Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3139322e3134302e3232342e302f32332d3234203d3e203536323333.roa
File:                     3139322e3134302e3232342e302f32332d3234203d3e203536323333.roa (raw, json)
Hash identifier:          BlXsQ1QjfVoT6J0SDJFst3KLhMp6LiWyqHWFZlBXj2o=
Subject key identifier:   B2:FF:50:1D:E7:AF:82:1C:35:67:B7:98:13:7A:03:33:A1:DB:AC:F8
Certificate issuer:       /CN=DF1CEA0313DA7500D70AE089169B4BBEE54CA859
Certificate serial:       62962BA1D2FF22215E24C0105213403158685199
Authority key identifier: DF:1C:EA:03:13:DA:75:00:D7:0A:E0:89:16:9B:4B:BE:E5:4C:A8:59
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3139322e3134302e3232342e302f32332d3234203d3e203536323333.roa
Signing time:             Mon 09 Jun 2025 11:00:01 +0000
ROA not before:           Mon 09 Jun 2025 10:55:01 +0000
ROA not after:            Mon 08 Jun 2026 11:00:01 +0000
asID:                     56233
IP address blocks:        192.140.224.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.crl
                          rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 02 Jul 2025 22:40:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:96:2b:a1:d2:ff:22:21:5e:24:c0:10:52:13:40:31:58:68:51:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DF1CEA0313DA7500D70AE089169B4BBEE54CA859
        Validity
            Not Before: Jun  9 10:55:01 2025 GMT
            Not After : Jun  8 11:00:01 2026 GMT
        Subject: CN=B2FF501DE7AF821C3567B798137A0333A1DBACF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5c:99:6f:1a:c4:05:43:5b:65:6b:81:c7:29:
                    2c:d6:c3:58:ac:26:2c:46:39:1a:01:12:ea:f6:9d:
                    68:f9:18:60:a5:f2:ec:5a:ef:d9:10:60:a0:47:da:
                    76:a8:0e:5f:0e:d9:1a:7a:fe:bf:aa:dd:64:fe:c2:
                    6c:73:60:fc:a7:f0:ef:8c:a2:6e:68:f4:11:e1:e7:
                    60:a6:f4:2c:97:39:77:cc:82:ed:8b:dc:83:1f:82:
                    94:6c:51:3c:57:b6:28:af:c6:5e:c0:19:c4:e9:42:
                    54:23:8b:c1:2e:78:33:0c:0b:56:23:15:89:72:b0:
                    ae:e9:20:16:5d:a9:d3:8e:23:bd:e1:a7:f1:99:88:
                    8a:ef:ee:92:88:e6:dd:34:c3:cd:29:d8:0c:b7:28:
                    68:90:35:b1:c7:3f:cd:f2:f8:89:7c:c5:10:87:ce:
                    42:ff:82:94:43:6f:68:62:bc:92:36:13:75:cc:16:
                    95:ae:20:bc:3f:6a:8f:09:28:80:b8:1c:f6:2a:32:
                    52:5e:49:d1:dc:c9:2a:79:c5:1b:f2:db:d9:14:77:
                    e3:b3:e2:91:aa:86:eb:d1:ec:54:60:11:8c:0c:ba:
                    8a:31:d1:df:0b:7c:f7:bf:fc:b3:3c:94:b7:f3:38:
                    d7:41:20:71:14:47:ed:c5:40:08:f2:f9:51:bf:af:
                    72:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:FF:50:1D:E7:AF:82:1C:35:67:B7:98:13:7A:03:33:A1:DB:AC:F8
            X509v3 Authority Key Identifier:
                keyid:DF:1C:EA:03:13:DA:75:00:D7:0A:E0:89:16:9B:4B:BE:E5:4C:A8:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF1CEA0313DA7500D70AE089169B4BBEE54CA859.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/04fd4bc2-41d4-42e6-a7ff-59493885126a/0/3139322e3134302e3232342e302f32332d3234203d3e203536323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.140.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:9a:1e:2f:e7:22:6e:ee:62:1a:0c:71:c0:95:35:21:8c:fa:
         ca:ed:ac:69:55:61:e4:33:5e:0a:9d:65:d7:b8:6b:b0:fa:7e:
         8e:36:f4:e3:8d:2b:37:91:ad:be:35:43:36:66:40:12:32:98:
         8d:74:a1:84:4d:de:39:a8:c7:f1:d5:2c:23:8c:6a:53:47:12:
         d1:29:a4:2c:a0:c3:f9:b9:a8:1b:01:e1:8b:4c:43:65:d7:4a:
         c0:64:f4:09:f4:0a:d3:02:77:68:88:3d:ba:25:38:19:5f:e3:
         e8:98:02:51:62:bc:2f:f8:45:b2:a7:3c:ef:41:21:6f:6c:78:
         04:12:11:11:2c:56:7c:a8:4a:db:10:c2:83:fb:94:b2:8a:91:
         eb:92:b6:39:10:55:02:1b:3e:d7:cc:07:0b:84:52:e0:f9:d2:
         9a:be:a4:79:72:bd:c8:47:3c:d4:8f:f7:dd:c1:8a:ab:1a:26:
         8b:92:17:13:d1:7d:4b:dc:89:21:73:fc:3a:28:e1:81:08:8e:
         17:de:a5:02:7f:42:e9:89:f5:fc:19:05:be:83:f9:82:05:03:
         b1:6c:ee:39:13:a7:40:e2:02:1a:ae:52:27:65:5e:3e:fc:3f:
         80:c8:2e:f3:77:22:1c:33:2c:bd:fc:16:61:d3:ce:fa:9c:71:
         cd:1e:b1:c7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUYpYrodL/IiFeJMAQUhNAMVhoUZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREYxQ0VBMDMxM0RBNzUwMEQ3MEFFMDg5MTY5QjRCQkVF
NTRDQTg1OTAeFw0yNTA2MDkxMDU1MDFaFw0yNjA2MDgxMTAwMDFaMDMxMTAvBgNV
BAMTKEIyRkY1MDFERTdBRjgyMUMzNTY3Qjc5ODEzN0EwMzMzQTFEQkFDRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEXJlvGsQFQ1tla4HHKSzWw1is
JixGORoBEur2nWj5GGCl8uxa79kQYKBH2naoDl8O2Rp6/r+q3WT+wmxzYPyn8O+M
om5o9BHh52Cm9CyXOXfMgu2L3IMfgpRsUTxXtiivxl7AGcTpQlQji8EueDMMC1Yj
FYlysK7pIBZdqdOOI73hp/GZiIrv7pKI5t00w80p2Ay3KGiQNbHHP83y+Il8xRCH
zkL/gpRDb2hivJI2E3XMFpWuILw/ao8JKIC4HPYqMlJeSdHcySp5xRvy29kUd+Oz
4pGqhuvR7FRgEYwMuoox0d8LfPe//LM8lLfzONdBIHEUR+3FQAjy+VG/r3LjAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUsv9QHeevghw1Z7eYE3oDM6HbrPgwHwYDVR0j
BBgwFoAU3xzqAxPadQDXCuCJFptLvuVMqFkwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
NGZkNGJjMi00MWQ0LTQyZTYtYTdmZi01OTQ5Mzg4NTEyNmEvMC9ERjFDRUEwMzEz
REE3NTAwRDcwQUUwODkxNjlCNEJCRUU1NENBODU5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREYxQ0VBMDMxM0RBNzUwMEQ3MEFFMDg5MTY5QjRCQkVFNTRD
QTg1OS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzA0ZmQ0YmMyLTQxZDQtNDJlNi1h
N2ZmLTU5NDkzODg1MTI2YS8wLzMxMzkzMjJlMzEzNDMwMmUzMjMyMzQyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzNTM2MzIzMzMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwIzgMA0GCSqG
SIb3DQEBCwUAA4IBAQAWmh4v5yJu7mIaDHHAlTUhjPrK7axpVWHkM14KnWXXuGuw
+n6ONvTjjSs3ka2+NUM2ZkASMpiNdKGETd45qMfx1SwjjGpTRxLRKaQsoMP5uagb
AeGLTENl10rAZPQJ9ArTAndoiD26JTgZX+PomAJRYrwv+EWypzzvQSFvbHgEEhER
LFZ8qErbEMKD+5SyipHrkrY5EFUCGz7XzAcLhFLg+dKavqR5cr3IRzzUj/fdwYqr
GiaLkhcT0X1L3Ikhc/w6KOGBCI4X3qUCf0LpifX8GQW+g/mCBQOxbO45E6dA4gIa
rlInZV4+/D+AyC7zdyIcMyy9/BZh0876nHHNHrHH
-----END CERTIFICATE-----
Generated at Tue Jul 1 16:45:43 2025 by rpki-client