Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130392e302f32342d3234203d3e20313439373037.roa
File:                     3130332e32302e3130392e302f32342d3234203d3e20313439373037.roa (raw, json)
Hash identifier:          3msI/ygFttmp4PXSnBx54sTyPLJ5YCmXmK79NjZs9sY=
Subject key identifier:   64:A4:20:A8:E0:CF:81:ED:51:12:D5:54:D1:3A:A1:A6:B5:4F:D1:96
Certificate issuer:       /CN=7A216F23D8A228FBB8F563EC15DF76FD503231B3
Certificate serial:       4C4F876D5F8092E476573C069648DCEC048B54E9
Authority key identifier: 7A:21:6F:23:D8:A2:28:FB:B8:F5:63:EC:15:DF:76:FD:50:32:31:B3
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130392e302f32342d3234203d3e20313439373037.roa
Signing time:             Tue 16 Sep 2025 12:00:02 +0000
ROA not before:           Tue 16 Sep 2025 11:55:02 +0000
ROA not after:            Tue 15 Sep 2026 12:00:02 +0000
asID:                     149707
IP address blocks:        103.20.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.crl
                          rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 01:13:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:4f:87:6d:5f:80:92:e4:76:57:3c:06:96:48:dc:ec:04:8b:54:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7A216F23D8A228FBB8F563EC15DF76FD503231B3
        Validity
            Not Before: Sep 16 11:55:02 2025 GMT
            Not After : Sep 15 12:00:02 2026 GMT
        Subject: CN=64A420A8E0CF81ED5112D554D13AA1A6B54FD196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a8:22:83:f7:4a:fa:da:7e:df:f5:25:05:5d:
                    1d:f9:f2:0b:98:88:f3:92:2b:c7:61:6c:d8:1b:d3:
                    d3:29:e9:49:0a:ed:49:a9:20:77:12:0d:28:f3:21:
                    39:5e:b4:9b:e1:89:99:16:66:99:31:a8:9b:ea:09:
                    d0:0c:0e:b4:7b:92:d4:1c:c2:20:d9:81:17:42:e9:
                    c1:11:3e:67:cb:c8:26:a4:de:0c:d1:e4:ac:1f:0e:
                    bd:bb:7a:c6:7a:56:38:8d:7f:b3:93:83:f0:ae:45:
                    b2:33:a6:01:35:ac:ca:4a:3b:9a:a5:8c:92:34:ab:
                    55:54:15:83:4c:9b:e8:da:74:40:e5:fd:ed:84:08:
                    c6:d6:8e:37:d6:42:dc:05:73:de:50:20:f5:42:41:
                    15:83:20:5c:e0:a7:89:4a:a1:7f:0d:19:85:ef:b3:
                    35:48:ae:00:5b:36:2c:d4:98:12:46:0b:a7:23:b2:
                    a2:65:64:6e:d9:f8:b4:f5:04:8e:36:c4:ac:ce:76:
                    bc:30:21:3e:2d:ec:44:be:97:cb:60:94:ba:14:a3:
                    e7:cb:57:db:b5:11:be:74:1f:b0:9e:72:3e:1f:88:
                    92:2d:fe:52:c9:2c:09:78:a2:12:73:8d:c2:15:64:
                    66:d9:fd:cd:6f:1a:60:b5:47:d7:29:87:70:5d:9c:
                    3b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A4:20:A8:E0:CF:81:ED:51:12:D5:54:D1:3A:A1:A6:B5:4F:D1:96
            X509v3 Authority Key Identifier:
                keyid:7A:21:6F:23:D8:A2:28:FB:B8:F5:63:EC:15:DF:76:FD:50:32:31:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/7A216F23D8A228FBB8F563EC15DF76FD503231B3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7A216F23D8A228FBB8F563EC15DF76FD503231B3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/acc6bd73-f9bd-4f5a-9c59-fbea1bd83473/0/3130332e32302e3130392e302f32342d3234203d3e20313439373037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.20.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e3:ee:9a:af:95:16:b5:ae:d5:2e:70:57:5f:d4:33:4e:af:
         c1:e0:0d:aa:3c:15:89:54:e0:44:0f:17:c9:f0:78:36:29:1e:
         a1:44:e6:4c:68:90:07:22:a0:65:7e:6e:54:b4:1f:91:08:be:
         d6:fc:51:22:fa:07:fb:04:dd:e9:e6:97:60:24:5a:ff:ce:a8:
         04:9e:15:45:46:61:dd:a6:a9:b9:30:9d:2a:db:89:cf:8a:a0:
         a7:46:48:b8:03:96:a8:63:7a:6b:1e:16:56:03:8f:88:37:70:
         4b:31:27:e8:05:7b:52:8c:da:b4:e7:10:12:1c:8f:01:dd:fc:
         59:92:a5:6f:69:c1:f2:99:ec:3e:54:40:8e:58:96:03:ae:1a:
         24:a0:ac:b0:a9:97:b2:ec:a3:79:fd:ab:25:ed:82:36:a3:53:
         d9:0e:0d:41:11:e8:a5:64:5e:d3:52:51:9f:f8:d3:da:1d:d6:
         65:d2:f4:10:80:f5:fb:0d:64:d1:73:5b:db:86:76:ee:1b:a3:
         25:cf:45:d7:44:5c:81:e9:c5:83:31:92:57:83:0b:62:53:6c:
         c5:2b:e1:39:96:ab:10:ec:17:9b:00:41:3d:4a:38:43:2e:c3:
         bd:c4:cb:db:27:14:32:b0:31:41:92:6b:40:69:3d:f2:5e:56:
         74:f7:57:30
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUTE+HbV+AkuR2VzwGlkjc7ASLVOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0EyMTZGMjNEOEEyMjhGQkI4RjU2M0VDMTVERjc2RkQ1
MDMyMzFCMzAeFw0yNTA5MTYxMTU1MDJaFw0yNjA5MTUxMjAwMDJaMDMxMTAvBgNV
BAMTKDY0QTQyMEE4RTBDRjgxRUQ1MTEyRDU1NEQxM0FBMUE2QjU0RkQxOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9qCKD90r62n7f9SUFXR358guY
iPOSK8dhbNgb09Mp6UkK7UmpIHcSDSjzITletJvhiZkWZpkxqJvqCdAMDrR7ktQc
wiDZgRdC6cERPmfLyCak3gzR5KwfDr27esZ6VjiNf7OTg/CuRbIzpgE1rMpKO5ql
jJI0q1VUFYNMm+jadEDl/e2ECMbWjjfWQtwFc95QIPVCQRWDIFzgp4lKoX8NGYXv
szVIrgBbNizUmBJGC6cjsqJlZG7Z+LT1BI42xKzOdrwwIT4t7ES+l8tglLoUo+fL
V9u1Eb50H7Cecj4fiJIt/lLJLAl4ohJzjcIVZGbZ/c1vGmC1R9cph3BdnDuBAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUZKQgqODPge1REtVU0TqhprVP0ZYwHwYDVR0j
BBgwFoAUeiFvI9iiKPu49WPsFd92/VAyMbMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
Y2M2YmQ3My1mOWJkLTRmNWEtOWM1OS1mYmVhMWJkODM0NzMvMC83QTIxNkYyM0Q4
QTIyOEZCQjhGNTYzRUMxNURGNzZGRDUwMzIzMUIzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0EyMTZGMjNEOEEyMjhGQkI4RjU2M0VDMTVERjc2RkQ1MDMy
MzFCMy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FjYzZiZDczLWY5YmQtNGY1YS05
YzU5LWZiZWExYmQ4MzQ3My8wLzMxMzAzMzJlMzIzMDJlMzEzMDM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNDM5MzczMDM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxRtMA0GCSqG
SIb3DQEBCwUAA4IBAQAP4+6ar5UWta7VLnBXX9QzTq/B4A2qPBWJVOBEDxfJ8Hg2
KR6hROZMaJAHIqBlfm5UtB+RCL7W/FEi+gf7BN3p5pdgJFr/zqgEnhVFRmHdpqm5
MJ0q24nPiqCnRki4A5aoY3prHhZWA4+IN3BLMSfoBXtSjNq05xASHI8B3fxZkqVv
acHymew+VECOWJYDrhokoKywqZey7KN5/asl7YI2o1PZDg1BEeilZF7TUlGf+NPa
HdZl0vQQgPX7DWTRc1vbhnbuG6Mlz0XXRFyB6cWDMZJXgwtiU2zFK+E5lqsQ7Beb
AEE9SjhDLsO9xMvbJxQysDFBkmtAaT3yXlZ091cw
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:55:36 2025 by rpki-client