Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/3132322e3134342e302e302f32322d3234203d3e203338333230.roa
File:                     3132322e3134342e302e302f32322d3234203d3e203338333230.roa (raw, json)
Hash identifier:          6KFCBq0GeLMij9zX0LHtO8AChuye1d1F56fk0H8ZhzU=
Subject key identifier:   5D:BB:AB:AB:FB:18:57:95:A1:6D:02:CD:8D:1F:A7:39:C0:2B:5E:A4
Certificate issuer:       /CN=C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1
Certificate serial:       3C15E06A9EF83647F38D1494CC8493E51B32AA50
Authority key identifier: C8:DD:5D:84:FA:FA:BF:7E:AF:62:B3:B0:F4:E4:5A:23:31:F8:02:E1
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/3132322e3134342e302e302f32322d3234203d3e203338333230.roa
Signing time:             Sun 05 Oct 2025 06:00:00 +0000
ROA not before:           Sun 05 Oct 2025 05:55:00 +0000
ROA not after:            Sun 04 Oct 2026 06:00:00 +0000
asID:                     38320
IP address blocks:        122.144.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.crl
                          rsync://repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 22:19:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:15:e0:6a:9e:f8:36:47:f3:8d:14:94:cc:84:93:e5:1b:32:aa:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1
        Validity
            Not Before: Oct  5 05:55:00 2025 GMT
            Not After : Oct  4 06:00:00 2026 GMT
        Subject: CN=5DBBABABFB185795A16D02CD8D1FA739C02B5EA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:18:8f:d2:3f:c5:03:f3:d2:81:bd:d0:1e:52:
                    cb:bb:60:fe:6e:74:f8:06:27:cd:42:ee:66:9c:06:
                    99:bf:77:b3:7a:95:d5:08:60:18:e3:71:76:30:25:
                    dd:0a:42:08:65:8d:37:77:cb:27:12:28:49:da:b5:
                    7d:29:ea:95:4a:fd:95:54:3f:fa:b9:ca:1e:83:23:
                    06:52:11:14:b3:ba:6b:c2:bf:b4:cc:57:82:62:61:
                    20:d1:84:aa:a7:25:86:78:cd:40:d0:c1:04:d0:db:
                    cd:f6:6e:e4:de:d3:58:31:10:4b:43:c9:16:4c:4c:
                    7e:9f:cd:5a:2c:47:1e:0c:02:bd:a5:2c:fa:34:a1:
                    65:fa:69:e2:b3:f7:3f:a3:57:eb:6d:90:62:4c:3f:
                    8b:c7:07:bf:40:4e:ac:c2:13:07:25:d6:7e:25:a7:
                    3b:f5:2c:47:12:21:5a:c1:1a:3a:28:f5:28:19:89:
                    ea:1d:b3:fa:a5:6d:a9:3b:ad:3a:4d:13:ca:d6:1d:
                    37:54:ab:7e:71:1c:d5:63:13:7e:52:b1:ea:55:b1:
                    76:0f:00:12:f3:87:0f:64:81:00:39:d1:d0:97:67:
                    7e:ff:56:bb:a6:c1:ef:02:b1:b8:6f:0f:5b:5b:b7:
                    55:02:b0:c3:bd:46:c4:d7:55:9f:87:c2:68:9d:52:
                    3a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BB:AB:AB:FB:18:57:95:A1:6D:02:CD:8D:1F:A7:39:C0:2B:5E:A4
            X509v3 Authority Key Identifier:
                keyid:C8:DD:5D:84:FA:FA:BF:7E:AF:62:B3:B0:F4:E4:5A:23:31:F8:02:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C8DD5D84FAFABF7EAF62B3B0F4E45A2331F802E1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/a945b86e-0895-4759-a77c-a06ce14e243c/0/3132322e3134342e302e302f32322d3234203d3e203338333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.144.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:5b:98:a9:16:cf:43:93:19:34:3d:d6:98:90:7a:d4:75:ab:
         c6:0f:79:37:d2:6a:a4:a3:9d:e3:fd:63:2e:40:5d:b6:b1:bd:
         93:77:0f:34:7f:5b:04:68:26:42:37:2f:9b:b2:9d:68:50:7a:
         d8:57:b2:99:65:73:a6:ee:18:86:6b:b3:aa:79:35:5e:ef:b7:
         b7:9d:f6:e5:5c:c9:29:01:31:f0:85:99:d0:ab:82:07:0f:b9:
         88:9d:f3:df:c7:c9:39:29:d9:e7:df:e0:61:cb:ed:f8:50:4c:
         88:04:92:41:47:6e:e9:a8:c1:e0:02:a4:2c:45:d0:d9:d9:bb:
         f1:5c:84:fb:28:07:5c:e2:3b:5f:1e:e1:6b:91:5c:ac:7d:38:
         63:4c:46:47:3f:cf:aa:b7:f0:a4:fb:51:97:01:f3:79:4a:64:
         d3:15:18:8a:d8:52:0f:04:a7:ee:7b:41:95:17:82:f4:f2:eb:
         e7:cf:c2:67:cd:fb:c0:18:6a:c3:18:4a:40:79:d3:6d:15:59:
         f3:6a:41:ac:1d:9b:03:1a:ad:8b:f7:15:a9:3c:56:c4:66:d2:
         5e:74:f8:1c:0b:66:9d:ff:43:8e:ea:2a:aa:1b:9e:f0:b4:2d:
         fd:57:77:a1:6d:cb:27:d3:18:da:cf:a6:9a:c7:07:0f:af:22:
         f9:3c:44:d5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUPBXgap74NkfzjRSUzIST5RsyqlAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzhERDVEODRGQUZBQkY3RUFGNjJCM0IwRjRFNDVBMjMz
MUY4MDJFMTAeFw0yNTEwMDUwNTU1MDBaFw0yNjEwMDQwNjAwMDBaMDMxMTAvBgNV
BAMTKDVEQkJBQkFCRkIxODU3OTVBMTZEMDJDRDhEMUZBNzM5QzAyQjVFQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1GI/SP8UD89KBvdAeUsu7YP5u
dPgGJ81C7macBpm/d7N6ldUIYBjjcXYwJd0KQghljTd3yycSKEnatX0p6pVK/ZVU
P/q5yh6DIwZSERSzumvCv7TMV4JiYSDRhKqnJYZ4zUDQwQTQ2832buTe01gxEEtD
yRZMTH6fzVosRx4MAr2lLPo0oWX6aeKz9z+jV+ttkGJMP4vHB79ATqzCEwcl1n4l
pzv1LEcSIVrBGjoo9SgZieods/qlbak7rTpNE8rWHTdUq35xHNVjE35SsepVsXYP
ABLzhw9kgQA50dCXZ37/Vrumwe8CsbhvD1tbt1UCsMO9RsTXVZ+HwmidUjpxAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUXburq/sYV5WhbQLNjR+nOcArXqQwHwYDVR0j
BBgwFoAUyN1dhPr6v36vYrOw9ORaIzH4AuEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
OTQ1Yjg2ZS0wODk1LTQ3NTktYTc3Yy1hMDZjZTE0ZTI0M2MvMC9DOERENUQ4NEZB
RkFCRjdFQUY2MkIzQjBGNEU0NUEyMzMxRjgwMkUxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzhERDVEODRGQUZBQkY3RUFGNjJCM0IwRjRFNDVBMjMzMUY4
MDJFMS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2E5NDViODZlLTA4OTUtNDc1OS1h
NzdjLWEwNmNlMTRlMjQzYy8wLzMxMzIzMjJlMzEzNDM0MmUzMDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMzMzgzMzMyMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJ6kAAwDQYJKoZIhvcN
AQELBQADggEBALVbmKkWz0OTGTQ91piQetR1q8YPeTfSaqSjneP9Yy5AXbaxvZN3
DzR/WwRoJkI3L5uynWhQethXspllc6buGIZrs6p5NV7vt7ed9uVcySkBMfCFmdCr
ggcPuYid89/HyTkp2eff4GHL7fhQTIgEkkFHbumoweACpCxF0NnZu/FchPsoB1zi
O18e4WuRXKx9OGNMRkc/z6q38KT7UZcB83lKZNMVGIrYUg8Ep+57QZUXgvTy6+fP
wmfN+8AYasMYSkB5020VWfNqQawdmwMarYv3Fak8VsRm0l50+BwLZp3/Q47qKqob
nvC0Lf1Xd6FtyyfTGNrPpprHBw+vIvk8RNU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:31:23 2025 by rpki-client