Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa
File:                     34332e3235322e3233382e302f32342d3234203d3e203535373031.roa (raw, json)
Hash identifier:          Nnf66JxT1+eZbCkYQn8x6cz4I9We7qQ0T90RTh7FkG0=
Subject key identifier:   17:4B:B6:74:2A:38:4C:87:B3:AA:AE:E1:98:FD:9C:78:32:ED:70:75
Certificate issuer:       /CN=8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A
Certificate serial:       2A5FB5680D2083B0A0DDF113348DDAC044E562F6
Authority key identifier: 8F:84:D6:FE:EA:F8:C5:D3:C5:D1:3F:10:1B:C7:0B:75:8B:F5:0F:6A
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa
Signing time:             Wed 25 Jun 2025 02:49:33 +0000
ROA not before:           Wed 25 Jun 2025 02:44:33 +0000
ROA not after:            Wed 24 Jun 2026 02:49:33 +0000
asID:                     55701
IP address blocks:        43.252.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.crl
                          rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 03 Jul 2025 01:22:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:5f:b5:68:0d:20:83:b0:a0:dd:f1:13:34:8d:da:c0:44:e5:62:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A
        Validity
            Not Before: Jun 25 02:44:33 2025 GMT
            Not After : Jun 24 02:49:33 2026 GMT
        Subject: CN=174BB6742A384C87B3AAAEE198FD9C7832ED7075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:44:e8:a9:98:95:fd:66:4d:6c:f5:d6:8b:
                    22:8e:1f:70:6a:a4:32:44:d7:49:8a:d4:78:b7:39:
                    74:70:43:23:6a:02:fe:c1:22:a0:fc:9b:c8:1a:f3:
                    77:ff:6a:e0:21:85:d1:99:fa:7b:d9:b0:2c:bc:bc:
                    ad:3e:65:33:49:b2:81:d9:b2:4f:74:8e:67:9e:81:
                    9c:7d:ac:20:e9:e4:41:42:4d:fe:0f:3c:84:54:4b:
                    b8:87:c0:39:9e:0f:c1:6f:bb:78:b3:6d:c6:41:22:
                    d8:6a:e0:56:41:b6:5c:fb:0a:45:27:e0:1c:f0:1e:
                    ce:c0:b4:1e:a0:67:e1:07:7c:d3:4c:22:b4:02:2c:
                    35:7b:44:50:4a:3c:e5:ca:87:a3:4f:ff:a7:e4:02:
                    d5:96:57:3a:7c:cf:4c:7b:8f:47:31:bd:38:0f:a2:
                    56:49:ab:35:46:35:cc:ae:c0:77:a5:db:86:5e:8d:
                    7f:35:99:0a:58:18:01:dc:01:a0:8c:fb:9b:1b:f8:
                    7d:17:3c:e6:2a:4c:cc:d5:7e:72:02:68:8b:2b:65:
                    90:fd:5e:a5:98:ec:bb:35:c0:e2:b6:a4:4e:fb:b0:
                    5e:cc:e6:d9:dc:06:18:0b:9b:e7:02:ba:14:23:00:
                    61:e6:27:63:45:14:dd:f2:0f:c1:05:d4:2e:8e:e3:
                    bd:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:B6:74:2A:38:4C:87:B3:AA:AE:E1:98:FD:9C:78:32:ED:70:75
            X509v3 Authority Key Identifier:
                keyid:8F:84:D6:FE:EA:F8:C5:D3:C5:D1:3F:10:1B:C7:0B:75:8B:F5:0F:6A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8F84D6FEEAF8C5D3C5D13F101BC70B758BF50F6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/27d9f851-7e73-4384-950e-8be8e15fd3ee/0/34332e3235322e3233382e302f32342d3234203d3e203535373031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.252.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:07:1d:98:d6:ab:08:73:eb:4f:7a:59:f1:e3:a5:6c:d1:af:
         b7:27:db:53:ab:98:46:36:bf:f0:a3:b5:15:34:db:a0:07:fb:
         88:81:78:dc:29:6b:e5:ab:82:eb:a6:61:58:e7:66:b2:1b:70:
         19:46:60:39:b7:e2:0c:4d:6b:c2:05:f8:c9:3b:48:90:6a:44:
         45:ca:cc:6a:b4:61:b5:5d:07:83:ef:1f:c9:37:d7:6b:e4:0e:
         2c:73:15:36:eb:0f:d0:0d:79:91:b0:0d:8b:c0:ba:9f:ff:41:
         fb:67:69:a6:9e:71:39:f5:3d:05:80:14:a4:4e:7b:95:41:20:
         29:11:1c:ef:ed:76:ba:bb:26:02:08:12:3b:ee:ad:5f:3a:74:
         f1:e0:62:07:0e:c6:c4:ef:11:1d:a7:9a:d0:30:b8:ae:52:a3:
         23:64:9c:52:b6:ad:77:51:3f:3d:84:05:21:7f:03:a0:9b:ae:
         66:cf:96:23:2d:5f:cf:28:f4:cd:81:b9:49:04:f8:95:93:fc:
         95:32:2a:87:44:6e:7c:db:03:9f:36:45:e1:bf:3c:81:52:df:
         b5:19:f2:8e:88:d9:37:c6:b0:9c:8f:b0:ba:87:dc:c0:0a:8a:
         45:1e:f3:87:e5:09:ce:c4:f0:76:e1:5a:64:10:ce:be:24:94:
         a2:3c:4f:9d
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUKl+1aA0gg7Cg3fETNI3awETlYvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEY4NEQ2RkVFQUY4QzVEM0M1RDEzRjEwMUJDNzBCNzU4
QkY1MEY2QTAeFw0yNTA2MjUwMjQ0MzNaFw0yNjA2MjQwMjQ5MzNaMDMxMTAvBgNV
BAMTKDE3NEJCNjc0MkEzODRDODdCM0FBQUVFMTk4RkQ5Qzc4MzJFRDcwNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEDkToqZiV/WZNbPXWiyKOH3Bq
pDJE10mK1Hi3OXRwQyNqAv7BIqD8m8ga83f/auAhhdGZ+nvZsCy8vK0+ZTNJsoHZ
sk90jmeegZx9rCDp5EFCTf4PPIRUS7iHwDmeD8Fvu3izbcZBIthq4FZBtlz7CkUn
4BzwHs7AtB6gZ+EHfNNMIrQCLDV7RFBKPOXKh6NP/6fkAtWWVzp8z0x7j0cxvTgP
olZJqzVGNcyuwHel24ZejX81mQpYGAHcAaCM+5sb+H0XPOYqTMzVfnICaIsrZZD9
XqWY7Ls1wOK2pE77sF7M5tncBhgLm+cCuhQjAGHmJ2NFFN3yD8EF1C6O470VAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUF0u2dCo4TIezqq7hmP2ceDLtcHUwHwYDVR0j
BBgwFoAUj4TW/ur4xdPF0T8QG8cLdYv1D2owDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
N2Q5Zjg1MS03ZTczLTQzODQtOTUwZS04YmU4ZTE1ZmQzZWUvMC84Rjg0RDZGRUVB
RjhDNUQzQzVEMTNGMTAxQkM3MEI3NThCRjUwRjZBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEY4NEQ2RkVFQUY4QzVEM0M1RDEzRjEwMUJDNzBCNzU4QkY1
MEY2QS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzI3ZDlmODUxLTdlNzMtNDM4NC05
NTBlLThiZThlMTVmZDNlZS8wLzM0MzMyZTMyMzUzMjJlMzIzMzM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNTM3MzAzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACv87jANBgkqhkiG
9w0BAQsFAAOCAQEALgcdmNarCHPrT3pZ8eOlbNGvtyfbU6uYRja/8KO1FTTboAf7
iIF43Clr5auC66ZhWOdmshtwGUZgObfiDE1rwgX4yTtIkGpERcrMarRhtV0Hg+8f
yTfXa+QOLHMVNusP0A15kbANi8C6n/9B+2dppp5xOfU9BYAUpE57lUEgKREc7+12
ursmAggSO+6tXzp08eBiBw7GxO8RHaea0DC4rlKjI2ScUratd1E/PYQFIX8DoJuu
Zs+WIy1fzyj0zYG5SQT4lZP8lTIqh0RufNsDnzZF4b88gVLftRnyjojZN8awnI+w
uofcwAqKRR7zh+UJzsTwduFaZBDOviSUojxPnQ==
-----END CERTIFICATE-----
Generated at Wed Jul 2 00:29:48 2025 by rpki-client