Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35342e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e35342e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          lviZifemLU2cD4+pVzpiyUp8vIfCZH1cla4y37uixhQ=
Subject key identifier:   2C:9C:02:C6:FE:19:BD:20:F5:6D:08:91:8D:3F:D7:03:8E:E8:12:35
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       7DF45E6AA9B42E54C647144E3BBEAC7F8A82B90E
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35342e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:25 +0000
ROA not before:           Wed 23 Jul 2025 10:57:25 +0000
ROA not after:            Wed 22 Jul 2026 11:02:25 +0000
asID:                     4434
IP address blocks:        202.154.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:f4:5e:6a:a9:b4:2e:54:c6:47:14:4e:3b:be:ac:7f:8a:82:b9:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:25 2025 GMT
            Not After : Jul 22 11:02:25 2026 GMT
        Subject: CN=2C9C02C6FE19BD20F56D08918D3FD7038EE81235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:f4:2d:6c:6a:33:3c:43:1e:85:f2:78:cf:
                    a2:a8:3e:46:76:bf:07:0e:37:02:88:cb:a4:13:5e:
                    01:12:c1:8c:69:03:f0:27:d8:7f:39:9c:2f:21:3c:
                    ea:96:10:e3:db:77:2d:f8:e3:0e:09:08:cf:9c:30:
                    08:af:31:4e:9d:e0:26:9f:63:51:4f:d0:65:7d:68:
                    6a:9c:1b:6d:c2:26:35:2d:39:53:c1:d3:67:42:69:
                    a8:7f:28:30:42:f1:91:cd:ad:91:09:3f:e6:9a:b3:
                    58:9b:54:53:c6:80:82:c9:2f:b6:98:07:7a:ba:60:
                    86:2f:f4:02:5c:43:58:3a:85:aa:06:77:a6:fb:40:
                    f5:7d:d7:b4:5c:46:41:30:c8:3c:f6:f0:1b:1e:4e:
                    c7:6c:a9:32:61:e3:68:71:00:34:96:19:13:4f:73:
                    5d:98:53:08:e8:dc:06:f3:a6:a1:eb:37:43:d1:06:
                    fc:e7:b7:15:5c:77:10:89:4c:ff:d0:c6:f8:f9:e9:
                    84:58:55:d0:19:ad:f3:45:e3:6e:53:6c:bd:49:ae:
                    3c:91:43:49:3b:b1:1d:a2:d1:3a:5f:4e:b0:ce:a1:
                    f8:e7:01:26:df:3b:29:c5:62:bb:41:1d:c3:e3:a9:
                    cb:34:cb:69:64:bc:89:c5:12:44:7f:41:52:f6:90:
                    cb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:9C:02:C6:FE:19:BD:20:F5:6D:08:91:8D:3F:D7:03:8E:E8:12:35
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e35342e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:5b:78:89:97:0c:f1:c5:19:65:16:fd:83:40:62:6d:c3:56:
         3d:26:53:58:0b:e0:b8:b6:68:56:57:e5:52:0c:ca:1d:d4:23:
         f1:10:f1:17:fc:2f:3f:d3:db:13:a7:ab:10:d8:28:8b:19:c8:
         77:d9:4c:ac:9e:7f:95:fd:ae:2e:09:cf:e0:1c:03:ae:cd:b9:
         b5:0c:d2:03:71:f9:ab:54:43:fa:97:c3:8b:39:90:e6:b1:a5:
         2d:74:f8:f6:39:46:d5:c7:f8:26:e7:14:31:be:30:b4:82:3e:
         95:7c:bc:d1:9d:c8:ef:13:5e:0e:c5:14:ed:bb:24:7f:16:f6:
         e3:0f:dc:4c:60:98:7c:22:77:dd:72:00:ef:f4:ad:1f:5d:36:
         70:bb:e0:f9:8f:1f:67:d9:7c:ff:d4:34:c7:6e:37:39:c1:b5:
         7f:5c:1e:46:80:3a:f8:bf:da:68:09:48:b0:ce:5f:10:ca:d3:
         6a:f4:bd:29:a6:81:92:b9:89:f3:19:79:37:6d:17:c6:ed:e1:
         c0:75:1a:99:2e:73:b7:82:b0:76:e8:42:b5:40:af:67:2e:eb:
         15:a8:d2:83:3a:d6:d9:43:b8:76:2d:0a:ce:52:20:33:3c:1a:
         06:40:f6:75:a1:3d:2f:1d:86:e4:08:a6:b6:cf:b2:82:3b:e7:
         31:07:e5:c4
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUffReaqm0LlTGRxROO76sf4qCuQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjVaFw0yNjA3MjIxMTAyMjVaMDMxMTAvBgNV
BAMTKDJDOUMwMkM2RkUxOUJEMjBGNTZEMDg5MThEM0ZENzAzOEVFODEyMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4CPQtbGozPEMehfJ4z6KoPkZ2
vwcONwKIy6QTXgESwYxpA/An2H85nC8hPOqWEOPbdy344w4JCM+cMAivMU6d4Caf
Y1FP0GV9aGqcG23CJjUtOVPB02dCaah/KDBC8ZHNrZEJP+aas1ibVFPGgILJL7aY
B3q6YIYv9AJcQ1g6haoGd6b7QPV917RcRkEwyDz28BseTsdsqTJh42hxADSWGRNP
c12YUwjo3AbzpqHrN0PRBvzntxVcdxCJTP/Qxvj56YRYVdAZrfNF425TbL1JrjyR
Q0k7sR2i0TpfTrDOofjnASbfOynFYrtBHcPjqcs0y2lkvInFEkR/QVL2kMuhAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQULJwCxv4ZvSD1bQiRjT/XA47oEjUwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVjMGMxNGE5LTNhNzctNDllMi05
MTk0LTQ4ZDA5MTM0NThiMi8wLzMyMzAzMjJlMzEzNTM0MmUzNTM0MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmjYwDQYJKoZIhvcN
AQELBQADggEBACRbeImXDPHFGWUW/YNAYm3DVj0mU1gL4Li2aFZX5VIMyh3UI/EQ
8Rf8Lz/T2xOnqxDYKIsZyHfZTKyef5X9ri4Jz+AcA67NubUM0gNx+atUQ/qXw4s5
kOaxpS10+PY5RtXH+CbnFDG+MLSCPpV8vNGdyO8TXg7FFO27JH8W9uMP3ExgmHwi
d91yAO/0rR9dNnC74PmPH2fZfP/UNMduNznBtX9cHkaAOvi/2mgJSLDOXxDK02r0
vSmmgZK5ifMZeTdtF8bt4cB1Gpkuc7eCsHboQrVAr2cu6xWo0oM61tlDuHYtCs5S
IDM8GgZA9nWhPS8dhuQIprbPsoI75zEH5cQ=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:01 2025 by rpki-client