Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/34332e3232392e3235342e302f32332d3234203d3e203233363739.roa
File:                     34332e3232392e3235342e302f32332d3234203d3e203233363739.roa (raw, json)
Hash identifier:          pfjQeX2nxQbvWIP0xbTPCBOpR4ffFhybvf4aE/69CV8=
Subject key identifier:   33:52:8D:D0:A7:A3:BB:E3:81:7C:26:38:7B:B1:2A:71:D4:74:A9:C9
Certificate issuer:       /CN=552B31A26E92A9DD6A585B92375B7FCA4FA66984
Certificate serial:       3E605A044AE3EFBF78F7229A8676BD5ECC1B0D98
Authority key identifier: 55:2B:31:A2:6E:92:A9:DD:6A:58:5B:92:37:5B:7F:CA:4F:A6:69:84
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/552B31A26E92A9DD6A585B92375B7FCA4FA66984.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/34332e3232392e3235342e302f32332d3234203d3e203233363739.roa
Signing time:             Fri 25 Jul 2025 06:01:31 +0000
ROA not before:           Fri 25 Jul 2025 05:56:31 +0000
ROA not after:            Fri 24 Jul 2026 06:01:31 +0000
asID:                     23679
IP address blocks:        43.229.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/552B31A26E92A9DD6A585B92375B7FCA4FA66984.crl
                          rsync://repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/552B31A26E92A9DD6A585B92375B7FCA4FA66984.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/552B31A26E92A9DD6A585B92375B7FCA4FA66984.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 09:06:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:60:5a:04:4a:e3:ef:bf:78:f7:22:9a:86:76:bd:5e:cc:1b:0d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552B31A26E92A9DD6A585B92375B7FCA4FA66984
        Validity
            Not Before: Jul 25 05:56:31 2025 GMT
            Not After : Jul 24 06:01:31 2026 GMT
        Subject: CN=33528DD0A7A3BBE3817C26387BB12A71D474A9C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:33:54:b0:bf:7d:e0:a9:9a:84:da:7e:fb:0f:
                    f9:f1:d2:2b:f2:dc:f6:0f:d2:91:73:37:11:a0:42:
                    83:2c:6c:23:3a:06:91:f7:64:4f:62:25:c7:85:81:
                    a5:25:3c:c4:57:30:43:62:33:18:ac:69:87:93:84:
                    37:84:d5:36:40:8c:19:57:ce:51:20:f6:a0:9a:ca:
                    61:81:8b:39:1a:8a:4c:d5:d4:95:72:4f:5b:32:df:
                    83:7c:24:15:63:01:0f:37:d0:dd:ee:77:7a:20:1e:
                    be:60:38:f2:23:85:36:d3:73:80:4f:54:ba:2b:11:
                    83:dd:71:6b:5b:ec:a2:bf:bd:39:67:b4:34:9d:ee:
                    db:c3:d1:df:f0:2b:05:1b:e7:10:1b:97:ca:77:e0:
                    3a:77:86:05:00:89:a8:62:b1:89:9a:13:8a:34:79:
                    16:12:85:69:fa:b5:49:64:88:cd:5e:a6:2f:09:53:
                    d0:6a:17:96:53:49:b0:ec:b6:06:e3:ae:b0:58:f6:
                    71:4e:22:2b:9e:10:d6:08:9d:c5:a1:36:f8:0b:34:
                    57:73:72:b1:b3:7b:4c:f9:74:a4:8a:98:51:9f:ea:
                    e2:ae:69:d3:f6:e6:46:55:9e:ec:fc:88:aa:53:ec:
                    91:56:18:58:66:63:de:a0:3c:66:76:43:a2:39:e4:
                    b2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:52:8D:D0:A7:A3:BB:E3:81:7C:26:38:7B:B1:2A:71:D4:74:A9:C9
            X509v3 Authority Key Identifier:
                keyid:55:2B:31:A2:6E:92:A9:DD:6A:58:5B:92:37:5B:7F:CA:4F:A6:69:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/552B31A26E92A9DD6A585B92375B7FCA4FA66984.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/552B31A26E92A9DD6A585B92375B7FCA4FA66984.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/201432cc-3bc9-4858-b506-218aab0b089c/0/34332e3232392e3235342e302f32332d3234203d3e203233363739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:b9:25:d5:f4:56:3a:a8:8b:96:20:75:50:15:1b:1f:60:10:
         33:43:e3:62:fc:f6:39:a8:6e:36:97:6e:f2:7d:98:d1:c9:4a:
         52:93:eb:5f:c3:9f:ff:fa:98:81:69:2c:11:8f:1f:7c:6b:28:
         b7:53:ee:33:47:78:15:72:f6:f3:dd:07:84:a1:78:2e:3a:ea:
         6a:b1:16:7d:67:c4:3f:74:06:1d:43:bd:e9:e1:8b:2f:ac:d5:
         10:d5:6f:ac:a5:30:a3:95:5f:bf:c6:76:4d:0b:52:ad:b8:f8:
         75:f9:78:73:fb:87:44:98:ae:fd:fa:bd:44:9a:5a:21:f7:48:
         ff:b4:bc:3f:61:47:4d:4b:49:88:c1:16:bd:c2:30:a6:e0:13:
         c6:1c:0f:15:6b:14:44:14:c1:20:a8:4f:8d:5c:05:2a:f1:fa:
         40:38:08:47:20:4c:e0:f4:1e:e8:48:76:09:3d:71:fe:f3:25:
         42:ae:b1:6c:49:92:8f:dd:74:4b:bb:28:53:de:41:f2:bc:0a:
         67:04:02:f8:46:02:4e:5f:87:96:93:66:e0:2c:46:91:db:98:
         0c:ef:78:59:b9:aa:9f:b5:a8:32:b3:a0:31:f3:5c:3d:01:f1:
         92:da:fa:62:db:55:09:e1:4a:e6:70:a9:42:4b:a5:49:d6:1f:
         a8:85:83:a8
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUPmBaBErj77949yKahna9XswbDZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTUyQjMxQTI2RTkyQTlERDZBNTg1QjkyMzc1QjdGQ0E0
RkE2Njk4NDAeFw0yNTA3MjUwNTU2MzFaFw0yNjA3MjQwNjAxMzFaMDMxMTAvBgNV
BAMTKDMzNTI4REQwQTdBM0JCRTM4MTdDMjYzODdCQjEyQTcxRDQ3NEE5QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqM1Swv33gqZqE2n77D/nx0ivy
3PYP0pFzNxGgQoMsbCM6BpH3ZE9iJceFgaUlPMRXMENiMxisaYeThDeE1TZAjBlX
zlEg9qCaymGBizkaikzV1JVyT1sy34N8JBVjAQ830N3ud3ogHr5gOPIjhTbTc4BP
VLorEYPdcWtb7KK/vTlntDSd7tvD0d/wKwUb5xAbl8p34Dp3hgUAiahisYmaE4o0
eRYShWn6tUlkiM1epi8JU9BqF5ZTSbDstgbjrrBY9nFOIiueENYIncWhNvgLNFdz
crGze0z5dKSKmFGf6uKuadP25kZVnuz8iKpT7JFWGFhmY96gPGZ2Q6I55LK7AgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUM1KN0Keju+OBfCY4e7EqcdR0qckwHwYDVR0j
BBgwFoAUVSsxom6Sqd1qWFuSN1t/yk+maYQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
MDE0MzJjYy0zYmM5LTQ4NTgtYjUwNi0yMThhYWIwYjA4OWMvMC81NTJCMzFBMjZF
OTJBOURENkE1ODVCOTIzNzVCN0ZDQTRGQTY2OTg0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNTUyQjMxQTI2RTkyQTlERDZBNTg1QjkyMzc1QjdGQ0E0RkE2
Njk4NC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzIwMTQzMmNjLTNiYzktNDg1OC1i
NTA2LTIxOGFhYjBiMDg5Yy8wLzM0MzMyZTMyMzIzOTJlMzIzNTM0MmUzMDJmMzIz
MzJkMzIzNDIwM2QzZTIwMzIzMzM2MzczOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEASvl/jANBgkqhkiG
9w0BAQsFAAOCAQEAA7kl1fRWOqiLliB1UBUbH2AQM0PjYvz2OahuNpdu8n2Y0clK
UpPrX8Of//qYgWksEY8ffGsot1PuM0d4FXL2890HhKF4LjrqarEWfWfEP3QGHUO9
6eGLL6zVENVvrKUwo5Vfv8Z2TQtSrbj4dfl4c/uHRJiu/fq9RJpaIfdI/7S8P2FH
TUtJiMEWvcIwpuATxhwPFWsURBTBIKhPjVwFKvH6QDgIRyBM4PQe6Eh2CT1x/vMl
Qq6xbEmSj910S7soU95B8rwKZwQC+EYCTl+HlpNm4CxGkduYDO94Wbmqn7WoMrOg
MfNcPQHxktr6YttVCeFK5nCpQkulSdYfqIWDqA==
-----END CERTIFICATE-----
Generated at Sat Jul 26 01:54:36 2025 by rpki-client