Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/3130332e37362e39312e302f32342d3234203d3e20313530323432.roa
File:                     3130332e37362e39312e302f32342d3234203d3e20313530323432.roa (raw, json)
Hash identifier:          duc/nW/lwmBNmiITPEL+YAjjKd+i4I/G1lQVRzIKszY=
Subject key identifier:   8A:2F:11:6A:60:0A:8B:85:10:09:E4:D8:A7:EA:0C:0B:1C:0D:CC:EB
Certificate issuer:       /CN=9AF96929E0E99A4F2539BB15137093D976C714CB
Certificate serial:       35794558D190690D35BA130A3BC8BCA587786BA9
Authority key identifier: 9A:F9:69:29:E0:E9:9A:4F:25:39:BB:15:13:70:93:D9:76:C7:14:CB
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF96929E0E99A4F2539BB15137093D976C714CB.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/3130332e37362e39312e302f32342d3234203d3e20313530323432.roa
Signing time:             Thu 22 May 2025 05:00:02 +0000
ROA not before:           Thu 22 May 2025 04:55:02 +0000
ROA not after:            Thu 21 May 2026 05:00:02 +0000
asID:                     150242
IP address blocks:        103.76.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/9AF96929E0E99A4F2539BB15137093D976C714CB.crl
                          rsync://repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/9AF96929E0E99A4F2539BB15137093D976C714CB.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF96929E0E99A4F2539BB15137093D976C714CB.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 12 Jun 2025 07:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:79:45:58:d1:90:69:0d:35:ba:13:0a:3b:c8:bc:a5:87:78:6b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9AF96929E0E99A4F2539BB15137093D976C714CB
        Validity
            Not Before: May 22 04:55:02 2025 GMT
            Not After : May 21 05:00:02 2026 GMT
        Subject: CN=8A2F116A600A8B851009E4D8A7EA0C0B1C0DCCEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d3:d0:c0:72:93:bb:75:7f:63:17:54:29:a3:
                    b2:c8:0e:c3:95:7d:b1:e0:ed:33:8b:52:99:0f:c7:
                    6b:0a:8e:ce:3a:33:93:8b:39:99:50:7c:0a:43:06:
                    33:74:8a:67:ea:b9:83:a2:0b:0d:c8:12:c1:19:90:
                    2c:b6:c3:dd:a7:eb:33:91:03:3c:e3:4a:17:dc:b2:
                    df:3d:db:cd:df:0d:38:f8:ea:e2:c9:02:5f:59:7f:
                    2a:dc:ce:19:49:04:57:96:3c:b0:df:29:5e:8c:b3:
                    ec:12:b3:ab:2d:0f:7f:5d:12:38:9b:d6:b8:fd:0e:
                    6d:4c:0b:27:25:48:15:1b:ed:51:93:df:bc:de:9f:
                    39:93:b9:00:d8:bc:e9:c8:a4:2a:ff:c7:63:8e:6b:
                    83:c4:c1:07:e8:cc:4d:b6:d1:40:a3:26:71:4f:ad:
                    a3:19:a6:61:b6:40:2f:2c:2d:d9:2d:c1:37:bf:bd:
                    7a:40:af:58:a7:60:b6:27:eb:7e:22:d2:7b:63:27:
                    84:18:0c:bc:cc:be:eb:3d:7f:19:b7:0d:73:4e:07:
                    a6:47:28:47:0a:26:6c:da:51:89:21:f6:e7:ea:5c:
                    6c:16:c7:65:9e:16:2d:e4:52:fe:1e:1f:8f:4c:4f:
                    54:88:44:38:3a:ac:da:e3:8b:30:4e:91:ce:0c:60:
                    1d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2F:11:6A:60:0A:8B:85:10:09:E4:D8:A7:EA:0C:0B:1C:0D:CC:EB
            X509v3 Authority Key Identifier:
                keyid:9A:F9:69:29:E0:E9:9A:4F:25:39:BB:15:13:70:93:D9:76:C7:14:CB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/9AF96929E0E99A4F2539BB15137093D976C714CB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9AF96929E0E99A4F2539BB15137093D976C714CB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3521e5ee-5882-4943-b408-43c37582fb0b/0/3130332e37362e39312e302f32342d3234203d3e20313530323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:df:fb:7f:a4:17:1c:ea:f7:1d:e0:46:9d:22:46:db:4f:c6:
         d5:ed:ec:5b:18:70:dd:60:90:f1:79:1c:dd:cd:f6:d8:44:90:
         97:04:e0:f5:1e:cb:8c:5a:21:bd:38:17:fd:ee:5c:fd:80:43:
         30:14:7a:0d:56:e9:d5:75:91:d8:e8:49:4e:69:0d:5f:4b:96:
         a0:9e:c4:f0:12:8e:64:7a:37:24:66:c9:7e:d3:2b:09:bd:bd:
         fc:5c:00:51:9a:42:09:d5:b6:8f:40:c3:1a:58:bb:6b:a1:77:
         a4:3d:a0:44:79:fc:4f:48:db:55:bc:ce:6b:d5:7c:09:74:08:
         d8:c2:1c:65:85:6d:07:90:4c:8a:fe:2f:d3:d4:23:70:18:32:
         5e:ca:71:da:fe:6c:28:ae:00:21:14:d1:79:98:51:90:ef:2a:
         57:34:64:0c:ad:b2:04:7d:97:15:5f:51:8b:2c:48:58:71:ae:
         26:53:4b:8a:58:67:1c:27:13:3a:07:c4:5c:3d:47:d2:3a:6d:
         3c:09:ae:3b:9b:eb:df:46:c5:bf:13:17:9f:ff:61:41:57:ce:
         e0:1a:1e:91:a6:32:39:a4:3f:d9:7a:23:fd:8e:d3:b3:56:90:
         7a:df:f0:5d:43:be:bf:85:e1:18:b1:fe:51:e6:d6:cf:d3:0f:
         83:ba:03:2b
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUNXlFWNGQaQ01uhMKO8i8pYd4a6kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUFGOTY5MjlFMEU5OUE0RjI1MzlCQjE1MTM3MDkzRDk3
NkM3MTRDQjAeFw0yNTA1MjIwNDU1MDJaFw0yNjA1MjEwNTAwMDJaMDMxMTAvBgNV
BAMTKDhBMkYxMTZBNjAwQThCODUxMDA5RTREOEE3RUEwQzBCMUMwRENDRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp09DAcpO7dX9jF1Qpo7LIDsOV
fbHg7TOLUpkPx2sKjs46M5OLOZlQfApDBjN0imfquYOiCw3IEsEZkCy2w92n6zOR
AzzjShfcst89283fDTj46uLJAl9ZfyrczhlJBFeWPLDfKV6Ms+wSs6stD39dEjib
1rj9Dm1MCyclSBUb7VGT37zenzmTuQDYvOnIpCr/x2OOa4PEwQfozE220UCjJnFP
raMZpmG2QC8sLdktwTe/vXpAr1inYLYn634i0ntjJ4QYDLzMvus9fxm3DXNOB6ZH
KEcKJmzaUYkh9ufqXGwWx2WeFi3kUv4eH49MT1SIRDg6rNrjizBOkc4MYB2pAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUii8RamAKi4UQCeTYp+oMCxwNzOswHwYDVR0j
BBgwFoAUmvlpKeDpmk8lObsVE3CT2XbHFMswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
NTIxZTVlZS01ODgyLTQ5NDMtYjQwOC00M2MzNzU4MmZiMGIvMC85QUY5NjkyOUUw
RTk5QTRGMjUzOUJCMTUxMzcwOTNEOTc2QzcxNENCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUFGOTY5MjlFMEU5OUE0RjI1MzlCQjE1MTM3MDkzRDk3NkM3
MTRDQi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzM1MjFlNWVlLTU4ODItNDk0My1i
NDA4LTQzYzM3NTgyZmIwYi8wLzMxMzAzMzJlMzczNjJlMzkzMTJlMzAyZjMyMzQy
ZDMyMzQyMDNkM2UyMDMxMzUzMDMyMzQzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGdMWzANBgkqhkiG
9w0BAQsFAAOCAQEA2d/7f6QXHOr3HeBGnSJG20/G1e3sWxhw3WCQ8Xkc3c322ESQ
lwTg9R7LjFohvTgX/e5c/YBDMBR6DVbp1XWR2OhJTmkNX0uWoJ7E8BKOZHo3JGbJ
ftMrCb29/FwAUZpCCdW2j0DDGli7a6F3pD2gRHn8T0jbVbzOa9V8CXQI2MIcZYVt
B5BMiv4v09QjcBgyXspx2v5sKK4AIRTReZhRkO8qVzRkDK2yBH2XFV9RiyxIWHGu
JlNLilhnHCcTOgfEXD1H0jptPAmuO5vr30bFvxMXn/9hQVfO4BoekaYyOaQ/2Xoj
/Y7Ts1aQet/wXUO+v4XhGLH+UebWz9MPg7oDKw==
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:24:22 2025 by rpki-client