Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/3136302e32322e3230342e302f32342d3234203d3e20313337333136.roa
File:                     3136302e32322e3230342e302f32342d3234203d3e20313337333136.roa (raw, json)
Hash identifier:          Zh8n/dPr3gHP9KgajNV0z2AsOCpEwb2affZu8V5L6qs=
Subject key identifier:   8F:E3:7E:1A:A6:02:8E:ED:6C:98:E5:85:B9:7B:00:77:6A:32:54:E7
Certificate issuer:       /CN=0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612
Certificate serial:       7FC4E063424CDD8E018A74DFED0E8B2DAA067269
Authority key identifier: 0A:1B:FC:E6:76:1D:8B:7F:B2:09:F7:CF:9E:D1:B3:DA:F0:60:36:12
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/3136302e32322e3230342e302f32342d3234203d3e20313337333136.roa
Signing time:             Tue 17 Jun 2025 03:16:08 +0000
ROA not before:           Tue 17 Jun 2025 03:11:08 +0000
ROA not after:            Tue 16 Jun 2026 03:16:08 +0000
asID:                     137316
IP address blocks:        160.22.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.crl
                          rsync://repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 03 Jul 2025 22:54:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:c4:e0:63:42:4c:dd:8e:01:8a:74:df:ed:0e:8b:2d:aa:06:72:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612
        Validity
            Not Before: Jun 17 03:11:08 2025 GMT
            Not After : Jun 16 03:16:08 2026 GMT
        Subject: CN=8FE37E1AA6028EED6C98E585B97B00776A3254E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:08:35:c2:89:a0:53:c0:f3:22:bd:97:cd:63:
                    22:05:c5:5b:2b:17:98:c4:7a:46:8b:55:60:44:cf:
                    cd:25:5f:f8:f1:48:3b:ea:a7:6d:1a:f4:e4:98:fd:
                    fd:cd:e4:5b:c4:59:c8:48:75:4f:64:04:b9:52:25:
                    eb:f1:47:e0:42:c9:a1:7b:9d:36:89:b4:99:a5:38:
                    6a:19:a0:cb:bb:2a:5d:c1:c2:15:28:d3:0e:2d:67:
                    b2:37:5d:a8:5a:a7:4e:b0:c0:eb:f6:49:61:8f:41:
                    a7:4f:57:33:c2:d1:14:26:2e:08:68:b2:f2:93:85:
                    4f:f2:c6:d7:de:cc:75:c7:12:92:fc:e4:86:1a:a2:
                    51:af:c5:07:47:96:05:76:8a:de:76:2d:d2:1e:32:
                    9a:a1:8d:81:0e:de:5e:d3:21:70:1f:b7:eb:d0:4d:
                    3a:04:d7:5f:1a:19:4f:da:75:df:1f:03:d1:e1:eb:
                    53:96:72:fa:92:66:93:f0:20:ce:4c:b6:5e:3e:e4:
                    72:85:28:7b:cc:23:4c:48:d9:8f:d5:02:70:30:bf:
                    82:c7:9d:d2:49:62:ba:37:81:71:d0:a4:e0:c1:70:
                    18:b8:22:60:a9:12:d5:d2:06:cf:17:e4:6a:21:e9:
                    32:99:55:67:37:60:8f:66:78:90:ab:ca:44:5c:12:
                    79:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E3:7E:1A:A6:02:8E:ED:6C:98:E5:85:B9:7B:00:77:6A:32:54:E7
            X509v3 Authority Key Identifier:
                keyid:0A:1B:FC:E6:76:1D:8B:7F:B2:09:F7:CF:9E:D1:B3:DA:F0:60:36:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/0A1BFCE6761D8B7FB209F7CF9ED1B3DAF0603612.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/9c1b4c38-7747-45fc-a590-cac52163d538/0/3136302e32322e3230342e302f32342d3234203d3e20313337333136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:17:23:56:5b:34:45:88:88:f1:29:f2:68:4a:61:0e:63:c4:
         74:f0:ba:18:4b:10:fc:7f:0f:9c:da:3d:8f:8d:e0:98:e3:f5:
         e3:b8:c8:6d:cf:be:0e:28:57:a7:9c:7b:d7:bd:27:a7:8e:8d:
         fc:a6:9e:f8:0c:0d:4c:26:4e:06:60:26:f0:0b:67:86:0b:92:
         07:bd:a0:f7:b8:bb:d8:a2:02:e8:8e:23:bb:bd:db:68:66:43:
         3e:e9:42:db:1e:5d:da:ed:3d:4d:27:0c:41:f2:d3:e3:ee:be:
         ca:69:33:d1:17:ce:53:08:f0:6c:99:dc:e9:a2:31:9c:8d:00:
         20:c3:d1:95:dc:6c:61:71:4b:4c:ec:ef:1d:f6:4e:be:ff:33:
         5d:5c:01:81:89:04:f4:ed:9b:50:7d:ee:a2:a4:b5:a9:f8:dd:
         17:6b:94:a9:a9:96:e5:95:80:10:7a:19:93:be:a6:d7:26:4d:
         21:a6:fd:e6:1c:35:12:b2:49:b5:0e:83:93:f6:1e:17:be:06:
         5f:85:6a:43:86:78:52:ff:0f:db:5d:82:b3:c7:50:d0:24:a5:
         72:05:2f:74:ac:e4:63:a4:c2:80:46:52:e6:23:87:94:ea:4f:
         21:8d:25:83:be:18:fc:f6:73:15:07:ba:f4:b6:de:bc:18:d7:
         ab:dc:db:84
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUf8TgY0JM3Y4BinTf7Q6LLaoGcmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMEExQkZDRTY3NjFEOEI3RkIyMDlGN0NGOUVEMUIzREFG
MDYwMzYxMjAeFw0yNTA2MTcwMzExMDhaFw0yNjA2MTYwMzE2MDhaMDMxMTAvBgNV
BAMTKDhGRTM3RTFBQTYwMjhFRUQ2Qzk4RTU4NUI5N0IwMDc3NkEzMjU0RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5CDXCiaBTwPMivZfNYyIFxVsr
F5jEekaLVWBEz80lX/jxSDvqp20a9OSY/f3N5FvEWchIdU9kBLlSJevxR+BCyaF7
nTaJtJmlOGoZoMu7Kl3BwhUo0w4tZ7I3Xahap06wwOv2SWGPQadPVzPC0RQmLgho
svKThU/yxtfezHXHEpL85IYaolGvxQdHlgV2it52LdIeMpqhjYEO3l7TIXAft+vQ
TToE118aGU/add8fA9Hh61OWcvqSZpPwIM5Mtl4+5HKFKHvMI0xI2Y/VAnAwv4LH
ndJJYro3gXHQpODBcBi4ImCpEtXSBs8X5Goh6TKZVWc3YI9meJCrykRcEnnbAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUj+N+GqYCju1smOWFuXsAd2oyVOcwHwYDVR0j
BBgwFoAUChv85nYdi3+yCffPntGz2vBgNhIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
YzFiNGMzOC03NzQ3LTQ1ZmMtYTU5MC1jYWM1MjE2M2Q1MzgvMC8wQTFCRkNFNjc2
MUQ4QjdGQjIwOUY3Q0Y5RUQxQjNEQUYwNjAzNjEyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvMEExQkZDRTY3NjFEOEI3RkIyMDlGN0NGOUVEMUIzREFGMDYw
MzYxMi5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzljMWI0YzM4LTc3NDctNDVmYy1h
NTkwLWNhYzUyMTYzZDUzOC8wLzMxMzYzMDJlMzIzMjJlMzIzMDM0MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzMzM3MzMzMTM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBbMMA0GCSqG
SIb3DQEBCwUAA4IBAQA4FyNWWzRFiIjxKfJoSmEOY8R08LoYSxD8fw+c2j2PjeCY
4/XjuMhtz74OKFennHvXvSenjo38pp74DA1MJk4GYCbwC2eGC5IHvaD3uLvYogLo
jiO7vdtoZkM+6ULbHl3a7T1NJwxB8tPj7r7KaTPRF85TCPBsmdzpojGcjQAgw9GV
3GxhcUtM7O8d9k6+/zNdXAGBiQT07ZtQfe6ipLWp+N0Xa5SpqZbllYAQehmTvqbX
Jk0hpv3mHDUSskm1DoOT9h4XvgZfhWpDhnhS/w/bXYKzx1DQJKVyBS90rORjpMKA
RlLmI4eU6k8hjSWDvhj89nMVB7r0tt68GNer3NuE
-----END CERTIFICATE-----
Generated at Tue Jul 1 11:51:48 2025 by rpki-client