Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3131322e302f32302d3234203d3e2034373837.roa
File:                     3131342e3139392e3131322e302f32302d3234203d3e2034373837.roa (raw, json)
Hash identifier:          +bYRuibxo5DqhB3i2hq2J5sz489uXgLEDTFGvo/DihU=
Subject key identifier:   28:D4:6B:28:D6:15:05:55:5A:02:93:50:74:64:88:51:C2:46:C5:9D
Certificate issuer:       /CN=ADCB9F9DF56E90B39B5344118194104F46A83702
Certificate serial:       7757A1B07E5BC6BBA6A9E5262B5AD999A81DDF59
Authority key identifier: AD:CB:9F:9D:F5:6E:90:B3:9B:53:44:11:81:94:10:4F:46:A8:37:02
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3131322e302f32302d3234203d3e2034373837.roa
Signing time:             Tue 15 Jul 2025 06:22:37 +0000
ROA not before:           Tue 15 Jul 2025 06:17:37 +0000
ROA not after:            Tue 14 Jul 2026 06:22:37 +0000
asID:                     4787
IP address blocks:        114.199.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.crl
                          rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 10:37:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:57:a1:b0:7e:5b:c6:bb:a6:a9:e5:26:2b:5a:d9:99:a8:1d:df:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ADCB9F9DF56E90B39B5344118194104F46A83702
        Validity
            Not Before: Jul 15 06:17:37 2025 GMT
            Not After : Jul 14 06:22:37 2026 GMT
        Subject: CN=28D46B28D61505555A02935074648851C246C59D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:60:1c:5b:02:d1:12:ec:e2:a9:65:86:58:
                    21:b1:df:54:ea:c3:74:fe:af:59:b1:12:b7:8a:20:
                    04:0e:24:d3:3e:3d:46:d5:21:0e:c3:64:b2:6d:df:
                    bd:85:10:53:0d:fc:a0:83:c3:ba:dc:25:a2:de:b6:
                    47:b2:d2:65:3c:a3:5f:8e:4a:02:f1:a2:bf:a6:7e:
                    81:bb:22:ef:3f:18:9d:a7:fd:66:c7:57:de:2c:ab:
                    e1:50:c7:8b:cc:cf:68:b9:b4:ab:65:df:0c:80:5a:
                    66:71:cf:77:5b:ca:32:93:16:01:c6:66:4d:b6:25:
                    9e:cf:34:c0:af:af:6a:2b:25:23:9d:04:1a:72:f4:
                    04:3d:88:e9:42:89:5e:09:1b:c6:fa:b9:f3:54:2b:
                    1d:7a:bd:1a:9e:ec:10:6a:d1:70:c6:6d:63:9d:2e:
                    35:0e:0c:a0:7c:bd:4d:8b:2b:26:12:d7:49:d6:e4:
                    b6:6f:3d:ef:6e:c0:c7:41:49:5a:94:97:c1:f9:ff:
                    b3:c6:39:11:7d:97:58:73:03:44:29:13:57:df:d0:
                    2b:9e:1d:3d:b9:93:45:87:86:27:a6:06:fa:73:db:
                    8d:89:8e:71:55:9a:3d:e3:99:0b:5c:3b:f2:bf:07:
                    01:fa:11:12:a9:23:bd:cf:c1:5b:c6:9b:64:bf:ed:
                    35:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D4:6B:28:D6:15:05:55:5A:02:93:50:74:64:88:51:C2:46:C5:9D
            X509v3 Authority Key Identifier:
                keyid:AD:CB:9F:9D:F5:6E:90:B3:9B:53:44:11:81:94:10:4F:46:A8:37:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3131322e302f32302d3234203d3e2034373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.199.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ad:89:fa:f3:96:61:9c:f2:a9:54:da:d4:2b:ca:a6:53:b2:b6:
         42:84:f3:bd:db:ce:ae:71:81:c5:4d:b4:78:04:2a:60:89:31:
         0c:49:67:2e:93:92:d5:16:45:d8:54:1b:01:12:28:d6:69:99:
         12:bb:ed:e8:13:43:33:b0:4c:a6:a3:55:b4:97:d2:c1:12:8f:
         b5:4b:ed:84:26:95:c1:ae:62:f1:12:93:26:12:63:19:22:4e:
         1c:f0:49:ff:14:4c:bb:d1:39:94:31:81:3c:5e:80:e2:a1:fd:
         c0:85:83:8e:4a:43:f7:50:c7:9e:7d:a0:d1:24:76:a5:bb:33:
         d4:80:d6:aa:32:5a:87:d0:e8:7a:5f:62:b4:44:fb:65:92:0d:
         2c:69:1a:ba:3c:31:a0:45:04:43:b4:ca:ad:d8:21:49:5f:1c:
         21:c5:3c:72:4e:5e:aa:6a:b9:a9:2a:01:a2:55:d3:a0:30:6e:
         29:a7:4c:de:a0:d6:72:f3:4e:9a:ef:cd:06:99:c1:85:d9:b9:
         1d:02:22:15:75:31:39:8a:ef:47:7e:31:da:d8:3f:eb:a3:38:
         c3:f8:e8:fb:79:9f:fa:4d:4b:6d:d6:e7:bb:f2:54:d4:bf:ec:
         8b:af:cb:fe:db:83:9e:4b:b2:14:c8:cf:21:64:09:8a:3c:fe:
         ea:76:60:31
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUd1ehsH5bxrumqeUmK1rZmagd31kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQURDQjlGOURGNTZFOTBCMzlCNTM0NDExODE5NDEwNEY0
NkE4MzcwMjAeFw0yNTA3MTUwNjE3MzdaFw0yNjA3MTQwNjIyMzdaMDMxMTAvBgNV
BAMTKDI4RDQ2QjI4RDYxNTA1NTU1QTAyOTM1MDc0NjQ4ODUxQzI0NkM1OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrUGAcWwLREuziqWWGWCGx31Tq
w3T+r1mxEreKIAQOJNM+PUbVIQ7DZLJt372FEFMN/KCDw7rcJaLetkey0mU8o1+O
SgLxor+mfoG7Iu8/GJ2n/WbHV94sq+FQx4vMz2i5tKtl3wyAWmZxz3dbyjKTFgHG
Zk22JZ7PNMCvr2orJSOdBBpy9AQ9iOlCiV4JG8b6ufNUKx16vRqe7BBq0XDGbWOd
LjUODKB8vU2LKyYS10nW5LZvPe9uwMdBSVqUl8H5/7PGORF9l1hzA0QpE1ff0Cue
HT25k0WHhiemBvpz242JjnFVmj3jmQtcO/K/BwH6ERKpI73PwVvGm2S/7TUDAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUKNRrKNYVBVVaApNQdGSIUcJGxZ0wHwYDVR0j
BBgwFoAUrcufnfVukLObU0QRgZQQT0aoNwIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MWY0ZmQzOC03ODI2LTQyMDEtOWY5Yi0xZDdjNzZhYTI0ZGQvMC9BRENCOUY5REY1
NkU5MEIzOUI1MzQ0MTE4MTk0MTA0RjQ2QTgzNzAyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQURDQjlGOURGNTZFOTBCMzlCNTM0NDExODE5NDEwNEY0NkE4
MzcwMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QxZjRmZDM4LTc4MjYtNDIwMS05
ZjliLTFkN2M3NmFhMjRkZC8wLzMxMzEzNDJlMzEzOTM5MmUzMTMxMzIyZTMwMmYz
MjMwMmQzMjM0MjAzZDNlMjAzNDM3MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBHLHcDANBgkqhkiG
9w0BAQsFAAOCAQEArYn685ZhnPKpVNrUK8qmU7K2QoTzvdvOrnGBxU20eAQqYIkx
DElnLpOS1RZF2FQbARIo1mmZErvt6BNDM7BMpqNVtJfSwRKPtUvthCaVwa5i8RKT
JhJjGSJOHPBJ/xRMu9E5lDGBPF6A4qH9wIWDjkpD91DHnn2g0SR2pbsz1IDWqjJa
h9Doel9itET7ZZINLGkaujwxoEUEQ7TKrdghSV8cIcU8ck5eqmq5qSoBolXToDBu
KadM3qDWcvNOmu/NBpnBhdm5HQIiFXUxOYrvR34x2tg/66M4w/jo+3mf+k1Lbdbn
u/JU1L/si6/L/tuDnkuyFMjPIWQJijz+6nZgMQ==
-----END CERTIFICATE-----
Generated at Thu Jul 24 03:51:40 2025 by rpki-client