Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/3130332e3130362e37362e302f32322d3232203d3e203436303233.roa
File:                     3130332e3130362e37362e302f32322d3232203d3e203436303233.roa (raw, json)
Hash identifier:          juQ/cwjH1toIUGh+4Z6y41hGaf2rFqJaltHbfzkfdBc=
Subject key identifier:   0D:35:22:A0:49:8B:6A:09:6B:69:01:E5:02:5A:89:4F:8D:ED:B2:76
Certificate issuer:       /CN=21F5E152BA3E25561EA4D2E2986546412F44F15B
Certificate serial:       50B55AEBFD33D1F90BE9F79D19623572A4B75384
Authority key identifier: 21:F5:E1:52:BA:3E:25:56:1E:A4:D2:E2:98:65:46:41:2F:44:F1:5B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/21F5E152BA3E25561EA4D2E2986546412F44F15B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/3130332e3130362e37362e302f32322d3232203d3e203436303233.roa
Signing time:             Tue 07 Oct 2025 09:00:00 +0000
ROA not before:           Tue 07 Oct 2025 08:55:00 +0000
ROA not after:            Tue 06 Oct 2026 09:00:00 +0000
asID:                     46023
IP address blocks:        103.106.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/21F5E152BA3E25561EA4D2E2986546412F44F15B.crl
                          rsync://repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/21F5E152BA3E25561EA4D2E2986546412F44F15B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/21F5E152BA3E25561EA4D2E2986546412F44F15B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 11:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b5:5a:eb:fd:33:d1:f9:0b:e9:f7:9d:19:62:35:72:a4:b7:53:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21F5E152BA3E25561EA4D2E2986546412F44F15B
        Validity
            Not Before: Oct  7 08:55:00 2025 GMT
            Not After : Oct  6 09:00:00 2026 GMT
        Subject: CN=0D3522A0498B6A096B6901E5025A894F8DEDB276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:9f:de:4e:73:fa:fe:62:a0:c3:5d:87:34:
                    45:f5:71:f0:1e:90:84:59:3a:90:a1:50:5f:c5:a6:
                    74:fe:e5:b8:4c:75:4d:2c:1f:21:94:70:5d:89:92:
                    9e:c7:22:bf:18:17:e7:d6:ca:d3:e8:34:38:66:8e:
                    d6:86:10:9f:2e:d8:a0:2a:75:ff:06:33:41:fc:30:
                    2d:9f:6f:25:c8:63:9c:b5:12:f5:dd:18:33:4b:22:
                    7d:c3:b1:7e:04:4d:48:4c:10:1d:a2:21:a0:4e:55:
                    9a:2f:1d:28:ad:87:bb:56:ea:2e:ab:fd:eb:56:42:
                    f6:18:16:f4:e9:37:e6:ab:00:18:98:ed:c9:41:7d:
                    4f:cc:de:bf:c5:f7:a6:4e:a8:82:96:1b:12:13:83:
                    d4:55:84:a4:d6:f1:42:f4:a6:b2:07:aa:72:34:7d:
                    a9:22:39:84:d6:8e:23:d1:8e:e6:93:61:42:05:61:
                    96:e5:e3:37:3d:f5:8e:b7:03:0a:a8:be:6d:28:ae:
                    7b:5e:07:9e:52:13:b4:2d:9e:c9:86:ec:dd:1b:45:
                    b5:b4:fa:0d:87:69:eb:44:2f:52:52:46:e1:f2:17:
                    75:1a:40:33:ac:34:4e:fd:22:9f:ac:09:09:32:90:
                    98:1f:0f:81:0d:36:92:fd:d4:6f:27:92:77:cd:57:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:35:22:A0:49:8B:6A:09:6B:69:01:E5:02:5A:89:4F:8D:ED:B2:76
            X509v3 Authority Key Identifier:
                keyid:21:F5:E1:52:BA:3E:25:56:1E:A4:D2:E2:98:65:46:41:2F:44:F1:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/21F5E152BA3E25561EA4D2E2986546412F44F15B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/21F5E152BA3E25561EA4D2E2986546412F44F15B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c3dd6135-548c-4881-af78-93af9f2a2516/0/3130332e3130362e37362e302f32322d3232203d3e203436303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.106.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:22:c9:7b:82:f1:0f:0e:e6:d9:c9:08:7c:fe:12:93:3d:46:
         98:67:b4:44:93:93:8f:27:93:91:8b:87:ff:aa:bf:33:fb:0a:
         50:74:68:3b:c7:61:b4:0e:6d:be:91:f6:bd:a0:2c:a2:8a:7c:
         6e:f3:f3:ce:ab:34:9c:8e:a3:c7:94:20:06:b1:19:12:47:5e:
         6b:6e:c1:dc:aa:e8:80:50:1c:da:7d:f6:a8:40:db:57:b0:60:
         4b:da:d4:6a:b5:dc:e3:fb:91:0d:9e:34:7b:80:77:d9:34:5f:
         e1:e1:cb:07:89:bf:9b:d8:cc:2d:60:33:57:ea:95:c6:9c:d1:
         e7:68:8d:69:13:21:b1:65:54:c8:2e:b3:f6:b2:44:a4:64:cb:
         ba:26:37:ec:bb:96:c2:64:06:ef:fe:e6:50:c0:58:8e:38:b8:
         23:f0:f6:e0:bc:4b:de:08:b4:18:56:30:cf:c7:83:31:e9:cb:
         d2:67:44:7a:00:e4:6f:17:5a:f9:87:c4:89:bb:e9:bb:ca:05:
         9b:0c:e1:83:71:10:e6:01:1a:87:da:40:d3:29:0c:67:a6:5d:
         33:9b:41:43:37:e2:63:a5:20:9e:70:87:88:fd:ab:47:46:92:
         48:53:df:a3:2e:82:29:d8:c9:ee:7e:79:40:f6:07:02:c2:d8:
         41:fb:2d:51
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUULVa6/0z0fkL6fedGWI1cqS3U4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjFGNUUxNTJCQTNFMjU1NjFFQTREMkUyOTg2NTQ2NDEy
RjQ0RjE1QjAeFw0yNTEwMDcwODU1MDBaFw0yNjEwMDYwOTAwMDBaMDMxMTAvBgNV
BAMTKDBEMzUyMkEwNDk4QjZBMDk2QjY5MDFFNTAyNUE4OTRGOERFREIyNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfJ/eTnP6/mKgw12HNEX1cfAe
kIRZOpChUF/FpnT+5bhMdU0sHyGUcF2Jkp7HIr8YF+fWytPoNDhmjtaGEJ8u2KAq
df8GM0H8MC2fbyXIY5y1EvXdGDNLIn3DsX4ETUhMEB2iIaBOVZovHSith7tW6i6r
/etWQvYYFvTpN+arABiY7clBfU/M3r/F96ZOqIKWGxITg9RVhKTW8UL0prIHqnI0
fakiOYTWjiPRjuaTYUIFYZbl4zc99Y63Awqovm0ornteB55SE7QtnsmG7N0bRbW0
+g2HaetEL1JSRuHyF3UaQDOsNE79Ip+sCQkykJgfD4ENNpL91G8nknfNV4j/AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUDTUioEmLaglraQHlAlqJT43tsnYwHwYDVR0j
BBgwFoAUIfXhUro+JVYepNLimGVGQS9E8VswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
M2RkNjEzNS01NDhjLTQ4ODEtYWY3OC05M2FmOWYyYTI1MTYvMC8yMUY1RTE1MkJB
M0UyNTU2MUVBNEQyRTI5ODY1NDY0MTJGNDRGMTVCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjFGNUUxNTJCQTNFMjU1NjFFQTREMkUyOTg2NTQ2NDEyRjQ0
RjE1Qi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2MzZGQ2MTM1LTU0OGMtNDg4MS1h
Zjc4LTkzYWY5ZjJhMjUxNi8wLzMxMzAzMzJlMzEzMDM2MmUzNzM2MmUzMDJmMzIz
MjJkMzIzMjIwM2QzZTIwMzQzNjMwMzIzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmdqTDANBgkqhkiG
9w0BAQsFAAOCAQEAiyLJe4LxDw7m2ckIfP4Skz1GmGe0RJOTjyeTkYuH/6q/M/sK
UHRoO8dhtA5tvpH2vaAsoop8bvPzzqs0nI6jx5QgBrEZEkdea27B3KrogFAc2n32
qEDbV7BgS9rUarXc4/uRDZ40e4B32TRf4eHLB4m/m9jMLWAzV+qVxpzR52iNaRMh
sWVUyC6z9rJEpGTLuiY37LuWwmQG7/7mUMBYjji4I/D24LxL3gi0GFYwz8eDMenL
0mdEegDkbxda+YfEibvpu8oFmwzhg3EQ5gEah9pA0ykMZ6ZdM5tBQzfiY6UgnnCH
iP2rR0aSSFPfoy6CKdjJ7n55QPYHAsLYQfstUQ==
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:58:39 2025 by rpki-client