Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34382e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e34382e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          DaIodEZrzZG05f+8VX+aOIeWfOOtKUPSWikxuJEpgtc=
Subject key identifier:   54:C6:A9:92:20:2D:B2:00:67:A2:CE:2E:80:18:5C:FA:7A:26:B4:49
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       16675433778D6575B2A0A1188EA57978AE5E88CF
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34382e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:22 +0000
ROA not before:           Wed 23 Jul 2025 10:57:22 +0000
ROA not after:            Wed 22 Jul 2026 11:02:22 +0000
asID:                     4434
IP address blocks:        202.154.48.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:67:54:33:77:8d:65:75:b2:a0:a1:18:8e:a5:79:78:ae:5e:88:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:22 2025 GMT
            Not After : Jul 22 11:02:22 2026 GMT
        Subject: CN=54C6A992202DB20067A2CE2E80185CFA7A26B449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:23:1f:0e:76:09:b4:38:b9:d4:10:60:0f:ca:
                    77:8b:63:d4:0f:cf:ee:67:2e:c7:5e:97:5d:5a:98:
                    73:c3:bd:f9:df:98:8c:de:b9:88:2c:f0:f9:35:21:
                    34:e4:60:fa:16:52:72:6c:fa:b5:63:cd:02:4d:c0:
                    c4:d8:41:3f:07:3e:79:5d:80:6d:43:0a:08:7c:dd:
                    7f:42:98:fa:1d:da:c5:2c:0d:a4:30:13:2a:04:f5:
                    ab:96:bf:1f:17:41:0b:2b:1c:9a:5e:81:3e:c5:e1:
                    88:4e:1d:15:e4:9f:58:83:99:e3:73:01:f2:22:6b:
                    28:08:52:f9:f3:ed:24:a2:85:d3:2f:34:ff:5f:6b:
                    f7:16:59:98:50:5a:79:b9:c8:f9:e5:79:7f:38:de:
                    fe:12:ff:4c:5d:b0:04:23:a2:40:60:83:5e:cf:33:
                    02:07:60:c4:40:a7:a2:92:11:b2:67:55:9c:70:6e:
                    79:f5:87:f2:15:f6:7b:f9:d7:5b:2e:db:56:81:72:
                    80:a8:f3:5e:5f:fa:33:24:3c:81:81:0b:7d:e9:65:
                    b5:d7:da:b8:42:10:70:dc:5c:0c:b9:08:68:35:5a:
                    2a:0d:5e:40:cd:b8:8d:51:3d:08:cc:2a:b0:b3:74:
                    63:83:b9:bc:45:e0:9e:a6:b6:76:94:a1:6d:8c:c4:
                    4e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C6:A9:92:20:2D:B2:00:67:A2:CE:2E:80:18:5C:FA:7A:26:B4:49
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e34382e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:0e:29:d0:01:25:03:8d:18:71:3e:c8:46:c5:1d:84:e2:17:
         e7:a4:9c:a8:ee:56:c0:ba:95:71:b0:81:4a:3b:54:fe:ea:f3:
         e1:ac:11:f5:d7:49:7e:4e:45:a9:7b:6e:02:72:9c:9a:7a:34:
         f6:68:5b:8b:2a:31:c4:6e:57:1c:74:83:c6:85:ce:13:36:4e:
         bd:b1:53:70:0b:32:a5:5a:22:57:19:5a:ef:70:c0:0a:4e:dd:
         e6:45:5e:3d:b1:96:18:96:8f:65:25:0b:60:c4:ba:65:ff:d2:
         d7:5e:d2:66:a3:9a:cc:ff:99:d4:fc:fa:89:83:04:48:25:d9:
         3f:fa:0a:4a:56:a0:a0:a4:b8:52:e6:cf:63:29:61:a1:9f:23:
         53:60:12:0e:70:64:66:14:76:ba:d6:5f:ae:6f:b4:9a:76:a6:
         a4:c5:8b:bf:87:14:50:ea:a0:57:2a:54:0c:2b:b7:e4:83:8a:
         3a:61:e8:4c:be:c0:e9:dc:0d:04:a6:33:e1:c3:6f:f1:bd:2f:
         7c:47:34:6b:f1:c3:ef:d1:dc:69:0c:8b:fb:64:72:2b:1c:90:
         d9:4e:cd:3d:09:99:42:e5:7c:64:f3:41:2e:e7:da:06:5b:e6:
         cd:90:8f:7c:4e:8f:23:c6:63:23:f4:9d:01:44:5e:74:22:24:
         7a:41:fd:4f
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUFmdUM3eNZXWyoKEYjqV5eK5eiM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjJaFw0yNjA3MjIxMTAyMjJaMDMxMTAvBgNV
BAMTKDU0QzZBOTkyMjAyREIyMDA2N0EyQ0UyRTgwMTg1Q0ZBN0EyNkI0NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSIx8Odgm0OLnUEGAPyneLY9QP
z+5nLsdel11amHPDvfnfmIzeuYgs8Pk1ITTkYPoWUnJs+rVjzQJNwMTYQT8HPnld
gG1DCgh83X9CmPod2sUsDaQwEyoE9auWvx8XQQsrHJpegT7F4YhOHRXkn1iDmeNz
AfIiaygIUvnz7SSihdMvNP9fa/cWWZhQWnm5yPnleX843v4S/0xdsAQjokBgg17P
MwIHYMRAp6KSEbJnVZxwbnn1h/IV9nv511su21aBcoCo815f+jMkPIGBC33pZbXX
2rhCEHDcXAy5CGg1WioNXkDNuI1RPQjMKrCzdGODubxF4J6mtnaUoW2MxE6dAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUVMapkiAtsgBnos4ugBhc+nomtEkwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzNDM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmjAwDQYJKoZIhvcN
AQELBQADggEBAFMOKdABJQONGHE+yEbFHYTiF+eknKjuVsC6lXGwgUo7VP7q8+Gs
EfXXSX5ORal7bgJynJp6NPZoW4sqMcRuVxx0g8aFzhM2Tr2xU3ALMqVaIlcZWu9w
wApO3eZFXj2xlhiWj2UlC2DEumX/0tde0majmsz/mdT8+omDBEgl2T/6CkpWoKCk
uFLmz2MpYaGfI1NgEg5wZGYUdrrWX65vtJp2pqTFi7+HFFDqoFcqVAwrt+SDijph
6Ey+wOncDQSmM+HDb/G9L3xHNGvxw+/R3GkMi/tkcisckNlOzT0JmULlfGTzQS7n
2gZb5s2Qj3xOjyPGYyP0nQFEXnQiJHpB/U8=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:33 2025 by rpki-client