Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3234382e302f32342d3234203d3e203137343430.roa
File:                     3130332e3230392e3234382e302f32342d3234203d3e203137343430.roa (raw, json)
Hash identifier:          V0Wtlqwgd3N2wadygfl0BT/vHIEsa1IABsrNseLIv4A=
Subject key identifier:   F4:B7:69:0A:7C:13:FC:FB:32:89:11:6B:FE:4A:9E:33:59:6E:CE:53
Certificate issuer:       /CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
Certificate serial:       3162493F716C2FF04B17C4D5CD8E0AD052F33846
Authority key identifier: 66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3234382e302f32342d3234203d3e203137343430.roa
Signing time:             Fri 16 May 2025 10:00:01 +0000
ROA not before:           Fri 16 May 2025 09:55:01 +0000
ROA not after:            Fri 15 May 2026 10:00:01 +0000
asID:                     17440
IP address blocks:        103.209.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl
                          rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 12 Jun 2025 12:14:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:62:49:3f:71:6c:2f:f0:4b:17:c4:d5:cd:8e:0a:d0:52:f3:38:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
        Validity
            Not Before: May 16 09:55:01 2025 GMT
            Not After : May 15 10:00:01 2026 GMT
        Subject: CN=F4B7690A7C13FCFB3289116BFE4A9E33596ECE53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7e:cb:41:ab:61:f7:be:05:7a:fa:75:83:33:
                    ff:79:77:ef:80:01:91:0e:2d:d5:8d:76:79:b2:33:
                    c3:d2:59:12:3f:0b:3f:e4:04:27:7b:96:a0:a1:80:
                    52:02:bf:40:aa:1a:b1:24:32:40:d6:3b:a4:f7:1a:
                    35:f4:e6:02:27:b1:49:b0:6e:6e:69:2f:95:a9:63:
                    2b:71:80:de:5d:0e:c6:12:5c:d1:b9:f8:63:ee:c2:
                    5c:b6:f9:27:6c:b2:c8:54:b7:eb:75:12:60:f5:ac:
                    ef:be:23:60:a9:3f:16:f5:a6:35:12:39:8a:71:43:
                    22:0b:0a:1d:f4:3b:c1:02:2e:a0:89:64:50:15:f9:
                    2f:37:05:6d:4b:fd:62:ed:4b:01:ac:8f:29:40:69:
                    fd:86:33:61:29:87:c1:cb:75:e9:8b:9e:56:56:26:
                    aa:aa:21:80:4f:c4:d5:4c:8d:8d:d7:d8:24:a7:84:
                    35:fa:1a:9f:de:44:55:8e:3c:96:b2:26:b9:31:f4:
                    81:c8:09:3a:4c:30:a9:0e:a7:27:bd:2f:1a:70:dc:
                    49:2b:74:e1:28:20:d3:80:98:af:f9:92:e6:f0:e9:
                    16:7d:60:17:1a:27:75:fd:d4:6e:bd:27:11:60:87:
                    f5:bd:77:a0:7d:62:e5:33:47:cc:54:b4:e6:99:e0:
                    8d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B7:69:0A:7C:13:FC:FB:32:89:11:6B:FE:4A:9E:33:59:6E:CE:53
            X509v3 Authority Key Identifier:
                keyid:66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3234382e302f32342d3234203d3e203137343430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.209.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ac:fa:23:7d:ec:21:9b:08:42:df:f2:07:61:48:12:1c:91:
         92:48:c6:ed:09:e7:02:58:56:44:44:c1:17:7d:2e:a8:62:c9:
         45:89:8a:3a:87:7f:4c:1d:85:9f:1d:87:da:17:5a:92:14:cb:
         87:ff:6e:ff:f1:9d:a6:30:7a:bd:d6:25:8b:be:b9:98:02:cc:
         60:cc:72:3e:7c:20:c4:68:f3:87:17:1b:b2:1b:7e:f2:ae:0b:
         31:01:ea:fc:19:fc:c9:21:c5:bb:86:68:87:e0:ad:f5:a1:ab:
         23:a2:53:30:1c:60:13:0e:4a:a8:b2:e4:7e:d3:36:19:0e:f0:
         da:ff:23:dd:f7:3a:e7:cd:b8:ff:ca:e0:74:f7:81:4c:1f:9e:
         18:59:d2:52:7e:37:d5:19:8e:fc:a5:68:4b:60:7c:7a:fc:a3:
         b6:de:b9:4b:2b:31:1d:db:25:59:e2:71:10:2d:b0:85:b0:f4:
         72:98:eb:ab:2f:c0:18:e9:c7:d1:e4:d7:fa:88:89:56:f1:a3:
         42:66:84:84:06:06:5e:55:43:50:80:8c:d8:64:1b:bf:a3:c9:
         8b:23:53:5f:4e:f8:f3:6c:5a:62:c5:de:8b:f1:bc:0d:05:db:
         b6:df:fd:f8:1c:38:38:e4:5d:69:76:b3:0e:8d:cc:bb:52:42:
         de:78:38:82
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUMWJJP3FsL/BLF8TVzY4K0FLzOEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5
QkU1NzBFNzAeFw0yNTA1MTYwOTU1MDFaFw0yNjA1MTUxMDAwMDFaMDMxMTAvBgNV
BAMTKEY0Qjc2OTBBN0MxM0ZDRkIzMjg5MTE2QkZFNEE5RTMzNTk2RUNFNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCufstBq2H3vgV6+nWDM/95d++A
AZEOLdWNdnmyM8PSWRI/Cz/kBCd7lqChgFICv0CqGrEkMkDWO6T3GjX05gInsUmw
bm5pL5WpYytxgN5dDsYSXNG5+GPuwly2+SdssshUt+t1EmD1rO++I2CpPxb1pjUS
OYpxQyILCh30O8ECLqCJZFAV+S83BW1L/WLtSwGsjylAaf2GM2Eph8HLdemLnlZW
JqqqIYBPxNVMjY3X2CSnhDX6Gp/eRFWOPJayJrkx9IHICTpMMKkOpye9Lxpw3Ekr
dOEoINOAmK/5kubw6RZ9YBcaJ3X91G69JxFgh/W9d6B9YuUzR8xUtOaZ4I3HAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU9LdpCnwT/PsyiRFr/kqeM1luzlMwHwYDVR0j
BBgwFoAUZqa2DOAPOdPTwigCTIfSeZvlcOcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
YzA3NGNkOC0yODMwLTRlYWItYmRkNC1hODA3ZWM1MTE1ZGEvMC82NkE2QjYwQ0Uw
MEYzOUQzRDNDMjI4MDI0Qzg3RDI3OTlCRTU3MEU3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5QkU1
NzBFNy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdjMDc0Y2Q4LTI4MzAtNGVhYi1i
ZGQ0LWE4MDdlYzUxMTVkYS8wLzMxMzAzMzJlMzIzMDM5MmUzMjM0MzgyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQzNDMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9H4MA0GCSqG
SIb3DQEBCwUAA4IBAQBXrPojfewhmwhC3/IHYUgSHJGSSMbtCecCWFZERMEXfS6o
YslFiYo6h39MHYWfHYfaF1qSFMuH/27/8Z2mMHq91iWLvrmYAsxgzHI+fCDEaPOH
FxuyG37yrgsxAer8GfzJIcW7hmiH4K31oasjolMwHGATDkqosuR+0zYZDvDa/yPd
9zrnzbj/yuB094FMH54YWdJSfjfVGY78pWhLYHx6/KO23rlLKzEd2yVZ4nEQLbCF
sPRymOurL8AY6cfR5Nf6iIlW8aNCZoSEBgZeVUNQgIzYZBu/o8mLI1NfTvjzbFpi
xd6L8bwNBdu23/34HDg45F1pdrMOjcy7UkLeeDiC
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:39:52 2025 by rpki-client