Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa
File:                     3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa (raw, json)
Hash identifier:          +5s73n1GRDKOs1PLsu8AmlmjjmE1TE3hQKNaKdkD1e0=
Subject key identifier:   40:66:3A:AF:17:92:4C:6A:23:B9:12:F2:CA:B6:D1:49:B2:80:BA:34
Certificate issuer:       /CN=0D800491C03BFB579D58FFC7A24CAA8710845A9C
Certificate serial:       67B1C1D631CFB30AA7EB5FDCB61226838E449BE8
Authority key identifier: 0D:80:04:91:C0:3B:FB:57:9D:58:FF:C7:A2:4C:AA:87:10:84:5A:9C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0D800491C03BFB579D58FFC7A24CAA8710845A9C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa
Signing time:             Wed 17 Sep 2025 11:00:00 +0000
ROA not before:           Wed 17 Sep 2025 10:55:00 +0000
ROA not after:            Wed 16 Sep 2026 11:00:00 +0000
asID:                     139433
IP address blocks:        103.144.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/0D800491C03BFB579D58FFC7A24CAA8710845A9C.crl
                          rsync://repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/0D800491C03BFB579D58FFC7A24CAA8710845A9C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0D800491C03BFB579D58FFC7A24CAA8710845A9C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 18:55:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:b1:c1:d6:31:cf:b3:0a:a7:eb:5f:dc:b6:12:26:83:8e:44:9b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0D800491C03BFB579D58FFC7A24CAA8710845A9C
        Validity
            Not Before: Sep 17 10:55:00 2025 GMT
            Not After : Sep 16 11:00:00 2026 GMT
        Subject: CN=40663AAF17924C6A23B912F2CAB6D149B280BA34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1a:82:ea:46:58:ef:b3:f1:58:ad:bc:ad:a1:
                    52:a3:59:ce:4d:3c:be:91:e6:2f:a1:b5:06:92:18:
                    2e:b9:29:1e:9d:de:db:aa:5a:4b:63:d6:04:e0:62:
                    b6:21:2d:81:8e:1a:3c:07:b5:1a:cc:78:1f:53:1e:
                    aa:74:4f:7c:9d:f6:ea:78:e5:79:e8:93:e0:9a:86:
                    f6:72:af:e5:2b:88:b9:65:f3:77:14:ea:ce:db:7d:
                    0f:59:fb:54:91:5d:fb:c4:7c:6e:de:aa:74:70:34:
                    4e:76:8b:01:e4:2e:80:a2:fa:06:1f:39:4b:bf:e3:
                    68:96:87:56:c4:21:74:37:25:02:9e:ac:b0:11:ee:
                    5e:7e:f5:16:f1:c7:92:7d:7e:97:82:81:aa:c6:94:
                    e6:4d:8e:56:4c:3d:79:e9:74:27:90:b9:6c:14:cc:
                    2b:a1:62:7a:d7:96:29:85:ec:6b:40:f1:90:7b:fc:
                    e7:41:33:95:76:91:06:f2:c1:dc:2b:9e:f1:9d:6e:
                    1a:66:b8:28:78:77:d9:d9:de:4e:61:0f:5f:7a:ce:
                    50:f6:da:26:f1:71:80:85:e5:36:35:83:e0:e6:d9:
                    4c:a6:f2:53:55:30:4e:aa:f7:b7:d9:23:0a:8b:9e:
                    15:b0:69:06:f1:05:e4:d3:fd:90:78:b3:49:75:fb:
                    3e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:66:3A:AF:17:92:4C:6A:23:B9:12:F2:CA:B6:D1:49:B2:80:BA:34
            X509v3 Authority Key Identifier:
                keyid:0D:80:04:91:C0:3B:FB:57:9D:58:FF:C7:A2:4C:AA:87:10:84:5A:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/0D800491C03BFB579D58FFC7A24CAA8710845A9C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0D800491C03BFB579D58FFC7A24CAA8710845A9C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/ca96f458-ce5e-41a2-a232-9964f4988a06/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.144.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:df:cb:f3:c1:70:c4:15:fe:5b:65:51:56:4f:5e:0d:c6:db:
         4c:83:b5:a8:de:1a:3a:0e:34:7e:1d:59:5b:a7:6d:af:39:37:
         09:f3:51:f3:86:eb:1e:12:f4:6a:c0:ca:7b:b2:6c:8f:ed:37:
         eb:45:bf:c9:04:61:8f:37:52:9f:cf:d8:57:38:38:79:cb:ff:
         70:32:3e:19:4d:19:68:01:55:3d:ab:94:61:59:1f:83:22:ba:
         e4:f4:74:18:0b:50:51:5f:60:3a:c0:fc:bb:98:88:aa:91:e3:
         1b:37:f6:56:98:8e:a2:71:25:af:b5:e5:a0:77:f8:de:ce:8a:
         6c:78:d8:46:18:f3:da:bf:1f:fb:e4:a2:ca:17:e7:17:64:71:
         23:46:1b:ad:00:af:2d:6b:19:4d:85:9e:c5:37:4b:cc:09:8a:
         4a:50:c8:30:d8:76:9a:b9:59:c9:09:68:7f:7b:f5:51:ce:33:
         26:b3:f9:e7:d5:41:bd:d8:c4:40:ef:ac:23:88:23:9f:8e:38:
         c1:e5:6e:b6:ec:03:e8:f3:92:ce:27:aa:8b:c6:9f:95:22:45:
         04:60:a3:cd:52:1c:6d:ed:98:91:20:0f:0e:6d:ef:27:cc:4c:
         32:eb:4a:83:c2:7f:68:af:49:84:86:c7:d6:0a:f0:41:16:c5:
         61:d4:c8:09
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUZ7HB1jHPswqn61/cthImg45Em+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMEQ4MDA0OTFDMDNCRkI1NzlENThGRkM3QTI0Q0FBODcx
MDg0NUE5QzAeFw0yNTA5MTcxMDU1MDBaFw0yNjA5MTYxMTAwMDBaMDMxMTAvBgNV
BAMTKDQwNjYzQUFGMTc5MjRDNkEyM0I5MTJGMkNBQjZEMTQ5QjI4MEJBMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmGoLqRljvs/FYrbytoVKjWc5N
PL6R5i+htQaSGC65KR6d3tuqWktj1gTgYrYhLYGOGjwHtRrMeB9THqp0T3yd9up4
5Xnok+CahvZyr+UriLll83cU6s7bfQ9Z+1SRXfvEfG7eqnRwNE52iwHkLoCi+gYf
OUu/42iWh1bEIXQ3JQKerLAR7l5+9Rbxx5J9fpeCgarGlOZNjlZMPXnpdCeQuWwU
zCuhYnrXlimF7GtA8ZB7/OdBM5V2kQbywdwrnvGdbhpmuCh4d9nZ3k5hD196zlD2
2ibxcYCF5TY1g+Dm2Uym8lNVME6q97fZIwqLnhWwaQbxBeTT/ZB4s0l1+z4VAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUQGY6rxeSTGojuRLyyrbRSbKAujQwHwYDVR0j
BBgwFoAUDYAEkcA7+1edWP/HokyqhxCEWpwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
YTk2ZjQ1OC1jZTVlLTQxYTItYTIzMi05OTY0ZjQ5ODhhMDYvMC8wRDgwMDQ5MUMw
M0JGQjU3OUQ1OEZGQzdBMjRDQUE4NzEwODQ1QTlDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMEQ4MDA0OTFDMDNCRkI1NzlENThGRkM3QTI0Q0FBODcxMDg0
NUE5Qy5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2NhOTZmNDU4LWNlNWUtNDFhMi1h
MjMyLTk5NjRmNDk4OGEwNi8wLzMxMzAzMzJlMzEzNDM0MmUzMTMyMzgyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzMTMzMzkzNDMzMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnkIAwDQYJ
KoZIhvcNAQELBQADggEBACbfy/PBcMQV/ltlUVZPXg3G20yDtajeGjoONH4dWVun
ba85NwnzUfOG6x4S9GrAynuybI/tN+tFv8kEYY83Up/P2Fc4OHnL/3AyPhlNGWgB
VT2rlGFZH4MiuuT0dBgLUFFfYDrA/LuYiKqR4xs39laYjqJxJa+15aB3+N7Oimx4
2EYY89q/H/vkosoX5xdkcSNGG60Ary1rGU2FnsU3S8wJikpQyDDYdpq5WckJaH97
9VHOMyaz+efVQb3YxEDvrCOII5+OOMHlbrbsA+jzks4nqovGn5UiRQRgo81SHG3t
mJEgDw5t7yfMTDLrSoPCf2ivSYSGx9YK8EEWxWHUyAk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:55:18 2025 by rpki-client