Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/3131322e3130392e31362e302f32312d3234203d3e203234353231.roa
File:                     3131322e3130392e31362e302f32312d3234203d3e203234353231.roa (raw, json)
Hash identifier:          okeDaf7d0Xuvp8xnTxJzUWPegOkeMCYHPs8G9yAmQ6Y=
Subject key identifier:   81:D9:A3:6D:5A:CB:C2:46:BE:32:EC:3B:D2:5F:21:F9:87:70:5D:9F
Certificate issuer:       /CN=C3F745EDE7F4C0D8E5674965B52080083B271E3E
Certificate serial:       224A9B5B74E8EECBFE71D76AD72B8A80F97745F7
Authority key identifier: C3:F7:45:ED:E7:F4:C0:D8:E5:67:49:65:B5:20:80:08:3B:27:1E:3E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/3131322e3130392e31362e302f32312d3234203d3e203234353231.roa
Signing time:             Mon 02 Jun 2025 02:02:53 +0000
ROA not before:           Mon 02 Jun 2025 01:57:53 +0000
ROA not after:            Mon 01 Jun 2026 02:02:53 +0000
asID:                     24521
IP address blocks:        112.109.16.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.crl
                          rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 08 Jul 2025 01:27:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:4a:9b:5b:74:e8:ee:cb:fe:71:d7:6a:d7:2b:8a:80:f9:77:45:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3F745EDE7F4C0D8E5674965B52080083B271E3E
        Validity
            Not Before: Jun  2 01:57:53 2025 GMT
            Not After : Jun  1 02:02:53 2026 GMT
        Subject: CN=81D9A36D5ACBC246BE32EC3BD25F21F987705D9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:03:5f:c2:8d:31:5a:f4:09:c2:e1:da:e4:c5:
                    38:8a:ab:2c:fe:87:28:5e:e9:08:80:95:c6:ab:16:
                    1b:4e:dd:d0:61:c8:de:c2:03:71:0d:ea:dd:a6:31:
                    67:3e:d8:85:41:3a:03:c7:c4:e5:a3:7c:3a:33:da:
                    91:e4:da:94:9d:e6:d2:bf:4f:d5:14:72:e1:00:8a:
                    cc:8d:b2:af:f4:65:70:be:3b:ad:0c:d7:f3:04:1a:
                    08:4b:b3:ee:f4:aa:da:60:d0:2d:c1:8a:ce:4a:4e:
                    02:75:a9:d7:a1:bf:fd:84:87:30:eb:85:f9:7c:98:
                    11:37:a0:e5:a1:98:53:ad:a1:37:6a:42:dc:c5:01:
                    50:b4:44:bd:9f:86:f2:ad:83:9e:a0:93:7f:e5:30:
                    de:54:9d:07:3c:02:81:52:7e:43:18:14:71:0d:cd:
                    43:a5:d9:71:c4:59:30:cc:09:c2:7b:21:fb:d0:bd:
                    bc:a5:db:5b:c5:c9:73:ac:84:1f:06:e4:42:01:a3:
                    72:50:eb:80:2c:17:8b:37:4f:46:94:cc:4a:bd:9b:
                    d4:d3:e1:b8:df:00:df:63:48:18:36:c0:bc:6b:02:
                    b9:6d:d0:7b:d1:8d:6f:b4:41:db:b7:84:21:12:25:
                    6a:b5:76:5a:5e:48:5c:b7:38:95:dd:e1:80:e2:d8:
                    a9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D9:A3:6D:5A:CB:C2:46:BE:32:EC:3B:D2:5F:21:F9:87:70:5D:9F
            X509v3 Authority Key Identifier:
                keyid:C3:F7:45:ED:E7:F4:C0:D8:E5:67:49:65:B5:20:80:08:3B:27:1E:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/3131322e3130392e31362e302f32312d3234203d3e203234353231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  112.109.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:88:85:0f:17:63:22:dd:56:1f:02:66:a9:27:ab:d2:80:1c:
         e2:f7:98:36:fa:0f:be:41:4d:bc:d2:a8:c9:39:37:18:f1:41:
         be:4a:34:12:4e:80:6d:93:a0:a0:51:be:d3:44:b1:37:bb:1d:
         76:0d:84:c5:03:ea:d3:c4:55:47:99:9e:7b:2e:0e:02:5d:dd:
         b7:92:8d:9f:75:ac:c3:5e:11:d7:35:0f:bf:9d:3a:bb:16:c3:
         21:7d:a4:66:38:01:59:03:77:80:7f:99:7f:fe:9e:4e:d0:cd:
         84:d5:54:8b:ac:21:63:68:0d:0f:80:b9:d4:86:af:a0:42:98:
         0a:08:cc:54:12:82:e5:fb:f8:7b:ee:53:5e:2e:81:60:15:ac:
         9f:5c:dd:f3:d9:50:47:1d:03:75:a4:6e:14:66:97:18:59:28:
         a8:0a:b3:f1:70:a8:17:21:ca:4d:60:53:9e:28:8b:d3:b8:d4:
         b1:05:e6:c9:1c:65:2d:67:9d:67:2f:d2:a5:02:0d:da:0f:e8:
         69:61:76:b4:1c:7a:60:53:52:7c:b5:66:3a:57:29:99:0b:c2:
         42:d3:7d:f8:72:5a:c9:32:dd:26:74:8c:3c:99:19:fd:ce:85:
         8a:8e:a7:31:dd:05:73:99:98:7e:7a:11:89:0c:ea:7c:60:52:
         16:74:ff:9a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUIkqbW3To7sv+cddq1yuKgPl3RfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNGNzQ1RURFN0Y0QzBEOEU1Njc0OTY1QjUyMDgwMDgz
QjI3MUUzRTAeFw0yNTA2MDIwMTU3NTNaFw0yNjA2MDEwMjAyNTNaMDMxMTAvBgNV
BAMTKDgxRDlBMzZENUFDQkMyNDZCRTMyRUMzQkQyNUYyMUY5ODc3MDVEOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBA1/CjTFa9AnC4drkxTiKqyz+
hyhe6QiAlcarFhtO3dBhyN7CA3EN6t2mMWc+2IVBOgPHxOWjfDoz2pHk2pSd5tK/
T9UUcuEAisyNsq/0ZXC+O60M1/MEGghLs+70qtpg0C3Bis5KTgJ1qdehv/2EhzDr
hfl8mBE3oOWhmFOtoTdqQtzFAVC0RL2fhvKtg56gk3/lMN5UnQc8AoFSfkMYFHEN
zUOl2XHEWTDMCcJ7IfvQvbyl21vFyXOshB8G5EIBo3JQ64AsF4s3T0aUzEq9m9TT
4bjfAN9jSBg2wLxrArlt0HvRjW+0Qdu3hCESJWq1dlpeSFy3OJXd4YDi2KnlAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUgdmjbVrLwka+Muw70l8h+YdwXZ8wHwYDVR0j
BBgwFoAUw/dF7ef0wNjlZ0lltSCACDsnHj4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
MDljMjJiMS0xYjdiLTQ2NzEtYWI5NC01YzVlNzQ4ODI1NDcvMC9DM0Y3NDVFREU3
RjRDMEQ4RTU2NzQ5NjVCNTIwODAwODNCMjcxRTNFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzNGNzQ1RURFN0Y0QzBEOEU1Njc0OTY1QjUyMDgwMDgzQjI3
MUUzRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzAwOWMyMmIxLTFiN2ItNDY3MS1h
Yjk0LTVjNWU3NDg4MjU0Ny8wLzMxMzEzMjJlMzEzMDM5MmUzMTM2MmUzMDJmMzIz
MTJkMzIzNDIwM2QzZTIwMzIzNDM1MzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA3BtEDANBgkqhkiG
9w0BAQsFAAOCAQEALoiFDxdjIt1WHwJmqSer0oAc4veYNvoPvkFNvNKoyTk3GPFB
vko0Ek6AbZOgoFG+00SxN7sddg2ExQPq08RVR5meey4OAl3dt5KNn3Wsw14R1zUP
v506uxbDIX2kZjgBWQN3gH+Zf/6eTtDNhNVUi6whY2gND4C51IavoEKYCgjMVBKC
5fv4e+5TXi6BYBWsn1zd89lQRx0DdaRuFGaXGFkoqAqz8XCoFyHKTWBTniiL07jU
sQXmyRxlLWedZy/SpQIN2g/oaWF2tBx6YFNSfLVmOlcpmQvCQtN9+HJayTLdJnSM
PJkZ/c6Fio6nMd0Fc5mYfnoRiQzqfGBSFnT/mg==
-----END CERTIFICATE-----
Generated at Sun Jul 6 04:07:23 2025 by rpki-client