Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/3230322e39332e3133372e302f32342d3234203d3e2034333832.roa
File:                     3230322e39332e3133372e302f32342d3234203d3e2034333832.roa (raw, json)
Hash identifier:          bc52vQ8UC2G4/y1ll8Fk+/X4/gPss4cwSVJImtHITIQ=
Subject key identifier:   63:BA:A8:46:54:64:52:B2:A4:34:55:9E:15:9A:A1:0D:4C:E7:4D:01
Certificate issuer:       /CN=012D2F59937FDBE65095B9EB4971D9D31EFDA93C
Certificate serial:       51EBF561693558E7D69F93E46B92E110334FC1DD
Authority key identifier: 01:2D:2F:59:93:7F:DB:E6:50:95:B9:EB:49:71:D9:D3:1E:FD:A9:3C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/3230322e39332e3133372e302f32342d3234203d3e2034333832.roa
Signing time:             Wed 23 Jul 2025 15:00:43 +0000
ROA not before:           Wed 23 Jul 2025 14:55:43 +0000
ROA not after:            Wed 22 Jul 2026 15:00:43 +0000
asID:                     4382
IP address blocks:        202.93.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.crl
                          rsync://repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 20:53:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:eb:f5:61:69:35:58:e7:d6:9f:93:e4:6b:92:e1:10:33:4f:c1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=012D2F59937FDBE65095B9EB4971D9D31EFDA93C
        Validity
            Not Before: Jul 23 14:55:43 2025 GMT
            Not After : Jul 22 15:00:43 2026 GMT
        Subject: CN=63BAA846546452B2A434559E159AA10D4CE74D01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d9:bb:38:3b:fc:26:3e:7a:78:d6:26:4f:c5:
                    4f:45:4a:81:e8:c0:5c:83:5f:a9:ef:01:ee:e8:a0:
                    34:dd:d7:c2:1a:16:7b:6e:0e:a0:9c:19:18:23:6a:
                    70:01:fd:5d:18:c2:a0:0a:85:a0:a2:79:26:8a:80:
                    79:90:60:55:9c:a6:b0:0f:ed:05:d4:02:5b:0f:8f:
                    b3:aa:7a:fb:ad:a3:3a:fd:dc:a1:9e:6d:ed:fd:2c:
                    6a:f1:25:83:f4:b9:43:9a:08:07:1a:3c:73:dd:14:
                    ce:cd:8c:70:5d:81:f1:a4:5f:c9:1a:0f:ff:23:eb:
                    08:7a:26:c7:28:5f:dc:fd:1c:1d:61:9c:d2:5a:ff:
                    22:d1:44:f6:02:74:2c:2e:13:de:49:46:61:bb:7d:
                    f5:df:38:55:28:84:ce:50:24:f6:57:f6:0a:de:bc:
                    ce:d7:e0:2f:fb:2a:6c:a3:07:70:d0:6f:0c:60:73:
                    6a:ab:99:5d:f7:cd:a9:cf:64:84:3f:f9:74:d1:a5:
                    3b:0e:e5:b7:91:de:d0:a8:22:b9:06:f1:7e:3e:22:
                    9a:72:ad:d1:cb:51:68:79:ac:ec:fc:c0:c5:fe:a6:
                    02:71:96:b2:a6:ae:16:10:89:7d:64:a9:4e:9e:33:
                    ce:2f:32:be:e4:6b:37:58:8f:fc:f6:5e:f9:19:28:
                    da:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BA:A8:46:54:64:52:B2:A4:34:55:9E:15:9A:A1:0D:4C:E7:4D:01
            X509v3 Authority Key Identifier:
                keyid:01:2D:2F:59:93:7F:DB:E6:50:95:B9:EB:49:71:D9:D3:1E:FD:A9:3C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/012D2F59937FDBE65095B9EB4971D9D31EFDA93C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/186b3889-6966-45ef-9073-ad14011ac3b2/0/3230322e39332e3133372e302f32342d3234203d3e2034333832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.93.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:33:d3:aa:b6:4d:37:d3:2a:4e:d7:e5:1d:a0:24:53:dc:b0:
         8d:14:d7:48:83:da:36:83:f4:43:49:5a:25:9d:ab:0b:9a:19:
         76:36:ba:0c:8f:db:87:be:d0:00:97:80:23:73:f3:78:f2:5c:
         c8:ef:49:db:73:2a:87:db:cc:09:75:60:7f:5e:a1:ea:ef:62:
         3b:90:1a:01:48:f9:e9:6f:f9:3a:5a:f5:0f:ae:11:b2:29:93:
         8b:da:45:76:9d:67:ee:c3:11:90:00:03:c2:2c:53:5a:64:b0:
         a1:58:51:02:ff:11:74:0b:b4:5b:9a:91:6d:4d:72:64:57:66:
         78:66:df:f5:41:e8:83:72:04:16:e2:e3:24:47:88:a3:eb:f2:
         1f:1a:94:7a:9b:58:66:e4:70:b7:6d:e3:00:73:a3:2e:04:fe:
         91:ae:45:53:05:c9:dd:fa:aa:db:b2:1f:1d:d9:a5:bc:f4:32:
         8a:e9:73:c5:72:2f:5f:3f:d4:de:01:00:96:d0:b4:97:c9:e5:
         50:bd:6e:94:b7:39:88:7e:1e:4f:68:e1:4b:29:47:f9:bb:a9:
         d2:de:64:97:64:58:b0:a1:a8:ca:cd:7e:17:e7:ef:23:74:83:
         45:ad:5a:12:58:84:aa:bb:87:b8:50:80:08:09:01:86:6d:a0:
         df:e1:5d:42
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIUUev1YWk1WOfWn5Pka5LhEDNPwd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDEyRDJGNTk5MzdGREJFNjUwOTVCOUVCNDk3MUQ5RDMx
RUZEQTkzQzAeFw0yNTA3MjMxNDU1NDNaFw0yNjA3MjIxNTAwNDNaMDMxMTAvBgNV
BAMTKDYzQkFBODQ2NTQ2NDUyQjJBNDM0NTU5RTE1OUFBMTBENENFNzREMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC02bs4O/wmPnp41iZPxU9FSoHo
wFyDX6nvAe7ooDTd18IaFntuDqCcGRgjanAB/V0YwqAKhaCieSaKgHmQYFWcprAP
7QXUAlsPj7Oqevutozr93KGebe39LGrxJYP0uUOaCAcaPHPdFM7NjHBdgfGkX8ka
D/8j6wh6JscoX9z9HB1hnNJa/yLRRPYCdCwuE95JRmG7ffXfOFUohM5QJPZX9gre
vM7X4C/7KmyjB3DQbwxgc2qrmV33zanPZIQ/+XTRpTsO5beR3tCoIrkG8X4+Ippy
rdHLUWh5rOz8wMX+pgJxlrKmrhYQiX1kqU6eM84vMr7kazdYj/z2XvkZKNq1AgMB
AAGjggIwMIICLDAdBgNVHQ4EFgQUY7qoRlRkUrKkNFWeFZqhDUznTQEwHwYDVR0j
BBgwFoAUAS0vWZN/2+ZQlbnrSXHZ0x79qTwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
ODZiMzg4OS02OTY2LTQ1ZWYtOTA3My1hZDE0MDExYWMzYjIvMC8wMTJEMkY1OTkz
N0ZEQkU2NTA5NUI5RUI0OTcxRDlEMzFFRkRBOTNDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDEyRDJGNTk5MzdGREJFNjUwOTVCOUVCNDk3MUQ5RDMxRUZE
QTkzQy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE4NmIzODg5LTY5NjYtNDVlZi05
MDczLWFkMTQwMTFhYzNiMi8wLzMyMzAzMjJlMzkzMzJlMzEzMzM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzMzM4MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKXYkwDQYJKoZIhvcN
AQELBQADggEBADwz06q2TTfTKk7X5R2gJFPcsI0U10iD2jaD9ENJWiWdqwuaGXY2
ugyP24e+0ACXgCNz83jyXMjvSdtzKofbzAl1YH9eoervYjuQGgFI+elv+Tpa9Q+u
EbIpk4vaRXadZ+7DEZAAA8IsU1pksKFYUQL/EXQLtFuakW1NcmRXZnhm3/VB6INy
BBbi4yRHiKPr8h8alHqbWGbkcLdt4wBzoy4E/pGuRVMFyd36qtuyHx3Zpbz0Morp
c8VyL18/1N4BAJbQtJfJ5VC9bpS3OYh+Hk9o4UspR/m7qdLeZJdkWLChqMrNfhfn
7yN0g0WtWhJYhKq7h7hQgAgJAYZtoN/hXUI=
-----END CERTIFICATE-----
Generated at Fri Jul 25 19:59:09 2025 by rpki-client