Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/3130332e35322e36302e302f32342d3234203d3e20313338383831.roa
File:                     3130332e35322e36302e302f32342d3234203d3e20313338383831.roa (raw, json)
Hash identifier:          KQJJinQjYftmYqVjX+nqcS8sYhsgrCSBnaTeyaDu8pU=
Subject key identifier:   BF:F5:80:0A:B8:2E:A5:9B:B8:17:31:90:B4:65:FF:82:6E:D4:26:0C
Certificate issuer:       /CN=A17DC55845B70106CEB3A498496454BE640F44AB
Certificate serial:       5DD67D935F62973BAE1FE7CCA81CBAC71E92F8CD
Authority key identifier: A1:7D:C5:58:45:B7:01:06:CE:B3:A4:98:49:64:54:BE:64:0F:44:AB
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A17DC55845B70106CEB3A498496454BE640F44AB.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/3130332e35322e36302e302f32342d3234203d3e20313338383831.roa
Signing time:             Wed 10 Sep 2025 07:01:25 +0000
ROA not before:           Wed 10 Sep 2025 06:56:25 +0000
ROA not after:            Wed 09 Sep 2026 07:01:25 +0000
asID:                     138881
IP address blocks:        103.52.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/A17DC55845B70106CEB3A498496454BE640F44AB.crl
                          rsync://repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/A17DC55845B70106CEB3A498496454BE640F44AB.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A17DC55845B70106CEB3A498496454BE640F44AB.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 11:29:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:d6:7d:93:5f:62:97:3b:ae:1f:e7:cc:a8:1c:ba:c7:1e:92:f8:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A17DC55845B70106CEB3A498496454BE640F44AB
        Validity
            Not Before: Sep 10 06:56:25 2025 GMT
            Not After : Sep  9 07:01:25 2026 GMT
        Subject: CN=BFF5800AB82EA59BB8173190B465FF826ED4260C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6b:5e:b4:bb:62:8f:ae:7e:69:f7:5d:ef:9d:
                    26:98:e2:f5:7e:88:07:bc:4b:f4:63:1d:7b:4b:6d:
                    ca:49:8b:8c:4d:a3:ac:24:21:36:d9:02:e4:46:89:
                    3d:3a:ea:87:d7:55:ad:cc:40:70:d7:a6:e0:a5:33:
                    8f:80:02:bd:e4:75:80:ec:46:2c:f4:6b:b1:12:d9:
                    f9:be:1f:db:84:51:86:47:b2:7b:26:f7:a0:10:ac:
                    b7:b0:30:f0:df:91:c8:5b:72:4a:c2:6e:f0:ea:62:
                    20:1f:4d:cc:1f:c6:e2:df:da:d0:13:4a:4a:46:a1:
                    85:56:19:91:bb:df:a5:63:a4:9f:76:db:f1:ac:4e:
                    17:bd:d0:7d:37:a5:de:ec:79:fd:ee:17:6b:56:9c:
                    55:df:84:f2:12:3c:6e:78:dc:00:09:47:7c:71:77:
                    15:00:e5:f3:62:dc:7a:2e:b6:ae:a7:00:ce:42:e2:
                    62:f6:61:86:d8:32:24:dd:8a:a8:4f:10:a3:10:65:
                    61:77:0d:76:fe:5d:f6:87:ee:38:6b:8d:da:9e:b9:
                    e0:ec:b9:48:79:c5:50:db:54:aa:1f:66:12:d4:b3:
                    09:67:50:35:3d:e1:1f:e8:18:62:7f:7f:ac:1b:7a:
                    c5:d1:11:38:de:64:77:48:ee:86:5c:3e:6b:0c:2a:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F5:80:0A:B8:2E:A5:9B:B8:17:31:90:B4:65:FF:82:6E:D4:26:0C
            X509v3 Authority Key Identifier:
                keyid:A1:7D:C5:58:45:B7:01:06:CE:B3:A4:98:49:64:54:BE:64:0F:44:AB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/A17DC55845B70106CEB3A498496454BE640F44AB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/A17DC55845B70106CEB3A498496454BE640F44AB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d61b8ccc-6c22-424e-9614-8ab8ad28849c/0/3130332e35322e36302e302f32342d3234203d3e20313338383831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.52.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:72:3a:6b:88:11:88:c6:9d:0f:80:4e:b8:78:f4:6c:6a:6a:
         28:43:93:4c:4a:7e:7e:9e:9f:b0:d8:bd:48:fc:88:16:3f:fa:
         7e:df:ed:b7:24:8f:d9:07:f5:03:70:03:49:5e:2e:77:50:ae:
         5f:5b:05:a5:c8:d0:f3:fb:ad:bf:6b:77:72:3d:81:24:8e:f7:
         09:24:1b:04:52:fd:b3:cc:80:57:a7:6f:ee:cb:5b:48:5b:6b:
         c3:7a:da:ea:7e:27:ed:4b:97:22:43:d7:25:f3:3a:01:64:af:
         a5:66:1a:b0:56:f7:46:38:a3:ce:0c:e0:a0:ff:e2:c6:c8:19:
         8e:41:6f:39:fe:b5:8e:45:5c:87:ed:13:43:42:b3:be:c7:00:
         15:9b:7d:81:9e:6d:46:64:fd:77:2f:63:4a:2a:72:f6:67:4f:
         1f:5a:6c:a0:5c:71:21:91:61:44:33:53:c7:b9:2c:e3:01:0f:
         5d:1e:78:8a:64:fc:71:4f:6c:15:61:17:9b:e9:5d:d4:ec:4d:
         3e:23:46:0d:11:00:17:b7:f8:5e:90:5d:4b:3c:a5:01:77:7e:
         fb:b1:2d:3c:60:21:2e:2f:61:40:e8:e4:75:c1:5d:cc:11:d5:
         c8:8d:f3:bd:43:5b:b6:ce:7c:aa:40:4f:e0:9c:06:02:c4:4c:
         45:12:db:a4
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUXdZ9k19ilzuuH+fMqBy6xx6S+M0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTE3REM1NTg0NUI3MDEwNkNFQjNBNDk4NDk2NDU0QkU2
NDBGNDRBQjAeFw0yNTA5MTAwNjU2MjVaFw0yNjA5MDkwNzAxMjVaMDMxMTAvBgNV
BAMTKEJGRjU4MDBBQjgyRUE1OUJCODE3MzE5MEI0NjVGRjgyNkVENDI2MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMa160u2KPrn5p913vnSaY4vV+
iAe8S/RjHXtLbcpJi4xNo6wkITbZAuRGiT066ofXVa3MQHDXpuClM4+AAr3kdYDs
Riz0a7ES2fm+H9uEUYZHsnsm96AQrLewMPDfkchbckrCbvDqYiAfTcwfxuLf2tAT
SkpGoYVWGZG736VjpJ922/GsThe90H03pd7sef3uF2tWnFXfhPISPG543AAJR3xx
dxUA5fNi3Houtq6nAM5C4mL2YYbYMiTdiqhPEKMQZWF3DXb+XfaH7jhrjdqeueDs
uUh5xVDbVKofZhLUswlnUDU94R/oGGJ/f6wbesXRETjeZHdI7oZcPmsMKow/AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUv/WACrgupZu4FzGQtGX/gm7UJgwwHwYDVR0j
BBgwFoAUoX3FWEW3AQbOs6SYSWRUvmQPRKswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
NjFiOGNjYy02YzIyLTQyNGUtOTYxNC04YWI4YWQyODg0OWMvMC9BMTdEQzU1ODQ1
QjcwMTA2Q0VCM0E0OTg0OTY0NTRCRTY0MEY0NEFCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQTE3REM1NTg0NUI3MDEwNkNFQjNBNDk4NDk2NDU0QkU2NDBG
NDRBQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2Q2MWI4Y2NjLTZjMjItNDI0ZS05
NjE0LThhYjhhZDI4ODQ5Yy8wLzMxMzAzMzJlMzUzMjJlMzYzMDJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzMzODM4MzgzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGc0PDANBgkqhkiG
9w0BAQsFAAOCAQEAi3I6a4gRiMadD4BOuHj0bGpqKEOTTEp+fp6fsNi9SPyIFj/6
ft/ttySP2Qf1A3ADSV4ud1CuX1sFpcjQ8/utv2t3cj2BJI73CSQbBFL9s8yAV6dv
7stbSFtrw3ra6n4n7UuXIkPXJfM6AWSvpWYasFb3RjijzgzgoP/ixsgZjkFvOf61
jkVch+0TQ0KzvscAFZt9gZ5tRmT9dy9jSipy9mdPH1psoFxxIZFhRDNTx7ks4wEP
XR54imT8cU9sFWEXm+ld1OxNPiNGDREAF7f4XpBdSzylAXd++7EtPGAhLi9hQOjk
dcFdzBHVyI3zvUNbts58qkBP4JwGAsRMRRLbpA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:30:46 2025 by rpki-client