Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133372e302f32342d3234203d3e203338353131.roa
File:                     3130332e36382e3133372e302f32342d3234203d3e203338353131.roa (raw, json)
Hash identifier:          kW0dkbVl3axDrA3JYmOP/J+VOWaOXAqel6hQB21C0fo=
Subject key identifier:   11:21:73:70:A9:CE:D9:C5:5A:95:51:E5:96:EF:7B:93:FC:68:E5:9C
Certificate issuer:       /CN=B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416
Certificate serial:       1C25D9877C9D50E093C2141FCCF87C3B482E17AE
Authority key identifier: B2:C1:8E:11:C8:53:0B:DF:4E:E3:33:F5:DE:BD:0B:05:5F:9D:A4:16
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133372e302f32342d3234203d3e203338353131.roa
Signing time:             Mon 22 Sep 2025 14:02:24 +0000
ROA not before:           Mon 22 Sep 2025 13:57:24 +0000
ROA not after:            Mon 21 Sep 2026 14:02:24 +0000
asID:                     38511
IP address blocks:        103.68.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.crl
                          rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 21:16:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:25:d9:87:7c:9d:50:e0:93:c2:14:1f:cc:f8:7c:3b:48:2e:17:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416
        Validity
            Not Before: Sep 22 13:57:24 2025 GMT
            Not After : Sep 21 14:02:24 2026 GMT
        Subject: CN=11217370A9CED9C55A9551E596EF7B93FC68E59C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:96:c3:c8:3b:e4:00:f4:34:b1:f5:ae:b2:29:
                    a1:b6:62:8e:26:84:2e:dc:11:7d:0a:5e:c7:4a:99:
                    91:ed:5d:21:16:e9:63:fc:7e:9e:a3:fe:f0:36:b8:
                    35:4d:7c:22:1a:c1:ce:d4:bb:43:f8:c3:eb:fc:ac:
                    f0:17:05:05:17:5d:d4:06:31:9a:e2:0e:0d:66:29:
                    e3:0c:90:01:d4:95:cc:df:d2:2e:71:61:ce:40:87:
                    2a:28:87:6e:01:f7:41:03:d6:b2:75:63:49:94:86:
                    a7:29:6e:4c:96:ad:9e:ef:f3:f0:ff:c5:8d:0d:6c:
                    40:e0:6c:d1:dd:d3:e0:c5:5b:43:db:9b:f9:c8:2e:
                    98:32:4d:01:12:0d:ff:6d:20:3a:e4:fa:dd:56:da:
                    f5:58:70:16:58:51:7c:e7:af:fb:e2:6f:c0:cc:8c:
                    a1:5e:35:67:38:64:61:bf:fc:61:a4:df:55:6b:84:
                    50:88:1c:47:6d:c2:97:ea:5d:1d:a8:a9:4d:cd:28:
                    4d:ae:99:70:27:57:23:4c:8f:ba:80:4f:35:6e:d1:
                    99:91:4e:d7:ed:6a:dc:b7:66:ed:d2:11:cf:11:7b:
                    b3:a7:51:d3:30:19:5b:87:25:bf:c0:0f:6d:ba:b4:
                    1d:6f:68:61:6b:8d:28:dc:6a:ee:e5:1e:b3:ac:04:
                    d5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:21:73:70:A9:CE:D9:C5:5A:95:51:E5:96:EF:7B:93:FC:68:E5:9C
            X509v3 Authority Key Identifier:
                keyid:B2:C1:8E:11:C8:53:0B:DF:4E:E3:33:F5:DE:BD:0B:05:5F:9D:A4:16

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B2C18E11C8530BDF4EE333F5DEBD0B055F9DA416.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/93dc1b05-2a69-45b0-8c44-626772276bd9/0/3130332e36382e3133372e302f32342d3234203d3e203338353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:aa:30:34:66:92:5d:84:11:72:e5:96:98:ad:68:ca:19:81:
         a0:b5:25:3f:eb:31:8c:54:54:cb:40:29:a8:e6:a7:2e:35:6f:
         b7:dd:b0:f1:9a:b3:b6:24:e3:43:f3:63:0b:a9:63:34:7b:22:
         55:d3:7b:42:4c:b8:79:b4:a2:c7:3d:ad:54:92:fc:4d:ea:39:
         b4:97:ab:60:83:5d:c2:44:f2:f6:5e:62:c7:78:34:bf:60:ac:
         4a:54:4a:25:72:b5:a3:8a:c6:21:bc:2a:c5:f5:8f:84:34:33:
         39:5f:f8:38:c9:4b:dd:7e:a1:e6:8f:d9:82:f5:6c:e0:1f:e8:
         6b:3e:33:f2:ea:43:47:4b:fc:c9:16:13:0a:f1:47:35:47:93:
         05:91:d3:83:f1:95:0a:1c:77:8f:26:b2:4a:2e:af:0b:33:b9:
         d6:5b:fc:73:a4:a1:54:42:41:5d:1d:87:60:5e:97:76:2a:24:
         a0:62:88:9f:6b:27:37:59:06:dd:92:3c:98:52:c4:0c:6b:2c:
         16:0e:e4:3f:c2:69:d2:19:f7:d1:8c:a5:ca:22:d2:31:a6:ca:
         d7:c9:82:d4:e7:d4:fb:d3:36:75:22:69:c4:a2:b8:d0:63:46:
         9e:b6:df:1a:f5:dd:ac:e9:b1:72:f1:c5:38:85:78:c9:d3:54:
         6e:56:0d:10
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUHCXZh3ydUOCTwhQfzPh8O0guF64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjJDMThFMTFDODUzMEJERjRFRTMzM0Y1REVCRDBCMDU1
RjlEQTQxNjAeFw0yNTA5MjIxMzU3MjRaFw0yNjA5MjExNDAyMjRaMDMxMTAvBgNV
BAMTKDExMjE3MzcwQTlDRUQ5QzU1QTk1NTFFNTk2RUY3QjkzRkM2OEU1OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzlsPIO+QA9DSx9a6yKaG2Yo4m
hC7cEX0KXsdKmZHtXSEW6WP8fp6j/vA2uDVNfCIawc7Uu0P4w+v8rPAXBQUXXdQG
MZriDg1mKeMMkAHUlczf0i5xYc5Ahyooh24B90ED1rJ1Y0mUhqcpbkyWrZ7v8/D/
xY0NbEDgbNHd0+DFW0Pbm/nILpgyTQESDf9tIDrk+t1W2vVYcBZYUXznr/vib8DM
jKFeNWc4ZGG//GGk31VrhFCIHEdtwpfqXR2oqU3NKE2umXAnVyNMj7qATzVu0ZmR
Ttftaty3Zu3SEc8Re7OnUdMwGVuHJb/AD226tB1vaGFrjSjcau7lHrOsBNWLAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUESFzcKnO2cValVHllu97k/xo5ZwwHwYDVR0j
BBgwFoAUssGOEchTC99O4zP13r0LBV+dpBYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
M2RjMWIwNS0yYTY5LTQ1YjAtOGM0NC02MjY3NzIyNzZiZDkvMC9CMkMxOEUxMUM4
NTMwQkRGNEVFMzMzRjVERUJEMEIwNTVGOURBNDE2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjJDMThFMTFDODUzMEJERjRFRTMzM0Y1REVCRDBCMDU1RjlE
QTQxNi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzkzZGMxYjA1LTJhNjktNDViMC04
YzQ0LTYyNjc3MjI3NmJkOS8wLzMxMzAzMzJlMzYzODJlMzEzMzM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzODM1MzEzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGdEiTANBgkqhkiG
9w0BAQsFAAOCAQEAmKowNGaSXYQRcuWWmK1oyhmBoLUlP+sxjFRUy0ApqOanLjVv
t92w8ZqztiTjQ/NjC6ljNHsiVdN7Qky4ebSixz2tVJL8Teo5tJerYINdwkTy9l5i
x3g0v2CsSlRKJXK1o4rGIbwqxfWPhDQzOV/4OMlL3X6h5o/ZgvVs4B/oaz4z8upD
R0v8yRYTCvFHNUeTBZHTg/GVChx3jyaySi6vCzO51lv8c6ShVEJBXR2HYF6Xdiok
oGKIn2snN1kG3ZI8mFLEDGssFg7kP8Jp0hn30YylyiLSMabK18mC1OfU+9M2dSJp
xKK40GNGnrbfGvXdrOmxcvHFOIV4ydNUblYNEA==
-----END CERTIFICATE-----
Generated at Tue Oct 21 07:04:44 2025 by rpki-client