Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa
File:                     3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa (raw, json)
Hash identifier:          NWx313Eak6ryGXrEQpkxOKGoXHPpAIUkV1kgoiWIcbI=
Subject key identifier:   4D:60:03:58:7C:BF:B2:82:1D:2B:F7:FA:7F:85:17:00:68:0B:BA:9F
Certificate issuer:       /CN=C7F3F7AC648C6073C7FE736271A1A8E7277962B7
Certificate serial:       361F23A34B806799CE74ED8175453F95A4D39078
Authority key identifier: C7:F3:F7:AC:64:8C:60:73:C7:FE:73:62:71:A1:A8:E7:27:79:62:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa
Signing time:             Mon 15 Sep 2025 09:00:01 +0000
ROA not before:           Mon 15 Sep 2025 08:55:01 +0000
ROA not after:            Mon 14 Sep 2026 09:00:01 +0000
asID:                     139433
IP address blocks:        103.144.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.crl
                          rsync://repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 05:46:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:1f:23:a3:4b:80:67:99:ce:74:ed:81:75:45:3f:95:a4:d3:90:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C7F3F7AC648C6073C7FE736271A1A8E7277962B7
        Validity
            Not Before: Sep 15 08:55:01 2025 GMT
            Not After : Sep 14 09:00:01 2026 GMT
        Subject: CN=4D6003587CBFB2821D2BF7FA7F851700680BBA9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e8:60:6d:1a:c4:4e:9f:cc:f6:88:f1:da:98:
                    32:fa:24:83:34:34:7a:81:b6:fd:20:5b:7f:84:32:
                    68:59:72:81:7b:c1:0e:dc:ac:c7:df:24:d6:19:9f:
                    8b:8c:ba:90:ff:97:61:c9:1a:0a:97:45:66:f5:6c:
                    22:c3:fa:d0:66:5b:16:33:12:aa:96:44:de:88:cd:
                    2b:94:ac:cb:e5:86:16:85:9f:3e:0a:27:24:c2:ec:
                    fb:e7:c0:00:20:17:ca:ed:be:64:0f:ea:a0:0d:f2:
                    cc:94:9f:96:e8:bd:0c:36:ef:b3:fb:b0:98:0d:d9:
                    6c:f7:45:e0:19:a7:9e:f9:c5:81:06:31:ef:eb:6e:
                    87:fa:84:f2:19:e9:66:f8:ed:da:fc:75:6c:af:d5:
                    fb:70:62:dd:dc:e7:0b:52:0b:55:cc:0e:07:49:aa:
                    84:00:b7:67:d9:e6:57:2d:d9:cc:02:0a:b2:0d:c1:
                    2a:83:36:1c:7d:cd:6c:0a:16:b1:25:c5:c3:a5:1a:
                    c7:b6:e7:f5:77:e8:54:22:b7:4f:77:e9:3f:2f:27:
                    63:3b:c9:96:7b:07:55:2a:50:82:f7:0b:6b:b3:38:
                    ed:6a:11:d1:66:8d:33:e0:85:12:35:85:02:29:64:
                    58:2f:d3:59:bf:48:13:27:bc:18:11:83:1b:84:3c:
                    c3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:60:03:58:7C:BF:B2:82:1D:2B:F7:FA:7F:85:17:00:68:0B:BA:9F
            X509v3 Authority Key Identifier:
                keyid:C7:F3:F7:AC:64:8C:60:73:C7:FE:73:62:71:A1:A8:E7:27:79:62:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C7F3F7AC648C6073C7FE736271A1A8E7277962B7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/e9f575db-c738-4b8e-b36a-6b020c66849d/0/3130332e3134342e3132382e302f32332d3233203d3e20313339343333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.144.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:ae:c1:10:c4:a5:ce:4c:77:fd:41:49:52:88:93:22:e9:6a:
         78:01:25:2e:02:96:46:68:fc:40:26:b6:26:80:bb:b6:dd:3b:
         0f:9e:97:ef:08:a5:61:95:5e:13:89:1e:f2:e6:fc:09:39:92:
         c2:68:2f:d0:bb:83:f3:ce:20:f8:58:21:a4:e4:39:95:37:a6:
         86:ee:b3:e7:d8:6f:84:ad:e0:58:f6:5c:af:f7:bf:b5:b5:75:
         1f:d8:cd:a9:69:7e:d2:82:82:63:cd:49:5b:c1:90:99:48:5e:
         a4:b8:1e:f4:08:1d:22:9f:4c:40:d5:17:f4:1f:40:77:ab:ef:
         f2:f7:06:f4:3a:0b:93:c6:00:f8:52:a8:ee:58:e9:d6:12:e3:
         95:80:76:60:77:a9:31:69:13:31:29:52:03:bd:b6:b2:32:7b:
         d6:df:0b:86:3a:9a:b9:85:75:89:1d:98:8f:ed:32:e7:07:b3:
         9c:4f:03:91:f2:51:6a:01:d3:fc:53:58:74:bc:e3:e0:49:4d:
         79:fb:7c:44:19:44:cf:eb:a6:45:29:f0:38:f2:82:d3:9a:ff:
         92:a9:02:1a:0d:58:d8:3f:be:b8:78:bb:88:1f:4f:e8:32:c9:
         5d:a6:5f:41:87:ea:a5:ce:66:fd:72:a9:29:b7:cd:01:32:06:
         cb:66:df:05
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUNh8jo0uAZ5nOdO2BdUU/laTTkHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzdGM0Y3QUM2NDhDNjA3M0M3RkU3MzYyNzFBMUE4RTcy
Nzc5NjJCNzAeFw0yNTA5MTUwODU1MDFaFw0yNjA5MTQwOTAwMDFaMDMxMTAvBgNV
BAMTKDRENjAwMzU4N0NCRkIyODIxRDJCRjdGQTdGODUxNzAwNjgwQkJBOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ6GBtGsROn8z2iPHamDL6JIM0
NHqBtv0gW3+EMmhZcoF7wQ7crMffJNYZn4uMupD/l2HJGgqXRWb1bCLD+tBmWxYz
EqqWRN6IzSuUrMvlhhaFnz4KJyTC7PvnwAAgF8rtvmQP6qAN8syUn5bovQw277P7
sJgN2Wz3ReAZp575xYEGMe/rbof6hPIZ6Wb47dr8dWyv1ftwYt3c5wtSC1XMDgdJ
qoQAt2fZ5lct2cwCCrINwSqDNhx9zWwKFrElxcOlGse25/V36FQit0936T8vJ2M7
yZZ7B1UqUIL3C2uzOO1qEdFmjTPghRI1hQIpZFgv01m/SBMnvBgRgxuEPMNDAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUTWADWHy/soIdK/f6f4UXAGgLup8wHwYDVR0j
BBgwFoAUx/P3rGSMYHPH/nNicaGo5yd5YrcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
OWY1NzVkYi1jNzM4LTRiOGUtYjM2YS02YjAyMGM2Njg0OWQvMC9DN0YzRjdBQzY0
OEM2MDczQzdGRTczNjI3MUExQThFNzI3Nzk2MkI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzdGM0Y3QUM2NDhDNjA3M0M3RkU3MzYyNzFBMUE4RTcyNzc5
NjJCNy5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2U5ZjU3NWRiLWM3MzgtNGI4ZS1i
MzZhLTZiMDIwYzY2ODQ5ZC8wLzMxMzAzMzJlMzEzNDM0MmUzMTMyMzgyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzMTMzMzkzNDMzMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnkIAwDQYJ
KoZIhvcNAQELBQADggEBAE+uwRDEpc5Md/1BSVKIkyLpangBJS4ClkZo/EAmtiaA
u7bdOw+el+8IpWGVXhOJHvLm/Ak5ksJoL9C7g/POIPhYIaTkOZU3pobus+fYb4St
4Fj2XK/3v7W1dR/YzalpftKCgmPNSVvBkJlIXqS4HvQIHSKfTEDVF/QfQHer7/L3
BvQ6C5PGAPhSqO5Y6dYS45WAdmB3qTFpEzEpUgO9trIye9bfC4Y6mrmFdYkdmI/t
MucHs5xPA5HyUWoB0/xTWHS84+BJTXn7fEQZRM/rpkUp8DjygtOa/5KpAhoNWNg/
vrh4u4gfT+gyyV2mX0GH6qXOZv1yqSm3zQEyBstm3wU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:28:58 2025 by rpki-client