Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130382e302f32332d3234203d3e20313439373037.roa
File:                     3130332e32302e3130382e302f32332d3234203d3e20313439373037.roa (raw, json)
Hash identifier:          GyJFRm5QBw0DVeVQuvzw8Fd9uB9Nai2ZZg9HhVjXTMo=
Subject key identifier:   AB:F6:DA:82:91:11:97:27:03:98:6E:96:74:2C:C1:04:84:1B:14:7B
Certificate issuer:       /CN=7A216F23D8A228FBB8F563EC15DF76FD503231B3
Certificate serial:       4358FD3A11027014556DCD5A7EA4EB824BC2C9B8
Authority key identifier: 7A:21:6F:23:D8:A2:28:FB:B8:F5:63:EC:15:DF:76:FD:50:32:31:B3
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130382e302f32332d3234203d3e20313439373037.roa
Signing time:             Tue 16 Sep 2025 12:00:02 +0000
ROA not before:           Tue 16 Sep 2025 11:55:02 +0000
ROA not after:            Tue 15 Sep 2026 12:00:02 +0000
asID:                     149707
IP address blocks:        103.20.108.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.crl
                          rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 01:13:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:58:fd:3a:11:02:70:14:55:6d:cd:5a:7e:a4:eb:82:4b:c2:c9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7A216F23D8A228FBB8F563EC15DF76FD503231B3
        Validity
            Not Before: Sep 16 11:55:02 2025 GMT
            Not After : Sep 15 12:00:02 2026 GMT
        Subject: CN=ABF6DA829111972703986E96742CC104841B147B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ae:f6:7e:4d:2d:f9:df:e5:b2:34:e5:e0:fa:
                    ce:15:64:10:02:3e:67:64:6c:fc:6d:87:89:d7:fe:
                    a2:af:8f:c5:44:87:42:2e:09:ee:fc:5d:a3:38:0a:
                    41:ab:c2:4a:86:65:a6:59:d8:f2:92:f9:4c:ef:26:
                    29:9d:92:ab:4f:40:53:cc:5f:69:80:08:ce:b4:3e:
                    95:f0:65:3e:30:43:8a:f8:67:d3:c0:fd:63:b5:58:
                    17:47:8d:4d:43:3f:1a:e0:b7:2c:b3:86:4e:72:f6:
                    64:e0:61:6e:88:3d:73:39:39:88:81:64:af:52:25:
                    e2:be:e0:4f:76:7b:9a:87:b0:36:48:25:63:58:f3:
                    e9:aa:71:36:e0:81:bc:e4:67:81:ad:33:aa:35:4c:
                    d8:93:d8:5b:ca:25:41:45:9f:96:d8:5f:25:e5:b4:
                    05:1d:43:85:63:22:b4:19:dc:2a:52:90:73:0d:cc:
                    b7:23:4e:eb:99:af:65:fd:1b:c6:29:41:f2:ba:4b:
                    e1:ae:bc:8d:e3:d9:eb:4a:7d:55:96:fc:84:d9:e9:
                    ad:8c:da:2c:db:1f:8b:1a:21:5c:31:55:90:4f:b4:
                    46:10:c2:12:a1:bc:ae:7c:bd:27:a6:90:94:b1:18:
                    a6:83:b2:4a:b9:dd:d9:f6:b1:30:05:4a:4c:42:c2:
                    d8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F6:DA:82:91:11:97:27:03:98:6E:96:74:2C:C1:04:84:1B:14:7B
            X509v3 Authority Key Identifier:
                keyid:7A:21:6F:23:D8:A2:28:FB:B8:F5:63:EC:15:DF:76:FD:50:32:31:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130382e302f32332d3234203d3e20313439373037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.20.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:4f:ad:45:ee:da:44:44:92:10:df:6f:4e:c8:3d:3d:d2:6b:
         4e:ca:ac:64:de:ce:07:5d:62:ff:12:39:17:43:c8:6b:1c:f1:
         c8:f8:2a:42:d9:e8:c6:32:50:25:5c:56:be:b5:b4:2c:58:ab:
         1b:4d:0f:95:b9:29:93:4e:6f:fe:2f:d2:1c:53:5a:09:05:cb:
         6b:f6:38:b3:11:83:2c:c9:f9:4c:6f:fa:f6:66:c0:76:ac:8b:
         74:73:ea:bb:21:bc:56:fb:d4:bf:76:e8:1f:3c:71:cf:34:2a:
         d3:8c:00:2a:bc:56:2b:1d:d5:b2:c0:09:12:76:8e:d2:8d:71:
         28:bf:f4:24:bb:61:29:5a:78:58:3d:a2:cd:f9:8e:73:42:84:
         e5:b2:c5:1c:38:c0:7e:15:00:ac:59:88:39:63:30:44:cc:99:
         13:31:cb:a4:c5:ac:8d:ab:a3:c7:2e:25:ea:4d:34:38:2b:42:
         96:19:e3:2f:a4:79:1e:de:c1:1c:83:d5:fd:bc:26:c3:4f:8c:
         c2:6c:80:ba:44:c3:d4:0d:7a:99:a2:6c:b2:ec:40:17:e5:06:
         4b:54:c1:97:58:8e:84:d9:c3:bb:c5:d5:77:a0:20:c2:c1:f4:
         dd:d4:a2:d6:df:7f:95:f4:23:25:81:a1:b8:fa:0e:8f:e6:3b:
         a7:0b:96:ee
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUQ1j9OhECcBRVbc1afqTrgkvCybgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0EyMTZGMjNEOEEyMjhGQkI4RjU2M0VDMTVERjc2RkQ1
MDMyMzFCMzAeFw0yNTA5MTYxMTU1MDJaFw0yNjA5MTUxMjAwMDJaMDMxMTAvBgNV
BAMTKEFCRjZEQTgyOTExMTk3MjcwMzk4NkU5Njc0MkNDMTA0ODQxQjE0N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyrvZ+TS353+WyNOXg+s4VZBAC
PmdkbPxth4nX/qKvj8VEh0IuCe78XaM4CkGrwkqGZaZZ2PKS+UzvJimdkqtPQFPM
X2mACM60PpXwZT4wQ4r4Z9PA/WO1WBdHjU1DPxrgtyyzhk5y9mTgYW6IPXM5OYiB
ZK9SJeK+4E92e5qHsDZIJWNY8+mqcTbggbzkZ4GtM6o1TNiT2FvKJUFFn5bYXyXl
tAUdQ4VjIrQZ3CpSkHMNzLcjTuuZr2X9G8YpQfK6S+GuvI3j2etKfVWW/ITZ6a2M
2izbH4saIVwxVZBPtEYQwhKhvK58vSemkJSxGKaDskq53dn2sTAFSkxCwtgPAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUq/bagpERlycDmG6WdCzBBIQbFHswHwYDVR0j
BBgwFoAUeiFvI9iiKPu49WPsFd92/VAyMbMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
Y2M2YmQ3My1mOWJkLTRmNWEtOWM1OS1mYmVhMWJkODM0NzMvMC83QTIxNkYyM0Q4
QTIyOEZCQjhGNTYzRUMxNURGNzZGRDUwMzIzMUIzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0EyMTZGMjNEOEEyMjhGQkI4RjU2M0VDMTVERjc2RkQ1MDMy
MzFCMy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FjYzZiZDczLWY5YmQtNGY1YS05
YzU5LWZiZWExYmQ4MzQ3My8wLzMxMzAzMzJlMzIzMDJlMzEzMDM4MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzEzNDM5MzczMDM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxRsMA0GCSqG
SIb3DQEBCwUAA4IBAQCqT61F7tpERJIQ329OyD090mtOyqxk3s4HXWL/EjkXQ8hr
HPHI+CpC2ejGMlAlXFa+tbQsWKsbTQ+VuSmTTm/+L9IcU1oJBctr9jizEYMsyflM
b/r2ZsB2rIt0c+q7IbxW+9S/dugfPHHPNCrTjAAqvFYrHdWywAkSdo7SjXEov/Qk
u2EpWnhYPaLN+Y5zQoTlssUcOMB+FQCsWYg5YzBEzJkTMcukxayNq6PHLiXqTTQ4
K0KWGeMvpHke3sEcg9X9vCbDT4zCbIC6RMPUDXqZomyy7EAX5QZLVMGXWI6E2cO7
xdV3oCDCwfTd1KLW33+V9CMlgaG4+g6P5junC5bu
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:55:27 2025 by rpki-client