Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/3130332e3136372e342e302f32332d3234203d3e203137393935.roa
File:                     3130332e3136372e342e302f32332d3234203d3e203137393935.roa (raw, json)
Hash identifier:          nkgXHJ5vIn9/vQDJ4p+3bqA8uvcYzydpLoR2QR3gRRw=
Subject key identifier:   B4:70:5A:88:A7:60:27:37:10:C3:72:AD:CE:B8:A1:07:17:44:AD:4F
Certificate issuer:       /CN=28907A6B3D4FB187F3A15BF7457D948A12903D7C
Certificate serial:       5A724D9EC475BE842EC367F230E3DB62F47A795A
Authority key identifier: 28:90:7A:6B:3D:4F:B1:87:F3:A1:5B:F7:45:7D:94:8A:12:90:3D:7C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/28907A6B3D4FB187F3A15BF7457D948A12903D7C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/3130332e3136372e342e302f32332d3234203d3e203137393935.roa
Signing time:             Fri 04 Jul 2025 11:02:19 +0000
ROA not before:           Fri 04 Jul 2025 10:57:19 +0000
ROA not after:            Fri 03 Jul 2026 11:02:19 +0000
asID:                     17995
IP address blocks:        103.167.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/28907A6B3D4FB187F3A15BF7457D948A12903D7C.crl
                          rsync://repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/28907A6B3D4FB187F3A15BF7457D948A12903D7C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/28907A6B3D4FB187F3A15BF7457D948A12903D7C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 09 Aug 2025 01:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:72:4d:9e:c4:75:be:84:2e:c3:67:f2:30:e3:db:62:f4:7a:79:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28907A6B3D4FB187F3A15BF7457D948A12903D7C
        Validity
            Not Before: Jul  4 10:57:19 2025 GMT
            Not After : Jul  3 11:02:19 2026 GMT
        Subject: CN=B4705A88A760273710C372ADCEB8A1071744AD4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:cf:d4:76:42:2d:cb:58:64:f5:a6:44:de:b8:
                    74:42:91:bb:a9:c1:38:60:71:d6:26:65:f6:de:20:
                    2f:c7:4e:4f:cc:28:9e:11:79:01:7f:70:58:44:e3:
                    64:d7:9c:8e:06:40:c4:df:ea:43:e9:dc:5d:5c:84:
                    c7:e3:fe:be:85:3a:cf:32:0b:33:52:df:78:07:53:
                    9a:06:73:18:71:33:f9:4e:db:71:55:18:1a:2c:72:
                    b6:23:59:24:2d:d2:7a:ce:1e:a7:0f:61:bc:c5:1e:
                    cd:33:1b:0b:68:3b:33:b8:db:bc:1d:6c:e0:ea:77:
                    6c:5c:0c:c3:48:43:96:d0:b6:e0:aa:05:cd:84:ca:
                    7b:3c:1c:c1:0c:79:c7:8f:fa:2c:a0:09:25:f3:af:
                    13:b3:f0:90:b2:f7:fc:dc:07:c6:50:79:b3:1c:cf:
                    bb:ff:71:8d:be:f3:f8:ed:b8:7b:b7:fe:37:0a:5f:
                    1d:4d:87:98:36:c2:bc:7e:c9:54:12:b6:6d:36:ed:
                    a6:01:6b:21:c6:a3:a8:fa:d3:99:e6:f1:e9:60:f8:
                    ee:27:1a:52:70:fb:b4:79:b7:85:21:4f:3b:ee:74:
                    ef:c3:05:e0:1c:17:52:7d:6d:b4:ae:48:fa:a1:59:
                    4e:96:68:45:bd:22:7d:4a:0c:a8:db:38:60:c6:92:
                    d5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:70:5A:88:A7:60:27:37:10:C3:72:AD:CE:B8:A1:07:17:44:AD:4F
            X509v3 Authority Key Identifier:
                keyid:28:90:7A:6B:3D:4F:B1:87:F3:A1:5B:F7:45:7D:94:8A:12:90:3D:7C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/28907A6B3D4FB187F3A15BF7457D948A12903D7C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/28907A6B3D4FB187F3A15BF7457D948A12903D7C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/60c14b99-4ee7-422a-b064-dca3236d6756/0/3130332e3136372e342e302f32332d3234203d3e203137393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.167.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:b2:49:31:9f:95:8d:73:ab:42:54:69:0d:f4:32:c3:c3:6e:
         ae:b0:47:64:8e:c0:ad:d1:c5:8b:e8:14:57:69:87:23:9a:37:
         77:69:d6:b3:cc:82:ab:4d:03:5b:81:ff:a2:0e:e3:a2:20:3d:
         86:89:5b:a8:5e:24:ed:ad:75:c8:8a:3a:88:84:59:ed:ba:74:
         53:7a:e2:f6:59:a9:7f:a1:7d:bb:a6:92:3e:dc:10:21:df:4a:
         d3:d5:ce:3e:e4:24:6b:cd:3a:77:86:3b:a3:26:f1:d2:18:07:
         10:a1:25:f9:9a:0e:eb:67:bf:62:dc:01:83:09:40:83:b7:15:
         9b:4d:88:18:50:ee:ca:45:fa:ea:37:57:c9:62:ec:b0:30:00:
         fe:99:a7:0c:a5:a2:1d:3b:b6:87:76:60:ec:e4:14:39:71:a5:
         a7:61:f3:71:a4:de:cd:20:a2:6f:b0:f5:9a:b9:23:f9:ba:4b:
         5c:ea:32:2a:8d:4d:e2:c9:e3:f6:c4:71:66:b8:d4:c4:83:e3:
         35:b6:f2:8e:a1:e4:dc:0c:70:18:b1:92:3c:89:ac:e2:c2:a1:
         b5:2d:3e:56:58:4c:1b:d4:57:2a:0a:06:76:99:f7:4d:94:42:
         41:7d:2d:6f:07:50:9d:bf:43:4d:e2:60:bf:0a:a9:2b:7f:67:
         b8:41:b3:9f
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUWnJNnsR1voQuw2fyMOPbYvR6eVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjg5MDdBNkIzRDRGQjE4N0YzQTE1QkY3NDU3RDk0OEEx
MjkwM0Q3QzAeFw0yNTA3MDQxMDU3MTlaFw0yNjA3MDMxMTAyMTlaMDMxMTAvBgNV
BAMTKEI0NzA1QTg4QTc2MDI3MzcxMEMzNzJBRENFQjhBMTA3MTc0NEFENEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWz9R2Qi3LWGT1pkTeuHRCkbup
wThgcdYmZfbeIC/HTk/MKJ4ReQF/cFhE42TXnI4GQMTf6kPp3F1chMfj/r6FOs8y
CzNS33gHU5oGcxhxM/lO23FVGBoscrYjWSQt0nrOHqcPYbzFHs0zGwtoOzO427wd
bODqd2xcDMNIQ5bQtuCqBc2Eyns8HMEMeceP+iygCSXzrxOz8JCy9/zcB8ZQebMc
z7v/cY2+8/jtuHu3/jcKXx1Nh5g2wrx+yVQStm027aYBayHGo6j605nm8elg+O4n
GlJw+7R5t4UhTzvudO/DBeAcF1J9bbSuSPqhWU6WaEW9In1KDKjbOGDGktVJAgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUtHBaiKdgJzcQw3KtzrihBxdErU8wHwYDVR0j
BBgwFoAUKJB6az1PsYfzoVv3RX2UihKQPXwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
MGMxNGI5OS00ZWU3LTQyMmEtYjA2NC1kY2EzMjM2ZDY3NTYvMC8yODkwN0E2QjNE
NEZCMTg3RjNBMTVCRjc0NTdEOTQ4QTEyOTAzRDdDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjg5MDdBNkIzRDRGQjE4N0YzQTE1QkY3NDU3RDk0OEExMjkw
M0Q3Qy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzYwYzE0Yjk5LTRlZTctNDIyYS1i
MDY0LWRjYTMyMzZkNjc1Ni8wLzMxMzAzMzJlMzEzNjM3MmUzNDJlMzAyZjMyMzMy
ZDMyMzQyMDNkM2UyMDMxMzczOTM5MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnpwQwDQYJKoZIhvcN
AQELBQADggEBAGWySTGflY1zq0JUaQ30MsPDbq6wR2SOwK3RxYvoFFdphyOaN3dp
1rPMgqtNA1uB/6IO46IgPYaJW6heJO2tdciKOoiEWe26dFN64vZZqX+hfbumkj7c
ECHfStPVzj7kJGvNOneGO6Mm8dIYBxChJfmaDutnv2LcAYMJQIO3FZtNiBhQ7spF
+uo3V8li7LAwAP6Zpwyloh07tod2YOzkFDlxpadh83Gk3s0gom+w9Zq5I/m6S1zq
MiqNTeLJ4/bEcWa41MSD4zW28o6h5NwMcBixkjyJrOLCobUtPlZYTBvUVyoKBnaZ
902UQkF9LW8HUJ2/Q03iYL8KqSt/Z7hBs58=
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:10 2025 by rpki-client