Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/3130332e3134372e3232302e302f32332d3234203d3e20313339393639.roa
File:                     3130332e3134372e3232302e302f32332d3234203d3e20313339393639.roa (raw, json)
Hash identifier:          1oyOtVjk62XnsKC1vK32tmLaEZwZLuTAQ3Yr7rjhcoM=
Subject key identifier:   8C:4D:C1:D4:DD:9A:F3:D3:20:00:F2:02:31:2E:30:5A:AE:92:FD:E8
Certificate issuer:       /CN=13D80EA535A5CA2E0E00F7C776A471C5E5A5A479
Certificate serial:       512F9244ED61C1576F64175E9010624A61FE89B5
Authority key identifier: 13:D8:0E:A5:35:A5:CA:2E:0E:00:F7:C7:76:A4:71:C5:E5:A5:A4:79
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/3130332e3134372e3232302e302f32332d3234203d3e20313339393639.roa
Signing time:             Tue 10 Jun 2025 01:00:00 +0000
ROA not before:           Tue 10 Jun 2025 00:55:00 +0000
ROA not after:            Tue 09 Jun 2026 01:00:00 +0000
asID:                     139969
IP address blocks:        103.147.220.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.crl
                          rsync://repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 13 Jun 2025 04:26:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:2f:92:44:ed:61:c1:57:6f:64:17:5e:90:10:62:4a:61:fe:89:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13D80EA535A5CA2E0E00F7C776A471C5E5A5A479
        Validity
            Not Before: Jun 10 00:55:00 2025 GMT
            Not After : Jun  9 01:00:00 2026 GMT
        Subject: CN=8C4DC1D4DD9AF3D32000F202312E305AAE92FDE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bc:4e:dd:35:7f:ea:2f:ad:08:0f:6b:c5:ea:
                    22:37:b8:02:3c:52:90:83:19:5f:e2:2d:89:70:49:
                    d0:1e:5c:7a:ed:ae:e2:6a:08:60:7b:4f:ea:67:26:
                    03:e9:17:66:d6:99:2c:81:54:67:78:ad:0b:b1:04:
                    9d:b0:e9:03:26:d1:cf:2c:8a:e8:7e:9e:b2:35:fc:
                    83:d6:05:71:48:e6:c5:ce:e5:95:41:9d:50:a6:78:
                    09:ff:75:f4:43:ce:54:45:8a:d6:0c:5b:85:f2:ca:
                    6f:20:9b:f2:d6:e2:89:f4:62:af:09:a2:d9:12:b1:
                    80:e0:a8:e8:2c:43:01:02:43:26:f5:14:b3:1c:a2:
                    37:36:33:a6:31:6d:be:86:3e:c1:c3:22:3b:d0:e9:
                    c7:a6:3b:af:1f:95:48:45:bf:24:63:d0:04:4d:ee:
                    b7:c2:c9:28:02:57:30:cd:f2:71:5e:2e:17:1a:f8:
                    30:ba:c9:ed:95:9e:bb:72:76:a8:d8:22:fd:c5:51:
                    2b:ec:90:67:a1:3c:d4:43:b6:18:1c:3b:8b:99:95:
                    2c:34:31:17:f6:2d:1d:18:a7:fe:1c:d8:ca:97:36:
                    87:83:9e:9b:41:eb:1b:05:07:26:ec:52:40:49:96:
                    05:9d:df:f2:00:c4:94:1e:95:f3:e9:08:83:36:07:
                    48:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:4D:C1:D4:DD:9A:F3:D3:20:00:F2:02:31:2E:30:5A:AE:92:FD:E8
            X509v3 Authority Key Identifier:
                keyid:13:D8:0E:A5:35:A5:CA:2E:0E:00:F7:C7:76:A4:71:C5:E5:A5:A4:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/13D80EA535A5CA2E0E00F7C776A471C5E5A5A479.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/95c321eb-15f8-4646-b053-f199d6fa7f53/0/3130332e3134372e3232302e302f32332d3234203d3e20313339393639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.147.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:2f:3e:3f:a7:ff:8b:a9:e4:bf:b4:08:22:b5:cd:ed:ba:8e:
         d9:a6:05:59:22:e7:ce:81:da:f0:b4:27:00:a1:85:6b:6a:66:
         68:4f:d5:25:68:c7:e8:1b:0e:7d:03:af:3f:40:0c:3b:c8:b0:
         e9:cb:b3:68:36:85:e3:cb:b7:62:51:6a:12:69:95:f0:bb:5a:
         e0:1f:0f:d1:c4:4d:a7:d2:60:4a:16:97:77:87:cd:f3:97:af:
         74:e1:0d:80:d7:26:26:f5:1d:05:e7:33:58:4b:b2:a6:14:6f:
         89:e7:1c:cb:0a:47:0e:fd:e9:5e:8d:a8:28:5b:22:64:2a:94:
         44:68:6c:76:44:57:38:67:81:27:e7:38:33:4e:a3:61:21:8f:
         f8:47:75:a1:e2:af:7e:a3:71:47:c0:0d:49:fe:93:ff:21:d7:
         53:b3:03:21:f9:9e:33:0f:3f:2f:2b:54:83:7d:5b:90:a3:55:
         7c:de:8f:e8:91:67:a3:55:d9:d5:60:55:7e:7e:bb:28:ff:15:
         fd:47:64:d8:1c:50:1a:6b:1c:99:8e:85:8a:8c:70:9e:90:4c:
         96:8b:7b:02:78:a1:05:53:c2:79:d9:e1:cc:4a:31:2d:0b:a2:
         37:24:1a:7b:e7:13:ae:b6:5b:28:8a:23:d6:9a:7e:44:13:cb:
         60:de:24:87
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIUUS+SRO1hwVdvZBdekBBiSmH+ibUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTNEODBFQTUzNUE1Q0EyRTBFMDBGN0M3NzZBNDcxQzVF
NUE1QTQ3OTAeFw0yNTA2MTAwMDU1MDBaFw0yNjA2MDkwMTAwMDBaMDMxMTAvBgNV
BAMTKDhDNERDMUQ0REQ5QUYzRDMyMDAwRjIwMjMxMkUzMDVBQUU5MkZERTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZvE7dNX/qL60ID2vF6iI3uAI8
UpCDGV/iLYlwSdAeXHrtruJqCGB7T+pnJgPpF2bWmSyBVGd4rQuxBJ2w6QMm0c8s
iuh+nrI1/IPWBXFI5sXO5ZVBnVCmeAn/dfRDzlRFitYMW4Xyym8gm/LW4on0Yq8J
otkSsYDgqOgsQwECQyb1FLMcojc2M6Yxbb6GPsHDIjvQ6cemO68flUhFvyRj0ARN
7rfCySgCVzDN8nFeLhca+DC6ye2VnrtydqjYIv3FUSvskGehPNRDthgcO4uZlSw0
MRf2LR0Yp/4c2MqXNoeDnptB6xsFBybsUkBJlgWd3/IAxJQelfPpCIM2B0gjAgMB
AAGjggI2MIICMjAdBgNVHQ4EFgQUjE3B1N2a89MgAPICMS4wWq6S/egwHwYDVR0j
BBgwFoAUE9gOpTWlyi4OAPfHdqRxxeWlpHkwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
NWMzMjFlYi0xNWY4LTQ2NDYtYjA1My1mMTk5ZDZmYTdmNTMvMC8xM0Q4MEVBNTM1
QTVDQTJFMEUwMEY3Qzc3NkE0NzFDNUU1QTVBNDc5LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTNEODBFQTUzNUE1Q0EyRTBFMDBGN0M3NzZBNDcxQzVFNUE1
QTQ3OS5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzk1YzMyMWViLTE1ZjgtNDY0Ni1i
MDUzLWYxOTlkNmZhN2Y1My8wLzMxMzAzMzJlMzEzNDM3MmUzMjMyMzAyZTMwMmYz
MjMzMmQzMjM0MjAzZDNlMjAzMTMzMzkzOTM2Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnk9wwDQYJ
KoZIhvcNAQELBQADggEBAG0vPj+n/4up5L+0CCK1ze26jtmmBVki586B2vC0JwCh
hWtqZmhP1SVox+gbDn0Drz9ADDvIsOnLs2g2hePLt2JRahJplfC7WuAfD9HETafS
YEoWl3eHzfOXr3ThDYDXJib1HQXnM1hLsqYUb4nnHMsKRw796V6NqChbImQqlERo
bHZEVzhngSfnODNOo2Ehj/hHdaHir36jcUfADUn+k/8h11OzAyH5njMPPy8rVIN9
W5CjVXzej+iRZ6NV2dVgVX5+uyj/Ff1HZNgcUBprHJmOhYqMcJ6QTJaLewJ4oQVT
wnnZ4cxKMS0LojckGnvnE662WyiKI9aafkQTy2DeJIc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 09:28:41 2025 by rpki-client