Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/3130332e39302e36362e302f32332d3233203d3e20313530323635.roa
File:                     3130332e39302e36362e302f32332d3233203d3e20313530323635.roa (raw, json)
Hash identifier:          OlSEaMFgO7PKKnmIhsUPpO1TcfNohwlH/C3NH/NvhZg=
Subject key identifier:   60:88:F6:97:ED:1F:73:B0:8C:6E:53:A6:40:03:57:C9:82:AA:65:76
Certificate issuer:       /CN=5B8C3A29E90C25CBF4615124B117BE7FC013C61E
Certificate serial:       0251E47BF8656D0F0393CB67D314F3A3254840AA
Authority key identifier: 5B:8C:3A:29:E9:0C:25:CB:F4:61:51:24:B1:17:BE:7F:C0:13:C6:1E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/3130332e39302e36362e302f32332d3233203d3e20313530323635.roa
Signing time:             Thu 18 Sep 2025 14:00:00 +0000
ROA not before:           Thu 18 Sep 2025 13:55:00 +0000
ROA not after:            Thu 17 Sep 2026 14:00:00 +0000
asID:                     150265
IP address blocks:        103.90.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.crl
                          rsync://repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 11:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:51:e4:7b:f8:65:6d:0f:03:93:cb:67:d3:14:f3:a3:25:48:40:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5B8C3A29E90C25CBF4615124B117BE7FC013C61E
        Validity
            Not Before: Sep 18 13:55:00 2025 GMT
            Not After : Sep 17 14:00:00 2026 GMT
        Subject: CN=6088F697ED1F73B08C6E53A6400357C982AA6576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:25:77:59:24:ed:67:53:0c:68:df:44:0a:42:
                    9b:e4:ef:c9:dd:f5:ea:15:6f:34:e2:63:82:9b:18:
                    9f:8c:6c:c1:26:df:e6:77:0b:36:ef:5e:31:ae:b1:
                    32:d3:6a:59:4c:11:c1:95:11:96:13:ca:b7:0e:c2:
                    e3:a5:23:d8:45:f2:5b:43:ee:8b:42:c4:7a:30:2f:
                    f2:a3:8c:b9:c6:37:b4:93:43:ed:c8:19:03:e6:db:
                    7d:ce:26:2f:38:02:b2:17:6b:25:07:f7:ce:3c:95:
                    f8:56:1d:94:10:f1:44:48:09:ae:ef:2c:fa:ab:21:
                    7f:d4:12:41:44:90:80:bb:b0:3c:01:85:ab:ea:4c:
                    71:fd:ad:b6:1c:43:16:8b:5b:92:7c:da:68:38:59:
                    32:05:85:17:a6:b2:46:20:1b:41:eb:dd:9a:f2:84:
                    61:a9:45:f4:c1:03:c8:d1:06:dd:c8:b8:e4:5e:84:
                    78:7f:5e:83:55:f2:db:e5:2c:3d:bf:7d:48:b7:7c:
                    b2:1b:5d:86:a9:4b:a1:bc:8a:b9:66:b3:8c:5d:dd:
                    df:cf:97:90:67:dd:8a:52:ee:53:fc:ac:5a:e3:16:
                    b2:ff:2d:e1:2d:1e:b8:27:33:73:e3:0c:e9:58:b1:
                    0b:ab:35:ed:25:35:29:f1:27:9d:05:09:6c:37:d3:
                    00:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:88:F6:97:ED:1F:73:B0:8C:6E:53:A6:40:03:57:C9:82:AA:65:76
            X509v3 Authority Key Identifier:
                keyid:5B:8C:3A:29:E9:0C:25:CB:F4:61:51:24:B1:17:BE:7F:C0:13:C6:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5B8C3A29E90C25CBF4615124B117BE7FC013C61E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c9f3c769-cfb1-4206-9f54-c0587e63ba5b/0/3130332e39302e36362e302f32332d3233203d3e20313530323635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.90.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:fa:3e:ef:3c:13:9c:29:71:fc:f8:45:ff:40:88:07:9f:a0:
         8a:12:35:7c:4e:b7:c2:97:be:0a:51:eb:ad:a6:84:44:fd:0c:
         ec:da:8e:5e:e9:bc:00:ce:87:40:b6:55:10:ed:8f:43:a4:81:
         8b:22:64:31:f1:29:db:2b:f7:56:3e:58:67:f8:a1:82:8d:ed:
         95:65:2a:b9:b0:2b:e7:91:40:fa:f1:fa:e2:a0:67:86:27:32:
         e2:ed:90:c5:9e:94:c7:65:6c:35:5d:73:8e:35:f1:bd:d4:d9:
         b2:8d:75:86:0d:f0:eb:b0:5f:2a:02:0b:e5:be:99:6c:81:9f:
         c8:a9:6c:2d:94:52:3d:3a:b9:25:a7:39:ae:98:1e:47:2b:31:
         4e:a3:2d:71:20:5e:f9:a8:58:8f:e7:45:81:4a:19:ee:79:56:
         5a:84:30:da:0e:bf:29:42:61:16:b4:2b:5e:0e:01:54:78:a4:
         dc:4d:df:de:1c:8b:45:80:81:8c:ec:74:d6:b5:b7:ee:75:40:
         01:ca:c6:cb:21:ea:04:66:29:e6:82:c5:ed:d1:d1:64:83:d8:
         d2:fd:73:93:8b:f4:54:e2:52:ff:14:20:58:ee:34:ae:43:54:
         45:89:f7:e2:38:9e:0c:c5:0d:dd:44:61:62:f6:00:a4:fb:24:
         28:c1:43:b7
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUAlHke/hlbQ8Dk8tn0xTzoyVIQKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNUI4QzNBMjlFOTBDMjVDQkY0NjE1MTI0QjExN0JFN0ZD
MDEzQzYxRTAeFw0yNTA5MTgxMzU1MDBaFw0yNjA5MTcxNDAwMDBaMDMxMTAvBgNV
BAMTKDYwODhGNjk3RUQxRjczQjA4QzZFNTNBNjQwMDM1N0M5ODJBQTY1NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbJXdZJO1nUwxo30QKQpvk78nd
9eoVbzTiY4KbGJ+MbMEm3+Z3CzbvXjGusTLTallMEcGVEZYTyrcOwuOlI9hF8ltD
7otCxHowL/KjjLnGN7STQ+3IGQPm233OJi84ArIXayUH9848lfhWHZQQ8URICa7v
LPqrIX/UEkFEkIC7sDwBhavqTHH9rbYcQxaLW5J82mg4WTIFhRemskYgG0Hr3Zry
hGGpRfTBA8jRBt3IuORehHh/XoNV8tvlLD2/fUi3fLIbXYapS6G8irlms4xd3d/P
l5Bn3YpS7lP8rFrjFrL/LeEtHrgnM3PjDOlYsQurNe0lNSnxJ50FCWw30wBjAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUYIj2l+0fc7CMblOmQANXyYKqZXYwHwYDVR0j
BBgwFoAUW4w6KekMJcv0YVEksRe+f8ATxh4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
OWYzYzc2OS1jZmIxLTQyMDYtOWY1NC1jMDU4N2U2M2JhNWIvMC81QjhDM0EyOUU5
MEMyNUNCRjQ2MTUxMjRCMTE3QkU3RkMwMTNDNjFFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNUI4QzNBMjlFOTBDMjVDQkY0NjE1MTI0QjExN0JFN0ZDMDEz
QzYxRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2M5ZjNjNzY5LWNmYjEtNDIwNi05
ZjU0LWMwNTg3ZTYzYmE1Yi8wLzMxMzAzMzJlMzkzMDJlMzYzNjJlMzAyZjMyMzMy
ZDMyMzMyMDNkM2UyMDMxMzUzMDMyMzYzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAWdaQjANBgkqhkiG
9w0BAQsFAAOCAQEAwPo+7zwTnClx/PhF/0CIB5+gihI1fE63wpe+ClHrraaERP0M
7NqOXum8AM6HQLZVEO2PQ6SBiyJkMfEp2yv3Vj5YZ/ihgo3tlWUqubAr55FA+vH6
4qBnhicy4u2QxZ6Ux2VsNV1zjjXxvdTZso11hg3w67BfKgIL5b6ZbIGfyKlsLZRS
PTq5Jac5rpgeRysxTqMtcSBe+ahYj+dFgUoZ7nlWWoQw2g6/KUJhFrQrXg4BVHik
3E3f3hyLRYCBjOx01rW37nVAAcrGyyHqBGYp5oLF7dHRZIPY0v1zk4v0VOJS/xQg
WO40rkNURYn34jieDMUN3URhYvYApPskKMFDtw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:49:42 2025 by rpki-client