Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/3231302e35372e3231332e302f32342d3234203d3e203338313432.roa
File:                     3231302e35372e3231332e302f32342d3234203d3e203338313432.roa (raw, json)
Hash identifier:          vcvaF7qLrZfF67W9/bH4Pv9+bQ+VrLBZL/jJ0+fbzRQ=
Subject key identifier:   85:31:19:DC:53:B0:F8:D9:7D:F0:4B:22:76:4F:E7:85:A6:71:20:1F
Certificate issuer:       /CN=29A4AE587F980E73A344FD1ED55C47566E609511
Certificate serial:       5860BAFCEEC1B9F41BB78115949C9034301B1442
Authority key identifier: 29:A4:AE:58:7F:98:0E:73:A3:44:FD:1E:D5:5C:47:56:6E:60:95:11
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/29A4AE587F980E73A344FD1ED55C47566E609511.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/3231302e35372e3231332e302f32342d3234203d3e203338313432.roa
Signing time:             Mon 22 Sep 2025 13:00:00 +0000
ROA not before:           Mon 22 Sep 2025 12:55:00 +0000
ROA not after:            Mon 21 Sep 2026 13:00:00 +0000
asID:                     38142
IP address blocks:        210.57.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/29A4AE587F980E73A344FD1ED55C47566E609511.crl
                          rsync://repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/29A4AE587F980E73A344FD1ED55C47566E609511.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/29A4AE587F980E73A344FD1ED55C47566E609511.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Oct 2025 05:35:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:60:ba:fc:ee:c1:b9:f4:1b:b7:81:15:94:9c:90:34:30:1b:14:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29A4AE587F980E73A344FD1ED55C47566E609511
        Validity
            Not Before: Sep 22 12:55:00 2025 GMT
            Not After : Sep 21 13:00:00 2026 GMT
        Subject: CN=853119DC53B0F8D97DF04B22764FE785A671201F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f2:98:b0:bc:d5:94:aa:1e:c9:70:95:16:60:
                    88:cc:1c:54:cd:9c:8f:d2:4d:d5:32:f3:ee:00:e8:
                    64:7d:0c:a7:2c:9f:13:97:29:9b:bd:ad:3c:01:5b:
                    39:21:8a:ec:4f:d8:42:24:83:01:c2:62:09:00:a3:
                    c8:ac:80:08:79:28:d6:4d:7c:60:d6:f1:a8:b6:fb:
                    04:2e:be:7a:08:eb:68:a4:2e:fa:c9:d0:da:0b:a8:
                    b7:9d:e8:2e:b0:59:60:42:e7:0f:f0:12:a9:aa:e5:
                    62:78:8c:aa:f8:93:a5:c9:7b:d9:7f:88:71:42:d5:
                    68:d3:ae:59:c2:86:70:06:1d:14:6b:b7:4e:56:fe:
                    c7:08:fb:5d:be:64:96:c8:c5:8c:8d:09:1f:2d:2e:
                    30:c1:f0:fb:d3:e3:d9:55:06:28:6f:6f:1a:22:de:
                    b1:41:2d:95:f1:03:5d:21:15:1e:01:0d:23:21:2c:
                    97:b3:fe:31:c3:06:ff:e3:40:86:a3:b4:83:36:e2:
                    82:8f:29:8c:31:0b:f7:fd:05:9c:4e:d4:6e:b3:65:
                    3f:50:0d:e8:17:12:27:fe:08:ec:fc:c4:54:b2:8a:
                    1d:ed:aa:09:b9:b5:56:4c:58:eb:d3:3f:1b:38:11:
                    6f:f2:18:f5:fd:00:1f:f5:b7:db:d4:a2:89:5a:af:
                    f3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:31:19:DC:53:B0:F8:D9:7D:F0:4B:22:76:4F:E7:85:A6:71:20:1F
            X509v3 Authority Key Identifier:
                keyid:29:A4:AE:58:7F:98:0E:73:A3:44:FD:1E:D5:5C:47:56:6E:60:95:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/29A4AE587F980E73A344FD1ED55C47566E609511.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/29A4AE587F980E73A344FD1ED55C47566E609511.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/608b2959-1c25-46a0-89d1-f77d5c474691/0/3231302e35372e3231332e302f32342d3234203d3e203338313432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.57.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:2c:65:89:12:01:f9:e7:00:13:26:88:1f:6e:c0:f4:08:f9:
         21:bc:67:e4:67:5e:95:cf:d5:b0:2d:17:7e:a4:d7:ba:61:6f:
         e1:53:c0:50:0e:8a:38:87:f5:e9:ab:6d:17:43:2a:46:5b:44:
         79:79:05:79:7d:31:e2:de:39:a6:7f:18:b8:c0:5a:ba:70:c9:
         08:18:0e:09:da:1d:f6:c6:d0:8a:f1:c4:c5:a1:da:58:e7:ea:
         b8:b2:bc:c7:83:97:66:5b:16:b9:6c:83:4e:ec:ac:b9:e0:f4:
         c4:1e:31:64:0f:bf:ca:7b:e9:15:e2:52:61:9b:09:86:c0:04:
         8c:33:4c:0e:87:f6:0f:d3:b0:5f:56:4a:57:fe:3f:65:82:21:
         a9:e8:51:c3:dc:68:4d:e9:7a:15:ca:6a:16:86:64:c5:63:1f:
         f8:64:0f:a5:a5:98:45:6b:af:21:6f:b7:61:5d:f6:16:5b:e7:
         e7:ed:7c:f6:d8:f8:b8:7b:60:36:83:2d:28:bb:6e:af:34:0b:
         78:7b:d1:fb:63:38:7c:9e:80:90:ff:53:bf:0b:ef:1d:b2:48:
         20:d1:fa:28:20:aa:1f:29:52:af:63:a4:43:2f:f0:e8:bd:c9:
         19:28:c1:fd:f5:0b:df:96:79:de:20:a6:32:51:64:1c:bb:e0:
         ed:11:49:03
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUWGC6/O7BufQbt4EVlJyQNDAbFEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjlBNEFFNTg3Rjk4MEU3M0EzNDRGRDFFRDU1QzQ3NTY2
RTYwOTUxMTAeFw0yNTA5MjIxMjU1MDBaFw0yNjA5MjExMzAwMDBaMDMxMTAvBgNV
BAMTKDg1MzExOURDNTNCMEY4RDk3REYwNEIyMjc2NEZFNzg1QTY3MTIwMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH8piwvNWUqh7JcJUWYIjMHFTN
nI/STdUy8+4A6GR9DKcsnxOXKZu9rTwBWzkhiuxP2EIkgwHCYgkAo8isgAh5KNZN
fGDW8ai2+wQuvnoI62ikLvrJ0NoLqLed6C6wWWBC5w/wEqmq5WJ4jKr4k6XJe9l/
iHFC1WjTrlnChnAGHRRrt05W/scI+12+ZJbIxYyNCR8tLjDB8PvT49lVBihvbxoi
3rFBLZXxA10hFR4BDSMhLJez/jHDBv/jQIajtIM24oKPKYwxC/f9BZxO1G6zZT9Q
DegXEif+COz8xFSyih3tqgm5tVZMWOvTPxs4EW/yGPX9AB/1t9vUoolar/NpAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUhTEZ3FOw+Nl98Esidk/nhaZxIB8wHwYDVR0j
BBgwFoAUKaSuWH+YDnOjRP0e1VxHVm5glREwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
MDhiMjk1OS0xYzI1LTQ2YTAtODlkMS1mNzdkNWM0NzQ2OTEvMC8yOUE0QUU1ODdG
OTgwRTczQTM0NEZEMUVENTVDNDc1NjZFNjA5NTExLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjlBNEFFNTg3Rjk4MEU3M0EzNDRGRDFFRDU1QzQ3NTY2RTYw
OTUxMS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzYwOGIyOTU5LTFjMjUtNDZhMC04
OWQxLWY3N2Q1YzQ3NDY5MS8wLzMyMzEzMDJlMzUzNzJlMzIzMTMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODMxMzQzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANI51TANBgkqhkiG
9w0BAQsFAAOCAQEAUixliRIB+ecAEyaIH27A9Aj5Ibxn5Gdelc/VsC0XfqTXumFv
4VPAUA6KOIf16attF0MqRltEeXkFeX0x4t45pn8YuMBaunDJCBgOCdod9sbQivHE
xaHaWOfquLK8x4OXZlsWuWyDTuysueD0xB4xZA+/ynvpFeJSYZsJhsAEjDNMDof2
D9OwX1ZKV/4/ZYIhqehRw9xoTel6FcpqFoZkxWMf+GQPpaWYRWuvIW+3YV32Flvn
5+189tj4uHtgNoMtKLturzQLeHvR+2M4fJ6AkP9TvwvvHbJIINH6KCCqHylSr2Ok
Qy/w6L3JGSjB/fUL35Z53iCmMlFkHLvg7RFJAw==
-----END CERTIFICATE-----
Generated at Tue Oct 21 07:17:05 2025 by rpki-client