Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/3230322e3132352e38332e302f32342d3234203d3e20313430343433.roa
File:                     3230322e3132352e38332e302f32342d3234203d3e20313430343433.roa (raw, json)
Hash identifier:          Ky8MrLU9AvVMvZfrLkoaRO/9X/2qSweH3weFbcGoV3c=
Subject key identifier:   2C:48:57:8E:13:A4:5C:65:47:22:9B:0A:01:0C:48:FF:DB:B1:1D:B2
Certificate issuer:       /CN=B0928A45D014D8D5FAD50314E828086F12B15610
Certificate serial:       33B729FBA0B7967CA269C0AFC7135F9ADBC290DD
Authority key identifier: B0:92:8A:45:D0:14:D8:D5:FA:D5:03:14:E8:28:08:6F:12:B1:56:10
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B0928A45D014D8D5FAD50314E828086F12B15610.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/3230322e3132352e38332e302f32342d3234203d3e20313430343433.roa
Signing time:             Tue 15 Apr 2025 06:00:00 +0000
ROA not before:           Tue 15 Apr 2025 05:55:00 +0000
ROA not after:            Tue 14 Apr 2026 06:00:00 +0000
asID:                     140443
IP address blocks:        202.125.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/B0928A45D014D8D5FAD50314E828086F12B15610.crl
                          rsync://repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/B0928A45D014D8D5FAD50314E828086F12B15610.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B0928A45D014D8D5FAD50314E828086F12B15610.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 08:44:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:b7:29:fb:a0:b7:96:7c:a2:69:c0:af:c7:13:5f:9a:db:c2:90:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B0928A45D014D8D5FAD50314E828086F12B15610
        Validity
            Not Before: Apr 15 05:55:00 2025 GMT
            Not After : Apr 14 06:00:00 2026 GMT
        Subject: CN=2C48578E13A45C6547229B0A010C48FFDBB11DB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:82:ce:54:ee:7d:a3:36:3c:3b:9a:c2:55:25:
                    05:c7:a2:a9:d5:b5:a6:3a:06:97:2e:50:0e:ff:ce:
                    e0:c2:60:2b:90:d1:fc:c9:68:d4:5e:a6:54:db:05:
                    88:cb:48:e2:a4:ca:26:a7:9f:b2:b8:34:15:ec:ae:
                    cb:b6:75:74:61:b0:89:6e:94:4b:de:40:c0:09:e7:
                    e9:dc:9d:f7:3c:df:07:84:56:15:8d:d1:ec:fd:3a:
                    a5:c7:9d:ef:08:a2:b3:55:54:9e:cb:9f:50:04:99:
                    ac:1a:0d:d4:8e:1d:2f:bc:07:83:59:a5:aa:33:8f:
                    b9:94:ed:a6:ea:69:47:28:40:35:6c:c3:24:fa:3d:
                    0b:a4:17:2c:b9:ee:aa:fe:34:f3:24:09:e9:01:48:
                    c5:8c:4f:fe:ff:f9:23:9b:2d:ba:99:19:62:4f:e7:
                    90:93:e8:39:19:30:28:b6:e1:08:25:95:80:3e:6b:
                    63:e9:5a:9a:81:86:c2:27:08:29:33:7d:59:f6:7a:
                    33:71:76:c0:bd:57:75:6e:d8:6f:54:cb:57:57:81:
                    9d:a6:5d:41:bb:5d:80:91:41:17:b2:15:ee:ec:91:
                    1a:3b:74:c8:78:99:cf:28:c7:1c:6c:7b:09:ec:cd:
                    37:de:8a:bb:a0:66:2e:92:bc:2c:2e:06:be:ad:c2:
                    c4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:48:57:8E:13:A4:5C:65:47:22:9B:0A:01:0C:48:FF:DB:B1:1D:B2
            X509v3 Authority Key Identifier:
                keyid:B0:92:8A:45:D0:14:D8:D5:FA:D5:03:14:E8:28:08:6F:12:B1:56:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/B0928A45D014D8D5FAD50314E828086F12B15610.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B0928A45D014D8D5FAD50314E828086F12B15610.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7cd323be-837d-4244-846c-7d2393a9a009/0/3230322e3132352e38332e302f32342d3234203d3e20313430343433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.125.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c2:e6:13:02:fd:35:62:cf:d9:24:18:ed:bd:77:c3:44:2e:
         33:bf:70:4b:f1:f0:cd:2e:54:70:bf:e3:81:f6:f7:70:15:85:
         65:eb:c4:8b:a5:f7:fa:8d:9e:08:95:dd:d3:68:b3:6a:14:ba:
         22:94:fe:88:5a:97:22:06:99:f1:51:c0:a2:50:85:a4:65:5c:
         d0:9e:96:31:47:5f:2a:d8:40:6d:3a:74:06:c0:69:ef:b4:a0:
         6e:f0:43:10:f0:ad:b6:5d:28:e3:85:27:35:c5:db:32:77:5e:
         07:f2:b7:8e:15:4e:c4:9d:f9:54:bb:a4:8e:ad:d5:13:aa:41:
         95:ed:9e:a4:da:c8:6f:90:06:a8:88:09:af:d1:2b:38:94:ee:
         bc:c8:75:e4:a0:6d:86:90:c6:25:f9:80:7c:cd:e2:34:72:6c:
         86:86:e0:80:20:9b:c1:c9:14:66:3b:4b:a4:e0:5f:85:a0:d0:
         dd:3e:7f:f8:5d:30:4d:25:60:4a:98:c4:75:32:1e:02:e2:2c:
         27:4d:ff:d5:c2:ee:7b:42:1c:8e:9e:d1:5a:ba:88:fe:bd:e4:
         d6:43:71:26:3d:39:2e:8f:b2:cd:4f:75:cd:86:2b:24:70:62:
         fc:8d:67:1d:fb:c8:c4:0a:63:a2:5d:d7:3d:0b:f8:eb:40:1a:
         68:5a:e5:60
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUM7cp+6C3lnyiacCvxxNfmtvCkN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjA5MjhBNDVEMDE0RDhENUZBRDUwMzE0RTgyODA4NkYx
MkIxNTYxMDAeFw0yNTA0MTUwNTU1MDBaFw0yNjA0MTQwNjAwMDBaMDMxMTAvBgNV
BAMTKDJDNDg1NzhFMTNBNDVDNjU0NzIyOUIwQTAxMEM0OEZGREJCMTFEQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDigs5U7n2jNjw7msJVJQXHoqnV
taY6BpcuUA7/zuDCYCuQ0fzJaNReplTbBYjLSOKkyiann7K4NBXsrsu2dXRhsIlu
lEveQMAJ5+ncnfc83weEVhWN0ez9OqXHne8IorNVVJ7Ln1AEmawaDdSOHS+8B4NZ
paozj7mU7abqaUcoQDVswyT6PQukFyy57qr+NPMkCekBSMWMT/7/+SObLbqZGWJP
55CT6DkZMCi24QgllYA+a2PpWpqBhsInCCkzfVn2ejNxdsC9V3Vu2G9Uy1dXgZ2m
XUG7XYCRQReyFe7skRo7dMh4mc8oxxxsewnszTfeirugZi6SvCwuBr6twsSbAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQULEhXjhOkXGVHIpsKAQxI/9uxHbIwHwYDVR0j
BBgwFoAUsJKKRdAU2NX61QMU6CgIbxKxVhAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
Y2QzMjNiZS04MzdkLTQyNDQtODQ2Yy03ZDIzOTNhOWEwMDkvMC9CMDkyOEE0NUQw
MTREOEQ1RkFENTAzMTRFODI4MDg2RjEyQjE1NjEwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjA5MjhBNDVEMDE0RDhENUZBRDUwMzE0RTgyODA4NkYxMkIx
NTYxMC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdjZDMyM2JlLTgzN2QtNDI0NC04
NDZjLTdkMjM5M2E5YTAwOS8wLzMyMzAzMjJlMzEzMjM1MmUzODMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNDMwMzQzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyn1TMA0GCSqG
SIb3DQEBCwUAA4IBAQCYwuYTAv01Ys/ZJBjtvXfDRC4zv3BL8fDNLlRwv+OB9vdw
FYVl68SLpff6jZ4Ild3TaLNqFLoilP6IWpciBpnxUcCiUIWkZVzQnpYxR18q2EBt
OnQGwGnvtKBu8EMQ8K22XSjjhSc1xdsyd14H8reOFU7EnflUu6SOrdUTqkGV7Z6k
2shvkAaoiAmv0Ss4lO68yHXkoG2GkMYl+YB8zeI0cmyGhuCAIJvByRRmO0uk4F+F
oNDdPn/4XTBNJWBKmMR1Mh4C4iwnTf/Vwu57QhyOntFauoj+veTWQ3EmPTkuj7LN
T3XNhiskcGL8jWcd+8jECmOiXdc9C/jrQBpoWuVg
-----END CERTIFICATE-----
Generated at Thu Apr 24 06:49:50 2025 by rpki-client on console.sobornost.net