Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a3a2f33332d3438203d3e20313430343233.roa
File:                     323430363a323063303a3a2f33332d3438203d3e20313430343233.roa (raw, json)
Hash identifier:          sI1qXkcg4tjdRUAEMQbH6N7gWoKW9GAmHrMdOe982TA=
Subject key identifier:   E2:7B:29:CE:30:56:63:99:F0:22:3F:D4:A4:5C:CC:BB:F8:5D:F3:18
Certificate issuer:       /CN=7CFD0F39FE2E90EA8B1F5D32D476E387352CB874
Certificate serial:       6485BFBE3DBF2EBF2A7DD15D0BD3E4B557349C57
Authority key identifier: 7C:FD:0F:39:FE:2E:90:EA:8B:1F:5D:32:D4:76:E3:87:35:2C:B8:74
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a3a2f33332d3438203d3e20313430343233.roa
Signing time:             Sun 03 Aug 2025 07:00:00 +0000
ROA not before:           Sun 03 Aug 2025 06:55:00 +0000
ROA not after:            Sun 02 Aug 2026 07:00:00 +0000
asID:                     140423
IP address blocks:        2406:20c0::/33 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.crl
                          rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 Aug 2025 03:14:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:85:bf:be:3d:bf:2e:bf:2a:7d:d1:5d:0b:d3:e4:b5:57:34:9c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7CFD0F39FE2E90EA8B1F5D32D476E387352CB874
        Validity
            Not Before: Aug  3 06:55:00 2025 GMT
            Not After : Aug  2 07:00:00 2026 GMT
        Subject: CN=E27B29CE30566399F0223FD4A45CCCBBF85DF318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b5:ed:3e:31:37:e6:40:fe:45:49:e4:d8:59:
                    3d:e8:f0:66:1f:ed:96:8e:a7:6d:79:41:f0:97:12:
                    51:30:c0:f4:f9:03:61:1f:24:19:21:77:ef:b1:a4:
                    e3:c7:75:b2:3d:7b:f6:14:a5:e9:5a:88:3a:1b:de:
                    51:00:e4:00:9d:14:b3:0d:75:21:fd:40:25:50:3f:
                    bb:56:96:74:2f:85:49:5d:31:87:fb:1b:f4:e6:cf:
                    56:dc:54:a5:cb:12:77:52:bc:7e:f3:a9:5f:b0:c4:
                    c2:f9:9c:3a:ee:5c:35:a8:fa:94:29:cc:f2:5e:6c:
                    70:9a:13:1c:57:28:18:6c:e7:b6:ff:2a:7d:d8:db:
                    8e:d4:f2:21:20:e9:c4:0b:2d:f5:ce:15:69:d7:dc:
                    b2:44:d8:2e:07:26:90:c5:52:e9:84:cd:02:ef:56:
                    fd:0e:cf:bc:a8:c3:60:3e:fa:c1:cd:8d:5f:b0:b8:
                    e7:64:29:60:78:96:44:d3:eb:6e:63:b1:00:0a:8c:
                    97:e8:3b:c0:f0:9d:c8:e8:53:d3:ae:22:4e:23:73:
                    6c:27:49:f1:24:3b:ec:16:89:d3:42:54:46:af:fb:
                    a4:29:af:39:a2:37:8a:fb:49:a7:47:48:31:a5:16:
                    d7:ab:ac:39:c4:7e:ed:72:7c:ec:c0:cf:73:ad:96:
                    07:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7B:29:CE:30:56:63:99:F0:22:3F:D4:A4:5C:CC:BB:F8:5D:F3:18
            X509v3 Authority Key Identifier:
                keyid:7C:FD:0F:39:FE:2E:90:EA:8B:1F:5D:32:D4:76:E3:87:35:2C:B8:74

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7CFD0F39FE2E90EA8B1F5D32D476E387352CB874.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19a00369-6840-4a95-89b1-a48518f98dc7/0/323430363a323063303a3a2f33332d3438203d3e20313430343233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:20c0::/33

    Signature Algorithm: sha256WithRSAEncryption
         c2:31:cc:f3:80:e5:7e:20:14:34:70:58:ec:65:25:f9:16:e1:
         3b:9c:77:ef:2d:5a:9c:27:d3:26:cf:08:10:50:90:b8:e6:df:
         4e:36:36:e4:b3:63:ca:e1:95:30:b0:3e:97:5c:b3:37:5c:e7:
         6e:e6:7d:f6:62:47:cd:f6:4b:ed:37:14:eb:2a:88:4c:1a:6e:
         39:b9:07:1a:6c:58:fa:b5:3e:bd:c1:08:21:cd:3c:74:c0:80:
         35:40:b2:43:5e:26:6a:6a:0b:7d:3d:65:4d:65:1f:63:0a:5b:
         62:2f:45:04:22:96:e0:ae:fc:1c:f5:fc:ae:8b:56:26:1f:a3:
         f2:59:d4:f9:fa:dc:66:f8:e3:6b:d5:a9:85:e5:0d:8c:d5:0e:
         25:13:9b:cb:43:ca:87:58:d0:0c:33:19:a2:75:cd:e6:67:65:
         25:84:f3:89:d7:c7:f8:1e:aa:78:06:ab:86:05:09:96:b2:90:
         ef:62:9c:92:88:0f:02:44:12:e8:0c:51:e0:e1:9c:e0:c4:8a:
         a1:83:67:d6:0b:5a:2a:93:c4:08:0a:b8:65:d5:a6:81:c5:32:
         26:6a:71:34:c9:80:56:4b:df:d1:4f:26:43:4b:b0:aa:af:6c:
         e4:a4:93:f5:2c:b6:31:57:ad:7a:8d:e9:f5:09:65:3f:91:13:
         ee:04:27:5c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUZIW/vj2/Lr8qfdFdC9PktVc0nFcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0NGRDBGMzlGRTJFOTBFQThCMUY1RDMyRDQ3NkUzODcz
NTJDQjg3NDAeFw0yNTA4MDMwNjU1MDBaFw0yNjA4MDIwNzAwMDBaMDMxMTAvBgNV
BAMTKEUyN0IyOUNFMzA1NjYzOTlGMDIyM0ZENEE0NUNDQ0JCRjg1REYzMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3te0+MTfmQP5FSeTYWT3o8GYf
7ZaOp215QfCXElEwwPT5A2EfJBkhd++xpOPHdbI9e/YUpelaiDob3lEA5ACdFLMN
dSH9QCVQP7tWlnQvhUldMYf7G/Tmz1bcVKXLEndSvH7zqV+wxML5nDruXDWo+pQp
zPJebHCaExxXKBhs57b/Kn3Y247U8iEg6cQLLfXOFWnX3LJE2C4HJpDFUumEzQLv
Vv0Oz7yow2A++sHNjV+wuOdkKWB4lkTT625jsQAKjJfoO8DwncjoU9OuIk4jc2wn
SfEkO+wWidNCVEav+6QprzmiN4r7SadHSDGlFterrDnEfu1yfOzAz3OtlgdPAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQU4nspzjBWY5nwIj/UpFzMu/hd8xgwHwYDVR0j
BBgwFoAUfP0POf4ukOqLH10y1HbjhzUsuHQwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8x
OWEwMDM2OS02ODQwLTRhOTUtODliMS1hNDg1MThmOThkYzcvMC83Q0ZEMEYzOUZF
MkU5MEVBOEIxRjVEMzJENDc2RTM4NzM1MkNCODc0LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0NGRDBGMzlGRTJFOTBFQThCMUY1RDMyRDQ3NkUzODczNTJD
Qjg3NC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzE5YTAwMzY5LTY4NDAtNGE5NS04
OWIxLWE0ODUxOGY5OGRjNy8wLzMyMzQzMDM2M2EzMjMwNjMzMDNhM2EyZjMzMzMy
ZDM0MzgyMDNkM2UyMDMxMzQzMDM0MzIzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGByQGIMAAMA0GCSqG
SIb3DQEBCwUAA4IBAQDCMczzgOV+IBQ0cFjsZSX5FuE7nHfvLVqcJ9MmzwgQUJC4
5t9ONjbks2PK4ZUwsD6XXLM3XOdu5n32YkfN9kvtNxTrKohMGm45uQcabFj6tT69
wQghzTx0wIA1QLJDXiZqagt9PWVNZR9jCltiL0UEIpbgrvwc9fyui1YmH6PyWdT5
+txm+ONr1amF5Q2M1Q4lE5vLQ8qHWNAMMxmidc3mZ2UlhPOJ18f4Hqp4BquGBQmW
spDvYpySiA8CRBLoDFHg4ZzgxIqhg2fWC1oqk8QICrhl1aaBxTImanE0yYBWS9/R
TyZDS7Cqr2zkpJP1LLYxV616jen1CWU/kRPuBCdc
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:38:14 2025 by rpki-client