Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a363030303a3a2f33352d3438203d3e20313430343233.roa
File:                     323430363a323063303a363030303a3a2f33352d3438203d3e20313430343233.roa (raw, json)
Hash identifier:          qB1wOCs4BRo/hQqUzK0z1A+VcMF+TGReKpAK2oziaGo=
Subject key identifier:   02:E8:DA:85:7C:20:27:05:38:11:C6:00:C2:AE:18:22:43:F1:77:33
Certificate issuer:       /CN=7CFD0F39FE2E90EA8B1F5D32D476E387352CB874
Certificate serial:       3EDCCBB57121CB0F8FAA0A41BEDE48A8B83FF433
Authority key identifier: 7C:FD:0F:39:FE:2E:90:EA:8B:1F:5D:32:D4:76:E3:87:35:2C:B8:74
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a363030303a3a2f33352d3438203d3e20313430343233.roa
Signing time:             Sun 03 Aug 2025 08:00:01 +0000
ROA not before:           Sun 03 Aug 2025 07:55:01 +0000
ROA not after:            Sun 02 Aug 2026 08:00:01 +0000
asID:                     140423
IP address blocks:        2406:20c0:6000::/35 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.crl
                          rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 Aug 2025 03:14:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:dc:cb:b5:71:21:cb:0f:8f:aa:0a:41:be:de:48:a8:b8:3f:f4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7CFD0F39FE2E90EA8B1F5D32D476E387352CB874
        Validity
            Not Before: Aug  3 07:55:01 2025 GMT
            Not After : Aug  2 08:00:01 2026 GMT
        Subject: CN=02E8DA857C2027053811C600C2AE182243F17733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a4:a8:0b:bc:e8:25:5d:a8:f4:d1:c1:5b:a8:
                    df:60:44:f7:68:b9:35:9a:af:34:7e:26:15:47:a7:
                    cc:96:7e:39:02:83:07:47:c1:33:cf:db:76:15:59:
                    c3:d5:18:29:66:0d:6c:6f:9c:8e:df:ab:c3:a5:05:
                    dc:7c:c6:4a:e0:84:6d:99:ab:97:1a:47:14:62:13:
                    5a:48:ae:90:ba:c7:69:8b:da:2b:ab:e5:b4:fb:d5:
                    77:9d:7b:09:66:ca:09:3e:9d:91:7e:62:89:9b:2f:
                    55:16:fe:b8:a9:8f:6e:8c:73:d5:66:16:2e:1e:1f:
                    66:95:6a:61:6e:f8:47:55:b8:5d:e0:87:be:10:e1:
                    25:3f:f1:82:5c:61:ac:fe:be:3d:3a:82:56:6d:32:
                    e6:64:c7:84:bd:c0:5a:e4:80:92:44:c2:a2:8d:35:
                    48:33:c9:c0:a0:f2:7d:e6:86:48:7c:ea:90:cb:44:
                    1a:19:23:c8:eb:ef:a8:dd:e5:ff:64:0d:6f:0a:83:
                    1b:ca:36:86:fe:fa:55:be:6b:d6:94:ec:e3:dc:8e:
                    5d:76:ea:b4:cd:9e:0d:5e:fa:f1:93:d3:91:88:13:
                    4c:63:36:5c:04:01:2a:cd:87:ff:27:e5:52:32:7f:
                    dc:0c:90:0e:d4:f3:7a:79:90:26:38:3b:83:f5:1c:
                    9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E8:DA:85:7C:20:27:05:38:11:C6:00:C2:AE:18:22:43:F1:77:33
            X509v3 Authority Key Identifier:
                keyid:7C:FD:0F:39:FE:2E:90:EA:8B:1F:5D:32:D4:76:E3:87:35:2C:B8:74

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a363030303a3a2f33352d3438203d3e20313430343233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:20c0:6000::/35

    Signature Algorithm: sha256WithRSAEncryption
         0d:35:a3:2e:35:b8:47:a6:ea:7f:d1:4d:e2:da:ac:88:cd:44:
         bd:ea:76:a7:03:c1:22:fa:a3:0e:57:46:f7:ef:4d:a8:0a:87:
         e1:b2:37:8d:be:5a:04:df:ef:75:bb:c5:d1:ce:9c:05:45:34:
         74:07:02:2a:db:79:e9:bd:f0:9a:a9:a2:95:54:21:f5:93:05:
         75:d7:7c:b6:49:a1:4d:ef:ec:bb:c4:ba:6d:e3:c1:c3:64:ac:
         ff:6e:e7:a0:26:1e:93:c2:2c:42:1e:1e:fd:41:1f:63:36:dc:
         a4:dd:39:56:02:87:c2:63:2f:fc:77:06:f2:c9:31:99:15:88:
         d4:e6:3c:29:c4:66:43:bb:5d:65:15:77:23:53:eb:89:ae:8a:
         04:a1:dc:02:0b:1c:88:dd:f5:5a:51:7a:57:05:af:34:60:0e:
         f5:8a:0b:ad:a3:22:bb:82:cb:a6:5c:69:1d:eb:96:e9:0b:54:
         df:93:e0:a6:5a:be:76:9e:22:d1:f9:71:b0:72:13:42:30:8c:
         36:74:f1:61:87:06:a4:e2:e8:fe:76:71:48:24:b4:8b:e5:1f:
         03:c4:5d:db:81:15:65:a0:06:6f:be:76:ca:dd:9b:5c:03:41:
         5f:f0:e9:6b:c3:61:68:d2:a2:90:98:7e:8b:f9:2b:ab:9a:37:
         4e:f7:df:ca
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUPtzLtXEhyw+PqgpBvt5IqLg/9DMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0NGRDBGMzlGRTJFOTBFQThCMUY1RDMyRDQ3NkUzODcz
NTJDQjg3NDAeFw0yNTA4MDMwNzU1MDFaFw0yNjA4MDIwODAwMDFaMDMxMTAvBgNV
BAMTKDAyRThEQTg1N0MyMDI3MDUzODExQzYwMEMyQUUxODIyNDNGMTc3MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCpKgLvOglXaj00cFbqN9gRPdo
uTWarzR+JhVHp8yWfjkCgwdHwTPP23YVWcPVGClmDWxvnI7fq8OlBdx8xkrghG2Z
q5caRxRiE1pIrpC6x2mL2iur5bT71Xedewlmygk+nZF+YombL1UW/ripj26Mc9Vm
Fi4eH2aVamFu+EdVuF3gh74Q4SU/8YJcYaz+vj06glZtMuZkx4S9wFrkgJJEwqKN
NUgzycCg8n3mhkh86pDLRBoZI8jr76jd5f9kDW8KgxvKNob++lW+a9aU7OPcjl12
6rTNng1e+vGT05GIE0xjNlwEASrNh/8n5VIyf9wMkA7U83p5kCY4O4P1HJ5xAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUAujahXwgJwU4EcYAwq4YIkPxdzMwHwYDVR0j
BBgwFoAUfP0POf4ukOqLH10y1HbjhzUsuHQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
OWEwMDM2OS02ODQwLTRhOTUtODliMS1hNDg1MThmOThkYzcvMC83Q0ZEMEYzOUZF
MkU5MEVBOEIxRjVEMzJENDc2RTM4NzM1MkNCODc0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0NGRDBGMzlGRTJFOTBFQThCMUY1RDMyRDQ3NkUzODczNTJD
Qjg3NC5jZXIwgawGCCsGAQUFBwELBIGfMIGcMIGZBggrBgEFBQcwC4aBjHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE5YTAwMzY5LTY4NDAtNGE5NS04
OWIxLWE0ODUxOGY5OGRjNy8wLzMyMzQzMDM2M2EzMjMwNjMzMDNhMzYzMDMwMzAz
YTNhMmYzMzM1MmQzNDM4MjAzZDNlMjAzMTM0MzAzNDMyMzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgUk
BiDAYDANBgkqhkiG9w0BAQsFAAOCAQEADTWjLjW4R6bqf9FN4tqsiM1Evep2pwPB
IvqjDldG9+9NqAqH4bI3jb5aBN/vdbvF0c6cBUU0dAcCKtt56b3wmqmilVQh9ZMF
ddd8tkmhTe/su8S6bePBw2Ss/27noCYek8IsQh4e/UEfYzbcpN05VgKHwmMv/HcG
8skxmRWI1OY8KcRmQ7tdZRV3I1Pria6KBKHcAgsciN31WlF6VwWvNGAO9YoLraMi
u4LLplxpHeuW6QtU35Pgplq+dp4i0flxsHITQjCMNnTxYYcGpOLo/nZxSCS0i+Uf
A8Rd24EVZaAGb752yt2bXANBX/Dpa8NhaNKikJh+i/krq5o3Tvffyg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:37:05 2025 by rpki-client