Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3130332e3136382e3138382e302f32332d3234203d3e203137393935.roa
File:                     3130332e3136382e3138382e302f32332d3234203d3e203137393935.roa (raw, json)
Hash identifier:          X8fSVyl/ekaFc0qdxtX72tyLH/RXxnJtVkW2HtewxfI=
Subject key identifier:   21:7F:EC:3C:E4:28:75:1B:0F:B7:2D:4E:AE:25:EE:22:AD:E8:DC:97
Certificate issuer:       /CN=3053FFA7A0123B032FC9458281063C89F007FA98
Certificate serial:       0F17DB721D61C2522F627D957A0C720AF0CD4022
Authority key identifier: 30:53:FF:A7:A0:12:3B:03:2F:C9:45:82:81:06:3C:89:F0:07:FA:98
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3053FFA7A0123B032FC9458281063C89F007FA98.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3130332e3136382e3138382e302f32332d3234203d3e203137393935.roa
Signing time:             Fri 04 Jul 2025 09:00:00 +0000
ROA not before:           Fri 04 Jul 2025 08:55:00 +0000
ROA not after:            Fri 03 Jul 2026 09:00:00 +0000
asID:                     17995
IP address blocks:        103.168.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3053FFA7A0123B032FC9458281063C89F007FA98.crl
                          rsync://repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3053FFA7A0123B032FC9458281063C89F007FA98.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3053FFA7A0123B032FC9458281063C89F007FA98.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 08 Aug 2025 20:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:17:db:72:1d:61:c2:52:2f:62:7d:95:7a:0c:72:0a:f0:cd:40:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3053FFA7A0123B032FC9458281063C89F007FA98
        Validity
            Not Before: Jul  4 08:55:00 2025 GMT
            Not After : Jul  3 09:00:00 2026 GMT
        Subject: CN=217FEC3CE428751B0FB72D4EAE25EE22ADE8DC97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:78:5f:0c:3d:bd:be:03:ee:25:25:bf:27:4b:
                    43:76:ca:8c:7a:70:0d:6d:b6:3b:a4:67:55:a7:87:
                    f3:e8:ad:49:6c:fd:4b:ab:55:76:18:20:d5:88:0d:
                    a8:42:19:15:f2:79:7f:e9:f4:b9:26:f5:04:e8:21:
                    09:14:6f:8b:dc:c6:99:52:d8:1d:30:1a:4b:71:78:
                    16:f5:46:8d:41:ba:a9:f5:87:99:f3:c0:eb:ff:23:
                    ed:f3:82:ea:63:06:08:29:df:dc:3f:cc:39:51:2a:
                    ae:45:3b:a4:87:7b:31:7b:37:5a:40:19:b4:8b:26:
                    e9:f3:78:9f:a1:40:16:45:d2:dc:d8:29:1f:e8:04:
                    25:33:24:f3:38:cd:ca:ff:bd:3e:1e:81:68:88:8e:
                    b7:53:2c:d7:96:c3:32:67:74:58:2c:76:6c:49:1c:
                    f5:88:92:52:36:15:c7:df:ff:1e:66:ca:72:35:f9:
                    1f:34:35:24:fd:0b:fc:d5:37:b8:46:50:0f:e8:9e:
                    b5:cc:e9:1a:ae:8b:45:77:a9:08:83:b7:cc:62:7f:
                    79:91:85:33:3c:e3:8b:3d:c8:2f:68:ea:29:4d:95:
                    0a:4e:70:c6:28:42:05:d6:02:67:b1:3e:56:fe:e6:
                    39:84:fc:b9:86:3d:5e:b3:ca:c1:18:42:41:0b:96:
                    27:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7F:EC:3C:E4:28:75:1B:0F:B7:2D:4E:AE:25:EE:22:AD:E8:DC:97
            X509v3 Authority Key Identifier:
                keyid:30:53:FF:A7:A0:12:3B:03:2F:C9:45:82:81:06:3C:89:F0:07:FA:98

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3053FFA7A0123B032FC9458281063C89F007FA98.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3053FFA7A0123B032FC9458281063C89F007FA98.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/76db4cb8-faea-4530-b29e-0b7a4affc316/0/3130332e3136382e3138382e302f32332d3234203d3e203137393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.168.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:4d:7f:59:b1:9b:ba:aa:bb:bc:35:7d:58:4a:b2:96:58:21:
         73:71:14:03:7b:93:12:2a:74:bc:a2:59:d0:66:44:b1:de:52:
         ec:86:53:02:5f:c1:b3:be:fb:a2:9b:00:55:05:cb:c9:a9:0f:
         8d:17:28:a0:d0:07:30:f3:c0:13:c1:ab:ab:4a:16:b0:4f:c5:
         18:80:9a:b9:56:93:71:6f:81:4b:d9:35:b3:a1:82:cb:f7:68:
         7a:7e:5e:82:d7:9a:3f:cc:34:78:60:6b:fe:07:2b:50:41:b8:
         aa:4a:1e:f5:0d:63:da:12:e3:f2:af:6b:93:34:50:5e:35:27:
         9e:8a:fb:5e:91:1a:52:03:ab:ca:83:35:5a:5b:04:c3:0d:68:
         74:31:02:6c:9c:da:1b:18:c8:55:a8:86:10:36:83:49:e0:90:
         db:f3:d9:1f:59:77:fe:ff:76:c9:92:4b:03:6c:b8:af:fa:f1:
         19:73:b7:bc:96:ed:8a:d3:46:8d:40:73:d6:ad:d6:7b:f3:83:
         de:7f:a9:ef:de:7f:99:69:68:89:8b:97:fd:47:a8:91:70:57:
         69:cb:aa:36:41:c8:6a:b6:c5:1b:90:90:4c:51:d9:06:3f:9c:
         c6:60:9d:de:ea:94:69:dc:10:1e:2d:dd:3c:84:ff:30:4d:29:
         0e:e5:4e:2c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUDxfbch1hwlIvYn2VegxyCvDNQCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzA1M0ZGQTdBMDEyM0IwMzJGQzk0NTgyODEwNjNDODlG
MDA3RkE5ODAeFw0yNTA3MDQwODU1MDBaFw0yNjA3MDMwOTAwMDBaMDMxMTAvBgNV
BAMTKDIxN0ZFQzNDRTQyODc1MUIwRkI3MkQ0RUFFMjVFRTIyQURFOERDOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJeF8MPb2+A+4lJb8nS0N2yox6
cA1ttjukZ1Wnh/PorUls/UurVXYYINWIDahCGRXyeX/p9Lkm9QToIQkUb4vcxplS
2B0wGktxeBb1Ro1Buqn1h5nzwOv/I+3zgupjBggp39w/zDlRKq5FO6SHezF7N1pA
GbSLJunzeJ+hQBZF0tzYKR/oBCUzJPM4zcr/vT4egWiIjrdTLNeWwzJndFgsdmxJ
HPWIklI2Fcff/x5mynI1+R80NST9C/zVN7hGUA/onrXM6Rqui0V3qQiDt8xif3mR
hTM844s9yC9o6ilNlQpOcMYoQgXWAmexPlb+5jmE/LmGPV6zysEYQkELlicbAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUIX/sPOQodRsPty1OriXuIq3o3JcwHwYDVR0j
BBgwFoAUMFP/p6ASOwMvyUWCgQY8ifAH+pgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
NmRiNGNiOC1mYWVhLTQ1MzAtYjI5ZS0wYjdhNGFmZmMzMTYvMC8zMDUzRkZBN0Ew
MTIzQjAzMkZDOTQ1ODI4MTA2M0M4OUYwMDdGQTk4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzA1M0ZGQTdBMDEyM0IwMzJGQzk0NTgyODEwNjNDODlGMDA3
RkE5OC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzc2ZGI0Y2I4LWZhZWEtNDUzMC1i
MjllLTBiN2E0YWZmYzMxNi8wLzMxMzAzMzJlMzEzNjM4MmUzMTM4MzgyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTM3MzkzOTM1LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ6i8MA0GCSqG
SIb3DQEBCwUAA4IBAQCeTX9ZsZu6qru8NX1YSrKWWCFzcRQDe5MSKnS8olnQZkSx
3lLshlMCX8GzvvuimwBVBcvJqQ+NFyig0Acw88ATwaurShawT8UYgJq5VpNxb4FL
2TWzoYLL92h6fl6C15o/zDR4YGv+BytQQbiqSh71DWPaEuPyr2uTNFBeNSeeivte
kRpSA6vKgzVaWwTDDWh0MQJsnNobGMhVqIYQNoNJ4JDb89kfWXf+/3bJkksDbLiv
+vEZc7e8lu2K00aNQHPWrdZ784Pef6nv3n+ZaWiJi5f9R6iRcFdpy6o2QchqtsUb
kJBMUdkGP5zGYJ3e6pRp3BAeLd08hP8wTSkO5U4s
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:11:49 2025 by rpki-client