Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/3130332e3136392e33382e302f32332d3234203d3e20313432333331.roa
File:                     3130332e3136392e33382e302f32332d3234203d3e20313432333331.roa (raw, json)
Hash identifier:          XR+TpGg6coEePHmhn8BPw57A0ogwMebLb1ve/vRAoWA=
Subject key identifier:   D0:7B:E5:AF:F1:D2:63:19:38:DD:19:53:6C:7E:55:B8:76:11:DC:33
Certificate issuer:       /CN=FF45D0F44B7B63B976B41EEE18CC92393CF8184F
Certificate serial:       1FDDC084378F1AE840A17EED263A1F8B93BA16BF
Authority key identifier: FF:45:D0:F4:4B:7B:63:B9:76:B4:1E:EE:18:CC:92:39:3C:F8:18:4F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/3130332e3136392e33382e302f32332d3234203d3e20313432333331.roa
Signing time:             Mon 13 Oct 2025 11:00:02 +0000
ROA not before:           Mon 13 Oct 2025 10:55:02 +0000
ROA not after:            Mon 12 Oct 2026 11:00:02 +0000
asID:                     142331
IP address blocks:        103.169.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.crl
                          rsync://repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 07:22:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:dd:c0:84:37:8f:1a:e8:40:a1:7e:ed:26:3a:1f:8b:93:ba:16:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FF45D0F44B7B63B976B41EEE18CC92393CF8184F
        Validity
            Not Before: Oct 13 10:55:02 2025 GMT
            Not After : Oct 12 11:00:02 2026 GMT
        Subject: CN=D07BE5AFF1D2631938DD19536C7E55B87611DC33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:17:37:77:e6:8c:40:27:ec:24:45:5c:d9:32:
                    76:43:26:71:5c:7e:ca:5c:63:81:f2:38:35:67:20:
                    c6:a9:f3:5f:7b:1d:ef:ef:82:05:10:fb:14:9d:bc:
                    89:ed:59:01:37:30:cf:3d:86:00:74:c8:a2:ce:03:
                    49:d0:cc:02:6b:90:ce:3a:e6:2c:49:b8:b9:c1:6e:
                    f7:2a:7d:49:25:a5:91:1e:94:5a:13:0a:ad:c9:29:
                    92:56:75:c0:41:74:d7:45:fb:2c:57:6a:c8:65:c2:
                    13:a2:1b:e8:06:db:98:99:b6:27:35:ee:4d:14:0a:
                    7c:55:79:d2:24:1a:33:7a:ed:d8:02:b2:4e:0f:ec:
                    8c:08:09:9f:fc:13:8d:2a:a4:a1:26:21:df:6f:f1:
                    b4:2e:7d:6c:ee:e6:90:9c:f7:e7:63:1a:ae:59:88:
                    29:84:01:fb:3a:4d:4e:a3:ea:a9:33:20:f3:91:34:
                    dd:3d:34:03:69:9d:8a:e3:29:6b:cf:44:e4:c8:83:
                    de:3f:d3:f8:12:1a:2e:47:83:a5:43:e4:b9:e0:c7:
                    eb:26:2b:74:94:4b:4b:e4:bf:22:06:59:3f:04:62:
                    be:80:6a:e0:cb:61:f4:66:27:eb:d9:b5:ce:d0:3d:
                    55:23:d7:59:48:83:15:72:f1:bc:72:4a:8a:28:8d:
                    0b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:7B:E5:AF:F1:D2:63:19:38:DD:19:53:6C:7E:55:B8:76:11:DC:33
            X509v3 Authority Key Identifier:
                keyid:FF:45:D0:F4:4B:7B:63:B9:76:B4:1E:EE:18:CC:92:39:3C:F8:18:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FF45D0F44B7B63B976B41EEE18CC92393CF8184F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3248d27b-ccb0-4fc7-abca-9fc0a3e15754/0/3130332e3136392e33382e302f32332d3234203d3e20313432333331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.169.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:20:cc:ec:32:9d:9a:5f:84:ed:36:79:1b:01:99:38:34:14:
         b0:a9:7b:29:c9:6d:9f:61:07:00:55:d2:05:c1:25:3f:e8:7a:
         89:1b:69:06:4c:55:20:3e:f5:ed:cb:9b:c8:b5:2f:16:f9:19:
         6f:24:dc:06:16:ef:cd:1c:74:2c:b2:d1:1a:0f:83:df:18:68:
         c9:fa:5a:72:98:57:47:84:91:e1:1c:b3:4a:9c:21:6f:bb:dd:
         55:6b:cc:f7:93:d7:47:38:77:21:95:21:65:85:0d:5a:c0:d4:
         60:3f:05:fc:9b:4a:52:5f:a4:0b:d9:60:5e:32:5e:af:32:bd:
         e8:67:25:8c:af:81:d0:6a:1e:54:39:64:58:34:3b:c3:a6:77:
         67:0d:af:68:dc:4f:3c:ab:26:fc:27:ca:43:03:b4:1a:38:e2:
         79:42:1a:77:13:85:49:66:7b:4f:8e:92:d4:83:64:ed:96:47:
         c1:0a:ac:31:fe:45:a4:16:8a:55:db:c8:ec:c1:8b:7d:27:73:
         0f:69:c0:0b:2d:9f:0d:95:2c:fb:b3:88:9d:6c:58:65:23:89:
         96:fc:f1:46:a0:64:75:a5:c2:b6:c2:7f:17:a4:c7:1a:0b:0c:
         15:e6:f7:14:8b:0d:36:a6:bd:4d:1a:7d:26:b6:55:90:e6:cc:
         d5:13:ee:99
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUH93AhDePGuhAoX7tJjofi5O6Fr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkY0NUQwRjQ0QjdCNjNCOTc2QjQxRUVFMThDQzkyMzkz
Q0Y4MTg0RjAeFw0yNTEwMTMxMDU1MDJaFw0yNjEwMTIxMTAwMDJaMDMxMTAvBgNV
BAMTKEQwN0JFNUFGRjFEMjYzMTkzOEREMTk1MzZDN0U1NUI4NzYxMURDMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Fzd35oxAJ+wkRVzZMnZDJnFc
fspcY4HyODVnIMap8197He/vggUQ+xSdvIntWQE3MM89hgB0yKLOA0nQzAJrkM46
5ixJuLnBbvcqfUklpZEelFoTCq3JKZJWdcBBdNdF+yxXashlwhOiG+gG25iZtic1
7k0UCnxVedIkGjN67dgCsk4P7IwICZ/8E40qpKEmId9v8bQufWzu5pCc9+djGq5Z
iCmEAfs6TU6j6qkzIPORNN09NANpnYrjKWvPROTIg94/0/gSGi5Hg6VD5Lngx+sm
K3SUS0vkvyIGWT8EYr6AauDLYfRmJ+vZtc7QPVUj11lIgxVy8bxySooojQvfAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU0Hvlr/HSYxk43RlTbH5VuHYR3DMwHwYDVR0j
BBgwFoAU/0XQ9Et7Y7l2tB7uGMySOTz4GE8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
MjQ4ZDI3Yi1jY2IwLTRmYzctYWJjYS05ZmMwYTNlMTU3NTQvMC9GRjQ1RDBGNDRC
N0I2M0I5NzZCNDFFRUUxOENDOTIzOTNDRjgxODRGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRkY0NUQwRjQ0QjdCNjNCOTc2QjQxRUVFMThDQzkyMzkzQ0Y4
MTg0Ri5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzMyNDhkMjdiLWNjYjAtNGZjNy1h
YmNhLTlmYzBhM2UxNTc1NC8wLzMxMzAzMzJlMzEzNjM5MmUzMzM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzNDMyMzMzMzMxLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ6kmMA0GCSqG
SIb3DQEBCwUAA4IBAQBTIMzsMp2aX4TtNnkbAZk4NBSwqXspyW2fYQcAVdIFwSU/
6HqJG2kGTFUgPvXty5vItS8W+RlvJNwGFu/NHHQsstEaD4PfGGjJ+lpymFdHhJHh
HLNKnCFvu91Va8z3k9dHOHchlSFlhQ1awNRgPwX8m0pSX6QL2WBeMl6vMr3oZyWM
r4HQah5UOWRYNDvDpndnDa9o3E88qyb8J8pDA7QaOOJ5Qhp3E4VJZntPjpLUg2Tt
lkfBCqwx/kWkFopV28jswYt9J3MPacALLZ8NlSz7s4idbFhlI4mW/PFGoGR1pcK2
wn8XpMcaCwwV5vcUiw02pr1NGn0mtlWQ5szVE+6Z
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:23:26 2025 by rpki-client