Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/3230322e38302e3131322e302f32302d3234203d3e203233363939.roa
File:                     3230322e38302e3131322e302f32302d3234203d3e203233363939.roa (raw, json)
Hash identifier:          gm33V+FpkTZp4vhfMn0R1HmBUVRHmRHaTZRlyRWh1Lc=
Subject key identifier:   E0:16:19:62:59:76:50:34:13:1F:B9:73:65:B5:2B:9F:23:89:AE:93
Certificate issuer:       /CN=BE69E9E299CE2DFF176C7EFAB145442D3C790DC8
Certificate serial:       63291732D4B511D210D61A7F83996B8D9EA39E8A
Authority key identifier: BE:69:E9:E2:99:CE:2D:FF:17:6C:7E:FA:B1:45:44:2D:3C:79:0D:C8
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/3230322e38302e3131322e302f32302d3234203d3e203233363939.roa
Signing time:             Thu 11 Sep 2025 05:00:01 +0000
ROA not before:           Thu 11 Sep 2025 04:55:01 +0000
ROA not after:            Thu 10 Sep 2026 05:00:01 +0000
asID:                     23699
IP address blocks:        202.80.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.crl
                          rsync://repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 04:37:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:29:17:32:d4:b5:11:d2:10:d6:1a:7f:83:99:6b:8d:9e:a3:9e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BE69E9E299CE2DFF176C7EFAB145442D3C790DC8
        Validity
            Not Before: Sep 11 04:55:01 2025 GMT
            Not After : Sep 10 05:00:01 2026 GMT
        Subject: CN=E016196259765034131FB97365B52B9F2389AE93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b1:73:ff:f4:8a:0f:b6:ac:4a:bf:c6:9a:a2:
                    6d:c1:8b:72:03:b8:ca:a2:c5:dc:60:86:e6:a0:94:
                    b5:2a:bc:f6:e4:f4:20:93:ae:aa:29:15:bb:c7:3b:
                    99:22:11:55:a8:25:6d:ae:db:65:c2:49:b9:1b:21:
                    46:da:02:1b:c7:1e:8e:33:9d:25:3c:da:fc:af:ad:
                    36:b6:70:ea:bd:7f:41:ff:7c:fb:9c:18:4c:79:08:
                    2e:32:1f:94:70:f0:f5:75:32:18:01:b1:39:5d:1d:
                    9e:6b:16:6e:e5:87:23:b7:d3:be:da:bb:21:ac:5f:
                    ac:6a:eb:fc:a6:b0:8d:30:d7:e3:af:a0:5b:af:b3:
                    a2:fb:9f:99:49:3d:73:5b:09:98:77:9f:8c:d4:b0:
                    c7:91:e3:88:83:e1:7f:06:9b:87:b5:5a:ef:f1:75:
                    6f:87:bd:6c:a2:78:3c:55:7e:bb:b1:04:f3:86:74:
                    57:90:dd:47:6d:10:84:47:b3:a9:c8:f1:e6:bc:1b:
                    67:92:8a:1d:59:6c:3e:e6:d1:97:62:fa:6d:f8:ca:
                    b9:89:70:ac:c1:97:5c:2d:31:f0:40:73:33:16:b9:
                    72:b9:57:0f:e4:05:f1:de:11:c4:89:28:44:fd:66:
                    ba:9a:43:de:d5:fd:fb:38:ec:ae:39:21:ac:0a:b4:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:16:19:62:59:76:50:34:13:1F:B9:73:65:B5:2B:9F:23:89:AE:93
            X509v3 Authority Key Identifier:
                keyid:BE:69:E9:E2:99:CE:2D:FF:17:6C:7E:FA:B1:45:44:2D:3C:79:0D:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BE69E9E299CE2DFF176C7EFAB145442D3C790DC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/f38a2319-b4ff-4973-8da9-c41ad2f731f3/0/3230322e38302e3131322e302f32302d3234203d3e203233363939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.80.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:42:8f:43:aa:64:69:66:f6:9a:97:de:c6:0a:9d:29:9b:53:
         7f:36:1a:52:d8:e1:20:7e:74:a2:f7:a4:89:de:b9:08:c6:8c:
         88:f8:42:7b:e7:64:75:03:85:31:4f:f9:28:1f:9d:f0:ed:f8:
         bf:e8:66:64:60:2d:69:3f:f9:5c:58:12:2e:ac:17:5d:3c:d3:
         f8:1b:7b:25:c4:0c:97:d7:5c:f7:65:0b:85:62:a1:dc:77:bb:
         3c:da:c5:30:31:34:a9:7b:2b:c4:b3:af:f4:0a:e2:f9:38:f9:
         40:19:5d:50:29:20:4c:4b:d1:c5:b0:0a:be:cf:9c:0f:1a:7a:
         08:f2:90:ba:d1:61:6c:89:1b:1c:3f:70:23:fc:c7:20:2a:31:
         c4:4f:98:db:cc:0c:54:a8:08:05:7b:61:f5:90:f7:3c:7d:e4:
         46:72:43:47:f8:41:41:e4:74:4d:56:94:e1:2e:c5:ec:53:42:
         31:1e:77:04:cf:d6:e2:56:3b:f6:3b:d0:3b:e4:5b:2f:a4:9b:
         49:e3:ce:df:1a:1a:c3:5e:10:57:a5:29:16:2d:51:e7:8a:29:
         90:c6:e3:3d:e2:96:3d:8b:af:66:94:10:a0:06:d0:33:84:93:
         81:32:0a:d1:48:f7:44:d8:a8:a2:58:37:7c:f6:cd:93:7c:3a:
         92:d1:e9:fe
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUYykXMtS1EdIQ1hp/g5lrjZ6jnoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkU2OUU5RTI5OUNFMkRGRjE3NkM3RUZBQjE0NTQ0MkQz
Qzc5MERDODAeFw0yNTA5MTEwNDU1MDFaFw0yNjA5MTAwNTAwMDFaMDMxMTAvBgNV
BAMTKEUwMTYxOTYyNTk3NjUwMzQxMzFGQjk3MzY1QjUyQjlGMjM4OUFFOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpsXP/9IoPtqxKv8aaom3Bi3ID
uMqixdxghuaglLUqvPbk9CCTrqopFbvHO5kiEVWoJW2u22XCSbkbIUbaAhvHHo4z
nSU82vyvrTa2cOq9f0H/fPucGEx5CC4yH5Rw8PV1MhgBsTldHZ5rFm7lhyO3077a
uyGsX6xq6/ymsI0w1+OvoFuvs6L7n5lJPXNbCZh3n4zUsMeR44iD4X8Gm4e1Wu/x
dW+HvWyieDxVfruxBPOGdFeQ3UdtEIRHs6nI8ea8G2eSih1ZbD7m0Zdi+m34yrmJ
cKzBl1wtMfBAczMWuXK5Vw/kBfHeEcSJKET9ZrqaQ97V/fs47K45IawKtEzVAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU4BYZYll2UDQTH7lzZbUrnyOJrpMwHwYDVR0j
BBgwFoAUvmnp4pnOLf8XbH76sUVELTx5DcgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9m
MzhhMjMxOS1iNGZmLTQ5NzMtOGRhOS1jNDFhZDJmNzMxZjMvMC9CRTY5RTlFMjk5
Q0UyREZGMTc2QzdFRkFCMTQ1NDQyRDNDNzkwREM4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQkU2OUU5RTI5OUNFMkRGRjE3NkM3RUZBQjE0NTQ0MkQzQzc5
MERDOC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2YzOGEyMzE5LWI0ZmYtNDk3My04
ZGE5LWM0MWFkMmY3MzFmMy8wLzMyMzAzMjJlMzgzMDJlMzEzMTMyMmUzMDJmMzIz
MDJkMzIzNDIwM2QzZTIwMzIzMzM2MzkzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBMpQcDANBgkqhkiG
9w0BAQsFAAOCAQEAh0KPQ6pkaWb2mpfexgqdKZtTfzYaUtjhIH50ovekid65CMaM
iPhCe+dkdQOFMU/5KB+d8O34v+hmZGAtaT/5XFgSLqwXXTzT+Bt7JcQMl9dc92UL
hWKh3He7PNrFMDE0qXsrxLOv9Ari+Tj5QBldUCkgTEvRxbAKvs+cDxp6CPKQutFh
bIkbHD9wI/zHICoxxE+Y28wMVKgIBXth9ZD3PH3kRnJDR/hBQeR0TVaU4S7F7FNC
MR53BM/W4lY79jvQO+RbL6SbSePO3xoaw14QV6UpFi1R54opkMbjPeKWPYuvZpQQ
oAbQM4STgTIK0Uj3RNioolg3fPbNk3w6ktHp/g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:40:18 2025 by rpki-client