Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/3130332e3235352e39382e302f32342d3234203d3e20313531353533.roa
File:                     3130332e3235352e39382e302f32342d3234203d3e20313531353533.roa (raw, json)
Hash identifier:          IlM5viJ/kwlD09UoPL6q/T0DgofJtyAwTqUcF330EeY=
Subject key identifier:   68:34:9A:64:AD:86:4B:43:C2:A0:B1:6C:82:02:AF:37:04:FE:FB:2B
Certificate issuer:       /CN=9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F
Certificate serial:       1CEDD5B42E574F8DF915445F52E1E24565C3F625
Authority key identifier: 9A:F7:BD:04:7F:3C:54:F9:CE:58:26:DC:91:96:C2:A3:2E:4A:7C:5F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/3130332e3235352e39382e302f32342d3234203d3e20313531353533.roa
Signing time:             Wed 27 Aug 2025 12:00:00 +0000
ROA not before:           Wed 27 Aug 2025 11:55:00 +0000
ROA not after:            Wed 26 Aug 2026 12:00:00 +0000
asID:                     151553
IP address blocks:        103.255.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.crl
                          rsync://repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 23:11:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:ed:d5:b4:2e:57:4f:8d:f9:15:44:5f:52:e1:e2:45:65:c3:f6:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F
        Validity
            Not Before: Aug 27 11:55:00 2025 GMT
            Not After : Aug 26 12:00:00 2026 GMT
        Subject: CN=68349A64AD864B43C2A0B16C8202AF3704FEFB2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:60:54:5a:fe:84:4f:95:46:ec:08:2a:cb:17:
                    56:ff:4c:dd:fb:09:dd:2d:9d:a7:0e:1f:16:e6:1e:
                    ba:10:98:0e:7a:67:ef:8f:1c:48:78:d5:3c:4c:93:
                    79:7d:c6:df:f7:40:a7:c8:89:82:21:67:d9:7b:65:
                    55:e9:df:20:d2:b2:2d:85:a3:1d:d8:3d:93:97:5e:
                    4b:ce:a9:54:9f:57:06:cb:df:0f:88:18:19:20:46:
                    59:ee:e9:56:36:a7:11:9d:9b:6f:3c:f5:e6:ba:0e:
                    72:ea:b2:5f:09:70:82:17:4f:81:2b:d2:2c:73:5c:
                    fe:1d:5d:7b:b5:94:46:da:98:c8:79:eb:e9:b3:ec:
                    02:8c:ae:94:67:3f:35:4a:ff:16:55:3d:07:89:4b:
                    8f:56:32:79:d9:1e:95:64:61:e9:82:49:e6:21:6c:
                    e6:b4:83:de:28:46:9e:cb:fc:7a:42:dc:bf:a5:41:
                    50:92:f5:13:3a:4b:d3:0a:5d:6a:c8:c5:79:4e:6d:
                    8b:e3:bb:12:46:23:5f:b5:5d:ba:f6:bd:d5:b8:d0:
                    4b:0e:f7:5e:a7:f7:d2:6a:b7:99:81:56:6c:21:bf:
                    54:96:63:6d:6f:63:1a:e8:d3:11:6d:e4:ca:a0:79:
                    0b:84:a3:2f:94:78:61:6d:cb:51:92:00:a7:91:8a:
                    ab:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:34:9A:64:AD:86:4B:43:C2:A0:B1:6C:82:02:AF:37:04:FE:FB:2B
            X509v3 Authority Key Identifier:
                keyid:9A:F7:BD:04:7F:3C:54:F9:CE:58:26:DC:91:96:C2:A3:2E:4A:7C:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF7BD047F3C54F9CE5826DC9196C2A32E4A7C5F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/357fb17e-9d58-4d51-846e-0a84c8699142/0/3130332e3235352e39382e302f32342d3234203d3e20313531353533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.255.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:4a:e6:da:14:0e:e4:27:3a:8a:8c:a0:8e:a6:01:7c:1a:86:
         d0:a8:1e:b6:d9:cc:9e:4f:91:c1:8b:d7:e8:7b:5e:d4:84:e7:
         d0:4f:ff:82:a5:8a:5f:14:3c:8b:4d:8b:51:1f:91:e5:ff:bc:
         6d:b5:c7:a8:29:d5:67:08:ed:1e:41:03:be:b5:5a:05:cc:04:
         94:ec:16:9b:b3:c8:84:8f:a5:51:ad:e9:80:40:f2:de:92:69:
         b1:df:8e:17:d5:db:62:98:fa:6a:15:27:b9:21:87:7a:9d:70:
         6e:0b:30:54:28:83:a8:02:8c:da:1b:1d:39:d4:3a:2d:79:ba:
         75:fc:55:0c:a0:fa:29:a0:39:cf:80:d9:22:10:5a:77:d4:2c:
         d9:7d:df:ae:66:de:46:8d:cd:2e:91:7b:70:25:38:1f:c4:86:
         3e:f8:89:2c:9b:06:9e:c7:22:e7:be:77:f9:b4:6e:68:f2:52:
         3f:78:84:21:7c:3d:90:b0:d0:12:37:6c:fe:a8:11:ce:ee:e6:
         56:fb:35:3c:3c:bf:1f:1a:b9:b5:fd:37:66:c2:f2:5a:cd:29:
         d5:a1:7b:a7:7b:c3:cb:d1:0d:59:7b:48:13:f6:49:c9:df:48:
         41:5a:d7:f4:32:7c:ee:99:e1:36:f3:50:ed:4d:2c:cc:45:68:
         1c:3e:c8:a0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUHO3VtC5XT435FURfUuHiRWXD9iUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUFGN0JEMDQ3RjNDNTRGOUNFNTgyNkRDOTE5NkMyQTMy
RTRBN0M1RjAeFw0yNTA4MjcxMTU1MDBaFw0yNjA4MjYxMjAwMDBaMDMxMTAvBgNV
BAMTKDY4MzQ5QTY0QUQ4NjRCNDNDMkEwQjE2QzgyMDJBRjM3MDRGRUZCMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKYFRa/oRPlUbsCCrLF1b/TN37
Cd0tnacOHxbmHroQmA56Z++PHEh41TxMk3l9xt/3QKfIiYIhZ9l7ZVXp3yDSsi2F
ox3YPZOXXkvOqVSfVwbL3w+IGBkgRlnu6VY2pxGdm2889ea6DnLqsl8JcIIXT4Er
0ixzXP4dXXu1lEbamMh56+mz7AKMrpRnPzVK/xZVPQeJS49WMnnZHpVkYemCSeYh
bOa0g94oRp7L/HpC3L+lQVCS9RM6S9MKXWrIxXlObYvjuxJGI1+1Xbr2vdW40EsO
916n99Jqt5mBVmwhv1SWY21vYxro0xFt5MqgeQuEoy+UeGFty1GSAKeRiqtRAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUaDSaZK2GS0PCoLFsggKvNwT++yswHwYDVR0j
BBgwFoAUmve9BH88VPnOWCbckZbCoy5KfF8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
NTdmYjE3ZS05ZDU4LTRkNTEtODQ2ZS0wYTg0Yzg2OTkxNDIvMC85QUY3QkQwNDdG
M0M1NEY5Q0U1ODI2REM5MTk2QzJBMzJFNEE3QzVGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUFGN0JEMDQ3RjNDNTRGOUNFNTgyNkRDOTE5NkMyQTMyRTRB
N0M1Ri5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzM1N2ZiMTdlLTlkNTgtNGQ1MS04
NDZlLTBhODRjODY5OTE0Mi8wLzMxMzAzMzJlMzIzNTM1MmUzOTM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNTMxMzUzNTMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ/9iMA0GCSqG
SIb3DQEBCwUAA4IBAQANSubaFA7kJzqKjKCOpgF8GobQqB622cyeT5HBi9foe17U
hOfQT/+CpYpfFDyLTYtRH5Hl/7xttceoKdVnCO0eQQO+tVoFzASU7Babs8iEj6VR
remAQPLekmmx344X1dtimPpqFSe5IYd6nXBuCzBUKIOoAozaGx051Dotebp1/FUM
oPopoDnPgNkiEFp31CzZfd+uZt5Gjc0ukXtwJTgfxIY++IksmwaexyLnvnf5tG5o
8lI/eIQhfD2QsNASN2z+qBHO7uZW+zU8PL8fGrm1/TdmwvJazSnVoXune8PL0Q1Z
e0gT9knJ30hBWtf0MnzumeE281DtTSzMRWgcPsig
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:58:12 2025 by rpki-client