Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/3230322e35382e3137362e302f32312d3234203d3e203234353236.roa
File:                     3230322e35382e3137362e302f32312d3234203d3e203234353236.roa (raw, json)
Hash identifier:          TiBDscIwDM8LXa+oZsdSozLCIgCynFE1SJZ86LD1GBs=
Subject key identifier:   13:BD:68:1F:7B:52:48:88:22:20:65:D8:20:C1:D7:5F:9B:9C:D6:E2
Certificate issuer:       /CN=E42B0752D5FFAB254C3F0E221499F67420870FEB
Certificate serial:       1ADC8D30DFDB7AA43D29837694DDE20FC3E94BE9
Authority key identifier: E4:2B:07:52:D5:FF:AB:25:4C:3F:0E:22:14:99:F6:74:20:87:0F:EB
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/E42B0752D5FFAB254C3F0E221499F67420870FEB.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/3230322e35382e3137362e302f32312d3234203d3e203234353236.roa
Signing time:             Sat 11 Oct 2025 09:00:00 +0000
ROA not before:           Sat 11 Oct 2025 08:55:00 +0000
ROA not after:            Sat 10 Oct 2026 09:00:00 +0000
asID:                     24526
IP address blocks:        202.58.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/E42B0752D5FFAB254C3F0E221499F67420870FEB.crl
                          rsync://repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/E42B0752D5FFAB254C3F0E221499F67420870FEB.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/E42B0752D5FFAB254C3F0E221499F67420870FEB.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 09:57:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:dc:8d:30:df:db:7a:a4:3d:29:83:76:94:dd:e2:0f:c3:e9:4b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E42B0752D5FFAB254C3F0E221499F67420870FEB
        Validity
            Not Before: Oct 11 08:55:00 2025 GMT
            Not After : Oct 10 09:00:00 2026 GMT
        Subject: CN=13BD681F7B524888222065D820C1D75F9B9CD6E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:24:07:3e:10:43:ae:60:7a:ba:fa:b4:69:7c:
                    22:f1:a0:c3:1e:a5:d1:86:a2:da:c6:9e:59:e9:c6:
                    27:ff:e0:a6:b0:2e:d0:c9:31:2b:24:c9:29:af:ea:
                    71:93:ca:ee:07:92:1a:8a:3a:8e:e5:fe:f7:13:b2:
                    db:ab:33:3e:d3:c6:e0:21:8b:64:14:9f:2c:e5:7a:
                    a9:b9:2b:fa:01:eb:b8:18:d1:75:60:7b:2a:1d:d3:
                    b5:cb:86:3d:b8:a9:c7:27:a1:bd:55:8e:9b:e5:30:
                    dd:13:a4:f2:9b:d2:54:b6:0c:72:13:2a:f6:c4:ed:
                    96:9e:df:e7:1d:60:fc:5a:23:1f:43:8a:a5:e0:30:
                    9d:57:19:5d:0a:25:02:26:be:ce:2d:d0:30:8e:61:
                    7c:ea:87:65:22:f4:39:9e:c3:0c:46:eb:64:3a:bb:
                    8a:30:0a:a5:e5:71:d2:67:03:fb:bc:f0:10:1b:f3:
                    91:06:19:f2:2f:47:24:5b:d6:70:a9:2a:84:00:73:
                    ca:b8:40:34:29:5b:96:63:61:04:a7:96:30:6d:08:
                    9c:a1:b7:f9:ae:9b:93:59:cc:8d:1b:84:7e:72:b4:
                    bc:b7:23:d3:22:19:ed:1e:cc:f4:f4:5c:91:99:c3:
                    ba:a4:f9:bc:6e:07:4d:7d:ff:29:0d:c1:de:de:b2:
                    27:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:BD:68:1F:7B:52:48:88:22:20:65:D8:20:C1:D7:5F:9B:9C:D6:E2
            X509v3 Authority Key Identifier:
                keyid:E4:2B:07:52:D5:FF:AB:25:4C:3F:0E:22:14:99:F6:74:20:87:0F:EB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/E42B0752D5FFAB254C3F0E221499F67420870FEB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/E42B0752D5FFAB254C3F0E221499F67420870FEB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b35129e4-2328-43d2-a458-9d3829614815/0/3230322e35382e3137362e302f32312d3234203d3e203234353236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.58.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:eb:59:73:31:c2:fa:b0:ff:e7:2d:5f:45:04:d8:b4:0a:8f:
         0d:bd:a4:a1:0f:1b:4b:7a:be:ed:d0:6f:04:4d:94:92:1d:c4:
         86:c5:77:a0:3e:12:01:68:ee:7e:27:bf:f4:88:ec:40:bb:8e:
         c9:4c:59:e8:5b:1a:a5:f0:e4:c1:09:87:a0:ad:1c:f0:d1:85:
         24:b1:22:cc:1f:55:13:ad:0d:3d:5f:51:81:8b:bd:a6:9b:60:
         53:bb:c4:f5:c5:64:eb:cf:f0:73:ad:77:a8:c4:29:49:35:f5:
         ec:a0:09:44:99:43:9c:82:bb:35:b0:dd:ce:c5:2f:3e:bb:df:
         2b:f8:5f:03:82:52:fd:65:ab:78:0a:a8:c7:7b:22:be:0f:a0:
         d7:7c:dd:87:5f:e6:cb:71:72:c6:8e:81:77:01:81:c6:ad:21:
         5e:cb:42:5a:f7:69:4c:37:27:cd:46:ba:f3:aa:96:61:08:b8:
         bf:10:e6:5b:f9:fc:16:5c:76:d4:31:24:e2:3e:e6:fd:dc:59:
         fa:62:52:2f:e4:9d:fe:0a:b7:ed:20:28:57:89:58:6b:f3:4d:
         33:14:be:40:c2:ac:48:c1:fc:4c:1e:a9:5c:ab:46:3f:ec:a4:
         0f:47:63:32:97:c3:66:16:ca:d8:19:37:2a:81:ca:75:24:c0:
         a3:f5:36:c7
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUGtyNMN/beqQ9KYN2lN3iD8PpS+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRTQyQjA3NTJENUZGQUIyNTRDM0YwRTIyMTQ5OUY2NzQy
MDg3MEZFQjAeFw0yNTEwMTEwODU1MDBaFw0yNjEwMTAwOTAwMDBaMDMxMTAvBgNV
BAMTKDEzQkQ2ODFGN0I1MjQ4ODgyMjIwNjVEODIwQzFENzVGOUI5Q0Q2RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEJAc+EEOuYHq6+rRpfCLxoMMe
pdGGotrGnlnpxif/4KawLtDJMSskySmv6nGTyu4HkhqKOo7l/vcTsturMz7TxuAh
i2QUnyzleqm5K/oB67gY0XVgeyod07XLhj24qccnob1VjpvlMN0TpPKb0lS2DHIT
KvbE7Zae3+cdYPxaIx9DiqXgMJ1XGV0KJQImvs4t0DCOYXzqh2Ui9DmewwxG62Q6
u4owCqXlcdJnA/u88BAb85EGGfIvRyRb1nCpKoQAc8q4QDQpW5ZjYQSnljBtCJyh
t/mum5NZzI0bhH5ytLy3I9MiGe0ezPT0XJGZw7qk+bxuB019/ykNwd7esifdAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUE71oH3tSSIgiIGXYIMHXX5uc1uIwHwYDVR0j
BBgwFoAU5CsHUtX/qyVMPw4iFJn2dCCHD+swDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
MzUxMjllNC0yMzI4LTQzZDItYTQ1OC05ZDM4Mjk2MTQ4MTUvMC9FNDJCMDc1MkQ1
RkZBQjI1NEMzRjBFMjIxNDk5RjY3NDIwODcwRkVCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRTQyQjA3NTJENUZGQUIyNTRDM0YwRTIyMTQ5OUY2NzQyMDg3
MEZFQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2IzNTEyOWU0LTIzMjgtNDNkMi1h
NDU4LTlkMzgyOTYxNDgxNS8wLzMyMzAzMjJlMzUzODJlMzEzNzM2MmUzMDJmMzIz
MTJkMzIzNDIwM2QzZTIwMzIzNDM1MzIzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA8o6sDANBgkqhkiG
9w0BAQsFAAOCAQEAL+tZczHC+rD/5y1fRQTYtAqPDb2koQ8bS3q+7dBvBE2Ukh3E
hsV3oD4SAWjufie/9IjsQLuOyUxZ6FsapfDkwQmHoK0c8NGFJLEizB9VE60NPV9R
gYu9pptgU7vE9cVk68/wc613qMQpSTX17KAJRJlDnIK7NbDdzsUvPrvfK/hfA4JS
/WWreAqox3sivg+g13zdh1/my3Fyxo6BdwGBxq0hXstCWvdpTDcnzUa686qWYQi4
vxDmW/n8Flx21DEk4j7m/dxZ+mJSL+Sd/gq37SAoV4lYa/NNMxS+QMKsSMH8TB6p
XKtGP+ykD0djMpfDZhbK2Bk3KoHKdSTAo/U2xw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:10:21 2025 by rpki-client