Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/3136302e32352e36382e302f32332d3234203d3e20313532383430.roa
File:                     3136302e32352e36382e302f32332d3234203d3e20313532383430.roa (raw, json)
Hash identifier:          2yB2NRkPzvfPYP+/RpRzGK3GRyg2yoZbbvnWHh1wUVI=
Subject key identifier:   7E:C4:35:7D:FE:B9:92:90:09:6C:0F:40:96:3B:41:BE:0C:B4:D7:5D
Certificate issuer:       /CN=22476F90C7B08131974F5B19834906C325ABEF12
Certificate serial:       4175CD576F1E3997AA5EC6B8D03884E5A4377436
Authority key identifier: 22:47:6F:90:C7:B0:81:31:97:4F:5B:19:83:49:06:C3:25:AB:EF:12
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/22476F90C7B08131974F5B19834906C325ABEF12.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/3136302e32352e36382e302f32332d3234203d3e20313532383430.roa
Signing time:             Thu 24 Jul 2025 08:02:21 +0000
ROA not before:           Thu 24 Jul 2025 07:57:21 +0000
ROA not after:            Thu 23 Jul 2026 08:02:21 +0000
asID:                     152840
IP address blocks:        160.25.68.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/22476F90C7B08131974F5B19834906C325ABEF12.crl
                          rsync://repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/22476F90C7B08131974F5B19834906C325ABEF12.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/22476F90C7B08131974F5B19834906C325ABEF12.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 13:41:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:75:cd:57:6f:1e:39:97:aa:5e:c6:b8:d0:38:84:e5:a4:37:74:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22476F90C7B08131974F5B19834906C325ABEF12
        Validity
            Not Before: Jul 24 07:57:21 2025 GMT
            Not After : Jul 23 08:02:21 2026 GMT
        Subject: CN=7EC4357DFEB99290096C0F40963B41BE0CB4D75D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c4:29:1c:be:4f:b5:5b:cf:36:e6:29:c7:91:
                    6b:a8:22:d9:6a:74:71:cd:75:2f:02:11:f8:b4:75:
                    a7:69:86:33:2c:2a:05:61:04:5a:34:e8:3a:7f:0a:
                    3d:65:be:2e:71:ac:58:e5:e7:3e:65:89:87:44:c9:
                    dd:2b:1c:69:c0:fb:45:17:3b:a0:23:69:df:96:22:
                    d0:81:16:d2:73:73:6c:0e:64:66:6b:cc:80:9d:43:
                    48:20:6e:85:45:e1:5c:8b:df:a0:fc:a0:f6:44:0c:
                    a3:ef:41:f9:85:b7:94:22:49:45:a4:b0:a1:20:99:
                    37:81:1a:60:c4:bf:7d:4a:2f:09:ca:68:76:dd:b9:
                    fa:a9:68:22:08:28:ff:e6:b5:5d:e5:bc:19:f6:f4:
                    c3:0d:13:99:2e:5b:10:62:38:7d:8a:c6:79:4c:54:
                    67:40:f9:70:d8:71:bc:9b:f4:4f:88:32:b1:e2:42:
                    8b:22:ec:aa:fb:d9:7f:bf:d6:2e:0c:1d:e2:ab:32:
                    64:f0:2b:39:01:cd:0a:51:ec:bf:ac:de:1f:a3:44:
                    eb:a2:eb:95:a4:e5:bb:85:3e:78:4c:27:8a:d2:44:
                    a1:bd:e2:00:6a:55:4a:4a:94:f0:84:5b:e4:bb:09:
                    4d:cc:8b:23:79:65:39:42:9b:40:42:b1:d3:d3:7d:
                    79:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C4:35:7D:FE:B9:92:90:09:6C:0F:40:96:3B:41:BE:0C:B4:D7:5D
            X509v3 Authority Key Identifier:
                keyid:22:47:6F:90:C7:B0:81:31:97:4F:5B:19:83:49:06:C3:25:AB:EF:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/22476F90C7B08131974F5B19834906C325ABEF12.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/22476F90C7B08131974F5B19834906C325ABEF12.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b2fbaafc-4db2-4fc4-a1a8-2d8e4c8b2ce0/0/3136302e32352e36382e302f32332d3234203d3e20313532383430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:c8:9d:58:de:d2:84:cf:5f:38:7d:41:09:0a:38:83:a4:08:
         ec:ed:a8:d9:58:5f:65:8e:8a:67:18:05:e8:68:f5:89:04:09:
         d2:09:ea:b0:e9:4f:e2:6c:8e:89:54:7c:7d:cf:27:8a:b6:90:
         d3:40:ab:fe:ac:8f:c9:a7:dc:cb:20:d3:a4:2d:db:3a:14:69:
         84:7d:fc:88:c7:85:2b:b1:55:02:53:66:cf:d2:8b:d6:fc:20:
         14:68:70:ac:5f:05:39:17:53:32:c1:87:0d:1c:74:bf:4a:33:
         75:13:44:ac:36:84:fa:5d:89:65:3d:2c:5c:a2:78:6e:2f:e7:
         fc:ae:90:22:53:6c:1c:74:fc:b0:09:c1:99:50:cf:a1:30:62:
         ed:c9:16:64:4e:88:cf:c0:61:b3:36:9e:fa:f4:ec:fc:f2:df:
         ca:c2:5b:2d:7a:7c:45:a2:ff:0f:68:d8:0a:cf:01:39:c2:ae:
         40:07:04:fb:0a:78:c1:f4:13:58:ca:d6:28:85:16:e3:3d:48:
         7f:64:76:e7:9c:5e:4d:90:4c:31:d7:44:a3:36:21:68:cf:71:
         69:02:73:5e:0b:7c:8b:da:59:e6:2a:42:f8:e8:53:2d:2a:63:
         99:e1:8a:a7:35:3d:06:87:72:b3:28:24:2a:24:de:95:b7:60:
         ea:44:58:1f
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUQXXNV28eOZeqXsa40DiE5aQ3dDYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI0NzZGOTBDN0IwODEzMTk3NEY1QjE5ODM0OTA2QzMy
NUFCRUYxMjAeFw0yNTA3MjQwNzU3MjFaFw0yNjA3MjMwODAyMjFaMDMxMTAvBgNV
BAMTKDdFQzQzNTdERkVCOTkyOTAwOTZDMEY0MDk2M0I0MUJFMENCNEQ3NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsxCkcvk+1W8825inHkWuoItlq
dHHNdS8CEfi0dadphjMsKgVhBFo06Dp/Cj1lvi5xrFjl5z5liYdEyd0rHGnA+0UX
O6Ajad+WItCBFtJzc2wOZGZrzICdQ0ggboVF4VyL36D8oPZEDKPvQfmFt5QiSUWk
sKEgmTeBGmDEv31KLwnKaHbdufqpaCIIKP/mtV3lvBn29MMNE5kuWxBiOH2KxnlM
VGdA+XDYcbyb9E+IMrHiQosi7Kr72X+/1i4MHeKrMmTwKzkBzQpR7L+s3h+jROui
65Wk5buFPnhMJ4rSRKG94gBqVUpKlPCEW+S7CU3MiyN5ZTlCm0BCsdPTfXnlAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUfsQ1ff65kpAJbA9AljtBvgy0110wHwYDVR0j
BBgwFoAUIkdvkMewgTGXT1sZg0kGwyWr7xIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
MmZiYWFmYy00ZGIyLTRmYzQtYTFhOC0yZDhlNGM4YjJjZTAvMC8yMjQ3NkY5MEM3
QjA4MTMxOTc0RjVCMTk4MzQ5MDZDMzI1QUJFRjEyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzEvMjI0NzZGOTBDN0IwODEzMTk3NEY1QjE5ODM0OTA2QzMyNUFC
RUYxMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2IyZmJhYWZjLTRkYjItNGZjNC1h
MWE4LTJkOGU0YzhiMmNlMC8wLzMxMzYzMDJlMzIzNTJlMzYzODJlMzAyZjMyMzMy
ZDMyMzQyMDNkM2UyMDMxMzUzMjM4MzQzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAaAZRDANBgkqhkiG
9w0BAQsFAAOCAQEAAcidWN7ShM9fOH1BCQo4g6QI7O2o2VhfZY6KZxgF6Gj1iQQJ
0gnqsOlP4myOiVR8fc8niraQ00Cr/qyPyafcyyDTpC3bOhRphH38iMeFK7FVAlNm
z9KL1vwgFGhwrF8FORdTMsGHDRx0v0ozdRNErDaE+l2JZT0sXKJ4bi/n/K6QIlNs
HHT8sAnBmVDPoTBi7ckWZE6Iz8Bhszae+vTs/PLfysJbLXp8RaL/D2jYCs8BOcKu
QAcE+wp4wfQTWMrWKIUW4z1If2R255xeTZBMMddEozYhaM9xaQJzXgt8i9pZ5ipC
+OhTLSpjmeGKpzU9BodysygkKiTelbdg6kRYHw==
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:42:00 2025 by rpki-client