Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/3130332e3136342e3133362e302f32332d3234203d3e203137393935.roa
File:                     3130332e3136342e3133362e302f32332d3234203d3e203137393935.roa (raw, json)
Hash identifier:          pfyWIoLnfhreu/uz7HLcqt4VfjgUWRecSpJkmtZIEHI=
Subject key identifier:   02:B9:AA:1C:1C:A1:C4:4A:53:BA:94:94:84:E9:6D:CC:BF:D2:CB:84
Certificate issuer:       /CN=7FD3F92F13241B80062CC31B0EC8A3D129871D90
Certificate serial:       242126C47118BBB2D35448B2C449CB099C93CF61
Authority key identifier: 7F:D3:F9:2F:13:24:1B:80:06:2C:C3:1B:0E:C8:A3:D1:29:87:1D:90
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7FD3F92F13241B80062CC31B0EC8A3D129871D90.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/3130332e3136342e3133362e302f32332d3234203d3e203137393935.roa
Signing time:             Fri 04 Jul 2025 09:03:47 +0000
ROA not before:           Fri 04 Jul 2025 08:58:47 +0000
ROA not after:            Fri 03 Jul 2026 09:03:47 +0000
asID:                     17995
IP address blocks:        103.164.136.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/7FD3F92F13241B80062CC31B0EC8A3D129871D90.crl
                          rsync://repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/7FD3F92F13241B80062CC31B0EC8A3D129871D90.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7FD3F92F13241B80062CC31B0EC8A3D129871D90.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 16:04:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:21:26:c4:71:18:bb:b2:d3:54:48:b2:c4:49:cb:09:9c:93:cf:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7FD3F92F13241B80062CC31B0EC8A3D129871D90
        Validity
            Not Before: Jul  4 08:58:47 2025 GMT
            Not After : Jul  3 09:03:47 2026 GMT
        Subject: CN=02B9AA1C1CA1C44A53BA949484E96DCCBFD2CB84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0a:20:f6:1a:22:df:67:70:33:3c:61:f9:32:
                    90:0e:f8:78:0e:ba:6d:40:d7:a9:53:19:d6:e4:ca:
                    0d:64:06:f8:eb:0c:62:66:c0:fe:b1:7e:c0:05:02:
                    42:2f:a5:2d:13:11:7b:fd:75:91:b0:65:73:7c:21:
                    b1:45:65:8c:84:72:95:bd:00:ef:a5:ff:a9:92:5a:
                    8d:fb:bd:c7:52:e5:43:a3:59:cc:54:bc:3b:9c:d3:
                    cd:8f:79:82:ec:28:45:c2:30:66:59:57:f6:df:4f:
                    20:76:81:aa:5b:e8:3d:17:cc:13:80:70:4d:e9:ed:
                    ea:7e:9c:a6:aa:46:b9:77:ca:02:c7:3b:86:97:42:
                    fa:dc:30:03:cd:2d:db:d8:30:bd:5b:14:bd:8a:bc:
                    78:12:6e:1d:b0:85:14:fc:c1:22:d0:fe:1c:d5:7d:
                    c0:0f:b0:85:a5:32:40:87:ca:eb:0c:52:86:8c:0e:
                    df:05:1f:72:31:a9:db:f7:85:d3:72:6f:5c:be:27:
                    90:06:91:a1:43:b5:37:93:7f:8a:27:6e:4e:12:db:
                    58:86:84:ce:97:9f:33:9c:c1:fd:80:45:8d:b0:a9:
                    32:38:80:4e:b5:af:ad:2a:af:8d:f8:f7:90:e8:60:
                    c6:9f:64:1e:64:07:a5:86:44:ce:48:ca:b7:4c:cf:
                    70:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:B9:AA:1C:1C:A1:C4:4A:53:BA:94:94:84:E9:6D:CC:BF:D2:CB:84
            X509v3 Authority Key Identifier:
                keyid:7F:D3:F9:2F:13:24:1B:80:06:2C:C3:1B:0E:C8:A3:D1:29:87:1D:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/7FD3F92F13241B80062CC31B0EC8A3D129871D90.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7FD3F92F13241B80062CC31B0EC8A3D129871D90.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d04d6427-3f03-4d21-b8cc-bbfd2a3f8c33/0/3130332e3136342e3133362e302f32332d3234203d3e203137393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.164.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:76:01:ed:c1:fb:69:e8:3e:5e:34:f7:40:3b:30:06:ad:db:
         b1:19:f8:41:71:79:b0:fb:a4:67:0c:ab:c6:08:5c:df:18:98:
         b8:97:7c:4c:41:3a:f1:f7:5b:19:94:f7:3a:47:da:5c:db:54:
         a3:03:2c:94:f6:7b:10:7a:19:29:2d:c8:d5:ac:5e:6d:99:ce:
         5f:9d:b8:d9:42:32:7b:e3:08:15:a7:42:7e:53:e1:93:8e:6b:
         2c:8e:2f:61:95:cc:29:8f:43:e3:4f:34:84:fa:0c:31:24:80:
         ff:eb:be:35:0c:a3:46:b2:9b:62:b2:59:9a:74:97:c5:2b:3f:
         f5:8a:50:b1:bf:7e:c0:87:ea:ce:12:a7:8a:b9:28:37:e2:2c:
         eb:90:f7:82:b8:f0:72:5a:50:fb:7d:ca:72:37:74:1a:a8:52:
         2f:c2:86:d8:c2:1d:3f:fb:97:21:4e:76:c4:f1:f3:bb:22:bd:
         ad:0f:97:eb:35:b5:53:3c:44:eb:a4:40:ce:b3:4e:c3:c4:8a:
         32:e0:17:1b:b0:7e:2a:0b:01:d3:63:66:70:d0:e4:43:6e:74:
         67:97:c5:48:10:ca:6c:75:9b:cb:d2:e7:bc:e9:57:df:18:e6:
         65:3b:af:ec:2d:5d:fa:f2:38:41:61:96:e1:4b:54:3b:c3:1a:
         88:e3:43:5b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUJCEmxHEYu7LTVEiyxEnLCZyTz2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0ZEM0Y5MkYxMzI0MUI4MDA2MkNDMzFCMEVDOEEzRDEy
OTg3MUQ5MDAeFw0yNTA3MDQwODU4NDdaFw0yNjA3MDMwOTAzNDdaMDMxMTAvBgNV
BAMTKDAyQjlBQTFDMUNBMUM0NEE1M0JBOTQ5NDg0RTk2RENDQkZEMkNCODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjCiD2GiLfZ3AzPGH5MpAO+HgO
um1A16lTGdbkyg1kBvjrDGJmwP6xfsAFAkIvpS0TEXv9dZGwZXN8IbFFZYyEcpW9
AO+l/6mSWo37vcdS5UOjWcxUvDuc082PeYLsKEXCMGZZV/bfTyB2gapb6D0XzBOA
cE3p7ep+nKaqRrl3ygLHO4aXQvrcMAPNLdvYML1bFL2KvHgSbh2whRT8wSLQ/hzV
fcAPsIWlMkCHyusMUoaMDt8FH3Ixqdv3hdNyb1y+J5AGkaFDtTeTf4onbk4S21iG
hM6XnzOcwf2ARY2wqTI4gE61r60qr43495DoYMafZB5kB6WGRM5IyrdMz3DZAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUArmqHByhxEpTupSUhOltzL/Sy4QwHwYDVR0j
BBgwFoAUf9P5LxMkG4AGLMMbDsij0SmHHZAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MDRkNjQyNy0zZjAzLTRkMjEtYjhjYy1iYmZkMmEzZjhjMzMvMC83RkQzRjkyRjEz
MjQxQjgwMDYyQ0MzMUIwRUM4QTNEMTI5ODcxRDkwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0ZEM0Y5MkYxMzI0MUI4MDA2MkNDMzFCMEVDOEEzRDEyOTg3
MUQ5MC5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QwNGQ2NDI3LTNmMDMtNGQyMS1i
OGNjLWJiZmQyYTNmOGMzMy8wLzMxMzAzMzJlMzEzNjM0MmUzMTMzMzYyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTM3MzkzOTM1LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ6SIMA0GCSqG
SIb3DQEBCwUAA4IBAQC7dgHtwftp6D5eNPdAOzAGrduxGfhBcXmw+6RnDKvGCFzf
GJi4l3xMQTrx91sZlPc6R9pc21SjAyyU9nsQehkpLcjVrF5tmc5fnbjZQjJ74wgV
p0J+U+GTjmssji9hlcwpj0PjTzSE+gwxJID/6741DKNGsptislmadJfFKz/1ilCx
v37Ah+rOEqeKuSg34izrkPeCuPByWlD7fcpyN3QaqFIvwobYwh0/+5chTnbE8fO7
Ir2tD5frNbVTPETrpEDOs07DxIoy4BcbsH4qCwHTY2Zw0ORDbnRnl8VIEMpsdZvL
0ue86VffGOZlO6/sLV368jhBYZbhS1Q7wxqI40Nb
-----END CERTIFICATE-----
Generated at Fri Aug 8 00:16:36 2025 by rpki-client