Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39372e302f32342d3234203d3e20313430343630.roa
File:                     3130332e3135332e39372e302f32342d3234203d3e20313430343630.roa (raw, json)
Hash identifier:          2CDFzM/b08FBAmMsE5mkOznd4mOppWCjC4ZNYfj8Grs=
Subject key identifier:   DE:EB:8E:4B:43:9E:FC:C6:02:14:C6:93:71:AB:BC:03:47:A8:9A:D9
Certificate issuer:       /CN=8D956CF1DF56850C9CF6173DF90141A9C6A46868
Certificate serial:       3B6CC827A9460F8A0A1FE86ED467CFC6F94D8812
Authority key identifier: 8D:95:6C:F1:DF:56:85:0C:9C:F6:17:3D:F9:01:41:A9:C6:A4:68:68
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39372e302f32342d3234203d3e20313430343630.roa
Signing time:             Wed 30 Jul 2025 02:00:01 +0000
ROA not before:           Wed 30 Jul 2025 01:55:01 +0000
ROA not after:            Wed 29 Jul 2026 02:00:01 +0000
asID:                     140460
IP address blocks:        103.153.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.crl
                          rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 21:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:6c:c8:27:a9:46:0f:8a:0a:1f:e8:6e:d4:67:cf:c6:f9:4d:88:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8D956CF1DF56850C9CF6173DF90141A9C6A46868
        Validity
            Not Before: Jul 30 01:55:01 2025 GMT
            Not After : Jul 29 02:00:01 2026 GMT
        Subject: CN=DEEB8E4B439EFCC60214C69371ABBC0347A89AD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b3:43:13:e0:d1:50:6e:cc:3e:cb:d9:0e:bd:
                    24:42:c8:f9:3b:5c:12:17:ca:c3:70:19:78:a7:c0:
                    9e:cd:8f:5f:61:8a:5f:4b:ec:91:5e:e4:5b:c1:15:
                    0c:42:8d:e7:42:65:7a:47:b0:96:db:8f:cc:09:09:
                    41:14:67:76:27:6b:2c:38:1b:de:73:3f:48:a7:f0:
                    ef:43:b7:90:62:6c:51:9f:83:74:91:fc:0c:9e:f9:
                    19:4c:d5:e3:b3:e8:c6:79:fd:92:73:cb:28:ec:b1:
                    1e:2c:1b:4c:de:9a:a7:dd:f8:6a:50:50:99:eb:5a:
                    e9:96:2c:fb:43:e8:a1:2c:42:97:83:04:be:c7:d7:
                    29:86:7f:9f:53:a3:5e:5e:e0:ca:f2:a9:93:15:3a:
                    99:ca:71:c3:b8:c3:9a:7d:fb:4c:b8:cd:d9:38:64:
                    27:1c:ce:e1:85:ef:1a:84:04:f0:73:8d:74:e3:8a:
                    28:25:4e:e6:e4:64:97:9d:d9:0e:f4:00:9e:64:ad:
                    f4:57:78:1d:59:f4:a0:e2:3d:92:30:75:62:8b:d4:
                    b1:7f:94:c5:fa:a7:62:01:03:b3:2c:f9:84:ca:74:
                    68:b8:a3:b9:ac:b4:38:a0:42:a5:93:69:9b:2f:b6:
                    e2:89:80:90:ec:b0:74:84:a8:05:58:28:c5:bd:2a:
                    64:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EB:8E:4B:43:9E:FC:C6:02:14:C6:93:71:AB:BC:03:47:A8:9A:D9
            X509v3 Authority Key Identifier:
                keyid:8D:95:6C:F1:DF:56:85:0C:9C:F6:17:3D:F9:01:41:A9:C6:A4:68:68

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/8D956CF1DF56850C9CF6173DF90141A9C6A46868.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/8D956CF1DF56850C9CF6173DF90141A9C6A46868.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/696a74df-d907-4aaf-a836-43e4e1968525/0/3130332e3135332e39372e302f32342d3234203d3e20313430343630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ac:55:d6:79:36:e9:a2:5b:5f:f8:77:59:5b:be:98:52:b5:
         48:0b:5d:25:03:21:5f:5d:8f:90:b0:c4:34:af:a1:ad:c7:bb:
         65:f4:64:a2:02:73:e1:01:97:a5:6e:e7:23:54:61:94:20:7a:
         a8:be:da:85:88:7f:8c:68:52:b5:8b:90:96:21:25:e1:36:07:
         83:b5:3f:ad:a7:83:dd:3d:d7:82:20:aa:67:54:22:72:c9:8d:
         b1:8c:7f:8e:28:3e:47:ac:5b:73:b3:d7:32:57:6d:97:c2:04:
         80:ab:8a:e0:dd:86:8d:4c:75:d9:a8:52:57:f7:f2:fd:c1:dd:
         90:88:91:80:5e:de:4c:8a:92:f9:0b:ce:91:29:b7:64:52:55:
         17:fa:eb:60:f7:94:ac:b2:7a:ce:e8:c6:9e:97:6f:78:fa:e2:
         c7:38:cd:25:a9:31:5a:ec:e4:f8:b5:af:62:09:84:82:b6:31:
         6a:ee:a2:48:42:a6:3c:83:46:03:2f:bd:59:05:a1:c8:21:21:
         b1:b1:e1:fe:2c:ad:6a:8c:57:37:12:66:99:3b:20:4e:2c:a9:
         6c:c8:3e:22:90:97:0a:57:f4:3c:78:4c:d8:c4:4b:cc:83:6c:
         a6:54:37:25:75:08:b0:dc:ec:93:a8:93:1d:d7:d8:8e:3d:de:
         6f:ca:3d:89
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUO2zIJ6lGD4oKH+hu1GfPxvlNiBIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEQ5NTZDRjFERjU2ODUwQzlDRjYxNzNERjkwMTQxQTlD
NkE0Njg2ODAeFw0yNTA3MzAwMTU1MDFaFw0yNjA3MjkwMjAwMDFaMDMxMTAvBgNV
BAMTKERFRUI4RTRCNDM5RUZDQzYwMjE0QzY5MzcxQUJCQzAzNDdBODlBRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDms0MT4NFQbsw+y9kOvSRCyPk7
XBIXysNwGXinwJ7Nj19hil9L7JFe5FvBFQxCjedCZXpHsJbbj8wJCUEUZ3Ynayw4
G95zP0in8O9Dt5BibFGfg3SR/Aye+RlM1eOz6MZ5/ZJzyyjssR4sG0zemqfd+GpQ
UJnrWumWLPtD6KEsQpeDBL7H1ymGf59To15e4MryqZMVOpnKccO4w5p9+0y4zdk4
ZCcczuGF7xqEBPBzjXTjiiglTubkZJed2Q70AJ5krfRXeB1Z9KDiPZIwdWKL1LF/
lMX6p2IBA7Ms+YTKdGi4o7mstDigQqWTaZsvtuKJgJDssHSEqAVYKMW9KmQ9AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU3uuOS0Oe/MYCFMaTcau8A0eomtkwHwYDVR0j
BBgwFoAUjZVs8d9WhQyc9hc9+QFBqcakaGgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
OTZhNzRkZi1kOTA3LTRhYWYtYTgzNi00M2U0ZTE5Njg1MjUvMC84RDk1NkNGMURG
NTY4NTBDOUNGNjE3M0RGOTAxNDFBOUM2QTQ2ODY4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOEQ5NTZDRjFERjU2ODUwQzlDRjYxNzNERjkwMTQxQTlDNkE0
Njg2OC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY5NmE3NGRmLWQ5MDctNGFhZi1h
ODM2LTQzZTRlMTk2ODUyNS8wLzMxMzAzMzJlMzEzNTMzMmUzOTM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNDMwMzQzNjMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5lhMA0GCSqG
SIb3DQEBCwUAA4IBAQCErFXWeTbpoltf+HdZW76YUrVIC10lAyFfXY+QsMQ0r6Gt
x7tl9GSiAnPhAZelbucjVGGUIHqovtqFiH+MaFK1i5CWISXhNgeDtT+tp4PdPdeC
IKpnVCJyyY2xjH+OKD5HrFtzs9cyV22XwgSAq4rg3YaNTHXZqFJX9/L9wd2QiJGA
Xt5MipL5C86RKbdkUlUX+utg95SssnrO6Mael294+uLHOM0lqTFa7OT4ta9iCYSC
tjFq7qJIQqY8g0YDL71ZBaHIISGxseH+LK1qjFc3EmaZOyBOLKlsyD4ikJcKV/Q8
eEzYxEvMg2ymVDcldQiw3OyTqJMd19iOPd5vyj2J
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:11:16 2025 by rpki-client