Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/3130332e3235352e3234302e302f32322d3234203d3e203535363636.roa
File:                     3130332e3235352e3234302e302f32322d3234203d3e203535363636.roa (raw, json)
Hash identifier:          oCRdMEaQb+0L+jLmpAQiC99Gb3FvgP0DAlKAkjWxSuo=
Subject key identifier:   31:EC:00:B0:04:3A:5B:98:4C:BB:6F:36:B8:CA:02:11:D1:36:E9:95
Certificate issuer:       /CN=C00163880F235714759920507217F2A7D557C953
Certificate serial:       2AE9DC945C71B40244CAC27A38E1668CB717323D
Authority key identifier: C0:01:63:88:0F:23:57:14:75:99:20:50:72:17:F2:A7:D5:57:C9:53
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C00163880F235714759920507217F2A7D557C953.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/3130332e3235352e3234302e302f32322d3234203d3e203535363636.roa
Signing time:             Wed 23 Jul 2025 12:29:15 +0000
ROA not before:           Wed 23 Jul 2025 12:24:15 +0000
ROA not after:            Wed 22 Jul 2026 12:29:15 +0000
asID:                     55666
IP address blocks:        103.255.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/C00163880F235714759920507217F2A7D557C953.crl
                          rsync://repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/C00163880F235714759920507217F2A7D557C953.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C00163880F235714759920507217F2A7D557C953.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 06:11:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:e9:dc:94:5c:71:b4:02:44:ca:c2:7a:38:e1:66:8c:b7:17:32:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C00163880F235714759920507217F2A7D557C953
        Validity
            Not Before: Jul 23 12:24:15 2025 GMT
            Not After : Jul 22 12:29:15 2026 GMT
        Subject: CN=31EC00B0043A5B984CBB6F36B8CA0211D136E995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:68:45:dd:d8:77:52:b5:63:26:bb:32:8c:94:
                    28:14:24:1b:25:18:51:67:4a:a3:20:0c:ae:e8:dd:
                    4d:fa:0a:00:3d:4c:91:7c:ba:7e:1c:45:7c:45:0a:
                    b5:be:d3:2e:6b:12:2c:4d:92:25:42:15:02:f3:2f:
                    28:b6:d1:f4:23:f4:d7:10:3b:d3:18:b1:a3:bf:59:
                    77:6f:03:f4:64:7f:05:87:cd:0b:d3:77:8d:0a:c9:
                    31:bc:e5:17:d4:79:0f:11:e0:77:8d:a9:ff:b6:84:
                    74:20:37:91:ac:64:e5:01:1f:8f:6b:37:88:9d:91:
                    1d:16:9c:43:90:d5:28:15:04:18:3a:27:c5:c8:a1:
                    ca:f3:a5:f6:18:d1:16:87:f1:32:1d:5c:5c:6d:ac:
                    71:c2:a3:34:f9:d5:bc:b3:5f:59:37:3e:81:df:8a:
                    89:6a:a8:7a:8b:f3:be:5c:c9:d3:26:e6:30:1e:e3:
                    bc:f0:5c:d9:2a:9e:e8:9e:3b:57:24:54:73:0d:20:
                    53:5a:4c:81:d8:e1:f4:d1:77:07:40:1d:3e:43:9e:
                    8f:58:e1:ef:61:fe:fd:1c:32:86:b5:3b:62:65:67:
                    ce:ce:36:4d:4a:4b:e4:93:e5:de:18:21:04:c9:c6:
                    6d:f3:c2:f6:c4:7c:29:e9:55:7d:da:02:85:cf:e7:
                    14:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EC:00:B0:04:3A:5B:98:4C:BB:6F:36:B8:CA:02:11:D1:36:E9:95
            X509v3 Authority Key Identifier:
                keyid:C0:01:63:88:0F:23:57:14:75:99:20:50:72:17:F2:A7:D5:57:C9:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/C00163880F235714759920507217F2A7D557C953.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C00163880F235714759920507217F2A7D557C953.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/aea7a115-b8b8-490b-8320-c9e59a1003dd/0/3130332e3235352e3234302e302f32322d3234203d3e203535363636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.255.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:e5:02:1e:4f:54:06:0a:5a:49:6f:dc:7a:cd:8d:86:f5:1a:
         54:25:5b:fe:8a:a7:9e:45:6c:4c:64:33:0d:ab:19:bd:ea:78:
         58:ad:0d:8b:6e:39:49:49:d7:08:56:25:a0:fb:59:61:71:76:
         6e:77:de:05:78:40:cc:90:aa:a2:df:18:15:b6:d8:ca:4d:74:
         6f:aa:68:aa:dc:c1:4b:98:6e:2c:e5:95:1b:38:c8:17:77:b4:
         55:78:bf:33:15:da:29:cd:a4:92:ff:0f:9f:ae:90:9c:bf:a6:
         ee:75:48:2a:f0:df:b1:c5:b6:ab:54:0a:be:74:7c:54:50:5f:
         cc:86:56:a4:28:c7:95:7c:44:13:e9:bb:e8:3b:f3:0d:6d:65:
         d5:9b:76:19:d9:a5:f6:da:3f:c4:db:ee:e2:7f:c6:ef:f5:30:
         22:ce:38:fe:03:f2:29:5a:ed:d0:25:69:be:34:2b:06:1d:bd:
         af:60:49:b9:c4:08:60:c4:5e:fc:77:1d:84:ee:f1:c5:ed:6c:
         97:7f:22:27:ea:41:bc:e1:fe:3b:13:d7:2d:a1:b4:d7:82:78:
         a7:6a:f1:c2:f9:4f:4e:94:45:1f:7f:83:c5:50:6a:8a:fe:13:
         8e:a1:7a:e0:3a:cd:eb:93:27:03:8f:60:e4:d6:6e:82:03:b9:
         45:49:b0:e3
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUKunclFxxtAJEysJ6OOFmjLcXMj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzAwMTYzODgwRjIzNTcxNDc1OTkyMDUwNzIxN0YyQTdE
NTU3Qzk1MzAeFw0yNTA3MjMxMjI0MTVaFw0yNjA3MjIxMjI5MTVaMDMxMTAvBgNV
BAMTKDMxRUMwMEIwMDQzQTVCOTg0Q0JCNkYzNkI4Q0EwMjExRDEzNkU5OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTaEXd2HdStWMmuzKMlCgUJBsl
GFFnSqMgDK7o3U36CgA9TJF8un4cRXxFCrW+0y5rEixNkiVCFQLzLyi20fQj9NcQ
O9MYsaO/WXdvA/RkfwWHzQvTd40KyTG85RfUeQ8R4HeNqf+2hHQgN5GsZOUBH49r
N4idkR0WnEOQ1SgVBBg6J8XIocrzpfYY0RaH8TIdXFxtrHHCozT51byzX1k3PoHf
iolqqHqL875cydMm5jAe47zwXNkqnuieO1ckVHMNIFNaTIHY4fTRdwdAHT5Dno9Y
4e9h/v0cMoa1O2JlZ87ONk1KS+ST5d4YIQTJxm3zwvbEfCnpVX3aAoXP5xRNAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUMewAsAQ6W5hMu282uMoCEdE26ZUwHwYDVR0j
BBgwFoAUwAFjiA8jVxR1mSBQchfyp9VXyVMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
ZWE3YTExNS1iOGI4LTQ5MGItODMyMC1jOWU1OWExMDAzZGQvMC9DMDAxNjM4ODBG
MjM1NzE0NzU5OTIwNTA3MjE3RjJBN0Q1NTdDOTUzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzAwMTYzODgwRjIzNTcxNDc1OTkyMDUwNzIxN0YyQTdENTU3
Qzk1My5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FlYTdhMTE1LWI4YjgtNDkwYi04
MzIwLWM5ZTU5YTEwMDNkZC8wLzMxMzAzMzJlMzIzNTM1MmUzMjM0MzAyZTMwMmYz
MjMyMmQzMjM0MjAzZDNlMjAzNTM1MzYzNjM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZ//wMA0GCSqG
SIb3DQEBCwUAA4IBAQBZ5QIeT1QGClpJb9x6zY2G9RpUJVv+iqeeRWxMZDMNqxm9
6nhYrQ2LbjlJSdcIViWg+1lhcXZud94FeEDMkKqi3xgVttjKTXRvqmiq3MFLmG4s
5ZUbOMgXd7RVeL8zFdopzaSS/w+frpCcv6budUgq8N+xxbarVAq+dHxUUF/Mhlak
KMeVfEQT6bvoO/MNbWXVm3YZ2aX22j/E2+7if8bv9TAizjj+A/IpWu3QJWm+NCsG
Hb2vYEm5xAhgxF78dx2E7vHF7WyXfyIn6kG84f47E9ctobTXgninavHC+U9OlEUf
f4PFUGqK/hOOoXrgOs3rkycDj2Dk1m6CA7lFSbDj
-----END CERTIFICATE-----
Generated at Fri Aug 8 13:01:56 2025 by rpki-client