Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35322e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e35322e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          2nYYyutoGWkE+9lnwbwlBQoePgSFCd9w/Rekw2BCuB0=
Subject key identifier:   A8:8E:9D:41:D6:39:30:E7:33:96:C8:04:7E:D8:3C:62:C7:6D:AB:FC
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       3520DD285C09FC475AF7396C38CC9BF16CD6A141
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35322e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:24 +0000
ROA not before:           Wed 23 Jul 2025 10:57:24 +0000
ROA not after:            Wed 22 Jul 2026 11:02:24 +0000
asID:                     4434
IP address blocks:        202.154.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:20:dd:28:5c:09:fc:47:5a:f7:39:6c:38:cc:9b:f1:6c:d6:a1:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:24 2025 GMT
            Not After : Jul 22 11:02:24 2026 GMT
        Subject: CN=A88E9D41D63930E73396C8047ED83C62C76DABFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b7:1d:52:ef:db:31:2b:2b:75:b7:c0:a3:b9:
                    6d:d2:7f:3b:72:07:36:85:91:8f:6a:eb:2c:2f:3b:
                    fb:87:e6:1c:3b:12:fb:8e:0c:1e:00:cf:a8:6d:b9:
                    ec:af:20:94:36:c0:08:c2:43:b6:90:44:fa:b7:86:
                    db:de:76:0f:4f:59:b1:aa:98:48:35:eb:79:32:b8:
                    0d:fa:d4:80:39:80:1c:d5:fd:ab:30:82:57:08:63:
                    57:33:43:04:70:fa:0e:e5:26:1c:56:9f:5b:af:49:
                    31:ad:9f:1e:ae:89:84:e4:38:4d:46:4b:04:6f:0d:
                    9a:a6:78:5b:49:ed:43:8a:06:60:6b:bd:c8:55:9a:
                    9f:f5:87:d0:a2:f9:c4:8c:7a:07:f2:b8:5c:a3:a4:
                    42:31:47:be:10:5b:2e:41:b8:20:a1:7d:c1:4c:42:
                    42:0f:1b:39:95:80:6a:f4:d4:76:01:17:fb:55:bb:
                    af:1c:29:b6:5a:46:52:80:c8:b3:2f:87:e6:c6:ad:
                    5f:ec:32:4c:02:31:aa:a9:f1:dc:fd:3b:32:26:5a:
                    20:da:43:56:c0:89:d1:51:24:1d:7c:75:13:e3:8f:
                    77:83:ac:8d:30:5b:e6:38:ee:91:94:86:d1:3f:3d:
                    d4:9f:70:5a:0a:39:a5:54:63:d0:d5:9f:16:0e:5b:
                    74:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8E:9D:41:D6:39:30:E7:33:96:C8:04:7E:D8:3C:62:C7:6D:AB:FC
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35322e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:7b:8a:48:df:2d:bd:01:b9:de:8c:f7:c3:43:fc:4b:88:0d:
         82:9a:c6:ef:e9:63:ca:57:32:33:bc:8e:66:5c:39:ab:d7:e2:
         fe:7b:5d:bd:66:1d:31:a7:11:53:30:47:03:1f:db:5d:0c:fb:
         00:50:3a:46:6a:53:97:40:06:79:cb:8f:0d:07:18:e1:90:28:
         22:0d:16:3d:4a:98:d8:d8:86:9b:c0:72:84:aa:9b:9f:96:fe:
         c1:dd:32:16:b3:68:fa:4c:1d:13:a5:cf:03:84:d3:c6:b7:5a:
         a1:e3:19:04:a2:c5:e8:30:51:de:cc:9a:a1:db:27:3b:74:51:
         98:f1:7a:50:67:f1:6b:06:c5:4c:93:85:4c:5a:2d:49:5e:28:
         b3:a4:05:e5:7c:53:67:e4:75:46:90:bb:8e:c1:79:b7:df:9a:
         9d:86:b3:25:11:61:36:2b:36:bd:85:f3:c5:06:58:53:77:21:
         42:f6:9e:02:4b:a6:4d:82:dc:5a:f8:fd:b4:03:56:66:0e:68:
         31:f8:a4:b9:0d:eb:34:d5:13:1b:67:91:f1:2b:c7:07:0b:f1:
         83:cc:a3:88:11:aa:7f:f1:4b:17:02:c6:31:01:4d:1a:29:e2:
         24:aa:6b:32:5d:51:78:db:76:62:ce:32:ef:06:4a:f2:b0:e2:
         5d:2c:16:60
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUNSDdKFwJ/Eda9zlsOMyb8WzWoUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjRaFw0yNjA3MjIxMTAyMjRaMDMxMTAvBgNV
BAMTKEE4OEU5RDQxRDYzOTMwRTczMzk2QzgwNDdFRDgzQzYyQzc2REFCRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tx1S79sxKyt1t8CjuW3Sfzty
BzaFkY9q6ywvO/uH5hw7EvuODB4Az6htueyvIJQ2wAjCQ7aQRPq3htvedg9PWbGq
mEg163kyuA361IA5gBzV/aswglcIY1czQwRw+g7lJhxWn1uvSTGtnx6uiYTkOE1G
SwRvDZqmeFtJ7UOKBmBrvchVmp/1h9Ci+cSMegfyuFyjpEIxR74QWy5BuCChfcFM
QkIPGzmVgGr01HYBF/tVu68cKbZaRlKAyLMvh+bGrV/sMkwCMaqp8dz9OzImWiDa
Q1bAidFRJB18dRPjj3eDrI0wW+Y47pGUhtE/PdSfcFoKOaVUY9DVnxYOW3R/AgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUqI6dQdY5MOczlsgEftg8Ysdtq/wwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzNTMyMmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmjQwDQYJKoZIhvcN
AQELBQADggEBAEF7ikjfLb0Bud6M98ND/EuIDYKaxu/pY8pXMjO8jmZcOavX4v57
Xb1mHTGnEVMwRwMf210M+wBQOkZqU5dABnnLjw0HGOGQKCINFj1KmNjYhpvAcoSq
m5+W/sHdMhazaPpMHROlzwOE08a3WqHjGQSixegwUd7MmqHbJzt0UZjxelBn8WsG
xUyThUxaLUleKLOkBeV8U2fkdUaQu47Bebffmp2GsyURYTYrNr2F88UGWFN3IUL2
ngJLpk2C3Fr4/bQDVmYOaDH4pLkN6zTVExtnkfErxwcL8YPMo4gRqn/xSxcCxjEB
TRop4iSqazJdUXjbdmLOMu8GSvKw4l0sFmA=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:14:24 2025 by rpki-client