Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232332e302f32342d3234203d3e203535363638.roa
File:                     34392e3233362e3232332e302f32342d3234203d3e203535363638.roa (raw, json)
Hash identifier:          fJ4g0K772WVp53tZH6Cr6nPqsZvGnVS3VfLvicif+Ms=
Subject key identifier:   8B:3C:29:6F:52:77:76:A9:35:AC:F4:D0:DF:71:9D:79:30:C7:83:A5
Certificate issuer:       /CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
Certificate serial:       14AB8E24A3226A3D4F622397E5FD88BEA9F6559F
Authority key identifier: 6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232332e302f32342d3234203d3e203535363638.roa
Signing time:             Fri 10 Oct 2025 05:00:01 +0000
ROA not before:           Fri 10 Oct 2025 04:55:01 +0000
ROA not after:            Fri 09 Oct 2026 05:00:01 +0000
asID:                     55668
IP address blocks:        49.236.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl
                          rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 09:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ab:8e:24:a3:22:6a:3d:4f:62:23:97:e5:fd:88:be:a9:f6:55:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6DA2B28F4391C01434B7229FD4D68E661BF13061
        Validity
            Not Before: Oct 10 04:55:01 2025 GMT
            Not After : Oct  9 05:00:01 2026 GMT
        Subject: CN=8B3C296F527776A935ACF4D0DF719D7930C783A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a6:fb:55:c0:4e:5d:3c:d6:e2:69:81:00:2c:
                    a0:a6:12:fc:08:c5:1f:f5:f5:c7:05:81:4e:6d:ea:
                    cb:ae:f0:7a:ef:a5:12:dc:e1:e6:23:f0:47:19:1a:
                    f0:a0:23:d1:3c:e2:ee:01:52:7d:a9:e7:8d:fc:d9:
                    94:13:d5:d1:d4:87:ee:07:c4:28:82:83:be:71:7a:
                    5b:8e:e3:11:df:8e:5e:c7:1e:f8:64:f5:42:48:00:
                    23:bf:3b:32:01:31:75:f4:10:c1:b1:5c:df:b4:4c:
                    51:bf:8d:64:b3:ab:2f:2f:6c:9e:b9:6d:d9:dc:6b:
                    d3:16:35:db:02:c9:62:b2:ad:ec:50:85:0d:18:2a:
                    0d:99:ad:b6:20:7c:73:e4:b3:5f:39:38:43:66:6f:
                    73:c0:24:b7:12:cf:c6:9d:a0:7f:6c:d9:dd:cd:aa:
                    79:1c:7d:c2:06:72:56:c1:9e:05:69:74:54:2f:df:
                    3b:65:0c:38:4b:81:82:50:2c:62:6e:b1:4b:c8:b1:
                    a7:9d:c3:b6:d0:4b:05:72:63:df:30:44:4c:3a:e2:
                    47:a0:0f:9a:53:f1:01:7a:e5:d4:cf:e4:95:cd:10:
                    ba:f8:34:cf:86:4a:14:ba:50:a8:65:92:3e:5d:e6:
                    4b:6d:5e:10:38:46:2b:3b:a5:29:64:91:b2:91:ce:
                    e2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3C:29:6F:52:77:76:A9:35:AC:F4:D0:DF:71:9D:79:30:C7:83:A5
            X509v3 Authority Key Identifier:
                keyid:6D:A2:B2:8F:43:91:C0:14:34:B7:22:9F:D4:D6:8E:66:1B:F1:30:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/6DA2B28F4391C01434B7229FD4D68E661BF13061.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/6DA2B28F4391C01434B7229FD4D68E661BF13061.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7d0f99c3-e567-41ae-aa00-26cb9781fbe9/0/34392e3233362e3232332e302f32342d3234203d3e203535363638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.236.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:97:38:69:57:0c:fa:7b:d4:43:72:58:ca:38:49:8a:1d:34:
         20:34:3d:ed:4d:30:f1:df:4d:8e:24:20:70:05:a7:0b:1d:f9:
         a6:b9:22:67:4d:63:b3:62:d1:93:21:88:8d:3a:8a:fa:0a:0a:
         2d:c5:eb:77:03:0b:94:fe:a2:40:1a:4e:1e:7d:bf:79:fc:a7:
         3a:47:80:ee:c5:71:21:de:5d:2a:b0:0a:8c:ea:f7:56:6d:91:
         a0:9b:04:7c:79:d6:6a:34:4e:4e:41:40:f5:75:8e:cd:73:62:
         7c:49:15:ad:ae:82:9b:f8:1f:ea:55:ef:7a:5e:29:d9:53:19:
         b3:1c:be:d5:e7:d2:9d:eb:28:f5:97:0c:81:2a:10:63:1b:14:
         02:81:5f:dd:20:fb:a8:59:ca:a2:e7:9d:84:95:f9:e4:c0:d4:
         33:8f:48:26:4b:b1:7e:1b:cc:67:d7:92:96:8b:2f:5a:78:04:
         9a:b0:13:2f:0b:21:fa:d8:13:5a:f5:5e:e9:f7:07:ea:9e:82:
         1a:6e:b1:b5:5d:55:90:8c:b1:e3:42:bf:5d:f2:b1:26:33:09:
         ab:53:64:36:d4:f3:9b:20:9a:29:35:3e:a0:23:4e:a0:c6:18:
         96:80:bf:a2:f5:11:21:b1:fc:a4:b9:a1:fc:7c:22:8f:be:4d:
         b8:76:8e:52
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUFKuOJKMiaj1PYiOX5f2Ivqn2VZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYx
QkYxMzA2MTAeFw0yNTEwMTAwNDU1MDFaFw0yNjEwMDkwNTAwMDFaMDMxMTAvBgNV
BAMTKDhCM0MyOTZGNTI3Nzc2QTkzNUFDRjREMERGNzE5RDc5MzBDNzgzQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpvtVwE5dPNbiaYEALKCmEvwI
xR/19ccFgU5t6suu8HrvpRLc4eYj8EcZGvCgI9E84u4BUn2p54382ZQT1dHUh+4H
xCiCg75xeluO4xHfjl7HHvhk9UJIACO/OzIBMXX0EMGxXN+0TFG/jWSzqy8vbJ65
bdnca9MWNdsCyWKyrexQhQ0YKg2ZrbYgfHPks185OENmb3PAJLcSz8adoH9s2d3N
qnkcfcIGclbBngVpdFQv3ztlDDhLgYJQLGJusUvIsaedw7bQSwVyY98wREw64keg
D5pT8QF65dTP5JXNELr4NM+GShS6UKhlkj5d5kttXhA4Ris7pSlkkbKRzuInAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUizwpb1J3dqk1rPTQ33GdeTDHg6UwHwYDVR0j
BBgwFoAUbaKyj0ORwBQ0tyKf1NaOZhvxMGEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZDBmOTljMy1lNTY3LTQxYWUtYWEwMC0yNmNiOTc4MWZiZTkvMC82REEyQjI4RjQz
OTFDMDE0MzRCNzIyOUZENEQ2OEU2NjFCRjEzMDYxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNkRBMkIyOEY0MzkxQzAxNDM0QjcyMjlGRDRENjhFNjYxQkYx
MzA2MS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdkMGY5OWMzLWU1NjctNDFhZS1h
YTAwLTI2Y2I5NzgxZmJlOS8wLzM0MzkyZTMyMzMzNjJlMzIzMjMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNTM2MzYzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADHs3zANBgkqhkiG
9w0BAQsFAAOCAQEAWJc4aVcM+nvUQ3JYyjhJih00IDQ97U0w8d9NjiQgcAWnCx35
prkiZ01js2LRkyGIjTqK+goKLcXrdwMLlP6iQBpOHn2/efynOkeA7sVxId5dKrAK
jOr3Vm2RoJsEfHnWajROTkFA9XWOzXNifEkVra6Cm/gf6lXvel4p2VMZsxy+1efS
neso9ZcMgSoQYxsUAoFf3SD7qFnKouedhJX55MDUM49IJkuxfhvMZ9eSlosvWngE
mrATLwsh+tgTWvVe6fcH6p6CGm6xtV1VkIyx40K/XfKxJjMJq1NkNtTzmyCaKTU+
oCNOoMYYloC/ovURIbH8pLmh/Hwij75NuHaOUg==
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:44:22 2025 by rpki-client