Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/3130332e35352e3133392e302f32342d3234203d3e20313333383237.roa
File:                     3130332e35352e3133392e302f32342d3234203d3e20313333383237.roa (raw, json)
Hash identifier:          NRTKisssuBxZObjpfMlPvnnfb3JZpeBG9KHtEvhVsJY=
Subject key identifier:   D9:08:06:8F:F7:99:35:7B:42:0B:B3:B0:AA:55:27:52:40:94:12:69
Certificate issuer:       /CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
Certificate serial:       1134947507E95AC7D172605D573A0099274E966F
Authority key identifier: 0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/3130332e35352e3133392e302f32342d3234203d3e20313333383237.roa
Signing time:             Thu 10 Jul 2025 04:02:22 +0000
ROA not before:           Thu 10 Jul 2025 03:57:22 +0000
ROA not after:            Thu 09 Jul 2026 04:02:22 +0000
asID:                     133827
IP address blocks:        103.55.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl
                          rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 03:59:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:34:94:75:07:e9:5a:c7:d1:72:60:5d:57:3a:00:99:27:4e:96:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
        Validity
            Not Before: Jul 10 03:57:22 2025 GMT
            Not After : Jul  9 04:02:22 2026 GMT
        Subject: CN=D908068FF799357B420BB3B0AA55275240941269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:17:69:49:fc:d5:5e:fe:27:5b:bc:fc:27:48:
                    c6:45:25:a3:db:c4:7c:e9:98:c4:f6:7a:e2:f5:79:
                    7c:b1:a6:4c:b2:f6:53:16:1a:ce:a4:5f:af:32:28:
                    1b:7b:f5:c3:1c:32:ec:63:a0:b2:1f:15:f3:4e:06:
                    87:d6:a5:96:63:24:2b:4d:a7:ac:7f:6a:c7:6e:84:
                    58:37:ed:f4:43:61:72:90:66:35:a8:2b:ab:e9:ad:
                    b4:17:9c:95:6c:37:86:03:82:98:af:c3:29:59:80:
                    2e:0b:be:27:3c:e2:be:de:7a:dd:90:b3:9e:2e:75:
                    87:f0:34:fa:4c:ef:15:ba:e2:52:f0:98:d9:6b:81:
                    9b:81:04:70:86:d3:76:ca:75:2a:93:af:87:a6:ac:
                    83:a9:e8:8a:66:d2:a4:ae:ec:65:8d:0d:0f:e9:0b:
                    65:73:31:21:e9:77:6c:13:b9:04:81:d6:8e:8d:cf:
                    8f:6a:34:9c:98:2b:24:9e:c3:fe:e7:b8:77:cc:c7:
                    3c:f5:c5:29:53:71:99:11:c5:17:1a:8e:7a:1e:42:
                    bc:93:fa:a2:4f:52:4d:76:ef:95:bc:e6:c6:b8:8a:
                    b4:8c:08:98:4c:8d:91:ae:b6:51:88:5f:b9:6e:0d:
                    d7:1c:02:ca:07:55:60:ef:44:4e:a5:1a:9a:46:93:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:08:06:8F:F7:99:35:7B:42:0B:B3:B0:AA:55:27:52:40:94:12:69
            X509v3 Authority Key Identifier:
                keyid:0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/3130332e35352e3133392e302f32342d3234203d3e20313333383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.55.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:c2:bc:71:4e:12:18:fd:89:94:fe:e8:46:ec:85:90:03:02:
         9d:bc:93:a0:c7:67:03:e0:37:1a:f3:0d:c4:31:d0:1d:14:b1:
         45:99:a7:aa:7f:18:56:69:c2:d3:70:c0:11:be:ce:e8:12:cc:
         44:e2:3c:7c:b9:4c:a3:fa:2c:dc:c2:40:56:c9:db:f1:6d:86:
         8d:c6:29:97:9e:76:e2:8b:03:e3:0b:65:b5:b3:55:80:6e:f6:
         8d:92:13:ec:6d:bf:20:af:5d:fc:bd:24:bd:cf:cd:9f:ec:7d:
         c9:de:27:c3:7a:d6:86:15:a9:a0:c4:68:58:a0:7a:ec:3d:55:
         b3:05:71:4a:83:5e:82:9f:20:63:0f:da:b5:22:95:00:b5:0e:
         e1:ac:d3:0d:c9:da:d8:c3:6a:4b:82:08:c2:77:ed:4c:a5:67:
         cb:08:45:45:62:33:e0:23:76:af:f7:08:3e:f0:79:6a:9d:75:
         55:ac:6e:1a:49:42:19:67:e5:de:67:8c:74:a5:82:ee:69:ee:
         5c:26:f0:03:00:4c:d6:55:08:f7:c4:23:7b:71:8e:87:55:c5:
         2c:0d:ef:06:33:c7:d0:9a:d0:63:be:8a:22:82:ca:c1:37:7e:
         90:b3:10:d9:1f:be:ce:ff:f7:01:06:de:53:0d:f4:49:2a:ef:
         d3:b7:99:79
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUETSUdQfpWsfRcmBdVzoAmSdOlm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1
NjlGODM2RjAeFw0yNTA3MTAwMzU3MjJaFw0yNjA3MDkwNDAyMjJaMDMxMTAvBgNV
BAMTKEQ5MDgwNjhGRjc5OTM1N0I0MjBCQjNCMEFBNTUyNzUyNDA5NDEyNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQF2lJ/NVe/idbvPwnSMZFJaPb
xHzpmMT2euL1eXyxpkyy9lMWGs6kX68yKBt79cMcMuxjoLIfFfNOBofWpZZjJCtN
p6x/asduhFg37fRDYXKQZjWoK6vprbQXnJVsN4YDgpivwylZgC4Lvic84r7eet2Q
s54udYfwNPpM7xW64lLwmNlrgZuBBHCG03bKdSqTr4emrIOp6Ipm0qSu7GWNDQ/p
C2VzMSHpd2wTuQSB1o6Nz49qNJyYKySew/7nuHfMxzz1xSlTcZkRxRcajnoeQryT
+qJPUk1275W85sa4irSMCJhMjZGutlGIX7luDdccAsoHVWDvRE6lGppGkxlrAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU2QgGj/eZNXtCC7OwqlUnUkCUEmkwHwYDVR0j
BBgwFoAUDOannVPYKfKlViNnbo0qmlafg28wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YTk5MDEyNS02MDlhLTQ4YzgtYWM4Ni0xYzNiYzMxNWJhZDYvMC8wQ0U2QTc5RDUz
RDgyOUYyQTU1NjIzNjc2RThEMkE5QTU2OUY4MzZGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1NjlG
ODM2Ri5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVhOTkwMTI1LTYwOWEtNDhjOC1h
Yzg2LTFjM2JjMzE1YmFkNi8wLzMxMzAzMzJlMzUzNTJlMzEzMzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzMzMzMzgzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZzeLMA0GCSqG
SIb3DQEBCwUAA4IBAQBRwrxxThIY/YmU/uhG7IWQAwKdvJOgx2cD4Dca8w3EMdAd
FLFFmaeqfxhWacLTcMARvs7oEsxE4jx8uUyj+izcwkBWydvxbYaNximXnnbiiwPj
C2W1s1WAbvaNkhPsbb8gr138vSS9z82f7H3J3ifDetaGFamgxGhYoHrsPVWzBXFK
g16CnyBjD9q1IpUAtQ7hrNMNydrYw2pLggjCd+1MpWfLCEVFYjPgI3av9wg+8Hlq
nXVVrG4aSUIZZ+XeZ4x0pYLuae5cJvADAEzWVQj3xCN7cY6HVcUsDe8GM8fQmtBj
vooigsrBN36QsxDZH77O//cBBt5TDfRJKu/Tt5l5
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:10:19 2025 by rpki-client