Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/3136302e32302e3235302e302f32342d3234203d3e20313532383132.roa
File:                     3136302e32302e3235302e302f32342d3234203d3e20313532383132.roa (raw, json)
Hash identifier:          TgOS2DIzKKN1li7GhbP8QE2EiuFzEQeHETrSLQ8zd80=
Subject key identifier:   7D:35:D1:2E:B3:8A:5C:81:B2:0A:EB:D5:B0:D2:26:FB:CD:09:E3:1B
Certificate issuer:       /CN=23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C
Certificate serial:       61F2B3FE47BD993C008E5B67F931B5D105985024
Authority key identifier: 23:BE:8C:EA:61:94:06:F9:D8:60:B1:F9:7E:E8:F7:ED:77:E8:EE:7C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/3136302e32302e3235302e302f32342d3234203d3e20313532383132.roa
Signing time:             Tue 23 Sep 2025 05:01:00 +0000
ROA not before:           Tue 23 Sep 2025 04:56:00 +0000
ROA not after:            Tue 22 Sep 2026 05:01:00 +0000
asID:                     152812
IP address blocks:        160.20.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.crl
                          rsync://repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 21:16:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f2:b3:fe:47:bd:99:3c:00:8e:5b:67:f9:31:b5:d1:05:98:50:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C
        Validity
            Not Before: Sep 23 04:56:00 2025 GMT
            Not After : Sep 22 05:01:00 2026 GMT
        Subject: CN=7D35D12EB38A5C81B20AEBD5B0D226FBCD09E31B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9c:12:4d:8d:83:c1:50:f9:b7:54:21:b0:7b:
                    fc:51:73:ef:a0:fc:8c:f6:80:7f:9a:2f:37:21:08:
                    ce:23:2a:40:10:6d:0d:64:8a:2b:c2:06:79:aa:72:
                    db:f6:ab:00:60:7c:ab:85:9a:cd:0e:75:80:91:ab:
                    cd:6e:a7:13:f5:81:3c:cb:dd:34:68:3b:16:67:4f:
                    ba:3e:6f:4e:29:d3:cc:5b:f0:33:ee:4f:ba:22:43:
                    fa:d1:dd:d5:78:f9:c7:4d:2b:07:1e:a5:9a:c5:90:
                    26:e2:d0:78:3f:e6:89:5b:96:ce:59:c0:99:b6:53:
                    2d:a7:26:0b:b5:20:5c:67:fd:82:ae:b1:14:38:08:
                    38:52:90:18:88:c9:47:e6:1c:3f:09:e0:87:25:47:
                    5c:0e:80:44:5b:33:89:13:8d:02:a1:e2:c7:e2:48:
                    15:52:bd:55:4e:b0:7f:15:5f:bd:b5:82:97:91:bf:
                    93:28:a5:c0:1b:33:cf:ee:42:aa:83:56:61:07:06:
                    7b:77:8e:34:b8:df:62:ca:fc:87:b5:bf:9a:90:3d:
                    12:d6:35:80:d2:2a:03:ba:8d:3d:6e:53:83:f5:8a:
                    f5:71:cb:23:ec:d6:a5:b6:b9:34:ae:e9:50:b4:4f:
                    e1:67:22:03:03:5a:4b:f0:df:9b:27:3c:06:2d:37:
                    31:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:35:D1:2E:B3:8A:5C:81:B2:0A:EB:D5:B0:D2:26:FB:CD:09:E3:1B
            X509v3 Authority Key Identifier:
                keyid:23:BE:8C:EA:61:94:06:F9:D8:60:B1:F9:7E:E8:F7:ED:77:E8:EE:7C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/23BE8CEA619406F9D860B1F97EE8F7ED77E8EE7C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/bbed6dc4-d38b-44ba-9f0b-428455b276ee/0/3136302e32302e3235302e302f32342d3234203d3e20313532383132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:43:a0:d3:d1:de:d9:72:8d:35:41:7d:37:68:89:3b:b8:21:
         6a:0f:67:93:d5:fb:9d:17:b6:92:68:e4:86:f6:1c:39:84:e2:
         47:e4:ea:0e:62:9b:9c:aa:12:b0:37:be:2c:0e:69:be:f2:dd:
         59:67:7d:74:2b:ca:e0:19:9a:39:e9:1e:41:69:54:99:55:2a:
         9a:a1:ef:ed:83:d5:aa:a7:2e:1e:cf:7e:ad:54:53:c8:06:a4:
         29:3f:33:d8:a9:3a:da:e7:db:7e:ab:e3:86:7f:a6:91:ff:b1:
         07:43:7f:2f:95:a3:7e:e8:f6:81:07:0a:4f:9b:8a:c6:35:ab:
         27:64:60:6a:80:ef:73:14:ac:4e:2a:60:aa:ea:91:aa:41:53:
         45:4b:4b:74:be:42:71:bc:9d:f0:be:0c:90:6e:fc:3a:dc:76:
         a8:71:c0:05:bb:dd:cc:b2:f2:0d:62:a0:b0:53:bf:24:41:44:
         09:2c:a7:89:ad:c1:ee:1e:68:50:c0:49:f7:d9:7a:72:83:b3:
         47:82:d2:67:87:f9:99:fa:81:7a:f5:e2:9f:b7:21:b5:11:20:
         ec:60:73:2a:35:3c:34:d7:b0:61:5f:20:a0:56:32:21:f0:71:
         bc:4b:53:bc:ad:18:f9:00:05:60:af:09:9c:d7:71:c0:9e:b4:
         7d:81:8b:e5
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUYfKz/ke9mTwAjltn+TG10QWYUCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjNCRThDRUE2MTk0MDZGOUQ4NjBCMUY5N0VFOEY3RUQ3
N0U4RUU3QzAeFw0yNTA5MjMwNDU2MDBaFw0yNjA5MjIwNTAxMDBaMDMxMTAvBgNV
BAMTKDdEMzVEMTJFQjM4QTVDODFCMjBBRUJENUIwRDIyNkZCQ0QwOUUzMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7nBJNjYPBUPm3VCGwe/xRc++g
/Iz2gH+aLzchCM4jKkAQbQ1kiivCBnmqctv2qwBgfKuFms0OdYCRq81upxP1gTzL
3TRoOxZnT7o+b04p08xb8DPuT7oiQ/rR3dV4+cdNKwcepZrFkCbi0Hg/5olbls5Z
wJm2Uy2nJgu1IFxn/YKusRQ4CDhSkBiIyUfmHD8J4IclR1wOgERbM4kTjQKh4sfi
SBVSvVVOsH8VX721gpeRv5MopcAbM8/uQqqDVmEHBnt3jjS432LK/Ie1v5qQPRLW
NYDSKgO6jT1uU4P1ivVxyyPs1qW2uTSu6VC0T+FnIgMDWkvw35snPAYtNzHbAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUfTXRLrOKXIGyCuvVsNIm+80J4xswHwYDVR0j
BBgwFoAUI76M6mGUBvnYYLH5fuj37Xfo7nwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
YmVkNmRjNC1kMzhiLTQ0YmEtOWYwYi00Mjg0NTViMjc2ZWUvMC8yM0JFOENFQTYx
OTQwNkY5RDg2MEIxRjk3RUU4RjdFRDc3RThFRTdDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvMjNCRThDRUE2MTk0MDZGOUQ4NjBCMUY5N0VFOEY3RUQ3N0U4
RUU3Qy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2JiZWQ2ZGM0LWQzOGItNDRiYS05
ZjBiLTQyODQ1NWIyNzZlZS8wLzMxMzYzMDJlMzIzMDJlMzIzNTMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNTMyMzgzMTMyLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBT6MA0GCSqG
SIb3DQEBCwUAA4IBAQAdQ6DT0d7Zco01QX03aIk7uCFqD2eT1fudF7aSaOSG9hw5
hOJH5OoOYpucqhKwN74sDmm+8t1ZZ310K8rgGZo56R5BaVSZVSqaoe/tg9Wqpy4e
z36tVFPIBqQpPzPYqTra59t+q+OGf6aR/7EHQ38vlaN+6PaBBwpPm4rGNasnZGBq
gO9zFKxOKmCq6pGqQVNFS0t0vkJxvJ3wvgyQbvw63HaoccAFu93MsvINYqCwU78k
QUQJLKeJrcHuHmhQwEn32Xpyg7NHgtJnh/mZ+oF69eKftyG1ESDsYHMqNTw017Bh
XyCgVjIh8HG8S1O8rRj5AAVgrwmc13HAnrR9gYvl
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:43:16 2025 by rpki-client