Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/3131372e35332e3135312e302f32342d3234203d3e203538333937.roa
File:                     3131372e35332e3135312e302f32342d3234203d3e203538333937.roa (raw, json)
Hash identifier:          NacNr8tlzmpb4QfQ/myDM10o14kPPy00AmDGdwRiRcE=
Subject key identifier:   0E:E8:50:C4:5E:E8:A0:50:95:F2:1B:48:2A:3B:94:66:5B:E7:EA:E1
Certificate issuer:       /CN=C69005BB7BA468A10A32CE44E9C4CE78538998AE
Certificate serial:       5CDFC6BFCEFF1C7CEB4B8E924D925062EF542AFB
Authority key identifier: C6:90:05:BB:7B:A4:68:A1:0A:32:CE:44:E9:C4:CE:78:53:89:98:AE
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C69005BB7BA468A10A32CE44E9C4CE78538998AE.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/3131372e35332e3135312e302f32342d3234203d3e203538333937.roa
Signing time:             Fri 10 Oct 2025 22:00:01 +0000
ROA not before:           Fri 10 Oct 2025 21:55:01 +0000
ROA not after:            Fri 09 Oct 2026 22:00:01 +0000
asID:                     58397
IP address blocks:        117.53.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/C69005BB7BA468A10A32CE44E9C4CE78538998AE.crl
                          rsync://repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/C69005BB7BA468A10A32CE44E9C4CE78538998AE.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C69005BB7BA468A10A32CE44E9C4CE78538998AE.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 11:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:df:c6:bf:ce:ff:1c:7c:eb:4b:8e:92:4d:92:50:62:ef:54:2a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C69005BB7BA468A10A32CE44E9C4CE78538998AE
        Validity
            Not Before: Oct 10 21:55:01 2025 GMT
            Not After : Oct  9 22:00:01 2026 GMT
        Subject: CN=0EE850C45EE8A05095F21B482A3B94665BE7EAE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:16:b1:5e:02:b6:f5:c2:9d:b8:fe:8e:4a:5a:
                    63:0f:2c:a6:29:18:68:ec:d4:7e:a8:01:75:07:11:
                    d2:25:95:2e:b1:b5:72:2b:44:f0:c9:9e:ef:65:b8:
                    07:a9:55:09:e1:22:27:16:fd:d1:70:05:ab:6a:fc:
                    b6:a3:26:89:2f:0e:6e:4b:d3:7f:97:ef:41:f6:b3:
                    a1:98:54:8b:36:68:f2:9d:1c:fa:2d:db:f9:f8:ee:
                    73:bf:74:0c:f8:b9:38:54:64:c2:63:e6:ec:82:be:
                    a1:e9:0a:e1:d9:98:fc:43:13:ef:7b:6b:8b:e8:7d:
                    bb:4d:ed:62:2d:21:78:ed:b5:22:9b:c5:f1:49:67:
                    1f:19:a2:b5:92:55:12:c9:97:fb:e3:f5:70:32:f3:
                    0d:27:33:06:c2:b0:80:c0:45:c3:b0:4e:f0:b4:78:
                    82:c6:76:df:53:b4:f8:b7:5d:5d:5b:e5:39:87:56:
                    25:d6:aa:3f:16:3e:d7:16:9c:5c:03:27:6f:55:1e:
                    fd:92:2d:dd:94:f9:64:95:6c:4c:2f:23:7d:c2:fd:
                    e3:3b:87:22:7e:62:62:31:1e:12:b1:53:ed:8a:b5:
                    01:67:53:a6:22:65:73:0a:8e:e4:37:88:79:5e:16:
                    66:12:f1:d7:e2:48:92:58:8f:65:dd:3e:7f:e5:a8:
                    a5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E8:50:C4:5E:E8:A0:50:95:F2:1B:48:2A:3B:94:66:5B:E7:EA:E1
            X509v3 Authority Key Identifier:
                keyid:C6:90:05:BB:7B:A4:68:A1:0A:32:CE:44:E9:C4:CE:78:53:89:98:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/C69005BB7BA468A10A32CE44E9C4CE78538998AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C69005BB7BA468A10A32CE44E9C4CE78538998AE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/db8ba45e-f5da-4581-bfe5-c1616c30efab/0/3131372e35332e3135312e302f32342d3234203d3e203538333937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.53.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4a:fa:2e:37:13:bc:b7:2e:01:99:b0:bf:68:9d:99:ab:8b:
         cf:c6:e1:2d:ed:96:3f:b6:e7:ba:f9:7e:b0:4d:14:46:b9:e5:
         1a:9b:c1:8b:07:47:e8:44:57:af:ef:c6:60:05:39:00:96:78:
         95:72:b4:df:45:22:37:54:2e:b7:57:d6:68:91:fa:91:3b:4f:
         d2:ef:59:2c:d0:8b:31:19:79:9a:9e:21:40:08:44:b1:16:d5:
         9e:fe:bb:8f:20:83:1f:77:f4:e5:66:77:76:09:66:48:fc:66:
         fa:0b:61:61:e9:a6:42:82:ff:a3:f3:d8:aa:5f:99:e3:95:9c:
         e7:6a:08:e3:c8:1d:3b:4b:03:86:c0:d8:39:28:6e:1f:29:85:
         5a:b7:5b:24:54:4b:da:f9:d0:8c:b0:53:45:a9:a6:d8:4d:b9:
         8b:85:f2:bc:d4:44:59:20:75:fe:17:35:ae:30:1e:81:41:06:
         72:a3:5f:3d:70:9f:0b:c1:ab:20:1f:f0:8d:90:0f:ba:c0:81:
         87:da:2a:16:df:6a:fe:d9:9b:7d:f8:f7:03:58:e7:60:8e:72:
         ba:c7:4a:60:87:0c:f4:2c:20:84:91:aa:e0:80:35:a4:ff:3a:
         66:69:9c:18:91:d6:ed:7c:46:91:94:08:6a:27:c9:e6:a0:ad:
         3d:6f:87:8d
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUXN/Gv87/HHzrS46STZJQYu9UKvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzY5MDA1QkI3QkE0NjhBMTBBMzJDRTQ0RTlDNENFNzg1
Mzg5OThBRTAeFw0yNTEwMTAyMTU1MDFaFw0yNjEwMDkyMjAwMDFaMDMxMTAvBgNV
BAMTKDBFRTg1MEM0NUVFOEEwNTA5NUYyMUI0ODJBM0I5NDY2NUJFN0VBRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzFrFeArb1wp24/o5KWmMPLKYp
GGjs1H6oAXUHEdIllS6xtXIrRPDJnu9luAepVQnhIicW/dFwBatq/LajJokvDm5L
03+X70H2s6GYVIs2aPKdHPot2/n47nO/dAz4uThUZMJj5uyCvqHpCuHZmPxDE+97
a4vofbtN7WItIXjttSKbxfFJZx8ZorWSVRLJl/vj9XAy8w0nMwbCsIDARcOwTvC0
eILGdt9TtPi3XV1b5TmHViXWqj8WPtcWnFwDJ29VHv2SLd2U+WSVbEwvI33C/eM7
hyJ+YmIxHhKxU+2KtQFnU6YiZXMKjuQ3iHleFmYS8dfiSJJYj2XdPn/lqKXTAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUDuhQxF7ooFCV8htIKjuUZlvn6uEwHwYDVR0j
BBgwFoAUxpAFu3ukaKEKMs5E6cTOeFOJmK4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
YjhiYTQ1ZS1mNWRhLTQ1ODEtYmZlNS1jMTYxNmMzMGVmYWIvMC9DNjkwMDVCQjdC
QTQ2OEExMEEzMkNFNDRFOUM0Q0U3ODUzODk5OEFFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzY5MDA1QkI3QkE0NjhBMTBBMzJDRTQ0RTlDNENFNzg1Mzg5
OThBRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2RiOGJhNDVlLWY1ZGEtNDU4MS1i
ZmU1LWMxNjE2YzMwZWZhYi8wLzMxMzEzNzJlMzUzMzJlMzEzNTMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzODMzMzkzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHU1lzANBgkqhkiG
9w0BAQsFAAOCAQEAiUr6LjcTvLcuAZmwv2idmauLz8bhLe2WP7bnuvl+sE0URrnl
GpvBiwdH6ERXr+/GYAU5AJZ4lXK030UiN1Qut1fWaJH6kTtP0u9ZLNCLMRl5mp4h
QAhEsRbVnv67jyCDH3f05WZ3dglmSPxm+gthYemmQoL/o/PYql+Z45Wc52oI48gd
O0sDhsDYOShuHymFWrdbJFRL2vnQjLBTRamm2E25i4XyvNREWSB1/hc1rjAegUEG
cqNfPXCfC8GrIB/wjZAPusCBh9oqFt9q/tmbffj3A1jnYI5yusdKYIcM9CwghJGq
4IA1pP86ZmmcGJHW7XxGkZQIaifJ5qCtPW+HjQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:18:48 2025 by rpki-client