Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/32372e3131312e33342e302f32342d3234203d3e203538343737.roa
File:                     32372e3131312e33342e302f32342d3234203d3e203538343737.roa (raw, json)
Hash identifier:          JY5X7Ni0FqjOLHL/IBAcPoDotTFSEzReZjChPfIbLws=
Subject key identifier:   1E:FC:39:AC:99:24:49:2B:62:43:7D:C8:1A:97:D1:2D:6C:8E:BF:25
Certificate issuer:       /CN=428AA4240E741F27E3A21EFC29D45F0AECC7FE96
Certificate serial:       1D3D8F3B44BBE0177D8A9985F2EBD6C38267FD29
Authority key identifier: 42:8A:A4:24:0E:74:1F:27:E3:A2:1E:FC:29:D4:5F:0A:EC:C7:FE:96
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/32372e3131312e33342e302f32342d3234203d3e203538343737.roa
Signing time:             Thu 16 Oct 2025 13:00:03 +0000
ROA not before:           Thu 16 Oct 2025 12:55:03 +0000
ROA not after:            Thu 15 Oct 2026 13:00:03 +0000
asID:                     58477
IP address blocks:        27.111.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.crl
                          rsync://repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 11:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:3d:8f:3b:44:bb:e0:17:7d:8a:99:85:f2:eb:d6:c3:82:67:fd:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=428AA4240E741F27E3A21EFC29D45F0AECC7FE96
        Validity
            Not Before: Oct 16 12:55:03 2025 GMT
            Not After : Oct 15 13:00:03 2026 GMT
        Subject: CN=1EFC39AC9924492B62437DC81A97D12D6C8EBF25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:98:6e:cb:e7:ce:55:a0:de:c0:72:34:0c:8f:
                    19:e0:07:70:f7:19:b5:6a:da:f6:82:c6:a8:3e:37:
                    57:4d:cf:dd:4a:33:b6:d6:62:b6:e6:4a:79:a6:82:
                    a1:87:4a:c7:d4:b0:87:e9:5b:7a:18:0d:bf:3d:b1:
                    80:26:53:39:a4:fc:5d:71:5a:97:5d:19:44:80:cb:
                    23:8a:3b:67:26:7c:29:e9:2e:b6:06:84:bd:69:41:
                    70:bb:65:b9:c9:ae:14:d9:69:81:27:f3:e2:6e:ec:
                    01:ae:5d:12:fc:ee:c7:59:86:c1:71:40:08:56:60:
                    a3:27:6d:58:6c:0d:c8:e3:87:c0:41:10:84:23:0b:
                    4d:05:c5:77:81:a4:fa:18:03:ef:f9:26:84:ad:a9:
                    e9:70:cf:b0:db:a1:ed:c2:6f:1d:76:24:2d:0a:2f:
                    f1:a8:c6:31:16:b7:4d:4c:35:46:6c:1b:dd:3e:26:
                    c6:70:83:9d:95:2b:04:76:9e:68:55:8d:3b:57:69:
                    52:7b:13:19:88:83:f2:dc:a7:c1:94:cb:64:c7:e6:
                    f2:25:54:7a:a8:bc:81:52:91:70:8a:9a:a3:aa:94:
                    39:5a:e7:03:da:27:19:47:51:1c:08:8d:c1:6f:44:
                    be:88:f6:a3:f2:a9:9d:80:6b:e6:a2:a7:b0:40:e4:
                    e7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:FC:39:AC:99:24:49:2B:62:43:7D:C8:1A:97:D1:2D:6C:8E:BF:25
            X509v3 Authority Key Identifier:
                keyid:42:8A:A4:24:0E:74:1F:27:E3:A2:1E:FC:29:D4:5F:0A:EC:C7:FE:96

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/428AA4240E741F27E3A21EFC29D45F0AECC7FE96.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/943e2e67-a171-4d9e-a935-406902b1e13b/0/32372e3131312e33342e302f32342d3234203d3e203538343737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.111.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:51:38:3d:e3:5c:7f:e9:4b:fc:81:c2:fd:2c:e4:c6:b8:e5:
         36:b4:61:c2:81:fc:2c:de:2b:ab:0e:49:40:b0:cc:50:e9:c2:
         f5:c9:4c:57:d5:ca:86:f5:57:b1:a4:ce:16:ef:fd:8c:8d:dd:
         c5:eb:51:36:dc:8c:34:fd:62:0f:89:83:16:e6:74:9a:9e:63:
         df:46:9c:4b:b7:10:35:ef:c7:ee:21:29:3c:c6:22:bb:b7:73:
         a9:f6:18:cd:78:b7:a8:74:4f:d8:fb:ed:20:31:c9:f9:26:9a:
         c4:b7:2b:44:2f:99:5b:f3:cd:21:49:a6:64:4f:ba:9b:4f:69:
         2f:8e:2d:3b:5d:16:02:e3:1b:2c:cd:7e:f9:5b:80:b7:14:16:
         ea:75:c5:f6:86:f8:f3:cf:72:98:e8:67:d7:f7:a1:8c:8b:26:
         50:e1:40:18:1a:f5:e0:a8:57:c1:0c:ac:db:9c:c8:8a:52:64:
         2c:af:5f:e2:37:9d:37:b8:00:ed:5b:32:53:98:d8:cf:ea:02:
         68:bd:25:50:7b:53:9d:6f:71:aa:c6:2c:8c:3b:f7:d6:0f:05:
         1e:cc:25:d6:e7:5e:e6:61:98:e4:66:46:b3:71:3f:f0:ce:72:
         8f:54:26:b6:f7:ff:b9:f5:ea:d2:1b:2f:6d:40:d7:32:3d:ff:
         fa:ff:31:8d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUHT2PO0S74Bd9ipmF8uvWw4Jn/SkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDI4QUE0MjQwRTc0MUYyN0UzQTIxRUZDMjlENDVGMEFF
Q0M3RkU5NjAeFw0yNTEwMTYxMjU1MDNaFw0yNjEwMTUxMzAwMDNaMDMxMTAvBgNV
BAMTKDFFRkMzOUFDOTkyNDQ5MkI2MjQzN0RDODFBOTdEMTJENkM4RUJGMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEmG7L585VoN7AcjQMjxngB3D3
GbVq2vaCxqg+N1dNz91KM7bWYrbmSnmmgqGHSsfUsIfpW3oYDb89sYAmUzmk/F1x
WpddGUSAyyOKO2cmfCnpLrYGhL1pQXC7ZbnJrhTZaYEn8+Ju7AGuXRL87sdZhsFx
QAhWYKMnbVhsDcjjh8BBEIQjC00FxXeBpPoYA+/5JoStqelwz7Dboe3Cbx12JC0K
L/GoxjEWt01MNUZsG90+JsZwg52VKwR2nmhVjTtXaVJ7ExmIg/Lcp8GUy2TH5vIl
VHqovIFSkXCKmqOqlDla5wPaJxlHURwIjcFvRL6I9qPyqZ2Aa+aip7BA5OcTAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUHvw5rJkkSStiQ33IGpfRLWyOvyUwHwYDVR0j
BBgwFoAUQoqkJA50Hyfjoh78KdRfCuzH/pYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
NDNlMmU2Ny1hMTcxLTRkOWUtYTkzNS00MDY5MDJiMWUxM2IvMC80MjhBQTQyNDBF
NzQxRjI3RTNBMjFFRkMyOUQ0NUYwQUVDQzdGRTk2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNDI4QUE0MjQwRTc0MUYyN0UzQTIxRUZDMjlENDVGMEFFQ0M3
RkU5Ni5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzk0M2UyZTY3LWExNzEtNGQ5ZS1h
OTM1LTQwNjkwMmIxZTEzYi8wLzMyMzcyZTMxMzEzMTJlMzMzNDJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDM1MzgzNDM3Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAbbyIwDQYJKoZIhvcN
AQELBQADggEBAGhROD3jXH/pS/yBwv0s5Ma45Ta0YcKB/CzeK6sOSUCwzFDpwvXJ
TFfVyob1V7Gkzhbv/YyN3cXrUTbcjDT9Yg+JgxbmdJqeY99GnEu3EDXvx+4hKTzG
Iru3c6n2GM14t6h0T9j77SAxyfkmmsS3K0QvmVvzzSFJpmRPuptPaS+OLTtdFgLj
GyzNfvlbgLcUFup1xfaG+PPPcpjoZ9f3oYyLJlDhQBga9eCoV8EMrNucyIpSZCyv
X+I3nTe4AO1bMlOY2M/qAmi9JVB7U51vcarGLIw799YPBR7MJdbnXuZhmORmRrNx
P/DOco9UJrb3/7n16tIbL21A1zI9//r/MY0=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:30:59 2025 by rpki-client