Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3231372e302f32342d3234203d3e203535363638.roa
File:                     34392e3233362e3231372e302f32342d3234203d3e203535363638.roa (raw, json)
Hash identifier:          +1/NKTo1zjk1P1ZAkPLDaaCsjoolxhbaib5j0otnVl8=
Subject key identifier:   32:04:88:38:D9:7E:DB:56:74:EB:C0:82:4A:EA:4F:C6:1F:1A:17:4F
Certificate issuer:       /CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
Certificate serial:       3CCECFF1A2FD8E917AD1A322BA3B833E2DBA76C6
Authority key identifier: 6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3231372e302f32342d3234203d3e203535363638.roa
Signing time:             Fri 10 Oct 2025 05:00:01 +0000
ROA not before:           Fri 10 Oct 2025 04:55:01 +0000
ROA not after:            Fri 09 Oct 2026 05:00:01 +0000
asID:                     55668
IP address blocks:        49.236.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl
                          rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 09:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ce:cf:f1:a2:fd:8e:91:7a:d1:a3:22:ba:3b:83:3e:2d:ba:76:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
        Validity
            Not Before: Oct 10 04:55:01 2025 GMT
            Not After : Oct  9 05:00:01 2026 GMT
        Subject: CN=32048838D97EDB5674EBC0824AEA4FC61F1A174F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:27:e6:97:ed:7a:21:61:33:48:e2:ad:f1:5d:
                    b1:99:e1:81:42:68:58:64:ee:f5:81:c2:67:61:37:
                    48:a1:0f:c2:6a:11:6e:61:36:8f:f9:f3:e3:30:a7:
                    40:3b:2e:11:fb:4c:49:ee:82:d9:53:34:76:56:50:
                    91:2b:9a:f3:3e:f5:2c:e3:47:27:87:17:59:42:91:
                    91:77:20:46:42:58:81:33:82:7a:78:44:29:90:b7:
                    aa:06:ca:fa:02:36:21:9f:fd:9e:a8:7d:39:49:0a:
                    7c:43:5f:85:03:bd:6d:9c:c9:66:46:65:0a:49:53:
                    53:01:8e:39:19:51:f5:7f:4f:78:ec:cc:8a:0c:a6:
                    ef:8f:f7:89:4b:8a:66:b3:86:7c:43:da:47:02:9b:
                    88:db:80:37:e8:f9:7e:51:3f:23:ff:a7:6a:4a:42:
                    53:2c:a0:72:fa:a4:35:fc:ec:53:9c:0a:a4:71:ed:
                    86:d6:23:bc:7f:da:2e:3d:d1:15:b1:d9:64:cb:39:
                    d4:0e:c0:63:bb:58:cc:e8:0d:fa:f7:ac:5a:cb:81:
                    1f:51:81:00:88:1f:65:52:b8:72:59:98:44:50:60:
                    4f:29:f3:80:bd:fa:b8:20:b2:38:8d:19:1a:d6:1e:
                    9f:d4:80:2d:10:38:f3:3c:20:83:1a:47:cc:cb:ad:
                    60:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:04:88:38:D9:7E:DB:56:74:EB:C0:82:4A:EA:4F:C6:1F:1A:17:4F
            X509v3 Authority Key Identifier:
                keyid:6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3231372e302f32342d3234203d3e203535363638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.236.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:b8:0d:86:0a:88:31:34:1c:99:53:77:16:ee:53:51:21:30:
         23:f9:da:63:f4:04:aa:1d:44:9c:c8:a4:3a:d8:7e:76:e5:9b:
         83:31:27:bf:ce:18:ac:dd:a7:db:94:bf:b0:06:b7:28:b1:bd:
         c6:dd:58:8e:a5:d0:be:d5:d8:22:59:7d:a3:c5:ba:d6:eb:d3:
         0e:85:35:a7:b4:32:04:26:37:c7:2f:00:c5:58:b1:ff:e4:8d:
         38:c2:2f:bc:98:72:0c:e2:c0:d0:a0:19:87:8e:c0:5f:b8:bb:
         0f:0d:5d:15:ff:b8:5a:70:75:0e:be:21:fa:88:97:d8:7e:24:
         f4:35:e0:4a:0b:0f:01:c8:26:4a:19:65:09:5a:da:ac:df:02:
         04:74:ed:80:ed:b3:d9:d2:d3:25:d1:fd:1e:a4:99:c6:2e:67:
         2b:7a:0d:d7:ec:54:b5:58:21:08:6a:17:1f:8e:19:3e:2b:58:
         a2:52:a8:e3:ec:38:67:ff:a8:e6:49:a1:bc:27:d0:1d:f5:29:
         c3:b8:d5:33:4a:57:a4:45:70:c0:a2:53:f4:95:87:0b:3c:c4:
         02:76:64:5a:a3:13:c8:14:b2:fc:67:8a:fc:48:b2:68:d8:be:
         40:5a:21:20:85:d8:97:c5:8a:74:21:9e:38:74:a3:c4:f4:45:
         9d:ac:94:f1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUPM7P8aL9jpF60aMiujuDPi26dsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYx
QkYxMzA2MTAeFw0yNTEwMTAwNDU1MDFaFw0yNjEwMDkwNTAwMDFaMDMxMTAvBgNV
BAMTKDMyMDQ4ODM4RDk3RURCNTY3NEVCQzA4MjRBRUE0RkM2MUYxQTE3NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZJ+aX7XohYTNI4q3xXbGZ4YFC
aFhk7vWBwmdhN0ihD8JqEW5hNo/58+Mwp0A7LhH7TEnugtlTNHZWUJErmvM+9Szj
RyeHF1lCkZF3IEZCWIEzgnp4RCmQt6oGyvoCNiGf/Z6ofTlJCnxDX4UDvW2cyWZG
ZQpJU1MBjjkZUfV/T3jszIoMpu+P94lLimazhnxD2kcCm4jbgDfo+X5RPyP/p2pK
QlMsoHL6pDX87FOcCqRx7YbWI7x/2i490RWx2WTLOdQOwGO7WMzoDfr3rFrLgR9R
gQCIH2VSuHJZmERQYE8p84C9+rggsjiNGRrWHp/UgC0QOPM8IIMaR8zLrWChAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUMgSIONl+21Z068CCSupPxh8aF08wHwYDVR0j
BBgwFoAUbaKyj0ORwBQ0tyKf1NaOZhvxMGEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZDBmOTljMy1lNTY3LTQxYWUtYWEwMC0yNmNiOTc4MWZiZTkvMC82REEyQjI4RjQz
OTFDMDE0MzRCNzIyOUZENEQ2OEU2NjFCRjEzMDYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYxQkYx
MzA2MS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdkMGY5OWMzLWU1NjctNDFhZS1h
YTAwLTI2Y2I5NzgxZmJlOS8wLzM0MzkyZTMyMzMzNjJlMzIzMTM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNTM2MzYzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADHs2TANBgkqhkiG
9w0BAQsFAAOCAQEADLgNhgqIMTQcmVN3Fu5TUSEwI/naY/QEqh1EnMikOth+duWb
gzEnv84YrN2n25S/sAa3KLG9xt1YjqXQvtXYIll9o8W61uvTDoU1p7QyBCY3xy8A
xVix/+SNOMIvvJhyDOLA0KAZh47AX7i7Dw1dFf+4WnB1Dr4h+oiX2H4k9DXgSgsP
AcgmShllCVrarN8CBHTtgO2z2dLTJdH9HqSZxi5nK3oN1+xUtVghCGoXH44ZPitY
olKo4+w4Z/+o5kmhvCfQHfUpw7jVM0pXpEVwwKJT9JWHCzzEAnZkWqMTyBSy/GeK
/EiyaNi+QFohIIXYl8WKdCGeOHSjxPRFnayU8Q==
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:06:27 2025 by rpki-client