Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133362e302f32342d3234203d3e203338353131.roa
File:                     3130332e36382e3133362e302f32342d3234203d3e203338353131.roa (raw, json)
Hash identifier:          ef8K/s+loJfcDNcQd9jMxXM6ibzQu1hDbe8Y7AKrwdI=
Subject key identifier:   EE:DE:1E:04:28:3A:AB:49:E4:F7:65:55:83:6E:AD:5A:45:7E:A4:B7
Certificate issuer:       /CN=B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416
Certificate serial:       76BB3C950B522544336913BC2FB67296A961E8C6
Authority key identifier: B2:C1:8E:11:C8:53:0B:DF:4E:E3:33:F5:DE:BD:0B:05:5F:9D:A4:16
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133362e302f32342d3234203d3e203338353131.roa
Signing time:             Mon 22 Sep 2025 14:02:24 +0000
ROA not before:           Mon 22 Sep 2025 13:57:24 +0000
ROA not after:            Mon 21 Sep 2026 14:02:24 +0000
asID:                     38511
IP address blocks:        103.68.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.crl
                          rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 21:16:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:bb:3c:95:0b:52:25:44:33:69:13:bc:2f:b6:72:96:a9:61:e8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416
        Validity
            Not Before: Sep 22 13:57:24 2025 GMT
            Not After : Sep 21 14:02:24 2026 GMT
        Subject: CN=EEDE1E04283AAB49E4F76555836EAD5A457EA4B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ec:73:62:cd:7e:4f:3a:46:30:88:f0:05:82:
                    b7:a2:8d:13:e8:7a:17:56:21:0c:5d:a6:e3:7e:e6:
                    88:5b:4f:69:5b:d3:0f:6b:3a:e6:2b:3c:ba:1b:ac:
                    c6:37:2f:3e:4c:4c:83:a6:70:79:4e:a4:fd:5f:9a:
                    bb:53:a5:37:dc:40:f8:73:e9:24:f0:fa:02:c1:31:
                    f9:b0:13:0c:0c:3e:11:15:a2:6d:b0:06:d2:5d:39:
                    1a:2c:ad:fb:2a:e3:ea:52:1a:21:75:5e:0e:d7:c3:
                    9a:80:a2:91:88:66:c5:8a:a3:cb:64:67:ac:b3:40:
                    37:0c:c9:a7:d9:cc:a1:ed:ab:18:35:7e:f1:d4:bd:
                    23:48:e6:25:87:29:b1:3f:3d:1a:19:fd:f9:05:f4:
                    1f:e0:24:fa:cb:5c:ca:bd:46:1f:5a:d2:60:d3:e9:
                    3c:31:b7:e3:fa:7f:8a:36:78:e0:da:28:9d:78:f5:
                    d8:4e:b2:46:8c:77:0c:ca:12:3c:af:e5:da:f9:e0:
                    4d:25:7f:32:f6:dd:3e:d0:90:2d:aa:ba:6a:08:96:
                    1a:80:b5:7d:ac:ca:38:97:f2:51:57:e8:5e:0c:76:
                    6a:a6:69:cd:02:10:cd:a5:69:de:02:c4:69:f1:57:
                    77:16:1e:b2:86:66:b9:c9:56:56:bd:fb:9a:a5:82:
                    52:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:DE:1E:04:28:3A:AB:49:E4:F7:65:55:83:6E:AD:5A:45:7E:A4:B7
            X509v3 Authority Key Identifier:
                keyid:B2:C1:8E:11:C8:53:0B:DF:4E:E3:33:F5:DE:BD:0B:05:5F:9D:A4:16

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133362e302f32342d3234203d3e203338353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:6f:ff:fc:34:9d:ab:5d:3a:26:c5:d0:8c:8c:55:20:5a:a5:
         ce:07:64:c3:8a:37:36:d7:1a:39:e7:55:e6:ad:4c:aa:76:f2:
         25:0b:01:bb:61:19:79:6c:e9:52:1f:3b:7d:f0:b7:78:f4:e9:
         e0:73:80:76:7a:c4:df:d6:0e:79:f5:c1:a7:03:c9:4b:3b:5b:
         de:1e:99:f0:20:25:5b:ad:e5:cf:eb:6b:54:38:ee:fe:0d:78:
         9b:66:d3:4b:26:14:16:8c:97:0d:dd:15:9c:d6:9f:45:31:20:
         e9:b4:d2:84:76:f9:75:f2:41:fa:86:31:ce:8f:9c:f0:95:ba:
         27:a9:cb:a3:15:44:43:2a:5d:75:8d:bb:68:31:af:32:7d:27:
         0b:c2:d3:b7:ce:76:ce:63:9e:b2:6c:60:c9:80:cc:5b:0b:05:
         c0:ad:76:a9:60:0d:37:af:f4:c3:de:f8:6d:3d:9e:a0:8e:b0:
         c1:3e:da:4f:ed:ce:28:7c:d4:f7:b7:32:b3:ac:4f:66:ec:2e:
         79:87:ee:b4:39:da:ec:64:e9:e9:d6:d3:6e:8a:d5:bf:64:b8:
         ca:17:2d:ea:ee:71:a6:73:fa:8b:b7:e3:4b:e1:bd:ec:49:ef:
         cf:78:a7:02:69:a3:49:9f:67:ce:7b:ce:cd:55:3d:db:7e:1f:
         1b:ce:9f:b8
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUdrs8lQtSJUQzaRO8L7Zylqlh6MYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjJDMThFMTFDODUzMEJERjRFRTMzM0Y1REVCRDBCMDU1
RjlEQTQxNjAeFw0yNTA5MjIxMzU3MjRaFw0yNjA5MjExNDAyMjRaMDMxMTAvBgNV
BAMTKEVFREUxRTA0MjgzQUFCNDlFNEY3NjU1NTgzNkVBRDVBNDU3RUE0QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG7HNizX5POkYwiPAFgreijRPo
ehdWIQxdpuN+5ohbT2lb0w9rOuYrPLobrMY3Lz5MTIOmcHlOpP1fmrtTpTfcQPhz
6STw+gLBMfmwEwwMPhEVom2wBtJdORosrfsq4+pSGiF1Xg7Xw5qAopGIZsWKo8tk
Z6yzQDcMyafZzKHtqxg1fvHUvSNI5iWHKbE/PRoZ/fkF9B/gJPrLXMq9Rh9a0mDT
6Twxt+P6f4o2eODaKJ149dhOskaMdwzKEjyv5dr54E0lfzL23T7QkC2qumoIlhqA
tX2syjiX8lFX6F4Mdmqmac0CEM2lad4CxGnxV3cWHrKGZrnJVla9+5qlglK1AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU7t4eBCg6q0nk92VVg26tWkV+pLcwHwYDVR0j
BBgwFoAUssGOEchTC99O4zP13r0LBV+dpBYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
M2RjMWIwNS0yYTY5LTQ1YjAtOGM0NC02MjY3NzIyNzZiZDkvMC9CMkMxOEUxMUM4
NTMwQkRGNEVFMzMzRjVERUJEMEIwNTVGOURBNDE2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjJDMThFMTFDODUzMEJERjRFRTMzM0Y1REVCRDBCMDU1RjlE
QTQxNi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzkzZGMxYjA1LTJhNjktNDViMC04
YzQ0LTYyNjc3MjI3NmJkOS8wLzMxMzAzMzJlMzYzODJlMzEzMzM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzEzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGdEiDANBgkqhkiG
9w0BAQsFAAOCAQEAUm///DSdq106JsXQjIxVIFqlzgdkw4o3NtcaOedV5q1Mqnby
JQsBu2EZeWzpUh87ffC3ePTp4HOAdnrE39YOefXBpwPJSztb3h6Z8CAlW63lz+tr
VDju/g14m2bTSyYUFoyXDd0VnNafRTEg6bTShHb5dfJB+oYxzo+c8JW6J6nLoxVE
QypddY27aDGvMn0nC8LTt852zmOesmxgyYDMWwsFwK12qWANN6/0w974bT2eoI6w
wT7aT+3OKHzU97cys6xPZuwueYfutDna7GTp6dbTborVv2S4yhct6u5xpnP6i7fj
S+G97Envz3inAmmjSZ9nznvOzVU9234fG86fuA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:40:24 2025 by rpki-client