Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3132392e302f32342d3234203d3e203233363739.roa
File:                     34332e3233302e3132392e302f32342d3234203d3e203233363739.roa (raw, json)
Hash identifier:          QUmO+r1ZetkePDm99tDeZ2rTyu62swLem0hgSgkn7ss=
Subject key identifier:   E5:44:66:E2:D6:1A:4D:FE:26:63:7D:34:C9:11:4A:29:92:14:E9:2C
Certificate issuer:       /CN=084550E9619FF5ABD20864D9A6383053B59BF91E
Certificate serial:       3792DD67F9733886544F7B62BAE0170B544F21AA
Authority key identifier: 08:45:50:E9:61:9F:F5:AB:D2:08:64:D9:A6:38:30:53:B5:9B:F9:1E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3132392e302f32342d3234203d3e203233363739.roa
Signing time:             Tue 15 Jul 2025 06:00:01 +0000
ROA not before:           Tue 15 Jul 2025 05:55:01 +0000
ROA not after:            Tue 14 Jul 2026 06:00:01 +0000
asID:                     23679
IP address blocks:        43.230.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.crl
                          rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 10:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:92:dd:67:f9:73:38:86:54:4f:7b:62:ba:e0:17:0b:54:4f:21:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084550E9619FF5ABD20864D9A6383053B59BF91E
        Validity
            Not Before: Jul 15 05:55:01 2025 GMT
            Not After : Jul 14 06:00:01 2026 GMT
        Subject: CN=E54466E2D61A4DFE26637D34C9114A299214E92C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:54:e9:91:0c:3a:cd:86:0a:05:55:e5:e8:49:
                    6b:8f:c4:32:93:2f:11:f9:6e:e2:89:b3:64:df:df:
                    c2:d2:52:de:b0:c0:e5:06:fb:f4:d9:83:5b:2f:9e:
                    3d:e7:65:dd:f6:86:a4:12:65:32:b1:d7:41:b9:f5:
                    a7:ea:92:a6:28:1a:52:89:11:54:0f:94:56:cb:e0:
                    51:92:f4:1d:a1:42:58:2e:67:3a:df:9a:25:ba:4e:
                    da:87:15:8e:03:2a:a8:f2:4b:a6:a2:2d:34:69:f1:
                    b6:61:94:4d:3a:d7:e1:49:d2:3e:af:da:a6:e4:af:
                    b8:70:7e:93:9c:96:fd:89:4d:e1:ed:cd:fb:80:fb:
                    ad:10:62:47:39:05:fa:f0:cd:dc:a7:21:ae:64:d0:
                    5f:ee:e3:01:e3:6d:8c:a4:9f:d6:13:70:54:70:da:
                    ba:73:78:03:29:38:1a:42:98:fc:72:cb:dd:c5:cd:
                    cb:5f:ee:55:33:52:7a:d1:19:bf:2c:5b:7a:7f:73:
                    96:dd:e9:d0:23:bb:03:d7:b1:0d:44:6d:1a:3b:5a:
                    15:cb:72:97:aa:0d:c7:df:4c:2a:f0:85:ba:70:3a:
                    d6:7f:83:68:fc:71:04:e8:f7:e0:5e:81:7f:b7:8f:
                    80:53:b6:2f:73:df:75:06:43:49:8b:27:ca:18:2d:
                    f9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:44:66:E2:D6:1A:4D:FE:26:63:7D:34:C9:11:4A:29:92:14:E9:2C
            X509v3 Authority Key Identifier:
                keyid:08:45:50:E9:61:9F:F5:AB:D2:08:64:D9:A6:38:30:53:B5:9B:F9:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3132392e302f32342d3234203d3e203233363739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ce:1a:2a:00:92:dc:47:8e:f6:cd:e9:b0:93:48:e8:fb:54:
         55:a6:e2:26:66:c8:77:ed:ef:8f:a8:13:f9:e1:72:a5:eb:ca:
         f5:ff:8f:bb:db:9b:3b:96:bb:96:58:e6:fd:90:6b:7f:87:48:
         9d:72:d1:23:b3:9b:58:41:9b:97:31:c6:36:42:3d:ef:e1:17:
         3d:d0:9c:1e:ef:1e:ed:7d:f7:9f:9c:ab:8a:94:5e:be:7a:4e:
         aa:4e:22:4b:63:bf:b6:a8:59:a1:7c:5f:7f:d9:34:0f:2a:af:
         11:aa:23:9b:a6:05:ae:21:67:7e:a2:ae:59:70:23:7d:85:2f:
         80:9a:f0:ef:3f:d8:b9:41:88:32:2e:95:95:35:17:64:bb:c9:
         25:4b:2c:f0:90:f8:a5:d4:17:58:5b:24:c0:11:80:85:99:00:
         ce:fe:8c:e0:56:39:86:32:93:ae:34:11:6e:79:e0:b7:a5:7d:
         c1:db:8f:f8:6a:83:f6:01:9d:49:1a:a7:88:c4:4a:c1:d4:91:
         41:cb:ad:7a:29:0a:cb:b6:ed:ce:6a:1e:71:4c:39:35:df:5f:
         07:cc:57:3c:43:6c:37:5c:00:65:c2:eb:47:61:6b:42:11:7e:
         86:94:da:b9:fb:30:c6:b4:f1:f2:a2:9f:d4:fd:57:62:a1:82:
         8f:f4:18:b3
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUN5LdZ/lzOIZUT3tiuuAXC1RPIaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg0NTUwRTk2MTlGRjVBQkQyMDg2NEQ5QTYzODMwNTNC
NTlCRjkxRTAeFw0yNTA3MTUwNTU1MDFaFw0yNjA3MTQwNjAwMDFaMDMxMTAvBgNV
BAMTKEU1NDQ2NkUyRDYxQTRERkUyNjYzN0QzNEM5MTE0QTI5OTIxNEU5MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkVOmRDDrNhgoFVeXoSWuPxDKT
LxH5buKJs2Tf38LSUt6wwOUG+/TZg1svnj3nZd32hqQSZTKx10G59afqkqYoGlKJ
EVQPlFbL4FGS9B2hQlguZzrfmiW6TtqHFY4DKqjyS6aiLTRp8bZhlE061+FJ0j6v
2qbkr7hwfpOclv2JTeHtzfuA+60QYkc5BfrwzdynIa5k0F/u4wHjbYykn9YTcFRw
2rpzeAMpOBpCmPxyy93Fzctf7lUzUnrRGb8sW3p/c5bd6dAjuwPXsQ1EbRo7WhXL
cpeqDcffTCrwhbpwOtZ/g2j8cQTo9+BegX+3j4BTti9z33UGQ0mLJ8oYLfnlAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU5URm4tYaTf4mY300yRFKKZIU6SwwHwYDVR0j
BBgwFoAUCEVQ6WGf9avSCGTZpjgwU7Wb+R4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
MTE0MTdjMC0zN2JiLTQ0NmQtODdmMi1kODE4NDE3OGMxNDkvMC8wODQ1NTBFOTYx
OUZGNUFCRDIwODY0RDlBNjM4MzA1M0I1OUJGOTFFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDg0NTUwRTk2MTlGRjVBQkQyMDg2NEQ5QTYzODMwNTNCNTlC
RjkxRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzkxMTQxN2MwLTM3YmItNDQ2ZC04
N2YyLWQ4MTg0MTc4YzE0OS8wLzM0MzMyZTMyMzMzMDJlMzEzMjM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzczOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvmgTANBgkqhkiG
9w0BAQsFAAOCAQEAEc4aKgCS3EeO9s3psJNI6PtUVabiJmbId+3vj6gT+eFypevK
9f+Pu9ubO5a7lljm/ZBrf4dInXLRI7ObWEGblzHGNkI97+EXPdCcHu8e7X33n5yr
ipRevnpOqk4iS2O/tqhZoXxff9k0DyqvEaojm6YFriFnfqKuWXAjfYUvgJrw7z/Y
uUGIMi6VlTUXZLvJJUss8JD4pdQXWFskwBGAhZkAzv6M4FY5hjKTrjQRbnngt6V9
wduP+GqD9gGdSRqniMRKwdSRQcuteikKy7btzmoecUw5Nd9fB8xXPENsN1wAZcLr
R2FrQhF+hpTaufswxrTx8qKf1P1XYqGCj/QYsw==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:25:19 2025 by rpki-client