Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/3130332e3134302e33362e302f32342d3234203d3e20313338383832.roa
File:                     3130332e3134302e33362e302f32342d3234203d3e20313338383832.roa (raw, json)
Hash identifier:          iAHJXG4K6+3EiEQSytu2MEfHZRYK05stg/Yr8f+Zlv8=
Subject key identifier:   FE:40:FF:8A:FC:8A:73:1C:CC:55:FF:3A:47:15:E8:EB:05:00:63:30
Certificate issuer:       /CN=9D6C92F2A768B42C165992C6E76B882F559231B7
Certificate serial:       6B3C1B4B93BF90E0EDF8C8EEE015E55426DE1D95
Authority key identifier: 9D:6C:92:F2:A7:68:B4:2C:16:59:92:C6:E7:6B:88:2F:55:92:31:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9D6C92F2A768B42C165992C6E76B882F559231B7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/3130332e3134302e33362e302f32342d3234203d3e20313338383832.roa
Signing time:             Wed 06 Aug 2025 09:02:01 +0000
ROA not before:           Wed 06 Aug 2025 08:57:01 +0000
ROA not after:            Wed 05 Aug 2026 09:02:01 +0000
asID:                     138882
IP address blocks:        103.140.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/9D6C92F2A768B42C165992C6E76B882F559231B7.crl
                          rsync://repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/9D6C92F2A768B42C165992C6E76B882F559231B7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9D6C92F2A768B42C165992C6E76B882F559231B7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 14:53:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:3c:1b:4b:93:bf:90:e0:ed:f8:c8:ee:e0:15:e5:54:26:de:1d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9D6C92F2A768B42C165992C6E76B882F559231B7
        Validity
            Not Before: Aug  6 08:57:01 2025 GMT
            Not After : Aug  5 09:02:01 2026 GMT
        Subject: CN=FE40FF8AFC8A731CCC55FF3A4715E8EB05006330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:99:8c:16:dc:cc:41:39:c3:8f:a0:b2:d6:95:
                    f5:21:43:62:2d:72:6d:c9:98:6e:bc:0a:5d:43:46:
                    71:e9:0b:29:bd:99:91:d1:40:93:f5:e1:e9:8a:d9:
                    71:a9:cf:36:f9:9a:35:31:90:87:02:2b:8a:d8:c9:
                    5f:22:16:a6:7e:55:b0:b3:c9:c8:97:50:68:6f:87:
                    57:a4:6a:d6:78:c5:23:20:84:ce:20:4e:7a:ee:ce:
                    ae:71:d7:8a:00:33:30:93:c1:62:65:2c:e7:a8:e3:
                    8e:9a:c9:b2:ab:78:9a:3e:24:a6:e3:5b:f1:97:21:
                    8b:eb:1b:c4:3c:52:d5:f5:45:3b:f7:2d:32:22:0c:
                    ee:24:e3:d4:f4:38:5e:5a:d1:f3:4d:33:cc:41:fe:
                    aa:a7:62:21:20:b3:e0:01:0a:1f:70:64:6a:5e:cc:
                    ce:11:3d:7b:82:63:34:2c:39:13:cc:7e:49:d1:cb:
                    14:88:4d:82:76:4c:4b:d6:c8:4b:68:59:ea:51:09:
                    79:c9:66:b7:ea:36:4d:f4:a4:1a:c3:ff:74:ad:c7:
                    ba:f9:35:4b:1d:c4:ae:94:34:cd:6d:e0:3a:01:23:
                    05:84:70:ac:a0:0d:7d:69:0e:4e:55:92:23:cf:f0:
                    26:bc:5b:5d:69:00:e5:1f:70:2f:11:3f:84:0d:7c:
                    26:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:40:FF:8A:FC:8A:73:1C:CC:55:FF:3A:47:15:E8:EB:05:00:63:30
            X509v3 Authority Key Identifier:
                keyid:9D:6C:92:F2:A7:68:B4:2C:16:59:92:C6:E7:6B:88:2F:55:92:31:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/9D6C92F2A768B42C165992C6E76B882F559231B7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9D6C92F2A768B42C165992C6E76B882F559231B7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3404bad1-2b3e-4141-9fc5-df99b2bd0a22/0/3130332e3134302e33362e302f32342d3234203d3e20313338383832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.140.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:d2:70:e3:c0:bf:a7:76:19:4d:26:c4:d2:bc:fc:3c:80:e5:
         ee:92:ac:b2:5e:7f:7d:1c:be:6c:45:69:3e:ca:71:97:ca:33:
         64:d5:50:d3:78:28:91:ae:9c:be:63:92:0b:ae:f3:b5:92:b0:
         65:1d:06:4d:63:db:d9:64:c9:a7:3a:72:78:c7:b1:18:d1:55:
         22:c5:cf:15:a9:f5:43:db:f4:d9:2d:28:d4:b5:e1:71:f3:07:
         17:52:39:70:64:73:b6:7a:17:3f:20:81:d1:52:91:42:fc:5e:
         ee:c6:ec:fc:ba:5d:ee:ad:6c:16:ff:31:0b:23:5c:82:34:39:
         0a:00:35:32:26:b7:e1:f8:64:60:a8:5b:43:0c:84:b3:f2:59:
         de:5e:53:56:4b:07:5e:22:4d:e6:b4:80:0c:24:3a:2b:86:af:
         3b:e3:f0:f3:7a:2a:38:fe:af:a2:2b:35:ca:18:6a:7e:4d:2c:
         7e:1d:21:9b:01:5d:a5:07:26:e0:9a:cf:ab:c9:8d:40:cd:37:
         6a:54:ab:0b:2f:9c:b9:ac:cc:e3:39:8a:24:0a:3b:9f:6f:16:
         33:bf:07:04:fe:13:36:88:16:d8:e4:b1:36:5a:79:43:a4:5b:
         b2:47:56:36:f3:b5:cc:de:31:01:a8:22:b0:d3:23:f8:d3:3f:
         b8:31:22:79
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUazwbS5O/kODt+Mju4BXlVCbeHZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUQ2QzkyRjJBNzY4QjQyQzE2NTk5MkM2RTc2Qjg4MkY1
NTkyMzFCNzAeFw0yNTA4MDYwODU3MDFaFw0yNjA4MDUwOTAyMDFaMDMxMTAvBgNV
BAMTKEZFNDBGRjhBRkM4QTczMUNDQzU1RkYzQTQ3MTVFOEVCMDUwMDYzMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCymYwW3MxBOcOPoLLWlfUhQ2It
cm3JmG68Cl1DRnHpCym9mZHRQJP14emK2XGpzzb5mjUxkIcCK4rYyV8iFqZ+VbCz
yciXUGhvh1ekatZ4xSMghM4gTnruzq5x14oAMzCTwWJlLOeo446aybKreJo+JKbj
W/GXIYvrG8Q8UtX1RTv3LTIiDO4k49T0OF5a0fNNM8xB/qqnYiEgs+ABCh9wZGpe
zM4RPXuCYzQsORPMfknRyxSITYJ2TEvWyEtoWepRCXnJZrfqNk30pBrD/3Stx7r5
NUsdxK6UNM1t4DoBIwWEcKygDX1pDk5VkiPP8Ca8W11pAOUfcC8RP4QNfCYdAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU/kD/ivyKcxzMVf86RxXo6wUAYzAwHwYDVR0j
BBgwFoAUnWyS8qdotCwWWZLG52uIL1WSMbcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
NDA0YmFkMS0yYjNlLTQxNDEtOWZjNS1kZjk5YjJiZDBhMjIvMC85RDZDOTJGMkE3
NjhCNDJDMTY1OTkyQzZFNzZCODgyRjU1OTIzMUI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUQ2QzkyRjJBNzY4QjQyQzE2NTk5MkM2RTc2Qjg4MkY1NTky
MzFCNy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzM0MDRiYWQxLTJiM2UtNDE0MS05
ZmM1LWRmOTliMmJkMGEyMi8wLzMxMzAzMzJlMzEzNDMwMmUzMzM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzMzM4MzgzODMyLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ4wkMA0GCSqG
SIb3DQEBCwUAA4IBAQCd0nDjwL+ndhlNJsTSvPw8gOXukqyyXn99HL5sRWk+ynGX
yjNk1VDTeCiRrpy+Y5ILrvO1krBlHQZNY9vZZMmnOnJ4x7EY0VUixc8VqfVD2/TZ
LSjUteFx8wcXUjlwZHO2ehc/IIHRUpFC/F7uxuz8ul3urWwW/zELI1yCNDkKADUy
Jrfh+GRgqFtDDISz8lneXlNWSwdeIk3mtIAMJDorhq874/Dzeio4/q+iKzXKGGp+
TSx+HSGbAV2lBybgms+ryY1AzTdqVKsLL5y5rMzjOYokCjufbxYzvwcE/hM2iBbY
5LE2WnlDpFuyR1Y287XM3jEBqCKw0yP40z+4MSJ5
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:15:41 2025 by rpki-client