Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/3130332e32332e32302e302f32322d3234203d3e203538333937.roa
File:                     3130332e32332e32302e302f32322d3234203d3e203538333937.roa (raw, json)
Hash identifier:          fxRWeEdUZsQcOgrNyDGJ7oXqFe+EeQD/MHcFmS1cl7s=
Subject key identifier:   05:A9:D1:11:73:EF:19:6E:A4:4D:14:92:AF:65:51:B1:88:AD:82:52
Certificate issuer:       /CN=8A95FAF723EC129E336E75ACE1CD4F3094FB6481
Certificate serial:       6C5730C1B6F77C62682A5154BBAB03FD795DC9E5
Authority key identifier: 8A:95:FA:F7:23:EC:12:9E:33:6E:75:AC:E1:CD:4F:30:94:FB:64:81
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/3130332e32332e32302e302f32322d3234203d3e203538333937.roa
Signing time:             Sat 11 Oct 2025 12:00:01 +0000
ROA not before:           Sat 11 Oct 2025 11:55:01 +0000
ROA not after:            Sat 10 Oct 2026 12:00:01 +0000
asID:                     58397
IP address blocks:        103.23.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.crl
                          rsync://repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 22:27:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:57:30:c1:b6:f7:7c:62:68:2a:51:54:bb:ab:03:fd:79:5d:c9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8A95FAF723EC129E336E75ACE1CD4F3094FB6481
        Validity
            Not Before: Oct 11 11:55:01 2025 GMT
            Not After : Oct 10 12:00:01 2026 GMT
        Subject: CN=05A9D11173EF196EA44D1492AF6551B188AD8252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9a:c6:20:0c:e3:8a:cb:2a:41:81:1b:9e:49:
                    06:4c:ac:52:aa:20:34:c0:41:1f:56:cc:83:a5:5e:
                    b5:ce:c2:ad:21:91:63:39:d3:a7:79:68:15:b2:07:
                    61:dc:a5:49:30:78:f5:b0:bc:70:22:ca:e2:ff:1c:
                    04:fe:56:69:33:72:ed:64:89:7e:c2:04:7d:76:f1:
                    d9:70:ba:e8:fe:5d:35:26:35:c1:39:9a:4e:cc:ef:
                    37:aa:44:8a:a2:a5:2e:15:90:6b:4e:ff:b7:40:5f:
                    a5:44:0f:b7:5d:77:49:2a:76:47:64:0f:03:9f:1e:
                    9d:e3:cc:80:55:e6:8d:ad:f5:d8:47:b9:87:ca:05:
                    c2:87:ba:bf:4d:24:a2:a1:5b:47:c3:ba:82:cb:93:
                    12:5f:86:3e:16:69:db:0f:81:40:8b:b1:53:0b:71:
                    00:5b:95:2d:cc:d0:73:3f:56:cd:bb:50:68:31:5b:
                    ef:f7:b9:7b:26:d9:3c:22:4f:23:e9:b5:ee:26:55:
                    dd:a2:3c:f6:57:24:12:9e:61:bf:97:d2:8b:ff:0c:
                    d8:d0:f2:61:66:3a:71:f0:ef:18:54:17:78:d6:cf:
                    0f:d2:96:16:83:65:80:4e:01:38:8d:c2:24:29:c6:
                    a7:b8:b6:e2:bf:84:fe:38:59:72:a0:c7:4f:4f:c4:
                    be:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A9:D1:11:73:EF:19:6E:A4:4D:14:92:AF:65:51:B1:88:AD:82:52
            X509v3 Authority Key Identifier:
                keyid:8A:95:FA:F7:23:EC:12:9E:33:6E:75:AC:E1:CD:4F:30:94:FB:64:81

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8A95FAF723EC129E336E75ACE1CD4F3094FB6481.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d8b98722-1cb4-40d4-ac8b-c3bca2bca217/0/3130332e32332e32302e302f32322d3234203d3e203538333937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.23.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:39:f8:84:5a:39:58:7f:77:01:1f:14:7f:fb:5e:3a:6e:53:
         34:94:fd:11:68:5e:84:46:70:0c:8c:79:5f:7d:2d:75:e1:50:
         5e:0d:f2:e3:cf:61:bb:7c:3c:71:5c:42:5b:54:50:37:16:c2:
         23:a3:e1:52:69:6e:fd:f1:dd:ab:4a:ea:07:87:57:aa:38:46:
         86:2c:2b:39:09:79:4e:9a:83:46:d6:f7:0e:ba:c7:78:b0:18:
         0d:97:f6:47:28:35:ab:26:b4:b2:a6:66:5e:87:78:99:81:c2:
         c9:f2:b6:72:9c:e1:a3:55:96:c3:88:6d:0f:3c:d6:b5:00:e7:
         19:a0:a9:fa:84:84:b8:f0:78:27:ca:e3:de:aa:97:61:c8:6d:
         c0:10:3f:9c:8b:6e:80:6e:6e:00:66:b3:de:74:28:6e:9c:9f:
         3d:c7:93:61:ba:d9:e5:2d:66:a2:ac:69:87:ba:19:79:57:b9:
         e9:cf:94:69:26:9a:14:65:d2:f5:45:e5:93:43:de:a0:4d:ab:
         2f:49:b2:eb:a1:eb:72:07:6c:4b:bb:ad:6a:bd:f7:40:73:f1:
         be:06:be:4e:ad:c6:ab:f0:c5:d6:48:98:63:dd:76:a1:a8:9f:
         47:23:a8:b5:1b:2a:05:8a:60:23:bf:47:75:d4:1e:de:f5:62:
         dc:42:66:b2
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUbFcwwbb3fGJoKlFUu6sD/XldyeUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEE5NUZBRjcyM0VDMTI5RTMzNkU3NUFDRTFDRDRGMzA5
NEZCNjQ4MTAeFw0yNTEwMTExMTU1MDFaFw0yNjEwMTAxMjAwMDFaMDMxMTAvBgNV
BAMTKDA1QTlEMTExNzNFRjE5NkVBNDREMTQ5MkFGNjU1MUIxODhBRDgyNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7msYgDOOKyypBgRueSQZMrFKq
IDTAQR9WzIOlXrXOwq0hkWM506d5aBWyB2HcpUkwePWwvHAiyuL/HAT+Vmkzcu1k
iX7CBH128dlwuuj+XTUmNcE5mk7M7zeqRIqipS4VkGtO/7dAX6VED7ddd0kqdkdk
DwOfHp3jzIBV5o2t9dhHuYfKBcKHur9NJKKhW0fDuoLLkxJfhj4WadsPgUCLsVML
cQBblS3M0HM/Vs27UGgxW+/3uXsm2TwiTyPpte4mVd2iPPZXJBKeYb+X0ov/DNjQ
8mFmOnHw7xhUF3jWzw/SlhaDZYBOATiNwiQpxqe4tuK/hP44WXKgx09PxL6vAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUBanREXPvGW6kTRSSr2VRsYitglIwHwYDVR0j
BBgwFoAUipX69yPsEp4zbnWs4c1PMJT7ZIEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
OGI5ODcyMi0xY2I0LTQwZDQtYWM4Yi1jM2JjYTJiY2EyMTcvMC84QTk1RkFGNzIz
RUMxMjlFMzM2RTc1QUNFMUNENEYzMDk0RkI2NDgxLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEE5NUZBRjcyM0VDMTI5RTMzNkU3NUFDRTFDRDRGMzA5NEZC
NjQ4MS5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2Q4Yjk4NzIyLTFjYjQtNDBkNC1h
YzhiLWMzYmNhMmJjYTIxNy8wLzMxMzAzMzJlMzIzMzJlMzIzMDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDM1MzgzMzM5Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJnFxQwDQYJKoZIhvcN
AQELBQADggEBAAE5+IRaOVh/dwEfFH/7XjpuUzSU/RFoXoRGcAyMeV99LXXhUF4N
8uPPYbt8PHFcQltUUDcWwiOj4VJpbv3x3atK6geHV6o4RoYsKzkJeU6ag0bW9w66
x3iwGA2X9kcoNasmtLKmZl6HeJmBwsnytnKc4aNVlsOIbQ881rUA5xmgqfqEhLjw
eCfK496ql2HIbcAQP5yLboBubgBms950KG6cnz3Hk2G62eUtZqKsaYe6GXlXuenP
lGkmmhRl0vVF5ZND3qBNqy9Jsuuh63IHbEu7rWq990Bz8b4Gvk6txqvwxdZImGPd
dqGon0cjqLUbKgWKYCO/R3XUHt71YtxCZrI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 22:46:50 2025 by rpki-client