Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232302e302f32342d3234203d3e203535363638.roa
File:                     34392e3233362e3232302e302f32342d3234203d3e203535363638.roa (raw, json)
Hash identifier:          7skPXD0GcBP0y8K0CJN6k0vAhi8+IRcH6Kcm8uU8vVs=
Subject key identifier:   24:AC:EB:47:B0:75:71:E5:2D:55:A2:9F:C0:03:24:7C:07:33:36:24
Certificate issuer:       /CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
Certificate serial:       24D24DC93F52C0BDF1AC9E158BF18893EAB28D05
Authority key identifier: 6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232302e302f32342d3234203d3e203535363638.roa
Signing time:             Fri 10 Oct 2025 06:00:01 +0000
ROA not before:           Fri 10 Oct 2025 05:55:01 +0000
ROA not after:            Fri 09 Oct 2026 06:00:01 +0000
asID:                     55668
IP address blocks:        49.236.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl
                          rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 09:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d2:4d:c9:3f:52:c0:bd:f1:ac:9e:15:8b:f1:88:93:ea:b2:8d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
        Validity
            Not Before: Oct 10 05:55:01 2025 GMT
            Not After : Oct  9 06:00:01 2026 GMT
        Subject: CN=24ACEB47B07571E52D55A29FC003247C07333624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9c:b6:26:62:cd:9b:72:e9:6b:05:4a:bc:3c:
                    55:85:d7:cd:94:24:f8:7e:9e:98:31:1b:8e:27:1b:
                    0d:5e:cc:79:0d:c2:35:b1:30:47:09:32:ce:65:db:
                    39:46:c2:a4:55:4a:d0:6b:c5:9b:47:e2:04:14:15:
                    d9:68:92:f1:fb:d4:85:8a:7a:97:f1:84:8f:38:d6:
                    10:a7:3b:48:a7:92:4c:7e:eb:63:a7:43:fd:7a:3b:
                    18:46:18:7b:4f:74:61:8e:a8:b6:f1:9e:a4:41:ee:
                    df:d8:75:76:fb:1f:9f:8e:1d:07:fb:63:e6:9d:9c:
                    02:90:51:91:1e:15:22:16:3d:fd:17:5c:56:20:ca:
                    83:0b:c3:31:70:7c:f7:30:93:a5:0b:17:7f:98:eb:
                    3f:2d:f1:97:ef:0c:5d:5a:9e:3e:e3:15:f7:68:86:
                    ef:53:33:68:d9:91:cb:65:ff:e9:a5:5b:74:35:3b:
                    97:82:0a:76:d0:ee:20:56:2c:23:0f:b0:2a:b9:2d:
                    25:53:26:be:fe:78:f3:34:e6:1b:fc:dd:34:d9:f1:
                    a5:7e:08:53:ca:49:e7:13:35:da:8a:4a:09:0b:9d:
                    ce:c4:6c:ea:e9:a7:19:39:97:c1:ce:e8:d1:cd:e5:
                    67:bf:54:89:c3:11:47:2f:84:f0:51:36:1e:c4:d0:
                    14:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:AC:EB:47:B0:75:71:E5:2D:55:A2:9F:C0:03:24:7C:07:33:36:24
            X509v3 Authority Key Identifier:
                keyid:6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232302e302f32342d3234203d3e203535363638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.236.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d0:6b:04:ba:38:a3:6a:90:4c:fe:ab:e3:53:18:38:83:b1:
         47:a4:19:e8:1f:45:2f:92:80:ec:db:f7:29:68:45:bb:03:da:
         f7:e0:1c:b5:bc:45:2e:0e:87:f9:25:47:76:48:2b:0f:1b:a9:
         1f:bf:43:2c:14:8c:00:d5:79:4e:47:a8:21:b5:3c:75:04:3f:
         4c:d4:ba:4c:4d:0f:22:1c:af:78:d3:6e:b2:2b:bb:ad:9b:39:
         34:e7:ac:a5:1b:e9:56:12:cd:45:32:b2:99:ec:28:4c:2b:c2:
         a3:29:88:56:fb:d7:34:9d:6c:7d:4f:bc:1f:3c:12:5b:8b:0a:
         8b:34:8f:13:e5:50:60:1a:77:8e:7c:0d:eb:c1:3f:0a:d5:44:
         ba:69:51:d4:e9:bc:bd:30:f1:ff:91:0c:f3:68:ae:6c:73:ba:
         a8:cd:5a:0e:3c:7b:22:ff:0f:d5:28:d1:16:01:5f:81:bd:23:
         e0:58:c0:ca:f5:9b:a6:20:cb:c6:b5:a8:ba:83:65:a0:2f:48:
         b5:91:b6:89:67:74:a0:de:0e:2c:8a:8f:e8:d1:be:94:db:6e:
         b4:aa:55:e3:fd:57:bd:53:3a:0c:55:fb:1e:35:c7:02:2e:df:
         9e:b8:62:ef:78:e9:a0:c5:46:11:78:0f:25:f1:c0:d4:f5:ce:
         4f:0f:51:fb
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUJNJNyT9SwL3xrJ4Vi/GIk+qyjQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYx
QkYxMzA2MTAeFw0yNTEwMTAwNTU1MDFaFw0yNjEwMDkwNjAwMDFaMDMxMTAvBgNV
BAMTKDI0QUNFQjQ3QjA3NTcxRTUyRDU1QTI5RkMwMDMyNDdDMDczMzM2MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvnLYmYs2bculrBUq8PFWF182U
JPh+npgxG44nGw1ezHkNwjWxMEcJMs5l2zlGwqRVStBrxZtH4gQUFdlokvH71IWK
epfxhI841hCnO0inkkx+62OnQ/16OxhGGHtPdGGOqLbxnqRB7t/YdXb7H5+OHQf7
Y+adnAKQUZEeFSIWPf0XXFYgyoMLwzFwfPcwk6ULF3+Y6z8t8ZfvDF1anj7jFfdo
hu9TM2jZkctl/+mlW3Q1O5eCCnbQ7iBWLCMPsCq5LSVTJr7+ePM05hv83TTZ8aV+
CFPKSecTNdqKSgkLnc7EbOrppxk5l8HO6NHN5We/VInDEUcvhPBRNh7E0BT1AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUJKzrR7B1ceUtVaKfwAMkfAczNiQwHwYDVR0j
BBgwFoAUbaKyj0ORwBQ0tyKf1NaOZhvxMGEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZDBmOTljMy1lNTY3LTQxYWUtYWEwMC0yNmNiOTc4MWZiZTkvMC82REEyQjI4RjQz
OTFDMDE0MzRCNzIyOUZENEQ2OEU2NjFCRjEzMDYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYxQkYx
MzA2MS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdkMGY5OWMzLWU1NjctNDFhZS1h
YTAwLTI2Y2I5NzgxZmJlOS8wLzM0MzkyZTMyMzMzNjJlMzIzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNTM2MzYzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADHs3DANBgkqhkiG
9w0BAQsFAAOCAQEAlNBrBLo4o2qQTP6r41MYOIOxR6QZ6B9FL5KA7Nv3KWhFuwPa
9+ActbxFLg6H+SVHdkgrDxupH79DLBSMANV5TkeoIbU8dQQ/TNS6TE0PIhyveNNu
siu7rZs5NOespRvpVhLNRTKymewoTCvCoymIVvvXNJ1sfU+8HzwSW4sKizSPE+VQ
YBp3jnwN68E/CtVEumlR1Om8vTDx/5EM82iubHO6qM1aDjx7Iv8P1SjRFgFfgb0j
4FjAyvWbpiDLxrWouoNloC9ItZG2iWd0oN4OLIqP6NG+lNtutKpV4/1XvVM6DFX7
HjXHAi7fnrhi73jpoMVGEXgPJfHA1PXOTw9R+w==
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:06:43 2025 by rpki-client