Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/3130332e3135362e3233342e302f32342d3234203d3e20313431303939.roa
File:                     3130332e3135362e3233342e302f32342d3234203d3e20313431303939.roa (raw, json)
Hash identifier:          2Ij3trthgvVTDLtbPd9soaDl21FzUqm6uc+fi+je0/U=
Subject key identifier:   1D:EC:E0:C6:42:08:78:E0:3C:64:5D:08:F7:6D:44:58:DC:56:4F:B2
Certificate issuer:       /CN=5DC5D36558922295B85E7AE3A79178FB430FD34B
Certificate serial:       0F531E843A8628F0E707FA9EE25CF444B903F753
Authority key identifier: 5D:C5:D3:65:58:92:22:95:B8:5E:7A:E3:A7:91:78:FB:43:0F:D3:4B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5DC5D36558922295B85E7AE3A79178FB430FD34B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/3130332e3135362e3233342e302f32342d3234203d3e20313431303939.roa
Signing time:             Thu 24 Jul 2025 10:01:56 +0000
ROA not before:           Thu 24 Jul 2025 09:56:56 +0000
ROA not after:            Thu 23 Jul 2026 10:01:56 +0000
asID:                     141099
IP address blocks:        103.156.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/5DC5D36558922295B85E7AE3A79178FB430FD34B.crl
                          rsync://repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/5DC5D36558922295B85E7AE3A79178FB430FD34B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5DC5D36558922295B85E7AE3A79178FB430FD34B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 20:50:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:53:1e:84:3a:86:28:f0:e7:07:fa:9e:e2:5c:f4:44:b9:03:f7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5DC5D36558922295B85E7AE3A79178FB430FD34B
        Validity
            Not Before: Jul 24 09:56:56 2025 GMT
            Not After : Jul 23 10:01:56 2026 GMT
        Subject: CN=1DECE0C6420878E03C645D08F76D4458DC564FB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4d:e9:5c:75:04:44:04:23:c4:ea:60:fc:29:
                    40:aa:d1:04:4a:54:cc:00:b5:12:5a:c4:85:4b:a8:
                    f8:c2:2e:43:67:d1:10:6b:c7:69:b0:1e:c5:1a:1f:
                    02:d4:39:ff:e6:69:69:96:6f:3a:ec:28:4a:a6:41:
                    19:f5:e9:49:29:3b:0d:e5:e6:70:eb:c0:9f:0d:ac:
                    aa:92:6a:83:4d:02:3c:0c:85:67:ef:8d:4a:0f:e5:
                    d0:97:27:5f:f0:b9:54:46:95:22:e0:5b:78:1e:06:
                    e9:df:65:d8:33:35:f4:5a:21:3e:5d:a0:14:3b:f6:
                    df:07:07:e2:19:c1:f2:ba:90:0c:cd:9b:f1:90:73:
                    1d:96:45:b5:cd:4a:66:40:ba:de:19:47:0e:ad:97:
                    2d:2d:a1:98:87:8a:4f:44:77:4d:a0:c5:93:cd:19:
                    f4:cd:b3:bc:5d:5a:cd:55:34:70:cd:04:52:72:fc:
                    75:49:a8:5a:51:ca:ec:4c:24:6c:2d:06:ce:0d:da:
                    48:bf:f3:64:cf:c5:0a:2e:11:af:26:be:91:4e:ce:
                    4c:7c:89:14:cb:4a:1d:02:0a:4e:a8:e9:04:ad:11:
                    f0:5e:09:30:ab:f9:d6:e7:d0:18:38:75:e6:15:eb:
                    cb:17:a3:ee:e2:ae:fe:c3:29:7e:79:c7:13:8e:05:
                    e2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EC:E0:C6:42:08:78:E0:3C:64:5D:08:F7:6D:44:58:DC:56:4F:B2
            X509v3 Authority Key Identifier:
                keyid:5D:C5:D3:65:58:92:22:95:B8:5E:7A:E3:A7:91:78:FB:43:0F:D3:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/5DC5D36558922295B85E7AE3A79178FB430FD34B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/5DC5D36558922295B85E7AE3A79178FB430FD34B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2e3a138e-a2b2-4604-ad50-3cab750a75e7/0/3130332e3135362e3233342e302f32342d3234203d3e20313431303939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.156.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:47:47:53:df:09:92:01:fb:ea:a2:f5:2e:24:a1:f2:f4:6e:
         ce:15:2f:63:78:66:48:84:66:e6:e5:39:b4:5a:d8:ae:e2:4c:
         8b:7a:c3:8f:d5:4f:7d:c0:d4:c7:ba:03:7c:12:51:7e:07:76:
         bc:9c:ae:57:12:01:e7:a5:1f:00:c1:1d:2e:d6:d2:c2:65:10:
         b1:25:4c:c7:87:8d:82:84:98:44:60:c7:ca:d3:98:27:da:39:
         7c:f3:07:03:43:bc:2a:f2:6e:cd:79:98:13:38:af:e1:af:56:
         52:64:ab:d3:3a:92:43:13:bb:4e:fd:c5:92:00:4b:d5:6b:92:
         84:00:80:9a:f6:82:a7:2f:3e:76:da:27:68:48:6d:85:a8:01:
         2b:6c:24:8e:ca:fc:aa:a7:d3:d7:03:66:f6:28:af:4a:97:ee:
         3d:f6:77:7c:75:1b:f4:99:c1:fd:42:eb:d1:1a:a5:0c:cc:af:
         32:2e:b0:04:28:56:a8:b2:b7:e0:12:35:69:3f:90:c9:53:45:
         f8:09:fe:43:40:2b:eb:2c:99:42:ef:f4:72:d2:7d:87:83:f6:
         d2:fb:0c:37:8c:14:39:6d:a5:9e:b7:40:93:e6:1e:36:53:b1:
         ba:de:30:e2:ef:87:a4:8c:43:c5:c9:99:ed:f2:e2:dd:e5:fe:
         54:fd:f2:8a
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUD1MehDqGKPDnB/qe4lz0RLkD91MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNURDNUQzNjU1ODkyMjI5NUI4NUU3QUUzQTc5MTc4RkI0
MzBGRDM0QjAeFw0yNTA3MjQwOTU2NTZaFw0yNjA3MjMxMDAxNTZaMDMxMTAvBgNV
BAMTKDFERUNFMEM2NDIwODc4RTAzQzY0NUQwOEY3NkQ0NDU4REM1NjRGQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpTelcdQREBCPE6mD8KUCq0QRK
VMwAtRJaxIVLqPjCLkNn0RBrx2mwHsUaHwLUOf/maWmWbzrsKEqmQRn16UkpOw3l
5nDrwJ8NrKqSaoNNAjwMhWfvjUoP5dCXJ1/wuVRGlSLgW3geBunfZdgzNfRaIT5d
oBQ79t8HB+IZwfK6kAzNm/GQcx2WRbXNSmZAut4ZRw6tly0toZiHik9Ed02gxZPN
GfTNs7xdWs1VNHDNBFJy/HVJqFpRyuxMJGwtBs4N2ki/82TPxQouEa8mvpFOzkx8
iRTLSh0CCk6o6QStEfBeCTCr+dbn0Bg4deYV68sXo+7irv7DKX55xxOOBeL1AgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUHezgxkIIeOA8ZF0I921EWNxWT7IwHwYDVR0j
BBgwFoAUXcXTZViSIpW4Xnrjp5F4+0MP00swDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
ZTNhMTM4ZS1hMmIyLTQ2MDQtYWQ1MC0zY2FiNzUwYTc1ZTcvMC81REM1RDM2NTU4
OTIyMjk1Qjg1RTdBRTNBNzkxNzhGQjQzMEZEMzRCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNURDNUQzNjU1ODkyMjI5NUI4NUU3QUUzQTc5MTc4RkI0MzBG
RDM0Qi5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJlM2ExMzhlLWEyYjItNDYwNC1h
ZDUwLTNjYWI3NTBhNzVlNy8wLzMxMzAzMzJlMzEzNTM2MmUzMjMzMzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMTM0MzEzMDM5Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnnOowDQYJ
KoZIhvcNAQELBQADggEBAARHR1PfCZIB++qi9S4kofL0bs4VL2N4ZkiEZublObRa
2K7iTIt6w4/VT33A1Me6A3wSUX4HdrycrlcSAeelHwDBHS7W0sJlELElTMeHjYKE
mERgx8rTmCfaOXzzBwNDvCrybs15mBM4r+GvVlJkq9M6kkMTu079xZIAS9VrkoQA
gJr2gqcvPnbaJ2hIbYWoAStsJI7K/Kqn09cDZvYor0qX7j32d3x1G/SZwf1C69Ea
pQzMrzIusAQoVqiyt+ASNWk/kMlTRfgJ/kNAK+ssmULv9HLSfYeD9tL7DDeMFDlt
pZ63QJPmHjZTsbreMOLvh6SMQ8XJme3y4t3l/lT98oo=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:11:16 2025 by rpki-client