Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/3130332e36372e39302e302f32332d3233203d3e20313532303035.roa
File:                     3130332e36372e39302e302f32332d3233203d3e20313532303035.roa (raw, json)
Hash identifier:          Gg4PjaHJJ2ELmK/kINP16QwFpCzFc3eTiKaJ4v4sLgo=
Subject key identifier:   38:3B:23:E3:48:E5:0A:D1:76:10:7F:21:FA:D6:13:AD:67:7C:F2:14
Certificate issuer:       /CN=49011B0D97FF49210FC27249FDD23F7172FD5561
Certificate serial:       1E8B3FD35A4DAAE20346993650A46FA76D35AA95
Authority key identifier: 49:01:1B:0D:97:FF:49:21:0F:C2:72:49:FD:D2:3F:71:72:FD:55:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/49011B0D97FF49210FC27249FDD23F7172FD5561.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/3130332e36372e39302e302f32332d3233203d3e20313532303035.roa
Signing time:             Sun 05 Oct 2025 08:00:01 +0000
ROA not before:           Sun 05 Oct 2025 07:55:01 +0000
ROA not after:            Sun 04 Oct 2026 08:00:01 +0000
asID:                     152005
IP address blocks:        103.67.90.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/49011B0D97FF49210FC27249FDD23F7172FD5561.crl
                          rsync://repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/49011B0D97FF49210FC27249FDD23F7172FD5561.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/49011B0D97FF49210FC27249FDD23F7172FD5561.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 22:35:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:8b:3f:d3:5a:4d:aa:e2:03:46:99:36:50:a4:6f:a7:6d:35:aa:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49011B0D97FF49210FC27249FDD23F7172FD5561
        Validity
            Not Before: Oct  5 07:55:01 2025 GMT
            Not After : Oct  4 08:00:01 2026 GMT
        Subject: CN=383B23E348E50AD176107F21FAD613AD677CF214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9d:f9:0e:de:47:05:0d:bb:4f:70:0f:e6:5b:
                    3a:58:15:6b:e7:51:d8:60:41:8f:3c:4e:c8:52:78:
                    16:32:ea:1e:52:65:49:21:66:28:cc:58:8e:96:be:
                    cb:df:bc:eb:ae:63:fd:24:a0:de:53:10:7e:12:c3:
                    2d:5c:cb:6c:1d:56:80:d8:7f:e3:4b:08:63:66:07:
                    29:80:57:b1:56:c1:be:77:fb:b2:1f:4e:c5:f8:1d:
                    98:bd:37:3d:e7:db:0f:b7:c5:82:fb:9b:d9:20:70:
                    90:9e:50:f1:cd:9f:99:1c:51:da:97:70:2f:ad:8b:
                    2e:26:9c:cc:32:9d:2b:4e:82:3f:6b:b0:81:50:5b:
                    64:d9:2d:2c:f2:03:59:c2:26:97:41:50:34:99:d6:
                    ac:f9:13:79:91:32:eb:ed:fb:35:26:4f:c8:d0:3f:
                    f3:7d:7f:dd:d2:3c:d3:22:2c:55:c0:02:c2:d4:e0:
                    89:70:35:0c:1e:5e:2f:48:6e:f6:07:d5:a3:4c:fd:
                    c9:fc:e1:22:1c:6e:a1:fa:20:23:ed:59:56:89:70:
                    dc:1e:86:3f:ef:55:20:0b:ec:2d:47:78:6c:4b:f9:
                    13:57:9e:f3:cf:97:cb:ed:a2:d1:91:72:8a:8b:7b:
                    fc:8d:ea:2d:b7:10:e7:0a:ad:4d:d0:5b:e1:56:b8:
                    6e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3B:23:E3:48:E5:0A:D1:76:10:7F:21:FA:D6:13:AD:67:7C:F2:14
            X509v3 Authority Key Identifier:
                keyid:49:01:1B:0D:97:FF:49:21:0F:C2:72:49:FD:D2:3F:71:72:FD:55:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/49011B0D97FF49210FC27249FDD23F7172FD5561.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/49011B0D97FF49210FC27249FDD23F7172FD5561.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/38488519-8f04-44f5-8312-8d9d3616d0d9/0/3130332e36372e39302e302f32332d3233203d3e20313532303035.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.67.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:8e:51:e2:a4:96:ba:8c:7d:0f:78:d3:ae:fb:3d:0e:63:e7:
         81:c0:49:5b:9a:9c:af:9e:27:4c:5d:22:32:8c:67:a1:79:ed:
         52:85:b9:42:01:58:25:97:fc:c6:87:98:08:39:51:c6:d0:e9:
         b8:35:35:93:0f:fc:94:6a:5f:2e:02:36:0c:b0:6b:75:24:64:
         bc:16:37:be:c7:45:ac:cb:92:d8:30:32:bb:2e:24:50:50:11:
         96:63:b5:57:bb:78:7d:1e:67:5f:fa:6e:f4:c3:b6:90:3e:37:
         3e:69:69:c2:4b:29:30:4b:1b:30:57:7b:38:fa:92:d5:8e:56:
         e3:dc:6d:ec:27:ec:c6:6e:b9:d4:f7:44:64:df:38:fc:05:59:
         3d:a4:76:73:46:51:2e:ed:1a:ac:75:bd:91:3b:50:45:c7:44:
         03:bf:48:99:a4:ad:68:c3:49:cc:bc:35:10:e6:1e:5c:ff:1f:
         c2:a5:cb:d4:a6:f2:c7:7f:11:a1:f6:b3:bd:c8:f6:7a:07:d2:
         14:a1:ec:c4:f0:51:2f:9a:24:9c:b1:89:49:9a:e0:9f:35:f4:
         61:2b:8f:26:30:6c:ff:bb:35:e5:bb:a1:11:de:cf:41:1d:a2:
         fc:49:1c:5b:f9:eb:59:46:a4:37:bc:af:c5:ee:45:be:19:e7:
         e7:e4:55:a2
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUHos/01pNquIDRpk2UKRvp201qpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDkwMTFCMEQ5N0ZGNDkyMTBGQzI3MjQ5RkREMjNGNzE3
MkZENTU2MTAeFw0yNTEwMDUwNzU1MDFaFw0yNjEwMDQwODAwMDFaMDMxMTAvBgNV
BAMTKDM4M0IyM0UzNDhFNTBBRDE3NjEwN0YyMUZBRDYxM0FENjc3Q0YyMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXnfkO3kcFDbtPcA/mWzpYFWvn
UdhgQY88TshSeBYy6h5SZUkhZijMWI6WvsvfvOuuY/0koN5TEH4Swy1cy2wdVoDY
f+NLCGNmBymAV7FWwb53+7IfTsX4HZi9Nz3n2w+3xYL7m9kgcJCeUPHNn5kcUdqX
cC+tiy4mnMwynStOgj9rsIFQW2TZLSzyA1nCJpdBUDSZ1qz5E3mRMuvt+zUmT8jQ
P/N9f93SPNMiLFXAAsLU4IlwNQweXi9IbvYH1aNM/cn84SIcbqH6ICPtWVaJcNwe
hj/vVSAL7C1HeGxL+RNXnvPPl8vtotGRcoqLe/yN6i23EOcKrU3QW+FWuG6BAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUODsj40jlCtF2EH8h+tYTrWd88hQwHwYDVR0j
BBgwFoAUSQEbDZf/SSEPwnJJ/dI/cXL9VWEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
ODQ4ODUxOS04ZjA0LTQ0ZjUtODMxMi04ZDlkMzYxNmQwZDkvMC80OTAxMUIwRDk3
RkY0OTIxMEZDMjcyNDlGREQyM0Y3MTcyRkQ1NTYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDkwMTFCMEQ5N0ZGNDkyMTBGQzI3MjQ5RkREMjNGNzE3MkZE
NTU2MS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzM4NDg4NTE5LThmMDQtNDRmNS04
MzEyLThkOWQzNjE2ZDBkOS8wLzMxMzAzMzJlMzYzNzJlMzkzMDJlMzAyZjMyMzMy
ZDMyMzMyMDNkM2UyMDMxMzUzMjMwMzAzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAWdDWjANBgkqhkiG
9w0BAQsFAAOCAQEAno5R4qSWuox9D3jTrvs9DmPngcBJW5qcr54nTF0iMoxnoXnt
UoW5QgFYJZf8xoeYCDlRxtDpuDU1kw/8lGpfLgI2DLBrdSRkvBY3vsdFrMuS2DAy
uy4kUFARlmO1V7t4fR5nX/pu9MO2kD43PmlpwkspMEsbMFd7OPqS1Y5W49xt7Cfs
xm651PdEZN84/AVZPaR2c0ZRLu0arHW9kTtQRcdEA79ImaStaMNJzLw1EOYeXP8f
wqXL1Kbyx38Rofazvcj2egfSFKHsxPBRL5oknLGJSZrgnzX0YSuPJjBs/7s15buh
Ed7PQR2i/EkcW/nrWUakN7yvxe5Fvhnn5+RVog==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:40:32 2025 by rpki-client