Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/34352e3131372e3133322e302f32332d3234203d3e20313532303038.roa
File:                     34352e3131372e3133322e302f32332d3234203d3e20313532303038.roa (raw, json)
Hash identifier:          vsLIgIdtrTNWl7Rz7Ctudnow9DnVKuYX5ZMk8sfL1S4=
Subject key identifier:   69:FE:EA:24:BF:C3:65:91:FB:4D:91:29:17:70:BC:C8:CB:24:6C:DD
Certificate issuer:       /CN=DD8ADB0CD599281204D387EB652787650920B6C5
Certificate serial:       7D9A8CC25FF0FB9620025C6C512D6E53EADCB68F
Authority key identifier: DD:8A:DB:0C:D5:99:28:12:04:D3:87:EB:65:27:87:65:09:20:B6:C5
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DD8ADB0CD599281204D387EB652787650920B6C5.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/34352e3131372e3133322e302f32332d3234203d3e20313532303038.roa
Signing time:             Sat 04 Oct 2025 15:00:02 +0000
ROA not before:           Sat 04 Oct 2025 14:55:02 +0000
ROA not after:            Sat 03 Oct 2026 15:00:02 +0000
asID:                     152008
IP address blocks:        45.117.132.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/DD8ADB0CD599281204D387EB652787650920B6C5.crl
                          rsync://repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/DD8ADB0CD599281204D387EB652787650920B6C5.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DD8ADB0CD599281204D387EB652787650920B6C5.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 20:43:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:9a:8c:c2:5f:f0:fb:96:20:02:5c:6c:51:2d:6e:53:ea:dc:b6:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DD8ADB0CD599281204D387EB652787650920B6C5
        Validity
            Not Before: Oct  4 14:55:02 2025 GMT
            Not After : Oct  3 15:00:02 2026 GMT
        Subject: CN=69FEEA24BFC36591FB4D91291770BCC8CB246CDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:49:be:65:7b:5b:d5:bd:68:e7:39:25:a4:f6:
                    c5:bd:46:c0:68:1b:d0:ca:92:23:6b:d8:be:d6:1d:
                    48:37:88:ed:69:0c:27:ad:c9:e3:5a:19:1c:a8:71:
                    a1:46:be:d1:ba:16:bb:d1:38:95:22:64:65:23:8b:
                    c5:b6:ff:5b:73:d8:e8:8b:cf:f8:35:e1:cb:fe:63:
                    b0:5c:b8:66:aa:52:db:d2:04:6b:7d:dd:53:51:07:
                    b2:45:e2:2b:cd:78:ed:5e:7e:6a:0d:8c:31:07:8b:
                    51:07:6a:94:63:8c:5d:ec:1d:de:4d:33:88:c1:50:
                    41:da:f1:7d:4a:3c:84:0f:26:a4:3f:d9:dc:c1:4b:
                    87:d8:f9:5c:9c:6c:92:85:71:31:15:52:fc:8b:f7:
                    5a:62:be:b5:4b:0a:cb:c3:a3:88:b0:3e:cf:40:c6:
                    62:e4:99:f9:09:bc:65:2f:f1:94:bc:21:b9:c2:0d:
                    cd:e2:69:3b:45:ef:08:bd:70:45:db:54:5d:c6:f3:
                    ae:de:da:9f:c8:27:02:95:4d:4e:60:7a:33:75:15:
                    c2:60:be:8a:5e:10:58:44:37:ae:30:43:54:c3:f0:
                    5e:83:5a:45:00:a1:99:90:3b:c5:98:18:d2:97:e7:
                    a7:b0:a9:a8:bd:ad:31:59:64:d4:4a:b6:1b:60:60:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FE:EA:24:BF:C3:65:91:FB:4D:91:29:17:70:BC:C8:CB:24:6C:DD
            X509v3 Authority Key Identifier:
                keyid:DD:8A:DB:0C:D5:99:28:12:04:D3:87:EB:65:27:87:65:09:20:B6:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/DD8ADB0CD599281204D387EB652787650920B6C5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DD8ADB0CD599281204D387EB652787650920B6C5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/22e64b0d-646c-4cec-941f-743b2d1bce4e/0/34352e3131372e3133322e302f32332d3234203d3e20313532303038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:b9:be:a6:05:c1:09:62:c8:8a:a1:54:79:1b:4a:ce:be:93:
         b3:e1:d0:5a:ca:9d:09:f4:cc:08:83:ce:15:8b:21:f5:07:b3:
         28:13:e3:21:ad:60:72:8c:87:0d:b6:38:c7:21:81:bd:d5:3f:
         d2:18:19:8f:5f:94:73:de:85:af:99:78:27:50:2c:eb:0b:66:
         c2:1f:32:c9:3b:05:69:93:1e:f5:32:20:97:79:9c:65:a6:bc:
         4c:23:25:f4:de:8a:e4:78:f2:40:8b:f7:f7:60:3f:28:70:bd:
         14:56:8a:7a:ff:fd:ac:60:a2:9b:42:f7:f2:fd:4c:03:80:9c:
         e9:15:92:26:e7:78:df:3e:bb:c6:be:fc:7e:74:f9:7b:52:5c:
         7c:e3:b3:6b:bf:a9:c6:2d:48:21:c2:42:04:bd:8f:ff:f0:7d:
         92:73:1e:b6:00:b3:83:5d:1e:d7:29:bf:32:19:9b:a6:7f:5c:
         f6:ac:42:f9:cd:5d:65:b8:ca:2c:d6:88:83:72:19:6c:39:71:
         57:7b:8b:80:f0:de:1b:7b:ee:ad:96:aa:1e:8a:71:04:8d:c1:
         d8:f5:1a:a4:e5:f2:a5:bc:89:02:7c:bb:00:3b:5d:5a:ac:96:
         06:cb:5e:38:67:34:ed:9d:27:1c:a3:53:2f:94:16:b4:c4:3f:
         39:76:31:eb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUfZqMwl/w+5YgAlxsUS1uU+rcto8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREQ4QURCMENENTk5MjgxMjA0RDM4N0VCNjUyNzg3NjUw
OTIwQjZDNTAeFw0yNTEwMDQxNDU1MDJaFw0yNjEwMDMxNTAwMDJaMDMxMTAvBgNV
BAMTKDY5RkVFQTI0QkZDMzY1OTFGQjREOTEyOTE3NzBCQ0M4Q0IyNDZDREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQSb5le1vVvWjnOSWk9sW9RsBo
G9DKkiNr2L7WHUg3iO1pDCetyeNaGRyocaFGvtG6FrvROJUiZGUji8W2/1tz2OiL
z/g14cv+Y7BcuGaqUtvSBGt93VNRB7JF4ivNeO1efmoNjDEHi1EHapRjjF3sHd5N
M4jBUEHa8X1KPIQPJqQ/2dzBS4fY+VycbJKFcTEVUvyL91pivrVLCsvDo4iwPs9A
xmLkmfkJvGUv8ZS8IbnCDc3iaTtF7wi9cEXbVF3G867e2p/IJwKVTU5gejN1FcJg
vopeEFhEN64wQ1TD8F6DWkUAoZmQO8WYGNKX56ewqai9rTFZZNRKthtgYHwXAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUaf7qJL/DZZH7TZEpF3C8yMskbN0wHwYDVR0j
BBgwFoAU3YrbDNWZKBIE04frZSeHZQkgtsUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
MmU2NGIwZC02NDZjLTRjZWMtOTQxZi03NDNiMmQxYmNlNGUvMC9ERDhBREIwQ0Q1
OTkyODEyMDREMzg3RUI2NTI3ODc2NTA5MjBCNkM1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREQ4QURCMENENTk5MjgxMjA0RDM4N0VCNjUyNzg3NjUwOTIw
QjZDNS5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzIyZTY0YjBkLTY0NmMtNGNlYy05
NDFmLTc0M2IyZDFiY2U0ZS8wLzM0MzUyZTMxMzEzNzJlMzEzMzMyMmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzNTMyMzAzMDM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLXWEMA0GCSqG
SIb3DQEBCwUAA4IBAQCbub6mBcEJYsiKoVR5G0rOvpOz4dBayp0J9MwIg84ViyH1
B7MoE+MhrWByjIcNtjjHIYG91T/SGBmPX5Rz3oWvmXgnUCzrC2bCHzLJOwVpkx71
MiCXeZxlprxMIyX03orkePJAi/f3YD8ocL0UVop6//2sYKKbQvfy/UwDgJzpFZIm
53jfPrvGvvx+dPl7Ulx847Nrv6nGLUghwkIEvY//8H2Scx62ALODXR7XKb8yGZum
f1z2rEL5zV1luMos1oiDchlsOXFXe4uA8N4be+6tlqoeinEEjcHY9Rqk5fKlvIkC
fLsAO11arJYGy144ZzTtnScco1MvlBa0xD85djHr
-----END CERTIFICATE-----
Generated at Tue Oct 21 10:15:38 2025 by rpki-client