Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39362e302f32342d3234203d3e20313430343630.roa
File:                     3130332e3135332e39362e302f32342d3234203d3e20313430343630.roa (raw, json)
Hash identifier:          AlVmqpfL/WFpHYoBKjxWx/LAHevtz/DHHIwmIJ22kko=
Subject key identifier:   33:60:63:A1:E2:A5:F7:41:6D:ED:8F:FE:6B:F2:8C:59:AF:BB:A0:B0
Certificate issuer:       /CN=8D956CF1DF56850C9CF6173DF90141A9C6A46868
Certificate serial:       6F5DCB3FFB50E5CEFAED6BF15901AA39F6A6609F
Authority key identifier: 8D:95:6C:F1:DF:56:85:0C:9C:F6:17:3D:F9:01:41:A9:C6:A4:68:68
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39362e302f32342d3234203d3e20313430343630.roa
Signing time:             Wed 30 Jul 2025 02:00:01 +0000
ROA not before:           Wed 30 Jul 2025 01:55:01 +0000
ROA not after:            Wed 29 Jul 2026 02:00:01 +0000
asID:                     140460
IP address blocks:        103.153.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.crl
                          rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 21:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:5d:cb:3f:fb:50:e5:ce:fa:ed:6b:f1:59:01:aa:39:f6:a6:60:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8D956CF1DF56850C9CF6173DF90141A9C6A46868
        Validity
            Not Before: Jul 30 01:55:01 2025 GMT
            Not After : Jul 29 02:00:01 2026 GMT
        Subject: CN=336063A1E2A5F7416DED8FFE6BF28C59AFBBA0B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8a:f3:e2:1f:34:ff:b6:98:34:18:c4:cb:8d:
                    bb:69:2d:95:44:88:22:2f:3b:3e:8d:f0:24:18:9e:
                    70:ed:10:2b:72:d7:fa:fe:55:e3:4e:7c:a2:a5:df:
                    a4:b5:25:75:e1:88:e0:01:c4:b0:24:fe:a1:0d:bc:
                    0a:9f:26:d3:db:52:b7:91:1c:51:46:fa:5c:66:6e:
                    89:bf:cb:bd:a4:36:e8:61:a2:2b:99:b7:9c:70:7f:
                    a5:39:2c:f4:b7:21:89:2a:e5:d7:6f:2b:c1:7f:a3:
                    89:f6:68:84:2a:7a:d8:4e:f2:cf:d4:0f:84:9c:45:
                    1b:a3:0b:c4:e2:e8:37:70:e1:77:8f:f4:ec:d7:9b:
                    dd:b4:18:4d:0e:4d:18:c5:d6:d4:f7:de:86:33:cd:
                    9f:81:61:18:d0:64:74:91:92:05:36:a0:d3:69:73:
                    3f:6e:be:ff:46:cf:01:87:c7:4f:11:c0:63:b7:0e:
                    bd:ae:60:07:fe:1e:a6:86:f2:5c:48:99:4a:b9:b2:
                    0b:1d:e7:e0:aa:9a:b9:17:4b:1c:99:be:ff:8d:55:
                    5d:28:02:27:2e:a4:76:2a:a4:8a:60:12:84:4f:eb:
                    3a:27:1a:e8:8b:f4:50:b3:02:73:cb:99:35:37:5f:
                    0b:2a:58:cd:ca:09:f6:16:95:e6:4a:d9:9a:4a:8d:
                    56:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:60:63:A1:E2:A5:F7:41:6D:ED:8F:FE:6B:F2:8C:59:AF:BB:A0:B0
            X509v3 Authority Key Identifier:
                keyid:8D:95:6C:F1:DF:56:85:0C:9C:F6:17:3D:F9:01:41:A9:C6:A4:68:68

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39362e302f32342d3234203d3e20313430343630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f5:ef:30:8a:01:b5:cb:74:b3:98:15:10:2d:67:5a:bf:b6:
         bc:e4:e6:f2:3a:6f:ea:f5:ec:e6:1f:23:21:cb:d6:8d:fc:89:
         7f:2f:9e:c7:b6:65:89:5d:ac:41:48:0b:2c:c2:bb:24:be:21:
         be:99:3a:c6:04:29:e3:eb:c3:42:e4:3e:f6:f8:d9:c5:ea:46:
         1c:e6:b3:99:6a:ae:4d:9f:20:4c:ed:50:9a:6b:98:4e:f2:af:
         5e:fd:98:41:8c:51:a2:af:cb:69:1f:59:5b:22:a8:f9:f7:14:
         02:3a:e2:25:7b:49:11:6c:42:db:97:00:ec:05:8f:c7:7d:bc:
         14:4e:df:3e:e8:8f:79:37:63:48:82:0b:9a:20:2b:58:65:df:
         e9:8a:fa:e9:25:05:35:b2:7d:83:5e:e3:df:ae:cd:7e:d3:9d:
         b3:cc:99:fd:8f:34:24:38:10:ef:20:35:b0:fc:bd:d8:71:dc:
         85:8d:5f:5b:c4:f1:11:bf:02:a6:d7:e3:d7:cd:62:9a:c4:a3:
         f9:20:6b:56:45:e2:fd:f4:b6:3a:dd:fa:66:78:5a:1a:c3:59:
         f9:f7:ca:0d:db:ae:eb:7e:07:57:79:59:e7:29:d5:02:dd:4b:
         2c:d5:f2:6a:a4:14:f8:44:60:c7:6e:f6:f6:81:2b:fe:cf:5a:
         b3:6b:9d:11
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUb13LP/tQ5c767WvxWQGqOfamYJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEQ5NTZDRjFERjU2ODUwQzlDRjYxNzNERjkwMTQxQTlD
NkE0Njg2ODAeFw0yNTA3MzAwMTU1MDFaFw0yNjA3MjkwMjAwMDFaMDMxMTAvBgNV
BAMTKDMzNjA2M0ExRTJBNUY3NDE2REVEOEZGRTZCRjI4QzU5QUZCQkEwQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjivPiHzT/tpg0GMTLjbtpLZVE
iCIvOz6N8CQYnnDtECty1/r+VeNOfKKl36S1JXXhiOABxLAk/qENvAqfJtPbUreR
HFFG+lxmbom/y72kNuhhoiuZt5xwf6U5LPS3IYkq5ddvK8F/o4n2aIQqethO8s/U
D4ScRRujC8Ti6Ddw4XeP9OzXm920GE0OTRjF1tT33oYzzZ+BYRjQZHSRkgU2oNNp
cz9uvv9GzwGHx08RwGO3Dr2uYAf+HqaG8lxImUq5sgsd5+CqmrkXSxyZvv+NVV0o
AicupHYqpIpgEoRP6zonGuiL9FCzAnPLmTU3XwsqWM3KCfYWleZK2ZpKjVZVAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUM2BjoeKl90Ft7Y/+a/KMWa+7oLAwHwYDVR0j
BBgwFoAUjZVs8d9WhQyc9hc9+QFBqcakaGgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
OTZhNzRkZi1kOTA3LTRhYWYtYTgzNi00M2U0ZTE5Njg1MjUvMC84RDk1NkNGMURG
NTY4NTBDOUNGNjE3M0RGOTAxNDFBOUM2QTQ2ODY4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEQ5NTZDRjFERjU2ODUwQzlDRjYxNzNERjkwMTQxQTlDNkE0
Njg2OC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY5NmE3NGRmLWQ5MDctNGFhZi1h
ODM2LTQzZTRlMTk2ODUyNS8wLzMxMzAzMzJlMzEzNTMzMmUzOTM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNDMwMzQzNjMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5lgMA0GCSqG
SIb3DQEBCwUAA4IBAQCR9e8wigG1y3SzmBUQLWdav7a85ObyOm/q9ezmHyMhy9aN
/Il/L57HtmWJXaxBSAsswrskviG+mTrGBCnj68NC5D72+NnF6kYc5rOZaq5NnyBM
7VCaa5hO8q9e/ZhBjFGir8tpH1lbIqj59xQCOuIle0kRbELblwDsBY/HfbwUTt8+
6I95N2NIgguaICtYZd/pivrpJQU1sn2DXuPfrs1+052zzJn9jzQkOBDvIDWw/L3Y
cdyFjV9bxPERvwKm1+PXzWKaxKP5IGtWReL99LY63fpmeFoaw1n598oN267rfgdX
eVnnKdUC3Uss1fJqpBT4RGDHbvb2gSv+z1qza50R
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:39 2025 by rpki-client