Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38302e302f32342d3234203d3e203233363935.roa
File:                     3230322e3137332e38302e302f32342d3234203d3e203233363935.roa (raw, json)
Hash identifier:          Vmt2hMQ1PzBTrS/Zf6NsqZ+thU+zV90I3cLmY00k7VU=
Subject key identifier:   BA:5B:E9:BA:51:89:8F:BF:8B:E3:3B:AB:66:13:82:D5:72:0D:42:B3
Certificate issuer:       /CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
Certificate serial:       67C06D61BCD2B1FC93E9BA406364D8026AAAA8D2
Authority key identifier: 41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38302e302f32342d3234203d3e203233363935.roa
Signing time:             Wed 30 Jul 2025 04:02:55 +0000
ROA not before:           Wed 30 Jul 2025 03:57:55 +0000
ROA not after:            Wed 29 Jul 2026 04:02:55 +0000
asID:                     23695
IP address blocks:        202.173.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl
                          rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 21:53:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:c0:6d:61:bc:d2:b1:fc:93:e9:ba:40:63:64:d8:02:6a:aa:a8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41E09326F68CE0113635EACAF4E37394AE4E2D8C
        Validity
            Not Before: Jul 30 03:57:55 2025 GMT
            Not After : Jul 29 04:02:55 2026 GMT
        Subject: CN=BA5BE9BA51898FBF8BE33BAB661382D5720D42B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1c:97:a9:99:13:7f:fc:08:6d:79:49:1c:6d:
                    a1:6a:90:85:a3:4e:3e:67:26:56:4f:21:4b:75:79:
                    3a:04:40:35:2a:a8:2e:dd:47:f0:52:cb:2b:3d:b3:
                    49:67:0b:83:c2:06:b7:15:4f:5d:47:13:fc:dc:e1:
                    eb:b9:62:7d:69:eb:26:15:07:1b:24:0d:34:2c:9e:
                    e1:07:c7:d8:5e:1b:c9:d7:b9:bc:9d:7d:47:d2:71:
                    57:1c:66:b2:08:0b:cb:78:1b:13:f6:74:dd:55:18:
                    e5:58:db:d7:86:b2:34:b2:59:be:d3:eb:65:9f:b2:
                    46:c1:47:5a:bd:f1:a6:05:1a:3b:bb:78:08:7e:72:
                    27:36:ca:56:49:ef:6e:19:ca:84:a2:3b:82:c9:0b:
                    79:8a:6a:e8:51:e9:8a:f1:43:0e:c8:70:b0:24:d3:
                    cc:4b:b1:c0:20:9b:5f:93:6a:0b:c8:6e:f4:c7:73:
                    a2:5c:4b:c2:3a:79:ce:31:7c:7a:2a:98:33:48:51:
                    1f:f4:a9:4d:87:37:72:0a:44:7b:da:0c:95:5b:6f:
                    92:4b:7d:cd:a6:da:9c:e6:a2:fe:c8:2a:ae:75:22:
                    5b:ec:4b:dd:3f:00:bc:c8:8e:cb:9f:0c:92:fc:58:
                    22:3a:be:0a:2e:52:09:8f:5c:27:ef:95:ee:c6:b9:
                    2e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:5B:E9:BA:51:89:8F:BF:8B:E3:3B:AB:66:13:82:D5:72:0D:42:B3
            X509v3 Authority Key Identifier:
                keyid:41:E0:93:26:F6:8C:E0:11:36:35:EA:CA:F4:E3:73:94:AE:4E:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/41E09326F68CE0113635EACAF4E37394AE4E2D8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/41E09326F68CE0113635EACAF4E37394AE4E2D8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6f0f2bd9-42ae-449a-8d57-b26da04d7ee1/0/3230322e3137332e38302e302f32342d3234203d3e203233363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.173.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:19:1a:ea:88:9b:58:65:fa:71:d6:9f:e4:e0:6a:ba:f8:83:
         eb:ac:52:76:44:97:f5:6e:93:62:eb:1a:23:a1:aa:0f:f4:cf:
         5f:23:b9:23:25:f4:09:5c:ee:67:df:ef:82:e8:af:63:c6:b5:
         ca:85:ef:e6:fc:09:7d:d4:be:cc:fb:e8:35:63:67:9e:6f:2c:
         2c:30:20:ca:a2:37:96:24:20:93:de:aa:03:6e:be:17:11:15:
         bd:bd:62:dd:f0:5a:7b:d2:27:03:40:fb:76:97:1c:fc:1f:85:
         2a:a8:f9:55:05:f4:dc:fc:4c:fa:29:38:a2:4e:5e:d2:74:ad:
         e3:d3:02:1f:37:97:aa:bb:90:66:ba:fc:6c:7a:b4:3f:e1:de:
         36:e0:0f:c5:51:7a:c0:70:74:07:98:5b:3f:87:2e:82:9e:83:
         1e:5c:78:67:f9:ce:70:66:4c:44:a3:c6:f0:41:19:ec:e4:bf:
         69:da:ad:53:e6:ba:da:be:e0:5b:33:ae:7c:99:8a:a0:55:54:
         e7:52:2f:a4:36:01:15:b7:d8:cc:8a:a7:64:3c:0f:86:f4:57:
         ee:b2:8b:a4:8c:c0:c6:78:f7:82:a5:b0:58:cc:84:3f:0f:69:
         21:ed:d7:73:5b:51:e6:ae:6b:09:aa:e1:ce:b9:b0:44:bb:92:
         58:2b:47:f1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUZ8BtYbzSsfyT6bpAY2TYAmqqqNIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRB
RTRFMkQ4QzAeFw0yNTA3MzAwMzU3NTVaFw0yNjA3MjkwNDAyNTVaMDMxMTAvBgNV
BAMTKEJBNUJFOUJBNTE4OThGQkY4QkUzM0JBQjY2MTM4MkQ1NzIwRDQyQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWHJepmRN//AhteUkcbaFqkIWj
Tj5nJlZPIUt1eToEQDUqqC7dR/BSyys9s0lnC4PCBrcVT11HE/zc4eu5Yn1p6yYV
BxskDTQsnuEHx9heG8nXubydfUfScVccZrIIC8t4GxP2dN1VGOVY29eGsjSyWb7T
62WfskbBR1q98aYFGju7eAh+cic2ylZJ724ZyoSiO4LJC3mKauhR6YrxQw7IcLAk
08xLscAgm1+TagvIbvTHc6JcS8I6ec4xfHoqmDNIUR/0qU2HN3IKRHvaDJVbb5JL
fc2m2pzmov7IKq51IlvsS90/ALzIjsufDJL8WCI6vgouUgmPXCfvle7GuS6XAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUulvpulGJj7+L4zurZhOC1XINQrMwHwYDVR0j
BBgwFoAUQeCTJvaM4BE2NerK9ONzlK5OLYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
ZjBmMmJkOS00MmFlLTQ0OWEtOGQ1Ny1iMjZkYTA0ZDdlZTEvMC80MUUwOTMyNkY2
OENFMDExMzYzNUVBQ0FGNEUzNzM5NEFFNEUyRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDFFMDkzMjZGNjhDRTAxMTM2MzVFQUNBRjRFMzczOTRBRTRF
MkQ4Qy5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZmMGYyYmQ5LTQyYWUtNDQ5YS04
ZDU3LWIyNmRhMDRkN2VlMS8wLzMyMzAzMjJlMzEzNzMzMmUzODMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMqtUDANBgkqhkiG
9w0BAQsFAAOCAQEADRka6oibWGX6cdaf5OBquviD66xSdkSX9W6TYusaI6GqD/TP
XyO5IyX0CVzuZ9/vguivY8a1yoXv5vwJfdS+zPvoNWNnnm8sLDAgyqI3liQgk96q
A26+FxEVvb1i3fBae9InA0D7dpcc/B+FKqj5VQX03PxM+ik4ok5e0nSt49MCHzeX
qruQZrr8bHq0P+HeNuAPxVF6wHB0B5hbP4cugp6DHlx4Z/nOcGZMRKPG8EEZ7OS/
adqtU+a62r7gWzOufJmKoFVU51IvpDYBFbfYzIqnZDwPhvRX7rKLpIzAxnj3gqWw
WMyEPw9pIe3Xc1tR5q5rCarhzrmwRLuSWCtH8Q==
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:35 2025 by rpki-client