Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa
File:                     3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa (raw, json)
Hash identifier:          m/egxougGYoSKSnQwcP4flLf33HxxxjFA3wYWoiIz10=
Subject key identifier:   A2:3A:DA:AC:0E:6B:ED:A4:24:A3:0C:F0:7C:97:43:0A:98:D0:3A:33
Certificate issuer:       /CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
Certificate serial:       23ED1443EB498471D0D8CC1F4D6DD97AC5E755E7
Authority key identifier: 7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa
Signing time:             Fri 26 Sep 2025 06:02:25 +0000
ROA not before:           Fri 26 Sep 2025 05:57:25 +0000
ROA not after:            Fri 25 Sep 2026 06:02:25 +0000
asID:                     63859
IP address blocks:        158.140.160.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 08:59:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ed:14:43:eb:49:84:71:d0:d8:cc:1f:4d:6d:d9:7a:c5:e7:55:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D0C886CFBAF0624029CCAE57824C3CF470E8FCF
        Validity
            Not Before: Sep 26 05:57:25 2025 GMT
            Not After : Sep 25 06:02:25 2026 GMT
        Subject: CN=A23ADAAC0E6BEDA424A30CF07C97430A98D03A33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:de:02:f5:8c:59:07:a6:5d:ff:16:cd:ab:71:
                    80:c8:9f:51:ec:15:7e:b1:3b:48:b3:b8:64:1e:ee:
                    c7:0b:c0:6d:85:90:13:88:f3:4e:ec:a4:dd:1a:b9:
                    b9:2b:2d:0b:08:29:9b:62:06:64:df:34:3b:92:f8:
                    5c:97:05:88:22:fa:f8:23:9d:79:a5:7c:98:1f:fc:
                    f7:5d:56:f3:f2:c9:7e:8e:45:20:ac:91:08:13:e0:
                    6c:58:a8:4a:db:4b:67:f9:ce:4d:fb:79:10:01:44:
                    d1:a1:e8:c9:32:3b:36:5f:28:17:2b:63:70:02:6c:
                    1b:da:71:2d:a9:e5:5b:2b:0d:25:c8:cc:4f:de:17:
                    5c:ce:20:83:20:d2:a4:62:7f:8c:bd:25:af:ea:a2:
                    38:de:2f:86:57:5b:a4:b1:a8:f9:ed:77:dd:6d:50:
                    32:41:78:d0:d8:34:85:d3:82:04:ee:f9:36:92:35:
                    2a:81:78:0c:b4:26:93:2e:17:da:55:f2:db:11:2f:
                    23:41:07:c7:5f:9c:e5:45:a3:d5:f9:fd:e8:15:ea:
                    b0:51:94:d8:6e:9b:19:cc:56:98:ad:d6:f0:d2:df:
                    6b:5f:18:75:71:59:a0:cd:fb:2a:d7:c6:9d:89:aa:
                    55:f9:d8:ab:79:dc:fb:9d:db:0e:0d:e1:a5:91:a6:
                    6d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3A:DA:AC:0E:6B:ED:A4:24:A3:0C:F0:7C:97:43:0A:98:D0:3A:33
            X509v3 Authority Key Identifier:
                keyid:7D:0C:88:6C:FB:AF:06:24:02:9C:CA:E5:78:24:C3:CF:47:0E:8F:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/7D0C886CFBAF0624029CCAE57824C3CF470E8FCF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/1/3135382e3134302e3136302e302f32302d3230203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:27:87:18:79:e6:a0:1d:d0:96:53:30:43:e4:82:ae:65:08:
         fd:fd:32:7d:67:31:9b:29:a5:7c:9f:f7:f8:45:e4:3c:0b:f0:
         50:a3:7a:27:5b:d1:56:b8:31:a1:9c:94:88:70:1c:3c:bc:ea:
         8f:a0:89:c6:95:ed:0d:99:64:e8:78:55:55:bd:a5:91:15:42:
         6b:ef:cb:6a:10:62:d9:89:a6:76:cf:35:9d:c7:5a:6a:7f:2c:
         a8:10:b9:81:54:97:fc:af:29:3c:d5:10:89:46:d8:fb:68:85:
         cf:70:dc:fc:2d:e4:43:97:b2:e7:90:28:60:1f:1c:4d:45:d9:
         00:a7:d0:d4:85:6b:90:ae:db:2a:aa:dd:c3:70:56:8a:99:1b:
         8a:e3:7a:93:ae:45:5a:0b:70:8a:bc:cd:bc:58:14:39:17:0b:
         7b:ef:ea:22:ed:54:a3:ca:50:f9:9c:40:a9:f5:87:23:df:f7:
         69:0e:ec:8b:9a:77:a6:de:f7:9b:1a:cd:39:db:c9:18:ef:c2:
         74:10:dd:d3:43:d4:18:ed:eb:19:53:3c:2b:9d:5c:52:12:15:
         2f:a6:bf:a9:73:0d:e6:ff:63:02:b4:b1:fb:f9:00:5e:23:85:
         6c:05:fe:c2:87:1f:35:d8:f7:25:89:86:18:92:93:10:ad:a8:
         c0:b0:5b:b2
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUI+0UQ+tJhHHQ2MwfTW3ZesXnVecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0
NzBFOEZDRjAeFw0yNTA5MjYwNTU3MjVaFw0yNjA5MjUwNjAyMjVaMDMxMTAvBgNV
BAMTKEEyM0FEQUFDMEU2QkVEQTQyNEEzMENGMDdDOTc0MzBBOThEMDNBMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX3gL1jFkHpl3/Fs2rcYDIn1Hs
FX6xO0izuGQe7scLwG2FkBOI807spN0aubkrLQsIKZtiBmTfNDuS+FyXBYgi+vgj
nXmlfJgf/PddVvPyyX6ORSCskQgT4GxYqErbS2f5zk37eRABRNGh6MkyOzZfKBcr
Y3ACbBvacS2p5VsrDSXIzE/eF1zOIIMg0qRif4y9Ja/qojjeL4ZXW6SxqPntd91t
UDJBeNDYNIXTggTu+TaSNSqBeAy0JpMuF9pV8tsRLyNBB8dfnOVFo9X5/egV6rBR
lNhumxnMVpit1vDS32tfGHVxWaDN+yrXxp2JqlX52Kt53Pud2w4N4aWRpm2rAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUojrarA5r7aQkowzwfJdDCpjQOjMwHwYDVR0j
BBgwFoAUfQyIbPuvBiQCnMrleCTDz0cOj88wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMS83RDBDODg2Q0ZC
QUYwNjI0MDI5Q0NBRTU3ODI0QzNDRjQ3MEU4RkNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvN0QwQzg4NkNGQkFGMDYyNDAyOUNDQUU1NzgyNEMzQ0Y0NzBF
OEZDRi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8xLzMxMzUzODJlMzEzNDMwMmUzMTM2MzAyZTMwMmYz
MjMwMmQzMjMwMjAzZDNlMjAzNjMzMzgzNTM5LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnoygMA0GCSqG
SIb3DQEBCwUAA4IBAQCVJ4cYeeagHdCWUzBD5IKuZQj9/TJ9ZzGbKaV8n/f4ReQ8
C/BQo3onW9FWuDGhnJSIcBw8vOqPoInGle0NmWToeFVVvaWRFUJr78tqEGLZiaZ2
zzWdx1pqfyyoELmBVJf8ryk81RCJRtj7aIXPcNz8LeRDl7LnkChgHxxNRdkAp9DU
hWuQrtsqqt3DcFaKmRuK43qTrkVaC3CKvM28WBQ5Fwt77+oi7VSjylD5nECp9Ycj
3/dpDuyLmnem3vebGs0528kY78J0EN3TQ9QY7esZUzwrnVxSEhUvpr+pcw3m/2MC
tLH7+QBeI4VsBf7Chx812PcliYYYkpMQrajAsFuy
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:48:03 2025 by rpki-client