Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3132342e302f32342d3234203d3e2034373837.roa
File:                     3131342e3139392e3132342e302f32342d3234203d3e2034373837.roa (raw, json)
Hash identifier:          09rOYG83j9iY+5w/E8zLoOujNh09xqjCEA1atTRGmA0=
Subject key identifier:   AD:10:BE:6B:EF:E7:5B:92:B2:EF:B7:99:FD:15:CE:CA:E9:FB:0F:13
Certificate issuer:       /CN=ADCB9F9DF56E90B39B5344118194104F46A83702
Certificate serial:       03F4B003C31BF35086567F2665AA03A6E8C5704A
Authority key identifier: AD:CB:9F:9D:F5:6E:90:B3:9B:53:44:11:81:94:10:4F:46:A8:37:02
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3132342e302f32342d3234203d3e2034373837.roa
Signing time:             Tue 15 Jul 2025 06:15:32 +0000
ROA not before:           Tue 15 Jul 2025 06:10:32 +0000
ROA not after:            Tue 14 Jul 2026 06:15:32 +0000
asID:                     4787
IP address blocks:        114.199.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.crl
                          rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 10:37:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f4:b0:03:c3:1b:f3:50:86:56:7f:26:65:aa:03:a6:e8:c5:70:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ADCB9F9DF56E90B39B5344118194104F46A83702
        Validity
            Not Before: Jul 15 06:10:32 2025 GMT
            Not After : Jul 14 06:15:32 2026 GMT
        Subject: CN=AD10BE6BEFE75B92B2EFB799FD15CECAE9FB0F13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d1:94:aa:97:f8:c4:e5:89:b8:08:3c:e5:1b:
                    4b:26:5d:f3:7c:50:7a:81:42:a2:66:20:17:8f:8f:
                    e7:07:4c:10:db:fc:fe:6c:5f:81:1f:fc:8f:cd:fe:
                    47:cf:f9:cb:9a:c5:14:14:8c:24:8a:f9:08:e2:2d:
                    16:72:04:89:0a:2a:56:52:85:01:86:4c:23:ae:00:
                    39:7a:bf:99:69:77:64:14:33:43:c0:4c:b7:f8:57:
                    b5:39:64:c5:4b:a1:c0:ab:91:26:a5:06:f2:87:d6:
                    23:d0:67:cc:75:08:08:76:b0:14:1e:a4:2e:c2:51:
                    1c:0a:51:72:04:f6:d2:f1:a5:e6:b3:80:1a:c2:58:
                    da:c1:7a:03:da:17:40:4c:43:c6:00:d4:06:cf:dd:
                    ec:6d:2b:e5:4c:81:09:cc:40:10:5a:61:e4:ca:b7:
                    bf:7a:bd:8c:ac:fd:08:11:cc:f7:9c:7c:20:23:30:
                    1d:f3:69:f7:32:e2:f2:9c:91:54:74:bf:28:3b:b2:
                    24:5f:1c:5a:c0:f7:3d:8a:f2:2d:09:ce:4d:90:41:
                    f1:20:b4:0d:09:5f:c4:f4:e1:18:55:9e:ea:12:9c:
                    dc:03:ef:a5:6c:31:b0:85:2b:1c:52:ad:ae:bb:e7:
                    ff:b9:e8:02:b2:43:fb:83:c8:57:8c:fd:48:b0:c8:
                    8e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:10:BE:6B:EF:E7:5B:92:B2:EF:B7:99:FD:15:CE:CA:E9:FB:0F:13
            X509v3 Authority Key Identifier:
                keyid:AD:CB:9F:9D:F5:6E:90:B3:9B:53:44:11:81:94:10:4F:46:A8:37:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/ADCB9F9DF56E90B39B5344118194104F46A83702.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/ADCB9F9DF56E90B39B5344118194104F46A83702.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d1f4fd38-7826-4201-9f9b-1d7c76aa24dd/0/3131342e3139392e3132342e302f32342d3234203d3e2034373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.199.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:4b:0a:14:1e:f4:5e:dc:37:8a:e0:03:ee:35:9d:41:a1:b4:
         2e:5c:31:39:6f:4e:a2:49:08:57:8d:ba:6d:01:46:23:30:f7:
         24:69:c9:60:c1:65:12:10:ca:0a:a1:de:18:1c:6b:ca:93:56:
         01:e3:e5:a5:ac:da:b0:45:0b:d4:8e:8d:88:e1:2b:90:87:82:
         27:a6:d7:28:b5:9e:72:40:73:0e:0d:80:75:11:c9:02:66:31:
         12:8e:d6:10:75:0e:6b:c4:d0:7f:8d:a8:25:02:6c:b2:3d:27:
         11:25:fe:31:32:c5:b3:51:54:76:50:0c:8c:a6:e2:c7:2f:23:
         8d:c3:b1:5c:a8:b5:a4:71:39:15:68:89:37:d6:27:b0:68:40:
         98:9f:5e:da:92:ae:e9:51:25:42:b0:1a:d0:98:8a:72:b6:9e:
         9a:06:25:a6:23:5f:63:ea:cf:b5:6d:ce:c6:54:f0:e8:4c:7a:
         df:08:28:e6:05:cf:b9:f6:ea:39:0b:28:5c:cd:df:ca:6d:47:
         db:90:46:17:a1:88:d2:46:53:a2:69:ca:ef:dd:44:50:fb:29:
         eb:13:15:d6:47:68:a2:fd:4f:41:d1:a3:8e:db:dd:61:89:65:
         57:78:8f:6c:17:d5:55:c1:f5:51:d3:e3:b9:38:d8:c9:3a:a1:
         88:66:35:5e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUA/SwA8Mb81CGVn8mZaoDpujFcEowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQURDQjlGOURGNTZFOTBCMzlCNTM0NDExODE5NDEwNEY0
NkE4MzcwMjAeFw0yNTA3MTUwNjEwMzJaFw0yNjA3MTQwNjE1MzJaMDMxMTAvBgNV
BAMTKEFEMTBCRTZCRUZFNzVCOTJCMkVGQjc5OUZEMTVDRUNBRTlGQjBGMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa0ZSql/jE5Ym4CDzlG0smXfN8
UHqBQqJmIBePj+cHTBDb/P5sX4Ef/I/N/kfP+cuaxRQUjCSK+QjiLRZyBIkKKlZS
hQGGTCOuADl6v5lpd2QUM0PATLf4V7U5ZMVLocCrkSalBvKH1iPQZ8x1CAh2sBQe
pC7CURwKUXIE9tLxpeazgBrCWNrBegPaF0BMQ8YA1AbP3extK+VMgQnMQBBaYeTK
t796vYys/QgRzPecfCAjMB3zafcy4vKckVR0vyg7siRfHFrA9z2K8i0Jzk2QQfEg
tA0JX8T04RhVnuoSnNwD76VsMbCFKxxSra675/+56AKyQ/uDyFeM/UiwyI7vAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUrRC+a+/nW5Ky77eZ/RXOyun7DxMwHwYDVR0j
BBgwFoAUrcufnfVukLObU0QRgZQQT0aoNwIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MWY0ZmQzOC03ODI2LTQyMDEtOWY5Yi0xZDdjNzZhYTI0ZGQvMC9BRENCOUY5REY1
NkU5MEIzOUI1MzQ0MTE4MTk0MTA0RjQ2QTgzNzAyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQURDQjlGOURGNTZFOTBCMzlCNTM0NDExODE5NDEwNEY0NkE4
MzcwMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2QxZjRmZDM4LTc4MjYtNDIwMS05
ZjliLTFkN2M3NmFhMjRkZC8wLzMxMzEzNDJlMzEzOTM5MmUzMTMyMzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzNDM3MzgzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAHLHfDANBgkqhkiG
9w0BAQsFAAOCAQEAWEsKFB70Xtw3iuAD7jWdQaG0LlwxOW9OokkIV426bQFGIzD3
JGnJYMFlEhDKCqHeGBxrypNWAePlpazasEUL1I6NiOErkIeCJ6bXKLWeckBzDg2A
dRHJAmYxEo7WEHUOa8TQf42oJQJssj0nESX+MTLFs1FUdlAMjKbixy8jjcOxXKi1
pHE5FWiJN9YnsGhAmJ9e2pKu6VElQrAa0JiKcraemgYlpiNfY+rPtW3OxlTw6Ex6
3wgo5gXPufbqOQsoXM3fym1H25BGF6GI0kZTomnK791EUPsp6xMV1kdoov1PQdGj
jtvdYYllV3iPbBfVVcH1UdPjuTjYyTqhiGY1Xg==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:52:28 2025 by rpki-client