Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/3131382e39312e3132382e302f32312d3234203d3e203234313935.roa
File:                     3131382e39312e3132382e302f32312d3234203d3e203234313935.roa (raw, json)
Hash identifier:          yiPIGsDISayK97qWqm2UWsTxEHdxKETOsL8gSiwFMjA=
Subject key identifier:   88:84:C5:6D:DD:84:3A:B3:B0:C4:D1:C0:93:11:CF:6C:D5:80:08:E6
Certificate issuer:       /CN=1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946
Certificate serial:       3564D9CC5500FC37F3E5BA7059CF38C951789DD2
Authority key identifier: 1F:CD:47:FB:4B:D7:29:E2:2E:4F:EE:FC:E5:B6:1B:4E:1C:7F:E9:46
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/3131382e39312e3132382e302f32312d3234203d3e203234313935.roa
Signing time:             Sat 12 Jul 2025 09:00:00 +0000
ROA not before:           Sat 12 Jul 2025 08:55:00 +0000
ROA not after:            Sat 11 Jul 2026 09:00:00 +0000
asID:                     24195
IP address blocks:        118.91.128.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.crl
                          rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 02:36:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:64:d9:cc:55:00:fc:37:f3:e5:ba:70:59:cf:38:c9:51:78:9d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946
        Validity
            Not Before: Jul 12 08:55:00 2025 GMT
            Not After : Jul 11 09:00:00 2026 GMT
        Subject: CN=8884C56DDD843AB3B0C4D1C09311CF6CD58008E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:71:f0:f7:4d:7a:52:1b:6e:5e:5c:bb:53:bb:
                    8e:32:e2:53:3f:55:71:88:d4:5d:66:51:26:dd:78:
                    08:23:87:c9:a2:89:a8:30:c5:66:f3:36:11:25:99:
                    49:1a:b0:35:14:ad:3e:98:de:ae:66:07:f0:fc:18:
                    dd:d2:c0:11:9d:aa:0a:e6:48:da:3a:f2:44:9a:5f:
                    47:ea:39:c7:ae:81:5f:fb:7f:8c:ae:af:fd:39:56:
                    7b:87:e6:d8:3a:38:fc:5a:ab:31:e7:fc:8e:af:22:
                    89:4f:42:6e:d8:d7:e0:94:4c:07:42:0a:c6:cc:6b:
                    0b:ce:91:e0:95:43:32:5e:ee:8b:ce:ed:17:f3:51:
                    65:70:65:29:dd:b0:6a:66:39:3c:5c:16:8d:c4:dc:
                    f2:e1:f7:64:39:d8:fc:9d:c8:70:ae:3b:a7:ec:39:
                    ac:2a:01:27:43:dd:6d:a9:10:ca:7b:6e:17:fb:00:
                    5f:68:70:5a:af:12:15:09:ae:b5:8b:b6:1c:fe:fa:
                    c1:cf:c9:7f:78:40:bf:8e:a1:b0:c5:a3:e7:55:d8:
                    74:e2:2a:d3:b1:20:d5:53:ab:64:d6:fe:6c:4e:cc:
                    85:ed:bf:9d:57:0c:f5:0e:61:51:3e:0b:8c:04:be:
                    bd:0c:24:ac:c5:d0:fc:c8:9a:80:6c:59:62:72:44:
                    b8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:84:C5:6D:DD:84:3A:B3:B0:C4:D1:C0:93:11:CF:6C:D5:80:08:E6
            X509v3 Authority Key Identifier:
                keyid:1F:CD:47:FB:4B:D7:29:E2:2E:4F:EE:FC:E5:B6:1B:4E:1C:7F:E9:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/3131382e39312e3132382e302f32312d3234203d3e203234313935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.91.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:01:6c:e8:f0:91:96:67:d6:e1:4b:c4:e9:f6:14:dd:ce:90:
         2b:73:5d:f4:66:11:55:b5:fd:80:a7:ae:bf:92:6b:e0:b8:d4:
         95:8f:7b:55:ec:12:4d:96:1a:7f:5c:53:e4:6c:cd:29:82:d5:
         34:aa:15:ce:0f:7a:3c:84:4b:73:d2:73:79:22:7d:cd:fb:e1:
         90:2b:d9:4a:6e:07:9c:b8:67:4b:06:f4:83:b0:03:e5:6a:64:
         bf:13:ef:19:be:73:83:b6:67:85:c1:ab:5a:8a:f7:52:95:c0:
         52:5e:35:5f:a6:e8:2a:4b:02:b9:3f:4f:cc:e2:47:eb:e3:6a:
         79:9b:d1:2c:ae:33:b0:a8:bb:43:2f:8f:70:bb:b9:9a:f6:9b:
         1d:8c:b5:11:2e:6a:8d:08:bd:15:12:6b:06:79:f4:77:76:0d:
         44:73:22:ed:51:29:ed:8b:aa:a8:55:ba:55:74:38:37:8f:a5:
         43:d6:b9:b4:da:42:f3:de:e9:6f:74:e6:8a:53:7c:84:73:00:
         5c:56:7d:69:26:72:ca:4d:d8:92:c9:86:cf:61:06:48:5f:1e:
         b3:b9:92:ae:06:61:0a:b8:4d:6a:3c:f5:45:ff:65:96:b0:86:
         9c:f7:9a:a8:a6:64:98:dc:61:1b:57:ac:cd:a4:4c:2b:ef:b6:
         d1:81:3b:b0
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUNWTZzFUA/Dfz5bpwWc84yVF4ndIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUZDRDQ3RkI0QkQ3MjlFMjJFNEZFRUZDRTVCNjFCNEUx
QzdGRTk0NjAeFw0yNTA3MTIwODU1MDBaFw0yNjA3MTEwOTAwMDBaMDMxMTAvBgNV
BAMTKDg4ODRDNTZEREQ4NDNBQjNCMEM0RDFDMDkzMTFDRjZDRDU4MDA4RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYcfD3TXpSG25eXLtTu44y4lM/
VXGI1F1mUSbdeAgjh8miiagwxWbzNhElmUkasDUUrT6Y3q5mB/D8GN3SwBGdqgrm
SNo68kSaX0fqOceugV/7f4yur/05VnuH5tg6OPxaqzHn/I6vIolPQm7Y1+CUTAdC
CsbMawvOkeCVQzJe7ovO7RfzUWVwZSndsGpmOTxcFo3E3PLh92Q52PydyHCuO6fs
OawqASdD3W2pEMp7bhf7AF9ocFqvEhUJrrWLthz++sHPyX94QL+OobDFo+dV2HTi
KtOxINVTq2TW/mxOzIXtv51XDPUOYVE+C4wEvr0MJKzF0PzImoBsWWJyRLjtAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUiITFbd2EOrOwxNHAkxHPbNWACOYwHwYDVR0j
BBgwFoAUH81H+0vXKeIuT+785bYbThx/6UYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
NzkyYTRjZC1kYmFjLTQzYWMtODA2MC0yZThkNDJlYWU2NTUvMC8xRkNENDdGQjRC
RDcyOUUyMkU0RkVFRkNFNUI2MUI0RTFDN0ZFOTQ2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMUZDRDQ3RkI0QkQ3MjlFMjJFNEZFRUZDRTVCNjFCNEUxQzdG
RTk0Ni5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzg3OTJhNGNkLWRiYWMtNDNhYy04
MDYwLTJlOGQ0MmVhZTY1NS8wLzMxMzEzODJlMzkzMTJlMzEzMjM4MmUzMDJmMzIz
MTJkMzIzNDIwM2QzZTIwMzIzNDMxMzkzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA3ZbgDANBgkqhkiG
9w0BAQsFAAOCAQEAUAFs6PCRlmfW4UvE6fYU3c6QK3Nd9GYRVbX9gKeuv5Jr4LjU
lY97VewSTZYaf1xT5GzNKYLVNKoVzg96PIRLc9JzeSJ9zfvhkCvZSm4HnLhnSwb0
g7AD5WpkvxPvGb5zg7ZnhcGrWor3UpXAUl41X6boKksCuT9PzOJH6+NqeZvRLK4z
sKi7Qy+PcLu5mvabHYy1ES5qjQi9FRJrBnn0d3YNRHMi7VEp7YuqqFW6VXQ4N4+l
Q9a5tNpC897pb3TmilN8hHMAXFZ9aSZyyk3YksmGz2EGSF8es7mSrgZhCrhNajz1
Rf9llrCGnPeaqKZkmNxhG1eszaRMK++20YE7sA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:58:13 2025 by rpki-client