Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e382e302f32332d3234203d3e2034343334.roa
File:                     3230322e3135342e382e302f32332d3234203d3e2034343334.roa (raw, json)
Hash identifier:          tqpMYz/ZkYn8sUWXFAqxRbeip8ri+G7y4b0Q2b0ck8M=
Subject key identifier:   E9:5A:EC:73:0D:9C:42:34:C1:38:2E:7C:34:5D:32:DE:81:9B:90:D8
Certificate issuer:       /CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
Certificate serial:       7F93F2ABF80700725857C5CD5B56F4835B384F73
Authority key identifier: 10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e382e302f32332d3234203d3e2034343334.roa
Signing time:             Wed 23 Jul 2025 11:02:23 +0000
ROA not before:           Wed 23 Jul 2025 10:57:23 +0000
ROA not after:            Wed 22 Jul 2026 11:02:23 +0000
asID:                     4434
IP address blocks:        202.154.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl
                          rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:93:f2:ab:f8:07:00:72:58:57:c5:cd:5b:56:f4:83:5b:38:4f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6
        Validity
            Not Before: Jul 23 10:57:23 2025 GMT
            Not After : Jul 22 11:02:23 2026 GMT
        Subject: CN=E95AEC730D9C4234C1382E7C345D32DE819B90D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d0:84:8c:54:ba:7c:18:5d:c0:f3:eb:9e:19:
                    9b:b3:a1:cb:c3:12:1c:e1:1e:23:7a:93:6e:b3:64:
                    80:74:9c:8d:f3:21:61:a6:b5:43:f9:db:bd:56:8e:
                    27:23:75:db:10:fa:da:ca:78:80:d9:bf:55:24:54:
                    ba:3d:30:93:81:50:1d:e2:00:a1:b7:cb:4a:c2:a0:
                    08:c5:0b:4c:8c:eb:df:1d:13:26:ec:5f:e6:fb:6e:
                    2e:e0:3b:af:cc:0b:71:92:1a:05:07:92:e7:a7:e7:
                    96:56:cd:92:d4:39:ff:0d:f6:9c:8c:9f:15:1d:e0:
                    c4:7f:01:d9:cb:d2:73:1f:5c:61:4b:6d:7f:cc:eb:
                    ea:1e:cc:e3:0f:76:8c:4b:d5:77:af:b7:95:02:7d:
                    98:31:27:7a:dc:8e:0e:0a:d2:4c:19:71:96:fa:5b:
                    14:5b:f4:67:b7:e8:64:68:c3:6b:a0:d3:09:d3:52:
                    bf:72:80:2b:0b:b2:47:13:a0:fd:79:6e:0b:6e:91:
                    e9:ed:77:ff:a7:9e:f8:04:e6:da:72:32:a6:5d:df:
                    2c:68:02:3b:23:ba:15:f8:fa:1b:43:1e:bb:63:01:
                    6d:ce:94:c1:24:7e:f4:7f:fe:e3:fe:25:7a:fc:8b:
                    f6:89:f9:3c:96:81:1f:40:7c:24:a6:46:90:58:07:
                    3e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:5A:EC:73:0D:9C:42:34:C1:38:2E:7C:34:5D:32:DE:81:9B:90:D8
            X509v3 Authority Key Identifier:
                keyid:10:F0:0F:AE:6F:0B:93:AB:DC:95:62:8A:CE:3C:3C:18:9A:E9:27:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/10F00FAE6F0B93ABDC95628ACE3C3C189AE927F6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5c0c14a9-3a77-49e2-9194-48d0913458b2/0/3230322e3135342e382e302f32332d3234203d3e2034343334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.154.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:5f:47:e1:73:73:fb:4e:41:60:a6:77:f5:af:f2:ea:a7:f6:
         8b:61:9c:8e:87:6b:f3:6c:c2:57:4a:e8:8e:1a:f9:0a:a9:b0:
         1d:d1:0d:c8:ba:a5:20:4b:73:98:a8:ea:a5:53:1b:4f:31:91:
         55:c2:75:4b:32:e0:14:e4:f0:9f:43:83:b2:b0:d4:cc:0c:fd:
         9d:e0:7d:a6:7b:43:09:4a:5e:13:a8:f6:0c:f2:89:8c:d0:7e:
         33:ab:88:7c:f2:2e:09:a5:9c:1b:24:9c:f8:48:17:ce:c0:7d:
         50:08:29:cd:a5:f0:d3:3b:53:e9:99:ac:f5:bc:1c:40:55:eb:
         f9:ca:80:f3:97:06:60:40:d2:25:95:40:c4:be:e6:5c:f7:0f:
         af:80:18:73:c5:08:63:f6:ac:42:e0:46:78:c5:41:b6:0d:49:
         2a:db:c6:98:cc:13:d2:fa:bf:0e:24:78:05:fd:f3:c1:f0:67:
         44:fc:9a:9b:93:72:59:c9:b3:04:5c:ea:c5:26:9f:68:f4:55:
         bd:d7:82:d9:2d:f8:78:27:7e:b3:d2:11:e8:4a:25:17:eb:da:
         80:db:49:a7:20:0a:6d:bc:1f:91:cd:e7:21:27:f4:43:a1:e3:
         24:a9:ef:9d:2c:c3:4d:7c:09:19:62:f0:ee:d1:bd:cc:00:0f:
         6c:df:97:8f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUf5Pyq/gHAHJYV8XNW1b0g1s4T3MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5
QUU5MjdGNjAeFw0yNTA3MjMxMDU3MjNaFw0yNjA3MjIxMTAyMjNaMDMxMTAvBgNV
BAMTKEU5NUFFQzczMEQ5QzQyMzRDMTM4MkU3QzM0NUQzMkRFODE5QjkwRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP0ISMVLp8GF3A8+ueGZuzocvD
EhzhHiN6k26zZIB0nI3zIWGmtUP5271WjicjddsQ+trKeIDZv1UkVLo9MJOBUB3i
AKG3y0rCoAjFC0yM698dEybsX+b7bi7gO6/MC3GSGgUHkuen55ZWzZLUOf8N9pyM
nxUd4MR/AdnL0nMfXGFLbX/M6+oezOMPdoxL1Xevt5UCfZgxJ3rcjg4K0kwZcZb6
WxRb9Ge36GRow2ug0wnTUr9ygCsLskcToP15bgtukentd/+nnvgE5tpyMqZd3yxo
AjsjuhX4+htDHrtjAW3OlMEkfvR//uP+JXr8i/aJ+TyWgR9AfCSmRpBYBz6hAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQU6Vrscw2cQjTBOC58NF0y3oGbkNgwHwYDVR0j
BBgwFoAUEPAPrm8Lk6vclWKKzjw8GJrpJ/YwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YzBjMTRhOS0zYTc3LTQ5ZTItOTE5NC00OGQwOTEzNDU4YjIvMC8xMEYwMEZBRTZG
MEI5M0FCREM5NTYyOEFDRTNDM0MxODlBRTkyN0Y2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTBGMDBGQUU2RjBCOTNBQkRDOTU2MjhBQ0UzQzNDMTg5QUU5
MjdGNi5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vNWMwYzE0YTktM2E3Ny00OWUyLTkx
OTQtNDhkMDkxMzQ1OGIyLzAvMzIzMDMyMmUzMTM1MzQyZTM4MmUzMDJmMzIzMzJk
MzIzNDIwM2QzZTIwMzQzNDMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHKmggwDQYJKoZIhvcNAQEL
BQADggEBAExfR+Fzc/tOQWCmd/Wv8uqn9othnI6Ha/NswldK6I4a+QqpsB3RDci6
pSBLc5io6qVTG08xkVXCdUsy4BTk8J9Dg7Kw1MwM/Z3gfaZ7QwlKXhOo9gzyiYzQ
fjOriHzyLgmlnBsknPhIF87AfVAIKc2l8NM7U+mZrPW8HEBV6/nKgPOXBmBA0iWV
QMS+5lz3D6+AGHPFCGP2rELgRnjFQbYNSSrbxpjME9L6vw4keAX988HwZ0T8mpuT
clnJswRc6sUmn2j0Vb3Xgtkt+HgnfrPSEehKJRfr2oDbSacgCm28H5HN5yEn9EOh
4ySp750sw018CRli8O7RvcwAD2zfl48=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:36 2025 by rpki-client