Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa
File:                     34332e3233302e3133312e302f32342d3234203d3e203233363739.roa (raw, json)
Hash identifier:          WAaSNwShiSZ85pEV29yBzPi/4z8AK1cN4rEfINPVYW8=
Subject key identifier:   37:21:03:E3:30:8B:47:A9:75:AC:61:48:69:8A:22:A8:0C:01:DA:39
Certificate issuer:       /CN=084550E9619FF5ABD20864D9A6383053B59BF91E
Certificate serial:       347641BE57BB45DFF692628CFF807BE1EEE5013E
Authority key identifier: 08:45:50:E9:61:9F:F5:AB:D2:08:64:D9:A6:38:30:53:B5:9B:F9:1E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa
Signing time:             Tue 15 Jul 2025 06:00:01 +0000
ROA not before:           Tue 15 Jul 2025 05:55:01 +0000
ROA not after:            Tue 14 Jul 2026 06:00:01 +0000
asID:                     23679
IP address blocks:        43.230.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.crl
                          rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 10:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:76:41:be:57:bb:45:df:f6:92:62:8c:ff:80:7b:e1:ee:e5:01:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084550E9619FF5ABD20864D9A6383053B59BF91E
        Validity
            Not Before: Jul 15 05:55:01 2025 GMT
            Not After : Jul 14 06:00:01 2026 GMT
        Subject: CN=372103E3308B47A975AC6148698A22A80C01DA39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:56:61:d9:43:0c:b9:50:9b:bd:34:32:44:
                    83:82:35:96:9e:79:24:0e:c1:e9:b6:e6:9b:f3:49:
                    a1:1e:57:df:1f:c8:6e:1c:9c:2b:8b:a9:1f:9a:1b:
                    55:41:32:da:6a:4c:4e:22:d3:85:8b:cd:1f:fd:43:
                    06:9e:f4:c4:6d:73:a2:7b:9b:bf:dc:e1:7e:e8:74:
                    46:80:27:47:64:05:73:29:e4:a7:4b:a0:58:ab:66:
                    ac:ff:ab:b3:4e:f4:ae:fe:ae:49:e2:a9:27:de:95:
                    96:59:41:1d:5e:ca:4a:42:a7:a2:b8:03:03:63:56:
                    25:0a:60:79:62:ca:84:9b:82:6f:4e:16:c7:8f:fc:
                    8f:f4:86:a5:5d:61:90:15:a8:ae:ee:1b:2f:e4:b9:
                    86:c2:fb:4f:be:20:6b:2b:8d:e9:04:91:de:5b:f5:
                    3c:7b:54:e7:af:c1:b3:d7:00:7c:37:15:85:86:2a:
                    a6:d8:82:e6:af:ee:fc:5e:16:1a:cd:75:27:a6:d7:
                    f9:de:d8:62:55:cf:f7:5a:63:49:fd:5f:fb:53:d6:
                    79:55:cb:b5:91:ee:22:24:b6:6d:97:cb:ff:7a:e4:
                    23:03:53:9b:54:e0:a8:ff:a8:97:94:e1:5c:05:ba:
                    6e:4e:fb:92:f0:77:b3:b6:87:34:49:cf:f6:dd:c0:
                    64:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:21:03:E3:30:8B:47:A9:75:AC:61:48:69:8A:22:A8:0C:01:DA:39
            X509v3 Authority Key Identifier:
                keyid:08:45:50:E9:61:9F:F5:AB:D2:08:64:D9:A6:38:30:53:B5:9B:F9:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/084550E9619FF5ABD20864D9A6383053B59BF91E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/084550E9619FF5ABD20864D9A6383053B59BF91E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/911417c0-37bb-446d-87f2-d8184178c149/0/34332e3233302e3133312e302f32342d3234203d3e203233363739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:fc:ae:a6:52:12:7d:bf:22:2b:85:48:16:71:a3:cc:78:c1:
         98:fc:d4:fa:c8:aa:ae:47:52:00:48:76:96:4e:dd:e1:b2:81:
         69:2d:68:79:24:68:50:11:5f:98:08:46:83:92:b4:84:87:05:
         ca:00:d9:50:a5:17:99:12:13:f5:73:91:29:63:fc:db:2a:e8:
         1b:61:47:d2:30:b0:40:14:35:64:d8:af:96:40:bc:77:c3:f1:
         e7:3a:44:59:80:54:8e:be:47:cb:83:92:bf:d4:89:07:a5:5a:
         69:5b:5c:f8:3a:2a:3a:01:b0:c0:d5:75:28:d9:5d:18:da:ef:
         ef:80:89:7f:54:55:5d:a9:05:a7:58:81:c5:d5:fe:5e:85:ae:
         49:cb:16:d1:c0:72:4a:3b:6b:89:66:bd:61:fa:24:f8:3c:4e:
         e0:1a:0b:5a:65:a8:5e:c5:89:ae:71:a9:1c:b4:4a:f0:f4:cf:
         70:7a:8e:b4:09:b2:6d:0c:79:38:fd:6b:37:5e:60:de:e7:84:
         90:8c:25:75:a8:e4:b6:65:0e:1f:0b:cf:c5:2b:1b:34:be:b2:
         f6:cb:70:23:d6:25:46:99:74:b0:67:f0:e7:d7:9d:33:a4:95:
         61:e6:36:73:6a:2f:0d:db:aa:1d:16:26:a7:c9:67:7b:29:0b:
         92:c4:43:e1
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUNHZBvle7Rd/2kmKM/4B74e7lAT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg0NTUwRTk2MTlGRjVBQkQyMDg2NEQ5QTYzODMwNTNC
NTlCRjkxRTAeFw0yNTA3MTUwNTU1MDFaFw0yNjA3MTQwNjAwMDFaMDMxMTAvBgNV
BAMTKDM3MjEwM0UzMzA4QjQ3QTk3NUFDNjE0ODY5OEEyMkE4MEMwMURBMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BVZh2UMMuVCbvTQyRIOCNZae
eSQOwem25pvzSaEeV98fyG4cnCuLqR+aG1VBMtpqTE4i04WLzR/9Qwae9MRtc6J7
m7/c4X7odEaAJ0dkBXMp5KdLoFirZqz/q7NO9K7+rkniqSfelZZZQR1eykpCp6K4
AwNjViUKYHliyoSbgm9OFseP/I/0hqVdYZAVqK7uGy/kuYbC+0++IGsrjekEkd5b
9Tx7VOevwbPXAHw3FYWGKqbYguav7vxeFhrNdSem1/ne2GJVz/daY0n9X/tT1nlV
y7WR7iIktm2Xy/965CMDU5tU4Kj/qJeU4VwFum5O+5Lwd7O2hzRJz/bdwGTTAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUNyED4zCLR6l1rGFIaYoiqAwB2jkwHwYDVR0j
BBgwFoAUCEVQ6WGf9avSCGTZpjgwU7Wb+R4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
MTE0MTdjMC0zN2JiLTQ0NmQtODdmMi1kODE4NDE3OGMxNDkvMC8wODQ1NTBFOTYx
OUZGNUFCRDIwODY0RDlBNjM4MzA1M0I1OUJGOTFFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDg0NTUwRTk2MTlGRjVBQkQyMDg2NEQ5QTYzODMwNTNCNTlC
RjkxRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzkxMTQxN2MwLTM3YmItNDQ2ZC04
N2YyLWQ4MTg0MTc4YzE0OS8wLzM0MzMyZTMyMzMzMDJlMzEzMzMxMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMzM2MzczOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvmgzANBgkqhkiG
9w0BAQsFAAOCAQEAovyuplISfb8iK4VIFnGjzHjBmPzU+siqrkdSAEh2lk7d4bKB
aS1oeSRoUBFfmAhGg5K0hIcFygDZUKUXmRIT9XORKWP82yroG2FH0jCwQBQ1ZNiv
lkC8d8Px5zpEWYBUjr5Hy4OSv9SJB6VaaVtc+DoqOgGwwNV1KNldGNrv74CJf1RV
XakFp1iBxdX+XoWuScsW0cBySjtriWa9Yfok+DxO4BoLWmWoXsWJrnGpHLRK8PTP
cHqOtAmybQx5OP1rN15g3ueEkIwldajktmUOHwvPxSsbNL6y9stwI9YlRpl0sGfw
59edM6SVYeY2c2ovDduqHRYmp8lneykLksRD4Q==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:30:15 2025 by rpki-client