Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e362e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e362e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          aY+USAt3i9dXs8Pocpjb3Zx+aejvpG49dttCddEYYyI=
Subject key identifier:   30:2D:C8:8D:B8:97:00:E5:4D:AE:F5:37:7D:87:41:20:50:47:49:3B
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       493049F42634151C0F1C4586804CFFA670950420
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e362e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:25 +0000
ROA not before:           Wed 23 Jul 2025 10:57:25 +0000
ROA not after:            Wed 22 Jul 2026 11:02:25 +0000
asID:                     4434
IP address blocks:        202.154.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:30:49:f4:26:34:15:1c:0f:1c:45:86:80:4c:ff:a6:70:95:04:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:25 2025 GMT
            Not After : Jul 22 11:02:25 2026 GMT
        Subject: CN=302DC88DB89700E54DAEF5377D8741205047493B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d9:f3:21:33:1e:2d:df:07:6d:ae:18:e7:3b:
                    cc:cf:2e:83:18:7a:45:2d:0e:7b:43:18:3a:26:d8:
                    28:33:34:5a:52:8c:d6:7c:68:cd:88:f2:02:f5:14:
                    78:50:4d:5f:85:ba:fe:51:3c:5e:69:a1:b9:ec:53:
                    87:8a:2c:d1:42:22:ae:ff:1f:73:55:2a:ec:a7:51:
                    5b:88:1b:c6:a9:9f:3a:64:db:db:61:2b:17:9a:29:
                    2f:05:9d:4b:52:85:9a:ee:49:e1:08:b7:ab:53:34:
                    5e:98:88:34:40:02:8b:7e:c0:54:2b:bd:a4:fa:1e:
                    14:1f:90:51:14:b2:cc:98:1d:1f:f3:df:e1:fa:e7:
                    5d:09:36:5f:6f:86:57:f3:f8:f1:fd:6b:ff:db:6d:
                    0e:ff:7f:85:31:67:d3:ef:ce:04:e7:51:90:1c:83:
                    20:33:c3:7b:77:3f:d4:c6:79:41:bc:1c:64:38:33:
                    12:70:42:ce:77:1e:85:91:d2:cd:90:fa:f5:4e:19:
                    dc:3d:0d:69:49:dc:51:29:6d:b9:2d:b7:2b:32:4c:
                    da:49:2a:c0:6a:bc:6b:36:d1:46:b3:b4:16:af:f9:
                    3a:80:33:90:c8:55:47:9c:99:6f:ca:21:92:10:85:
                    cb:81:43:41:68:6d:22:a2:a8:7e:63:e2:cd:53:f6:
                    21:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2D:C8:8D:B8:97:00:E5:4D:AE:F5:37:7D:87:41:20:50:47:49:3B
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e362e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:20:c1:ae:67:a8:a2:f7:e6:62:40:ff:89:00:c9:07:f2:79:
         65:99:a4:a0:1e:19:fb:49:5e:1f:74:f5:3c:66:a0:b3:db:80:
         da:56:8f:56:d5:8a:48:57:3d:f8:04:23:5c:f0:89:b9:70:71:
         89:32:8d:db:80:77:f9:e5:aa:98:38:5e:17:d2:be:53:52:63:
         9c:44:3a:e0:13:10:6f:4c:60:cd:eb:1d:01:7d:12:18:5b:d3:
         07:8d:b7:c6:e1:f2:9e:16:60:24:dc:6e:1f:f5:11:88:d8:3b:
         c2:53:76:eb:a4:f2:93:91:80:08:fd:cd:50:69:b8:1c:b3:d6:
         ab:35:7d:e5:8f:a7:8b:5e:dc:9c:37:66:60:22:b0:d7:c4:2a:
         d8:29:69:e0:62:72:fa:a1:b7:84:d1:ab:76:7e:86:37:48:c4:
         dd:b4:71:70:60:af:a0:1b:e6:2f:72:19:80:bd:8f:17:e6:9e:
         63:c3:d3:dd:92:15:1e:5a:02:51:be:97:1b:ef:95:f1:7a:46:
         77:ca:ea:a2:53:7f:09:34:be:43:05:2f:ff:f4:55:c6:f8:43:
         90:0f:78:f6:66:ef:42:a3:5d:47:0a:4d:d5:50:cb:9a:90:9e:
         97:a5:23:fb:e2:69:3a:22:87:38:d8:a0:3a:fa:da:8a:6d:f9:
         3d:8d:8e:63
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUSTBJ9CY0FRwPHEWGgEz/pnCVBCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjVaFw0yNjA3MjIxMTAyMjVaMDMxMTAvBgNV
BAMTKDMwMkRDODhEQjg5NzAwRTU0REFFRjUzNzdEODc0MTIwNTA0NzQ5M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC22fMhMx4t3wdtrhjnO8zPLoMY
ekUtDntDGDom2CgzNFpSjNZ8aM2I8gL1FHhQTV+Fuv5RPF5pobnsU4eKLNFCIq7/
H3NVKuynUVuIG8apnzpk29thKxeaKS8FnUtShZruSeEIt6tTNF6YiDRAAot+wFQr
vaT6HhQfkFEUssyYHR/z3+H6510JNl9vhlfz+PH9a//bbQ7/f4UxZ9PvzgTnUZAc
gyAzw3t3P9TGeUG8HGQ4MxJwQs53HoWR0s2Q+vVOGdw9DWlJ3FEpbbkttysyTNpJ
KsBqvGs20UaztBav+TqAM5DIVUecmW/KIZIQhcuBQ0FobSKiqH5j4s1T9iGZAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUMC3IjbiXAOVNrvU3fYdBIFBHSTswHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vNWMwYzE0YTktM2E3Ny00OWUyLTkx
OTQtNDhkMDkxMzQ1OGIyLzAvMzIzMDMyMmUzMTM1MzQyZTM2MmUzMDJmMzIzMzJk
MzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmgYwDQYJKoZIhvcNAQEL
BQADggEBALsgwa5nqKL35mJA/4kAyQfyeWWZpKAeGftJXh909TxmoLPbgNpWj1bV
ikhXPfgEI1zwiblwcYkyjduAd/nlqpg4XhfSvlNSY5xEOuATEG9MYM3rHQF9Ehhb
0weNt8bh8p4WYCTcbh/1EYjYO8JTduuk8pORgAj9zVBpuByz1qs1feWPp4te3Jw3
ZmAisNfEKtgpaeBicvqht4TRq3Z+hjdIxN20cXBgr6Ab5i9yGYC9jxfmnmPD092S
FR5aAlG+lxvvlfF6RnfK6qJTfwk0vkMFL//0Vcb4Q5APePZm70KjXUcKTdVQy5qQ
npelI/viaToihzjYoDr62opt+T2NjmM=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:11:59 2025 by rpki-client