Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37302e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e37302e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          IuagBHs+wXzOnacnPUkJxU6l40oN7NESENKBCYPpsBU=
Subject key identifier:   FF:78:FD:21:FB:F1:84:F9:05:97:5A:EE:93:B3:73:B1:6C:5E:AE:33
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       4C64C8365598C56179A707CD2E4277D81BA33A0E
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37302e302f32342d3234203d3e203233363935.roa
Signing time:             Wed 30 Jul 2025 04:02:55 +0000
ROA not before:           Wed 30 Jul 2025 03:57:55 +0000
ROA not after:            Wed 29 Jul 2026 04:02:55 +0000
asID:                     23695
IP address blocks:        202.173.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 21:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:64:c8:36:55:98:c5:61:79:a7:07:cd:2e:42:77:d8:1b:a3:3a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Jul 30 03:57:55 2025 GMT
            Not After : Jul 29 04:02:55 2026 GMT
        Subject: CN=FF78FD21FBF184F905975AEE93B373B16C5EAE33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f4:cf:28:d6:35:2d:ec:6b:38:a9:42:4d:ea:
                    31:bf:40:81:ca:b4:82:33:28:b8:45:12:fd:24:fc:
                    f9:6d:da:1e:be:e3:d1:e2:0e:49:a7:12:c9:ac:c8:
                    84:79:31:1f:e3:7d:e9:3b:74:b8:07:fc:eb:61:bd:
                    d3:66:6b:d8:2c:f5:9a:fe:a3:84:56:81:f6:25:96:
                    91:3b:20:59:12:73:a8:1e:73:b9:fa:fd:20:b8:71:
                    5c:eb:94:79:57:18:c8:05:c9:c9:84:b9:ae:3a:89:
                    d2:24:cb:7b:fc:59:fc:5e:08:30:c2:08:b5:90:a8:
                    73:53:9b:9c:2a:28:90:73:24:c7:a3:11:ec:61:b9:
                    19:94:ff:27:f6:0c:83:f5:40:38:09:fa:da:e3:48:
                    a1:84:52:61:e7:90:f2:e1:3c:8d:db:8f:82:7a:f9:
                    0f:ac:fd:a0:7e:4e:d5:f2:56:64:41:9d:ef:fd:c4:
                    53:7f:4d:9d:46:77:0a:56:b2:eb:b9:b9:c1:71:95:
                    34:54:05:87:e2:99:ee:93:e7:52:fe:10:d3:d6:35:
                    73:5b:9e:15:0b:54:ef:0a:49:a8:fc:62:ac:43:74:
                    e7:39:23:1b:6c:16:57:17:e6:74:27:3c:93:19:52:
                    c3:66:2d:9c:a5:3b:d5:43:bf:dc:ac:fa:7a:07:4b:
                    8a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:78:FD:21:FB:F1:84:F9:05:97:5A:EE:93:B3:73:B1:6C:5E:AE:33
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e37302e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:49:60:be:10:12:45:9d:41:9e:e1:09:b0:7f:48:7f:2c:0e:
         b4:6f:4d:11:df:dc:09:2a:3b:92:ae:58:0c:28:48:93:a8:18:
         d9:ff:75:94:48:d4:57:47:87:94:ea:3a:94:08:dc:9e:ae:ef:
         4f:12:6c:97:b7:10:c1:c4:61:7e:61:11:b9:41:7b:63:d9:13:
         71:22:aa:05:51:44:05:76:95:81:e2:f1:38:36:2e:7c:cd:61:
         89:10:93:db:ea:bd:f1:e3:3d:89:46:23:6d:ae:d2:05:fd:e3:
         9f:d5:2e:15:b9:3b:ee:30:46:9a:30:51:cb:b8:9b:5c:dd:e3:
         2e:a7:c6:30:60:0b:f7:c1:0f:78:7e:56:21:9a:ce:32:b7:a8:
         65:a2:fe:34:9c:b0:d9:ee:85:e6:a1:68:06:d9:81:d5:67:71:
         8a:d8:2c:cb:a6:48:d3:5b:e8:a6:55:bc:23:e2:dd:55:43:27:
         53:05:c3:97:29:d3:8c:1a:70:3f:ae:ee:c5:e0:9e:04:94:30:
         81:02:cc:7a:3c:5d:0a:15:4e:b8:f0:01:fc:6b:af:a6:d2:fd:
         94:74:62:ed:73:81:e9:e3:7b:26:e9:f9:27:f4:7c:d1:f0:7c:
         d9:e3:7e:c3:bd:9e:69:d2:35:ef:e3:f5:3e:e6:8a:30:d9:4f:
         6e:84:8e:a1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUTGTINlWYxWF5pwfNLkJ32BujOg4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNTA3MzAwMzU3NTVaFw0yNjA3MjkwNDAyNTVaMDMxMTAvBgNV
BAMTKEZGNzhGRDIxRkJGMTg0RjkwNTk3NUFFRTkzQjM3M0IxNkM1RUFFMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA9M8o1jUt7Gs4qUJN6jG/QIHK
tIIzKLhFEv0k/Plt2h6+49HiDkmnEsmsyIR5MR/jfek7dLgH/OthvdNma9gs9Zr+
o4RWgfYllpE7IFkSc6gec7n6/SC4cVzrlHlXGMgFycmEua46idIky3v8WfxeCDDC
CLWQqHNTm5wqKJBzJMejEexhuRmU/yf2DIP1QDgJ+trjSKGEUmHnkPLhPI3bj4J6
+Q+s/aB+TtXyVmRBne/9xFN/TZ1GdwpWsuu5ucFxlTRUBYfime6T51L+ENPWNXNb
nhULVO8KSaj8YqxDdOc5IxtsFlcX5nQnPJMZUsNmLZylO9VDv9ys+noHS4pNAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU/3j9IfvxhPkFl1ruk7NzsWxerjMwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzNzMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtRjANBgkqhkiG
9w0BAQsFAAOCAQEAqUlgvhASRZ1BnuEJsH9IfywOtG9NEd/cCSo7kq5YDChIk6gY
2f91lEjUV0eHlOo6lAjcnq7vTxJsl7cQwcRhfmERuUF7Y9kTcSKqBVFEBXaVgeLx
ODYufM1hiRCT2+q98eM9iUYjba7SBf3jn9UuFbk77jBGmjBRy7ibXN3jLqfGMGAL
98EPeH5WIZrOMreoZaL+NJyw2e6F5qFoBtmB1Wdxitgsy6ZI01voplW8I+LdVUMn
UwXDlynTjBpwP67uxeCeBJQwgQLMejxdChVOuPAB/GuvptL9lHRi7XOB6eN7Jun5
J/R80fB82eN+w72eadI17+P1PuaKMNlPboSOoQ==
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:43 2025 by rpki-client