Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3130332e32382e3136332e302f32342d3234203d3e203536323539.roa
File:                     3130332e32382e3136332e302f32342d3234203d3e203536323539.roa (raw, json)
Hash identifier:          NAFqFIaSAImXyE9eWh33YjJ4/n4BJqvDNhOBlZ2+l28=
Subject key identifier:   48:8B:6B:93:84:32:E6:BE:12:40:1B:41:CA:CE:15:22:46:28:63:8F
Certificate issuer:       /CN=3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F
Certificate serial:       624FCAF739594B83BE503F90B20384B484C6B350
Authority key identifier: 3D:78:9F:AF:5F:7E:BE:69:38:C4:C7:23:DC:D2:EE:D7:85:C3:5E:4F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3130332e32382e3136332e302f32342d3234203d3e203536323539.roa
Signing time:             Mon 21 Jul 2025 15:00:01 +0000
ROA not before:           Mon 21 Jul 2025 14:55:01 +0000
ROA not after:            Mon 20 Jul 2026 15:00:01 +0000
asID:                     56259
IP address blocks:        103.28.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.crl
                          rsync://repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 12 Aug 2025 08:49:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:4f:ca:f7:39:59:4b:83:be:50:3f:90:b2:03:84:b4:84:c6:b3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F
        Validity
            Not Before: Jul 21 14:55:01 2025 GMT
            Not After : Jul 20 15:00:01 2026 GMT
        Subject: CN=488B6B938432E6BE12401B41CACE15224628638F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:b6:e0:b6:b4:bc:83:01:74:d8:84:6b:99:
                    cb:aa:8e:90:8c:81:13:a1:27:83:88:0f:24:dc:80:
                    06:93:e9:11:03:94:fe:c7:cc:08:0a:ad:c3:51:7d:
                    bf:22:a7:50:90:c2:0e:09:14:55:34:99:12:77:d7:
                    a6:af:74:c9:72:f2:54:5f:a3:5f:a5:59:e9:1f:83:
                    bc:5d:15:fe:b9:b2:01:5f:07:c6:3d:e7:11:8c:ac:
                    5f:4d:69:b0:11:5b:1e:eb:67:b4:40:f8:34:fb:8f:
                    2e:15:ad:2b:ae:96:1e:b0:9b:98:b1:5c:cc:26:8c:
                    4e:2a:5d:13:2a:4f:03:1c:ba:d0:2e:45:52:17:53:
                    99:d6:b5:17:04:9a:89:e3:12:01:86:42:03:fe:a0:
                    97:e3:14:48:03:7d:30:f7:31:fb:e0:d5:f8:22:20:
                    54:52:f7:1f:5e:65:2a:83:d4:69:16:aa:f8:10:74:
                    a2:3f:08:53:69:e4:53:76:3a:98:03:42:eb:82:b1:
                    e3:bb:1a:7c:dd:69:91:17:da:88:e1:96:b9:00:d7:
                    8f:0d:4e:cd:f3:ce:bc:2b:63:fc:c2:8a:32:48:57:
                    3e:57:d4:31:9a:5f:c0:f7:1e:47:d4:7b:11:3e:24:
                    ef:97:f7:27:e5:1c:96:5b:9b:3c:08:10:02:c5:71:
                    88:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:8B:6B:93:84:32:E6:BE:12:40:1B:41:CA:CE:15:22:46:28:63:8F
            X509v3 Authority Key Identifier:
                keyid:3D:78:9F:AF:5F:7E:BE:69:38:C4:C7:23:DC:D2:EE:D7:85:C3:5E:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3D789FAF5F7EBE6938C4C723DCD2EED785C35E4F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/4d970032-08ea-4890-bdba-6309a497917d/0/3130332e32382e3136332e302f32342d3234203d3e203536323539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.28.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a9:a8:64:e2:ce:af:29:ea:f6:2c:61:3f:4f:b3:29:31:e9:
         c6:64:fd:8b:dc:57:41:d5:76:d2:1f:cc:4a:b2:44:4a:ba:ab:
         3a:a7:4e:09:ac:13:f6:91:eb:0c:82:b4:2a:30:e4:f2:2d:d3:
         dc:1f:52:f5:77:d3:fe:52:be:46:22:7e:d4:84:5c:2c:af:5a:
         1a:72:58:c8:55:c3:0e:81:65:23:2f:90:24:b6:39:dc:23:76:
         4a:bc:1a:47:c0:59:d3:5b:1c:81:d9:7f:dd:4b:76:89:d5:b2:
         93:d6:55:58:70:1f:a4:5c:41:45:f0:9f:0f:d6:cb:14:5e:88:
         dd:a1:62:ea:ba:f3:ad:83:80:82:f5:ed:2e:12:bc:06:56:b4:
         ba:05:1b:cb:88:bf:2b:c9:d2:cc:16:d7:c1:b7:7c:58:50:e7:
         b7:01:93:29:0d:a1:6e:d8:f2:d3:65:c9:dc:24:69:be:f5:a8:
         70:eb:c4:80:be:4d:e5:d6:9b:0f:ed:b1:f8:d3:74:19:97:f1:
         04:32:12:21:ab:0f:5e:49:cf:eb:37:10:3d:19:68:96:37:60:
         6a:7f:e0:19:8e:c1:d4:b7:d3:da:8a:20:e3:c7:93:8f:b1:6f:
         ca:5e:05:16:6a:86:3e:32:1d:5c:13:37:f0:75:8f:4f:e0:36:
         a2:88:24:3e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUYk/K9zlZS4O+UD+QsgOEtITGs1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0Q3ODlGQUY1RjdFQkU2OTM4QzRDNzIzRENEMkVFRDc4
NUMzNUU0RjAeFw0yNTA3MjExNDU1MDFaFw0yNjA3MjAxNTAwMDFaMDMxMTAvBgNV
BAMTKDQ4OEI2QjkzODQzMkU2QkUxMjQwMUI0MUNBQ0UxNTIyNDYyODYzOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4sLbgtrS8gwF02IRrmcuqjpCM
gROhJ4OIDyTcgAaT6REDlP7HzAgKrcNRfb8ip1CQwg4JFFU0mRJ316avdMly8lRf
o1+lWekfg7xdFf65sgFfB8Y95xGMrF9NabARWx7rZ7RA+DT7jy4VrSuulh6wm5ix
XMwmjE4qXRMqTwMcutAuRVIXU5nWtRcEmonjEgGGQgP+oJfjFEgDfTD3Mfvg1fgi
IFRS9x9eZSqD1GkWqvgQdKI/CFNp5FN2OpgDQuuCseO7GnzdaZEX2ojhlrkA148N
Ts3zzrwrY/zCijJIVz5X1DGaX8D3HkfUexE+JO+X9yflHJZbmzwIEALFcYgHAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUSItrk4Qy5r4SQBtBys4VIkYoY48wHwYDVR0j
BBgwFoAUPXifr19+vmk4xMcj3NLu14XDXk8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby80
ZDk3MDAzMi0wOGVhLTQ4OTAtYmRiYS02MzA5YTQ5NzkxN2QvMC8zRDc4OUZBRjVG
N0VCRTY5MzhDNEM3MjNEQ0QyRUVENzg1QzM1RTRGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvM0Q3ODlGQUY1RjdFQkU2OTM4QzRDNzIzRENEMkVFRDc4NUMz
NUU0Ri5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzRkOTcwMDMyLTA4ZWEtNDg5MC1i
ZGJhLTYzMDlhNDk3OTE3ZC8wLzMxMzAzMzJlMzIzODJlMzEzNjMzMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNjMyMzUzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGccozANBgkqhkiG
9w0BAQsFAAOCAQEApqmoZOLOrynq9ixhP0+zKTHpxmT9i9xXQdV20h/MSrJESrqr
OqdOCawT9pHrDIK0KjDk8i3T3B9S9XfT/lK+RiJ+1IRcLK9aGnJYyFXDDoFlIy+Q
JLY53CN2SrwaR8BZ01scgdl/3Ut2idWyk9ZVWHAfpFxBRfCfD9bLFF6I3aFi6rrz
rYOAgvXtLhK8Bla0ugUby4i/K8nSzBbXwbd8WFDntwGTKQ2hbtjy02XJ3CRpvvWo
cOvEgL5N5dabD+2x+NN0GZfxBDISIasPXknP6zcQPRloljdgan/gGY7B1LfT2oog
48eTj7Fvyl4FFmqGPjIdXBM38HWPT+A2oogkPg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:38:19 2025 by rpki-client