R3rHU/6AZXLAv0ClO8AtMNgfO1XCMFuomgp1tjwSw
GA+fJC9L9SjPtS9II4UtSuUJiYBPJmYQjGqpj0Cc2A5UrBGLX0BFCBceFWy1AgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUK8tx/mbgliZjM/pgE5MP3uffjIIwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzNDM2MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmi4wDQYJKoZIhvcN
AQELBQADggEBAJDEDai+u6StlfHbHUcS7eDF/6OuxyYMxxj7Fp7ltw8omXGE7Un2
h6+F3lRF2y9WONrUWEc4bJP/oQqA4AfFYdLuZCTi0ykLapJeYBCgVl57tSGKK4Fz
jHXzFTdypZKWiTXxp7knW5aDiDp9Th8VUReu42yLrGAHblwiqzvmYK2IAjL3690b
BBGEKycvGoASNN2sJrhnjLRazYclPoDfQhuTQfZtjkQhcsMXLE3BsZSged27V5Qj
JL0KtB3VS6RQhgmkYFZLcJ69qdlAT7Xi7ddNzdx7w7G26+nqmFRiBEj5S2GmsbhQ
dQoePcrIxCu7I18qvan/689sbTICPpgoYS8=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:14:09 2025 by rpki-client