Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa
File:                     3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa (raw, json)
Hash identifier:          x8Z7hSmFA0UmwFhQsexxF7M1z59ksll1UR5BKgdWN7E=
Subject key identifier:   42:D1:B8:D5:15:BE:4B:31:D8:8C:A4:71:80:5F:9C:0B:DF:0B:AD:6B
Certificate issuer:       /CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
Certificate serial:       3D96097073F2DB094079E58849EC52FEEE49C6F7
Authority key identifier: 66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa
Signing time:             Fri 16 May 2025 12:00:01 +0000
ROA not before:           Fri 16 May 2025 11:55:01 +0000
ROA not after:            Fri 15 May 2026 12:00:01 +0000
asID:                     17440
IP address blocks:        103.209.250.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl
                          rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 10:43:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:96:09:70:73:f2:db:09:40:79:e5:88:49:ec:52:fe:ee:49:c6:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66A6B60CE00F39D3D3C228024C87D2799BE570E7
        Validity
            Not Before: May 16 11:55:01 2025 GMT
            Not After : May 15 12:00:01 2026 GMT
        Subject: CN=42D1B8D515BE4B31D88CA471805F9C0BDF0BAD6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3b:38:e5:e8:c5:37:c1:bb:c0:48:ed:95:eb:
                    2d:9b:99:7e:b8:76:01:e0:7b:00:7f:df:b3:5d:62:
                    34:30:a6:16:a6:70:8b:e2:82:cd:a6:07:e1:fa:d0:
                    fb:d2:4f:91:9b:0d:dc:1d:2f:1e:96:bc:80:7e:73:
                    d6:9d:d2:b8:4f:17:1b:1e:4c:19:15:9b:27:36:c8:
                    50:a3:24:43:cc:e3:4c:4c:b5:7c:5a:cd:d1:43:bc:
                    6c:0a:54:52:ce:b1:41:26:79:94:8f:65:64:01:56:
                    73:23:cb:e5:4f:11:40:6b:92:55:3f:a3:f7:1a:cb:
                    ff:87:5e:4e:ef:d3:e7:72:08:ac:a3:54:39:cd:a8:
                    0c:3e:f0:c2:c7:29:c0:65:1c:96:ca:f6:3a:a3:bf:
                    af:c1:2f:02:33:ab:e2:73:b9:a6:9e:35:25:c9:42:
                    b7:67:1a:41:3b:33:38:63:ed:56:cf:99:2e:2c:d5:
                    2c:e4:fd:ef:64:e1:2a:07:2c:c7:ca:e6:82:f0:88:
                    bc:90:a2:e7:c4:9e:9e:c2:e6:a4:bc:3a:c7:cd:a5:
                    cb:9b:c3:fe:ff:6e:ab:d8:1c:91:eb:46:04:fa:f7:
                    89:90:96:6d:f8:db:0f:b9:0a:e0:e0:6e:67:04:58:
                    7b:d8:bd:eb:b6:db:6d:fd:a2:5e:ba:7c:c7:26:e6:
                    98:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D1:B8:D5:15:BE:4B:31:D8:8C:A4:71:80:5F:9C:0B:DF:0B:AD:6B
            X509v3 Authority Key Identifier:
                keyid:66:A6:B6:0C:E0:0F:39:D3:D3:C2:28:02:4C:87:D2:79:9B:E5:70:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/66A6B60CE00F39D3D3C228024C87D2799BE570E7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/66A6B60CE00F39D3D3C228024C87D2799BE570E7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7c074cd8-2830-4eab-bdd4-a807ec5115da/0/3130332e3230392e3235302e302f32332d3233203d3e203137343430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.209.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:26:99:bb:45:3e:cf:1e:45:6e:ce:d9:8f:c3:31:23:d4:25:
         0c:9d:10:2e:cc:ad:76:3b:08:df:39:f4:e5:94:99:9d:51:c8:
         50:f1:3a:56:2e:e0:8e:a5:e6:46:28:8b:75:4c:e1:eb:68:74:
         86:dc:d5:47:09:92:04:15:e4:8f:fe:41:71:85:c6:ec:e5:76:
         d8:c7:f1:56:27:01:e3:bc:18:dd:a6:cd:77:8b:ff:be:1a:a2:
         8c:19:ad:99:23:ee:a9:dc:5f:7e:59:51:ee:a1:1a:e4:4f:90:
         5e:64:cc:61:10:ad:d9:e1:3c:e4:bd:95:cb:ea:7a:2a:37:8b:
         1a:c1:4a:c4:57:1a:f4:e9:de:87:ac:e5:83:7d:1c:4a:9f:ff:
         92:58:3f:3d:ec:c6:99:10:bf:dc:fe:cb:d7:c4:b6:be:2e:ed:
         e2:e6:8d:af:32:67:d9:4f:a4:ca:43:33:d9:8b:78:03:1b:b5:
         45:ea:ad:58:44:18:29:5f:14:1c:df:f8:4f:bf:a6:e2:ec:2f:
         0c:e9:18:90:47:62:20:e2:4a:88:ce:3d:16:47:fb:75:78:1d:
         0e:fe:83:b6:49:72:7d:25:f8:c5:9c:d0:8b:12:76:32:d5:96:
         90:bf:b6:97:f4:a2:f2:09:ac:4e:fc:ae:e5:3a:97:71:7a:43:
         b5:f0:c0:5e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUPZYJcHPy2wlAeeWISexS/u5JxvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5
QkU1NzBFNzAeFw0yNTA1MTYxMTU1MDFaFw0yNjA1MTUxMjAwMDFaMDMxMTAvBgNV
BAMTKDQyRDFCOEQ1MTVCRTRCMzFEODhDQTQ3MTgwNUY5QzBCREYwQkFENkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNOzjl6MU3wbvASO2V6y2bmX64
dgHgewB/37NdYjQwphamcIvigs2mB+H60PvST5GbDdwdLx6WvIB+c9ad0rhPFxse
TBkVmyc2yFCjJEPM40xMtXxazdFDvGwKVFLOsUEmeZSPZWQBVnMjy+VPEUBrklU/
o/cay/+HXk7v0+dyCKyjVDnNqAw+8MLHKcBlHJbK9jqjv6/BLwIzq+JzuaaeNSXJ
QrdnGkE7Mzhj7VbPmS4s1Szk/e9k4SoHLMfK5oLwiLyQoufEnp7C5qS8OsfNpcub
w/7/bqvYHJHrRgT694mQlm342w+5CuDgbmcEWHvYveu22239ol66fMcm5pi7AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUQtG41RW+SzHYjKRxgF+cC98LrWswHwYDVR0j
BBgwFoAUZqa2DOAPOdPTwigCTIfSeZvlcOcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
YzA3NGNkOC0yODMwLTRlYWItYmRkNC1hODA3ZWM1MTE1ZGEvMC82NkE2QjYwQ0Uw
MEYzOUQzRDNDMjI4MDI0Qzg3RDI3OTlCRTU3MEU3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjZBNkI2MENFMDBGMzlEM0QzQzIyODAyNEM4N0QyNzk5QkU1
NzBFNy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdjMDc0Y2Q4LTI4MzAtNGVhYi1i
ZGQ0LWE4MDdlYzUxMTVkYS8wLzMxMzAzMzJlMzIzMDM5MmUzMjM1MzAyZTMwMmYz
MjMzMmQzMjMzMjAzZDNlMjAzMTM3MzQzNDMwLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ9H6MA0GCSqG
SIb3DQEBCwUAA4IBAQB3Jpm7RT7PHkVuztmPwzEj1CUMnRAuzK12OwjfOfTllJmd
UchQ8TpWLuCOpeZGKIt1TOHraHSG3NVHCZIEFeSP/kFxhcbs5XbYx/FWJwHjvBjd
ps13i/++GqKMGa2ZI+6p3F9+WVHuoRrkT5BeZMxhEK3Z4TzkvZXL6noqN4sawUrE
Vxr06d6HrOWDfRxKn/+SWD897MaZEL/c/svXxLa+Lu3i5o2vMmfZT6TKQzPZi3gD
G7VF6q1YRBgpXxQc3/hPv6bi7C8M6RiQR2Ig4kqIzj0WR/t1eB0O/oO2SXJ9JfjF
nNCLEnYy1ZaQv7aX9KLyCaxO/K7lOpdxekO18MBe
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:20:35 2025 by rpki-client