Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/3130332e3234352e33382e302f32332d3234203d3e203535363838.roa
File:                     3130332e3234352e33382e302f32332d3234203d3e203535363838.roa (raw, json)
Hash identifier:          BXIKEbp3orzobWDQOxRP4yZHbZeEm5j1Qo8aYx25BZE=
Subject key identifier:   EA:B6:BC:D6:A6:16:B9:82:4A:05:ED:03:4F:89:9E:D3:B0:85:A2:00
Certificate issuer:       /CN=4A9E8C61BE3670D865B8A79D7D32798550E64F2B
Certificate serial:       0D34A5F3F4199E5AF37D2E308F9C021807B5AAEF
Authority key identifier: 4A:9E:8C:61:BE:36:70:D8:65:B8:A7:9D:7D:32:79:85:50:E6:4F:2B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/3130332e3234352e33382e302f32332d3234203d3e203535363838.roa
Signing time:             Mon 15 Sep 2025 02:00:00 +0000
ROA not before:           Mon 15 Sep 2025 01:55:00 +0000
ROA not after:            Mon 14 Sep 2026 02:00:00 +0000
asID:                     55688
IP address blocks:        103.245.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.crl
                          rsync://repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 12:15:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:34:a5:f3:f4:19:9e:5a:f3:7d:2e:30:8f:9c:02:18:07:b5:aa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4A9E8C61BE3670D865B8A79D7D32798550E64F2B
        Validity
            Not Before: Sep 15 01:55:00 2025 GMT
            Not After : Sep 14 02:00:00 2026 GMT
        Subject: CN=EAB6BCD6A616B9824A05ED034F899ED3B085A200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:da:29:12:6d:f6:78:55:04:28:64:83:b7:3d:
                    7b:e2:f8:d8:06:69:d2:b4:b5:f5:3a:5e:a0:88:94:
                    f4:85:db:5b:f0:35:50:0d:cf:ad:04:20:22:01:a3:
                    54:e8:15:73:11:c2:96:2e:4d:2c:18:4b:a4:b1:84:
                    3c:46:52:57:c8:36:eb:77:0b:e4:cf:bd:6d:2b:69:
                    52:cd:81:fc:e6:08:66:99:21:d3:68:00:48:80:76:
                    8c:c9:9f:03:4f:8e:10:a6:28:dd:30:a1:4d:1e:42:
                    89:46:03:4f:76:e2:a7:86:36:f5:32:a6:0d:ee:03:
                    ff:c9:72:6d:82:80:fd:b7:28:79:74:0f:93:df:04:
                    c9:f7:de:a1:04:6d:13:8f:03:a9:b1:f7:73:11:73:
                    10:7b:2e:09:7f:6c:26:ed:00:e0:2f:dc:20:af:0b:
                    97:2b:9e:c2:67:44:97:a4:e5:80:86:15:0e:0e:f2:
                    52:bb:3a:8f:8b:45:fe:f2:8a:2b:9e:fe:32:ce:4e:
                    af:55:44:aa:fb:6e:39:26:d8:ac:2b:d3:d5:88:47:
                    82:4c:c5:d1:92:16:33:92:32:33:40:20:93:c1:eb:
                    e8:5c:3e:b1:9e:e5:19:7f:8e:68:9a:7d:f4:7b:49:
                    ee:e3:f2:95:8f:ac:0b:ff:f4:c2:fc:c4:56:07:fb:
                    41:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B6:BC:D6:A6:16:B9:82:4A:05:ED:03:4F:89:9E:D3:B0:85:A2:00
            X509v3 Authority Key Identifier:
                keyid:4A:9E:8C:61:BE:36:70:D8:65:B8:A7:9D:7D:32:79:85:50:E6:4F:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4A9E8C61BE3670D865B8A79D7D32798550E64F2B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7c4935d8-96a2-4564-85a3-32a53189367e/0/3130332e3234352e33382e302f32332d3234203d3e203535363838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.245.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:38:3d:7c:bc:ff:db:a4:fe:28:b9:52:2d:dd:37:b8:c9:19:
         39:d1:64:92:6f:df:a4:59:ae:b5:1b:63:64:f1:38:db:9f:90:
         19:ef:5d:89:25:bd:dc:b7:73:92:f7:6d:8a:fe:4a:a0:fa:9e:
         7b:bf:35:19:a4:1e:3f:34:0a:87:f0:61:e1:bb:1b:0b:0b:a6:
         03:fa:96:84:e9:50:e5:aa:d3:4b:54:0f:8a:61:10:a1:f9:d3:
         90:ee:2d:ef:51:d0:be:da:50:08:fd:b4:dd:6e:13:b5:d8:85:
         47:06:6a:e3:d8:2d:25:c5:d4:31:c4:93:06:23:83:2a:e7:02:
         24:26:63:03:35:a1:17:09:08:77:e9:b7:d1:b0:7b:ce:20:ab:
         07:30:a3:6a:a1:68:74:7d:55:f0:9a:f7:7d:4d:9b:08:8e:47:
         ad:4b:e9:0e:68:ef:17:f2:13:df:0a:fa:45:8d:da:2b:03:49:
         56:53:2d:db:cd:47:49:60:df:f7:92:56:05:e6:95:d8:1c:fd:
         5f:80:ca:cd:cb:9a:14:b0:b8:01:16:15:cf:73:ab:75:ae:d1:
         d1:c7:ff:41:c2:e4:8d:87:8f:0a:40:01:e1:46:69:18:83:ea:
         c8:73:19:c5:79:2e:a6:c4:b9:69:21:35:45:5c:20:46:24:ba:
         d2:79:f1:43
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUDTSl8/QZnlrzfS4wj5wCGAe1qu8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNEE5RThDNjFCRTM2NzBEODY1QjhBNzlEN0QzMjc5ODU1
MEU2NEYyQjAeFw0yNTA5MTUwMTU1MDBaFw0yNjA5MTQwMjAwMDBaMDMxMTAvBgNV
BAMTKEVBQjZCQ0Q2QTYxNkI5ODI0QTA1RUQwMzRGODk5RUQzQjA4NUEyMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY2ikSbfZ4VQQoZIO3PXvi+NgG
adK0tfU6XqCIlPSF21vwNVANz60EICIBo1ToFXMRwpYuTSwYS6SxhDxGUlfINut3
C+TPvW0raVLNgfzmCGaZIdNoAEiAdozJnwNPjhCmKN0woU0eQolGA0924qeGNvUy
pg3uA//Jcm2CgP23KHl0D5PfBMn33qEEbROPA6mx93MRcxB7Lgl/bCbtAOAv3CCv
C5crnsJnRJek5YCGFQ4O8lK7Oo+LRf7yiiue/jLOTq9VRKr7bjkm2Kwr09WIR4JM
xdGSFjOSMjNAIJPB6+hcPrGe5Rl/jmiaffR7Se7j8pWPrAv/9ML8xFYH+0FbAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU6ra81qYWuYJKBe0DT4me07CFogAwHwYDVR0j
BBgwFoAUSp6MYb42cNhluKedfTJ5hVDmTyswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
YzQ5MzVkOC05NmEyLTQ1NjQtODVhMy0zMmE1MzE4OTM2N2UvMC80QTlFOEM2MUJF
MzY3MEQ4NjVCOEE3OUQ3RDMyNzk4NTUwRTY0RjJCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNEE5RThDNjFCRTM2NzBEODY1QjhBNzlEN0QzMjc5ODU1MEU2
NEYyQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdjNDkzNWQ4LTk2YTItNDU2NC04
NWEzLTMyYTUzMTg5MzY3ZS8wLzMxMzAzMzJlMzIzNDM1MmUzMzM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzUzNTM2MzgzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAWf1JjANBgkqhkiG
9w0BAQsFAAOCAQEAdDg9fLz/26T+KLlSLd03uMkZOdFkkm/fpFmutRtjZPE425+Q
Ge9diSW93Ldzkvdtiv5KoPqee781GaQePzQKh/Bh4bsbCwumA/qWhOlQ5arTS1QP
imEQofnTkO4t71HQvtpQCP203W4TtdiFRwZq49gtJcXUMcSTBiODKucCJCZjAzWh
FwkId+m30bB7ziCrBzCjaqFodH1V8Jr3fU2bCI5HrUvpDmjvF/IT3wr6RY3aKwNJ
VlMt281HSWDf95JWBeaV2Bz9X4DKzcuaFLC4ARYVz3Orda7R0cf/QcLkjYePCkAB
4UZpGIPqyHMZxXkupsS5aSE1RVwgRiS60nnxQw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:53:54 2025 by rpki-client