Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/3130332e3136392e3235342e302f32332d3233203d3e20313432333730.roa
File:                     3130332e3136392e3235342e302f32332d3233203d3e20313432333730.roa (raw, json)
Hash identifier:          srBAQJfy8a0mnQ4T5/dKNZU30VzR+202z4VgmppP6JM=
Subject key identifier:   44:3C:62:E8:2F:64:84:01:18:87:FE:F6:58:75:CC:5C:0F:41:92:CA
Certificate issuer:       /CN=DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1
Certificate serial:       76C5588076865D9C59BC232E497B405E5EAA7B60
Authority key identifier: DF:68:55:96:DA:F9:D3:65:4A:2E:2F:21:CE:11:AA:0B:B8:0E:45:D1
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/3130332e3136392e3235342e302f32332d3233203d3e20313432333730.roa
Signing time:             Tue 30 Sep 2025 12:00:00 +0000
ROA not before:           Tue 30 Sep 2025 11:55:00 +0000
ROA not after:            Tue 29 Sep 2026 12:00:00 +0000
asID:                     142370
IP address blocks:        103.169.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.crl
                          rsync://repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 15:49:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:c5:58:80:76:86:5d:9c:59:bc:23:2e:49:7b:40:5e:5e:aa:7b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1
        Validity
            Not Before: Sep 30 11:55:00 2025 GMT
            Not After : Sep 29 12:00:00 2026 GMT
        Subject: CN=443C62E82F6484011887FEF65875CC5C0F4192CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:72:14:87:09:47:91:4c:aa:2c:4c:f5:e6:
                    75:7a:7b:da:23:14:78:e4:e4:54:a1:80:16:b5:a2:
                    56:a6:1f:bd:db:db:bd:2c:83:f8:f3:84:73:1d:57:
                    ba:9e:16:05:19:76:a5:78:76:a3:88:a6:b4:83:98:
                    54:15:52:35:13:b3:f1:bc:0e:e6:ce:28:7f:1b:de:
                    b8:6b:f6:65:2d:4c:1b:90:01:56:44:51:8e:81:b6:
                    1a:81:35:a1:7b:d3:ec:9e:a7:46:76:96:c5:46:dc:
                    5b:10:36:0a:a5:8a:a2:78:58:71:49:8b:6c:9e:f3:
                    81:58:7f:64:76:2d:f1:75:1e:18:f5:f9:b5:f0:db:
                    81:e5:a0:b8:fa:b2:49:64:28:34:ef:52:26:37:5d:
                    a5:37:b1:32:80:64:cc:8f:11:bf:6e:c9:fc:a0:b2:
                    01:4b:b5:ef:91:49:9a:03:58:ef:e2:0c:15:d2:20:
                    30:98:8c:78:19:78:f5:7c:ed:44:2e:be:d4:6c:41:
                    b1:50:75:fa:63:98:26:1a:2f:e8:61:2b:0f:03:a8:
                    95:30:bc:a6:69:19:88:61:4d:1d:05:29:d4:42:8a:
                    76:1b:91:9e:c8:7f:b5:a1:be:c0:d9:5d:91:a8:62:
                    de:d2:85:7b:b4:8d:1d:92:be:b2:ec:c5:a9:e6:8c:
                    92:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:3C:62:E8:2F:64:84:01:18:87:FE:F6:58:75:CC:5C:0F:41:92:CA
            X509v3 Authority Key Identifier:
                keyid:DF:68:55:96:DA:F9:D3:65:4A:2E:2F:21:CE:11:AA:0B:B8:0E:45:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DF685596DAF9D3654A2E2F21CE11AA0BB80E45D1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6752b3c2-3f30-4040-8b05-83821777048f/0/3130332e3136392e3235342e302f32332d3233203d3e20313432333730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.169.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:fa:34:ed:19:ac:86:39:7c:95:e0:e2:0e:41:ed:29:1a:3a:
         54:bd:e7:da:41:e2:77:9d:d4:1f:40:4f:7c:4a:90:31:fa:9d:
         0b:fb:eb:a5:ab:cb:8e:a0:c8:ed:83:2d:38:21:ae:18:a3:ed:
         7b:bc:f9:ed:3b:5c:e4:c0:c3:a8:69:e5:ce:f7:6d:4c:be:cd:
         4b:f4:6b:31:ce:c8:d8:5f:4d:e7:d4:68:da:58:03:64:7a:6d:
         61:9f:23:f9:2a:44:4b:37:c9:ae:e1:a6:f5:95:d3:f1:d8:ea:
         37:8c:26:a0:8f:c6:d9:ed:57:df:53:94:90:82:2e:cb:a1:d6:
         08:da:45:a1:aa:ae:3c:fc:f3:12:3a:61:bd:34:cb:5c:ac:12:
         96:a2:69:e1:ec:3d:d1:f5:75:c5:45:6e:d5:5c:66:a2:61:69:
         b1:56:18:a3:2f:54:20:aa:62:c6:e3:84:c3:4b:09:ee:c4:f7:
         ff:1d:02:bb:ef:d0:35:e7:5d:c1:f0:54:25:30:a7:0d:71:48:
         5f:46:32:a1:2c:b6:99:52:da:1d:09:0c:47:a0:75:55:6e:56:
         8e:97:f6:2e:48:df:57:0b:d0:c7:fc:b9:2f:d4:31:af:9d:c4:
         c5:27:a2:09:64:94:74:a5:65:8b:eb:6b:d8:28:27:8d:8e:c8:
         f6:a9:4d:56
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUdsVYgHaGXZxZvCMuSXtAXl6qe2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREY2ODU1OTZEQUY5RDM2NTRBMkUyRjIxQ0UxMUFBMEJC
ODBFNDVEMTAeFw0yNTA5MzAxMTU1MDBaFw0yNjA5MjkxMjAwMDBaMDMxMTAvBgNV
BAMTKDQ0M0M2MkU4MkY2NDg0MDExODg3RkVGNjU4NzVDQzVDMEY0MTkyQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtdHIUhwlHkUyqLEz15nV6e9oj
FHjk5FShgBa1olamH73b270sg/jzhHMdV7qeFgUZdqV4dqOIprSDmFQVUjUTs/G8
DubOKH8b3rhr9mUtTBuQAVZEUY6BthqBNaF70+yep0Z2lsVG3FsQNgqliqJ4WHFJ
i2ye84FYf2R2LfF1Hhj1+bXw24HloLj6sklkKDTvUiY3XaU3sTKAZMyPEb9uyfyg
sgFLte+RSZoDWO/iDBXSIDCYjHgZePV87UQuvtRsQbFQdfpjmCYaL+hhKw8DqJUw
vKZpGYhhTR0FKdRCinYbkZ7If7WhvsDZXZGoYt7ShXu0jR2SvrLsxanmjJL1AgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQURDxi6C9khAEYh/72WHXMXA9BksowHwYDVR0j
BBgwFoAU32hVltr502VKLi8hzhGqC7gORdEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
NzUyYjNjMi0zZjMwLTQwNDAtOGIwNS04MzgyMTc3NzA0OGYvMC9ERjY4NTU5NkRB
RjlEMzY1NEEyRTJGMjFDRTExQUEwQkI4MEU0NUQxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREY2ODU1OTZEQUY5RDM2NTRBMkUyRjIxQ0UxMUFBMEJCODBF
NDVEMS5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY3NTJiM2MyLTNmMzAtNDA0MC04
YjA1LTgzODIxNzc3MDQ4Zi8wLzMxMzAzMzJlMzEzNjM5MmUzMjM1MzQyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzMTM0MzIzMzM3MzAucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnqf4wDQYJ
KoZIhvcNAQELBQADggEBAID6NO0ZrIY5fJXg4g5B7SkaOlS959pB4ned1B9AT3xK
kDH6nQv766Wry46gyO2DLTghrhij7Xu8+e07XOTAw6hp5c73bUy+zUv0azHOyNhf
TefUaNpYA2R6bWGfI/kqREs3ya7hpvWV0/HY6jeMJqCPxtntV99TlJCCLsuh1gja
RaGqrjz88xI6Yb00y1ysEpaiaeHsPdH1dcVFbtVcZqJhabFWGKMvVCCqYsbjhMNL
Ce7E9/8dArvv0DXnXcHwVCUwpw1xSF9GMqEstplS2h0JDEegdVVuVo6X9i5I31cL
0Mf8uS/UMa+dxMUnoglklHSlZYvra9goJ42OyPapTVY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:22:51 2025 by rpki-client