Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/3132322e3230302e3134342e302f32312d3234203d3e203338313438.roa
File:                     3132322e3230302e3134342e302f32312d3234203d3e203338313438.roa (raw, json)
Hash identifier:          q36ZaNZnng4e3YSesfRm7Xhg/e4wHbxv2r58SbE/Hyw=
Subject key identifier:   84:5E:AC:C7:D3:72:06:62:CF:60:CF:D6:A2:D9:D9:3B:88:6C:FE:EB
Certificate issuer:       /CN=B921DAABB84949DDC2500D4F0A6D93FA0EB384E1
Certificate serial:       383D4170A73CCC3AD12DD2476780777515EEA599
Authority key identifier: B9:21:DA:AB:B8:49:49:DD:C2:50:0D:4F:0A:6D:93:FA:0E:B3:84:E1
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/3132322e3230302e3134342e302f32312d3234203d3e203338313438.roa
Signing time:             Wed 17 Sep 2025 14:00:01 +0000
ROA not before:           Wed 17 Sep 2025 13:55:01 +0000
ROA not after:            Wed 16 Sep 2026 14:00:01 +0000
asID:                     38148
IP address blocks:        122.200.144.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.crl
                          rsync://repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 10:11:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:3d:41:70:a7:3c:cc:3a:d1:2d:d2:47:67:80:77:75:15:ee:a5:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B921DAABB84949DDC2500D4F0A6D93FA0EB384E1
        Validity
            Not Before: Sep 17 13:55:01 2025 GMT
            Not After : Sep 16 14:00:01 2026 GMT
        Subject: CN=845EACC7D3720662CF60CFD6A2D9D93B886CFEEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:34:d3:2a:19:57:4d:14:0d:34:81:8f:26:b5:
                    83:68:c3:47:cd:2e:32:2e:04:5f:c6:67:01:14:61:
                    0b:fc:fe:cd:53:5e:d5:23:d7:1d:46:e4:2b:f8:63:
                    e8:3f:0b:08:d3:f6:8d:7a:f5:38:92:49:b3:71:b4:
                    74:06:c0:55:97:db:02:71:04:49:79:f5:7f:0f:d4:
                    81:ba:e1:3d:41:09:12:84:67:b2:7f:2c:d1:35:a4:
                    b2:aa:09:d2:0b:23:14:b4:ae:3e:29:20:9d:e0:e7:
                    cc:b7:61:13:86:f9:48:18:75:5b:fc:6c:0e:3a:20:
                    59:34:ed:c0:ac:01:e2:60:17:d9:da:55:df:e9:34:
                    8a:35:b7:ab:68:78:71:89:f7:33:ac:cf:af:ff:46:
                    64:25:b2:fa:4f:7b:fd:71:b5:86:ca:11:16:ae:b0:
                    dd:e4:6b:c0:71:0f:50:7d:cc:a7:37:c1:7d:e8:e0:
                    67:d8:56:74:b9:3a:7f:e4:86:9c:3f:e5:64:32:7f:
                    23:e8:45:b7:b3:23:e9:d8:79:3a:74:e6:23:71:a6:
                    78:48:9d:dd:24:bf:82:5e:de:9f:ef:cc:93:78:65:
                    31:0a:aa:ab:59:50:4e:1a:b8:aa:63:38:86:b7:a1:
                    d8:92:be:42:90:01:d0:4a:63:b5:7d:69:58:a0:c6:
                    c6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:5E:AC:C7:D3:72:06:62:CF:60:CF:D6:A2:D9:D9:3B:88:6C:FE:EB
            X509v3 Authority Key Identifier:
                keyid:B9:21:DA:AB:B8:49:49:DD:C2:50:0D:4F:0A:6D:93:FA:0E:B3:84:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B921DAABB84949DDC2500D4F0A6D93FA0EB384E1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/1592c274-11db-4127-babb-aeae99284b00/0/3132322e3230302e3134342e302f32312d3234203d3e203338313438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.200.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:b0:f3:89:d8:83:c4:18:71:13:54:4e:a6:91:d1:80:08:08:
         11:f8:d2:9c:50:ac:34:b8:cc:b0:1e:11:cf:18:70:08:cc:07:
         e8:34:0a:cf:18:92:9a:3f:7f:4d:bb:20:cd:ef:e8:d6:00:44:
         33:6f:d6:3e:92:bb:08:40:97:d9:77:60:ac:7e:dd:15:7d:e2:
         ee:91:b5:93:7d:f2:d1:4c:e9:f0:78:5c:47:be:9e:c9:63:97:
         ce:c1:57:1b:fb:64:b0:4d:49:b6:0a:22:0c:c5:bc:9c:f3:81:
         15:ba:38:58:4a:ba:5a:1f:f1:9f:9d:5e:05:76:d4:40:be:b7:
         68:de:53:5f:9c:44:57:b9:73:c7:06:d8:49:b8:26:f1:9b:c1:
         ed:1d:09:ec:08:f7:4f:af:d1:3c:13:6f:61:3f:82:0e:2c:a6:
         e3:05:12:f7:e1:b0:ef:33:ee:8e:33:14:e0:5c:ea:83:60:cf:
         9d:9d:5e:5e:e1:11:8f:f7:21:70:e6:ea:d2:a5:27:ac:24:84:
         37:b3:b0:e3:9c:7b:b0:ce:01:a0:64:d6:7d:d4:b1:f1:e0:a0:
         c0:ee:39:e3:15:41:4d:ed:41:e1:de:22:b7:82:a0:5b:73:53:
         5e:f6:cd:37:d8:d8:63:18:75:0e:d8:a8:9e:b6:d6:7e:6d:3e:
         20:83:f2:22
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUOD1BcKc8zDrRLdJHZ4B3dRXupZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjkyMURBQUJCODQ5NDlEREMyNTAwRDRGMEE2RDkzRkEw
RUIzODRFMTAeFw0yNTA5MTcxMzU1MDFaFw0yNjA5MTYxNDAwMDFaMDMxMTAvBgNV
BAMTKDg0NUVBQ0M3RDM3MjA2NjJDRjYwQ0ZENkEyRDlEOTNCODg2Q0ZFRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpNNMqGVdNFA00gY8mtYNow0fN
LjIuBF/GZwEUYQv8/s1TXtUj1x1G5Cv4Y+g/CwjT9o169TiSSbNxtHQGwFWX2wJx
BEl59X8P1IG64T1BCRKEZ7J/LNE1pLKqCdILIxS0rj4pIJ3g58y3YROG+UgYdVv8
bA46IFk07cCsAeJgF9naVd/pNIo1t6toeHGJ9zOsz6//RmQlsvpPe/1xtYbKERau
sN3ka8BxD1B9zKc3wX3o4GfYVnS5On/khpw/5WQyfyPoRbezI+nYeTp05iNxpnhI
nd0kv4Je3p/vzJN4ZTEKqqtZUE4auKpjOIa3odiSvkKQAdBKY7V9aVigxsZvAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUhF6sx9NyBmLPYM/WotnZO4hs/uswHwYDVR0j
BBgwFoAUuSHaq7hJSd3CUA1PCm2T+g6zhOEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
NTkyYzI3NC0xMWRiLTQxMjctYmFiYi1hZWFlOTkyODRiMDAvMC9COTIxREFBQkI4
NDk0OUREQzI1MDBENEYwQTZEOTNGQTBFQjM4NEUxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjkyMURBQUJCODQ5NDlEREMyNTAwRDRGMEE2RDkzRkEwRUIz
ODRFMS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE1OTJjMjc0LTExZGItNDEyNy1i
YWJiLWFlYWU5OTI4NGIwMC8wLzMxMzIzMjJlMzIzMDMwMmUzMTM0MzQyZTMwMmYz
MjMxMmQzMjM0MjAzZDNlMjAzMzM4MzEzNDM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDesiQMA0GCSqG
SIb3DQEBCwUAA4IBAQBisPOJ2IPEGHETVE6mkdGACAgR+NKcUKw0uMywHhHPGHAI
zAfoNArPGJKaP39NuyDN7+jWAEQzb9Y+krsIQJfZd2Csft0VfeLukbWTffLRTOnw
eFxHvp7JY5fOwVcb+2SwTUm2CiIMxbyc84EVujhYSrpaH/GfnV4FdtRAvrdo3lNf
nERXuXPHBthJuCbxm8HtHQnsCPdPr9E8E29hP4IOLKbjBRL34bDvM+6OMxTgXOqD
YM+dnV5e4RGP9yFw5urSpSesJIQ3s7DjnHuwzgGgZNZ91LHx4KDA7jnjFUFN7UHh
3iK3gqBbc1Ne9s032NhjGHUO2KiettZ+bT4gg/Ii
-----END CERTIFICATE-----
Generated at Tue Oct 21 03:05:38 2025 by rpki-client