Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/323430363a623734303a3a2f33322d3332203d3e20313431313235.roa
File:                     323430363a623734303a3a2f33322d3332203d3e20313431313235.roa (raw, json)
Hash identifier:          QqT8D5lkBG4hSbXhFLTMPSoaBkT256vJUAYJ7NnLOL4=
Subject key identifier:   C0:D2:D4:CB:13:91:EC:9E:0A:AF:41:03:C9:4E:74:9C:D3:F1:6B:AF
Certificate issuer:       /CN=FD0F38979237143A0D44165912E79E2FACD5A3BA
Certificate serial:       4CA6DC6054E1FDCF495081B8D9423685F88DB05A
Authority key identifier: FD:0F:38:97:92:37:14:3A:0D:44:16:59:12:E7:9E:2F:AC:D5:A3:BA
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FD0F38979237143A0D44165912E79E2FACD5A3BA.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/323430363a623734303a3a2f33322d3332203d3e20313431313235.roa
Signing time:             Fri 08 Aug 2025 16:03:37 +0000
ROA not before:           Fri 08 Aug 2025 15:58:37 +0000
ROA not after:            Fri 07 Aug 2026 16:03:37 +0000
asID:                     141125
IP address blocks:        2406:b740::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/FD0F38979237143A0D44165912E79E2FACD5A3BA.crl
                          rsync://repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/FD0F38979237143A0D44165912E79E2FACD5A3BA.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FD0F38979237143A0D44165912E79E2FACD5A3BA.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 19:29:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:a6:dc:60:54:e1:fd:cf:49:50:81:b8:d9:42:36:85:f8:8d:b0:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FD0F38979237143A0D44165912E79E2FACD5A3BA
        Validity
            Not Before: Aug  8 15:58:37 2025 GMT
            Not After : Aug  7 16:03:37 2026 GMT
        Subject: CN=C0D2D4CB1391EC9E0AAF4103C94E749CD3F16BAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:06:df:cc:0b:60:7c:db:98:33:66:4c:77:d4:
                    a4:ed:f7:e0:ba:6c:30:fc:f9:32:4b:3a:e1:46:73:
                    7e:0e:56:7d:47:e6:eb:89:10:ee:48:d2:50:3f:0a:
                    94:63:d1:6a:a3:0f:b9:04:8b:ae:b3:ac:d2:d3:77:
                    3b:cb:9a:e2:d5:c7:07:fb:05:e3:73:34:18:65:68:
                    47:53:ca:fa:eb:32:a2:81:03:87:51:7e:43:e5:00:
                    70:b9:26:99:07:83:9a:34:b3:5c:ad:15:6a:6e:fa:
                    1d:43:c1:d1:8b:32:1d:00:0b:a3:f6:9e:84:d4:89:
                    19:50:ef:27:b2:3e:77:f8:b8:29:0d:b0:6f:0d:1e:
                    70:e3:f3:ad:d7:ae:20:04:fd:48:0a:80:0e:98:4d:
                    76:e8:dd:ee:75:cc:e4:cb:5a:99:03:af:4e:27:2a:
                    f5:e1:20:13:9c:6c:00:51:45:84:89:f5:7a:f5:74:
                    00:82:a9:d6:73:d2:09:88:6b:f8:55:44:7b:e9:db:
                    41:8a:35:2a:04:a4:eb:36:e7:d0:4c:f6:58:24:d5:
                    35:03:c1:f9:b0:e3:3f:7f:f7:bc:57:d0:23:6f:e7:
                    fd:d6:41:30:76:36:da:39:b8:76:80:ff:d8:4c:c2:
                    da:4f:a8:b7:60:70:5c:95:c3:d3:74:c3:cc:09:46:
                    5f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D2:D4:CB:13:91:EC:9E:0A:AF:41:03:C9:4E:74:9C:D3:F1:6B:AF
            X509v3 Authority Key Identifier:
                keyid:FD:0F:38:97:92:37:14:3A:0D:44:16:59:12:E7:9E:2F:AC:D5:A3:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/FD0F38979237143A0D44165912E79E2FACD5A3BA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/FD0F38979237143A0D44165912E79E2FACD5A3BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/7d68500c-49f8-4f01-8774-f7c3164a0a58/0/323430363a623734303a3a2f33322d3332203d3e20313431313235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:b740::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:76:ca:b4:dc:d9:61:26:93:61:b1:77:60:b2:48:e3:16:79:
         ea:ec:1c:13:6d:5f:9c:9e:bd:a7:c0:83:0d:b2:1d:a2:78:71:
         13:f6:e0:43:b8:fe:5f:75:0f:b5:78:d0:cd:ea:2b:ae:ba:6f:
         23:f5:f4:65:30:a4:d9:a2:b1:7a:82:bb:16:4e:49:ee:68:34:
         70:3f:e9:62:2a:c3:a0:e4:4e:80:0e:4c:32:5c:a0:31:1e:84:
         f3:99:53:f3:1d:d6:bc:bc:bb:23:c3:58:94:9b:e8:12:06:fa:
         21:25:2e:f3:a1:18:c9:5a:fd:51:2e:83:14:d0:5f:ee:47:28:
         4f:3d:ef:38:16:d1:65:0c:38:e5:9f:3c:17:d7:00:b5:3f:65:
         6a:01:ab:cb:8e:f7:a0:bb:c9:0d:56:b6:ef:70:81:01:d6:24:
         23:c1:15:19:0b:f2:a4:c7:b9:37:24:b2:44:31:d3:df:dd:fe:
         80:58:b6:d6:c8:37:4f:d3:53:dc:c6:19:56:6f:d2:7d:56:82:
         17:7f:c4:66:e2:15:ec:53:95:0a:6f:a6:16:6c:ac:5e:d1:ec:
         59:68:6d:23:2d:d0:04:fc:17:6d:ce:d9:21:13:60:76:19:1a:
         90:7e:4d:29:4c:fb:6c:13:5a:e6:55:30:07:aa:eb:6d:cf:ff:
         b0:e2:5e:2d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUTKbcYFTh/c9JUIG42UI2hfiNsFowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkQwRjM4OTc5MjM3MTQzQTBENDQxNjU5MTJFNzlFMkZB
Q0Q1QTNCQTAeFw0yNTA4MDgxNTU4MzdaFw0yNjA4MDcxNjAzMzdaMDMxMTAvBgNV
BAMTKEMwRDJENENCMTM5MUVDOUUwQUFGNDEwM0M5NEU3NDlDRDNGMTZCQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWBt/MC2B825gzZkx31KTt9+C6
bDD8+TJLOuFGc34OVn1H5uuJEO5I0lA/CpRj0WqjD7kEi66zrNLTdzvLmuLVxwf7
BeNzNBhlaEdTyvrrMqKBA4dRfkPlAHC5JpkHg5o0s1ytFWpu+h1DwdGLMh0AC6P2
noTUiRlQ7yeyPnf4uCkNsG8NHnDj863XriAE/UgKgA6YTXbo3e51zOTLWpkDr04n
KvXhIBOcbABRRYSJ9Xr1dACCqdZz0gmIa/hVRHvp20GKNSoEpOs259BM9lgk1TUD
wfmw4z9/97xX0CNv5/3WQTB2Nto5uHaA/9hMwtpPqLdgcFyVw9N0w8wJRl9JAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUwNLUyxOR7J4Kr0EDyU50nNPxa68wHwYDVR0j
BBgwFoAU/Q84l5I3FDoNRBZZEueeL6zVo7owDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
ZDY4NTAwYy00OWY4LTRmMDEtODc3NC1mN2MzMTY0YTBhNTgvMC9GRDBGMzg5Nzky
MzcxNDNBMEQ0NDE2NTkxMkU3OUUyRkFDRDVBM0JBLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRkQwRjM4OTc5MjM3MTQzQTBENDQxNjU5MTJFNzlFMkZBQ0Q1
QTNCQS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzdkNjg1MDBjLTQ5ZjgtNGYwMS04
Nzc0LWY3YzMxNjRhMGE1OC8wLzMyMzQzMDM2M2E2MjM3MzQzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDMxMzQzMTMxMzIzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQGt0AwDQYJKoZI
hvcNAQELBQADggEBAAZ2yrTc2WEmk2Gxd2CySOMWeersHBNtX5yevafAgw2yHaJ4
cRP24EO4/l91D7V40M3qK666byP19GUwpNmisXqCuxZOSe5oNHA/6WIqw6DkToAO
TDJcoDEehPOZU/Md1ry8uyPDWJSb6BIG+iElLvOhGMla/VEugxTQX+5HKE897zgW
0WUMOOWfPBfXALU/ZWoBq8uO96C7yQ1Wtu9wgQHWJCPBFRkL8qTHuTckskQx09/d
/oBYttbIN0/TU9zGGVZv0n1Wghd/xGbiFexTlQpvphZsrF7R7FlobSMt0AT8F23O
2SETYHYZGpB+TSlM+2wTWuZVMAeq623P/7DiXi0=
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:38:17 2025 by rpki-client