Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/3130332e34372e3133342e302f32342d3234203d3e203633383539.roa
File:                     3130332e34372e3133342e302f32342d3234203d3e203633383539.roa (raw, json)
Hash identifier:          ISUPB5yjW6tmMrkjewjTPmASyvfsPyLCAirfzGZHkUw=
Subject key identifier:   AD:02:67:B5:9D:BF:AC:7B:A3:05:C0:A7:20:71:BC:7C:91:0F:92:91
Certificate issuer:       /CN=17D02B116D4BBA651245CBC7CCC30A5927A744E4
Certificate serial:       1A1A82FC194270BFD2BF502A295258E91A2114B6
Authority key identifier: 17:D0:2B:11:6D:4B:BA:65:12:45:CB:C7:CC:C3:0A:59:27:A7:44:E4
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/17D02B116D4BBA651245CBC7CCC30A5927A744E4.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/3130332e34372e3133342e302f32342d3234203d3e203633383539.roa
Signing time:             Sun 13 Jul 2025 09:00:19 +0000
ROA not before:           Sun 13 Jul 2025 08:55:19 +0000
ROA not after:            Sun 12 Jul 2026 09:00:19 +0000
asID:                     63859
IP address blocks:        103.47.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/17D02B116D4BBA651245CBC7CCC30A5927A744E4.crl
                          rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/17D02B116D4BBA651245CBC7CCC30A5927A744E4.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/17D02B116D4BBA651245CBC7CCC30A5927A744E4.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 12:12:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:1a:82:fc:19:42:70:bf:d2:bf:50:2a:29:52:58:e9:1a:21:14:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17D02B116D4BBA651245CBC7CCC30A5927A744E4
        Validity
            Not Before: Jul 13 08:55:19 2025 GMT
            Not After : Jul 12 09:00:19 2026 GMT
        Subject: CN=AD0267B59DBFAC7BA305C0A72071BC7C910F9291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7f:f1:51:69:47:91:b0:34:8f:d7:63:ab:0e:
                    18:9e:3e:f1:ac:e6:2c:a5:23:a1:db:b3:57:65:06:
                    9e:69:5d:4a:24:39:f3:97:60:74:70:52:ca:8b:91:
                    98:59:cf:77:25:2a:c8:87:66:00:3e:21:df:8a:be:
                    c9:1d:c7:05:b2:e4:b7:2f:fa:5a:52:ac:e7:95:28:
                    07:99:b3:4e:99:73:ea:38:ca:72:d7:db:0e:ef:48:
                    12:1c:42:91:1a:26:3b:c3:1d:fe:23:eb:80:d9:0a:
                    00:23:4c:d3:b4:b8:1d:59:2c:9f:8a:76:d0:cc:40:
                    61:cf:92:22:84:da:65:77:c4:19:60:e9:b8:bd:ed:
                    31:dc:f9:c7:dc:4f:75:1b:11:58:9f:ff:89:77:a9:
                    62:58:22:a0:47:40:10:c0:71:51:4f:fb:3d:3e:82:
                    f2:68:e7:36:dc:a9:0f:58:4f:3d:97:5f:2e:fa:c9:
                    79:1b:14:51:94:39:ee:14:ae:fa:c9:c1:2d:79:a8:
                    e9:47:7e:87:da:95:40:ec:be:71:f6:f7:c1:23:38:
                    35:31:dd:63:2b:28:1b:72:e6:85:00:8f:eb:72:e7:
                    f5:74:2f:d1:86:f5:16:6c:58:6b:10:09:e4:4c:0f:
                    c3:ce:e3:78:f6:57:1c:aa:8b:28:38:e5:69:b7:97:
                    e2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:02:67:B5:9D:BF:AC:7B:A3:05:C0:A7:20:71:BC:7C:91:0F:92:91
            X509v3 Authority Key Identifier:
                keyid:17:D0:2B:11:6D:4B:BA:65:12:45:CB:C7:CC:C3:0A:59:27:A7:44:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/17D02B116D4BBA651245CBC7CCC30A5927A744E4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/17D02B116D4BBA651245CBC7CCC30A5927A744E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3bbb2734-e5fa-40eb-8598-b7cd101343ca/0/3130332e34372e3133342e302f32342d3234203d3e203633383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.47.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:6a:0e:dd:b7:28:18:3f:0e:af:4f:1d:3c:a9:58:72:19:67:
         4f:be:7c:d2:a8:fe:33:a9:58:0b:ea:87:3d:93:95:26:42:df:
         81:17:a3:99:6d:f0:a2:9b:fd:53:d4:c1:38:7f:fb:ec:a5:d6:
         63:0a:f5:06:5d:10:fb:bf:da:70:65:50:5c:80:ed:1f:67:c5:
         4f:6d:06:3c:c3:5b:38:c8:4f:40:dd:f0:27:ab:81:08:9c:2b:
         4a:eb:15:b7:ed:2e:bd:49:fb:7f:30:8c:3c:39:c0:83:8d:16:
         81:2f:8d:84:d2:d3:eb:7d:f8:2d:71:ed:14:51:32:c6:51:d8:
         b2:60:44:80:cb:f1:65:86:2f:e4:43:b4:b5:c8:f4:b8:9f:f2:
         47:78:fc:7f:3a:a5:cd:db:fe:49:26:26:5c:e5:66:29:6d:0a:
         b1:b4:54:4f:4a:4e:9f:ef:d0:77:8c:ab:f8:35:0c:06:6f:0c:
         27:64:46:17:4f:72:5c:9a:4b:2e:1c:54:74:99:17:80:58:fe:
         54:aa:28:21:99:d9:46:d1:09:19:da:83:dc:df:0c:c7:1f:17:
         94:b7:de:08:9b:0e:26:0f:76:f4:c2:19:04:42:44:69:60:78:
         eb:27:74:e9:87:a5:7e:7c:86:ef:e1:0a:bd:33:5b:76:7e:a6:
         b2:75:f5:3a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUGhqC/BlCcL/Sv1AqKVJY6RohFLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTdEMDJCMTE2RDRCQkE2NTEyNDVDQkM3Q0NDMzBBNTky
N0E3NDRFNDAeFw0yNTA3MTMwODU1MTlaFw0yNjA3MTIwOTAwMTlaMDMxMTAvBgNV
BAMTKEFEMDI2N0I1OURCRkFDN0JBMzA1QzBBNzIwNzFCQzdDOTEwRjkyOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSf/FRaUeRsDSP12OrDhiePvGs
5iylI6Hbs1dlBp5pXUokOfOXYHRwUsqLkZhZz3clKsiHZgA+Id+KvskdxwWy5Lcv
+lpSrOeVKAeZs06Zc+o4ynLX2w7vSBIcQpEaJjvDHf4j64DZCgAjTNO0uB1ZLJ+K
dtDMQGHPkiKE2mV3xBlg6bi97THc+cfcT3UbEVif/4l3qWJYIqBHQBDAcVFP+z0+
gvJo5zbcqQ9YTz2XXy76yXkbFFGUOe4UrvrJwS15qOlHfofalUDsvnH298EjODUx
3WMrKBty5oUAj+ty5/V0L9GG9RZsWGsQCeRMD8PO43j2Vxyqiyg45Wm3l+JbAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUrQJntZ2/rHujBcCnIHG8fJEPkpEwHwYDVR0j
BBgwFoAUF9ArEW1LumUSRcvHzMMKWSenROQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YmJiMjczNC1lNWZhLTQwZWItODU5OC1iN2NkMTAxMzQzY2EvMC8xN0QwMkIxMTZE
NEJCQTY1MTI0NUNCQzdDQ0MzMEE1OTI3QTc0NEU0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTdEMDJCMTE2RDRCQkE2NTEyNDVDQkM3Q0NDMzBBNTkyN0E3
NDRFNC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNiYmIyNzM0LWU1ZmEtNDBlYi04
NTk4LWI3Y2QxMDEzNDNjYS8wLzMxMzAzMzJlMzQzNzJlMzEzMzM0MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzYzMzM4MzUzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGcvhjANBgkqhkiG
9w0BAQsFAAOCAQEAyGoO3bcoGD8Or08dPKlYchlnT7580qj+M6lYC+qHPZOVJkLf
gRejmW3wopv9U9TBOH/77KXWYwr1Bl0Q+7/acGVQXIDtH2fFT20GPMNbOMhPQN3w
J6uBCJwrSusVt+0uvUn7fzCMPDnAg40WgS+NhNLT6334LXHtFFEyxlHYsmBEgMvx
ZYYv5EO0tcj0uJ/yR3j8fzqlzdv+SSYmXOVmKW0KsbRUT0pOn+/Qd4yr+DUMBm8M
J2RGF09yXJpLLhxUdJkXgFj+VKooIZnZRtEJGdqD3N8Mxx8XlLfeCJsOJg929MIZ
BEJEaWB46yd06YelfnyG7+EKvTNbdn6msnX1Og==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:53:18 2025 by rpki-client