Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a313030303a3a2f34382d3438203d3e203539323738.roa
File:                     323430323a363938303a313030303a3a2f34382d3438203d3e203539323738.roa (raw, json)
Hash identifier:          Cf4F1dHsLMAEwRXj/sLvggNAyN9aUktmarNyz8vl8uk=
Subject key identifier:   B4:CE:9A:93:08:CE:00:27:D7:13:7A:90:5A:AB:15:77:17:5D:89:AF
Certificate issuer:       /CN=2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD
Certificate serial:       3E01515429092B71B215E9E14AAC3E85BF1AF610
Authority key identifier: 2D:23:11:F5:63:DF:0A:F8:EB:EF:DA:21:87:16:26:B5:DD:78:C5:BD
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a313030303a3a2f34382d3438203d3e203539323738.roa
Signing time:             Thu 03 Jul 2025 06:02:21 +0000
ROA not before:           Thu 03 Jul 2025 05:57:21 +0000
ROA not after:            Thu 02 Jul 2026 06:02:21 +0000
asID:                     59278
IP address blocks:        2402:6980:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.crl
                          rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 00:19:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:01:51:54:29:09:2b:71:b2:15:e9:e1:4a:ac:3e:85:bf:1a:f6:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD
        Validity
            Not Before: Jul  3 05:57:21 2025 GMT
            Not After : Jul  2 06:02:21 2026 GMT
        Subject: CN=B4CE9A9308CE0027D7137A905AAB1577175D89AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b2:a0:ba:8b:ec:0b:c7:dc:81:82:c0:75:5d:
                    d7:33:1f:6f:d2:bd:b7:00:98:79:53:0c:d9:e9:79:
                    b2:71:58:3e:5e:37:94:dd:55:53:2d:02:47:99:51:
                    68:7e:d7:28:f6:9c:2e:36:c3:5d:53:58:f8:67:c7:
                    a2:4d:02:f8:0d:7c:5e:fc:ef:f3:70:20:e0:ef:54:
                    66:c9:ea:24:1b:7d:c9:e7:ae:18:bf:32:a3:62:4f:
                    33:60:66:28:c1:63:1e:4f:b1:a6:8b:2a:c1:4c:27:
                    a0:17:49:e9:51:3b:f0:bd:01:bd:a2:a1:d1:73:a7:
                    e4:af:59:41:15:a9:7f:16:0c:34:52:26:11:1b:c9:
                    18:8d:a9:4a:a0:d0:8f:ba:8c:d6:c4:00:0a:ea:eb:
                    20:a2:d6:0e:34:23:79:1b:e9:4a:4c:31:17:64:8c:
                    78:2e:54:43:99:d9:c3:e9:3b:bd:8a:f8:54:63:9a:
                    31:e0:1e:96:20:3b:d6:0a:e9:d9:8b:17:25:40:d9:
                    2e:14:6b:72:7f:81:1d:45:c8:14:2b:a2:5d:fd:14:
                    07:f7:a2:73:f0:ab:6c:ae:a2:db:70:4f:24:49:63:
                    3e:fe:15:d5:2d:67:86:cf:a2:9f:bc:4c:61:0a:a2:
                    fd:69:33:ce:b1:f9:c7:2f:97:13:15:c8:ed:36:98:
                    62:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CE:9A:93:08:CE:00:27:D7:13:7A:90:5A:AB:15:77:17:5D:89:AF
            X509v3 Authority Key Identifier:
                keyid:2D:23:11:F5:63:DF:0A:F8:EB:EF:DA:21:87:16:26:B5:DD:78:C5:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a313030303a3a2f34382d3438203d3e203539323738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:6980:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:f3:dc:c2:2d:0f:f0:08:65:84:42:93:3b:e4:75:d3:13:d3:
         f3:a9:89:98:3c:cb:0d:a2:4a:a3:dc:09:41:b1:93:40:03:11:
         de:5a:14:b7:a4:57:0c:a4:30:b8:e5:a2:dc:d2:35:50:31:fb:
         51:c7:cb:21:c3:88:83:7a:7a:6c:bd:2e:d7:d2:4e:fd:09:52:
         2f:8c:06:d2:0f:8c:33:c9:e5:ef:f0:ba:de:15:c8:e3:b3:dd:
         1e:d2:88:e3:85:5f:a2:bc:f6:f3:bc:45:cf:1e:8e:6a:68:15:
         35:9f:e4:9f:8e:8c:22:49:90:4b:d2:c6:c7:87:4b:ac:ee:61:
         97:fc:35:30:ff:3d:f0:6e:05:d7:27:ad:fc:3c:31:2d:b6:55:
         b3:a7:de:94:59:25:e9:04:80:b7:04:81:fe:01:2e:60:09:4d:
         ab:0b:a8:12:c9:90:dc:f6:0e:f4:3e:a4:c6:1d:09:1c:83:fe:
         ba:a2:83:dc:49:fd:f5:4e:6f:52:63:d4:30:68:17:54:ef:88:
         db:ab:0c:45:3b:38:0a:38:88:88:69:7a:62:65:83:0a:80:79:
         cd:30:95:af:53:a4:e1:17:b0:68:28:c9:40:72:bd:7e:fc:53:
         94:20:d8:7a:44:c2:f4:fe:33:c6:64:06:16:09:fd:72:98:cb:
         7a:4d:db:b1
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUPgFRVCkJK3GyFenhSqw+hb8a9hAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkQyMzExRjU2M0RGMEFGOEVCRUZEQTIxODcxNjI2QjVE
RDc4QzVCRDAeFw0yNTA3MDMwNTU3MjFaFw0yNjA3MDIwNjAyMjFaMDMxMTAvBgNV
BAMTKEI0Q0U5QTkzMDhDRTAwMjdENzEzN0E5MDVBQUIxNTc3MTc1RDg5QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgsqC6i+wLx9yBgsB1XdczH2/S
vbcAmHlTDNnpebJxWD5eN5TdVVMtAkeZUWh+1yj2nC42w11TWPhnx6JNAvgNfF78
7/NwIODvVGbJ6iQbfcnnrhi/MqNiTzNgZijBYx5PsaaLKsFMJ6AXSelRO/C9Ab2i
odFzp+SvWUEVqX8WDDRSJhEbyRiNqUqg0I+6jNbEAArq6yCi1g40I3kb6UpMMRdk
jHguVEOZ2cPpO72K+FRjmjHgHpYgO9YK6dmLFyVA2S4Ua3J/gR1FyBQrol39FAf3
onPwq2yuottwTyRJYz7+FdUtZ4bPop+8TGEKov1pM86x+ccvlxMVyO02mGJXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUtM6akwjOACfXE3qQWqsVdxddia8wHwYDVR0j
BBgwFoAULSMR9WPfCvjr79ohhxYmtd14xb0wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
ZjFjNzlmMS0yNjRlLTQyM2YtOWUwOC0wYjI5MDBkYTY5NDkvMC8yRDIzMTFGNTYz
REYwQUY4RUJFRkRBMjE4NzE2MjZCNURENzhDNUJELmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMkQyMzExRjU2M0RGMEFGOEVCRUZEQTIxODcxNjI2QjVERDc4
QzVCRC5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FmMWM3OWYxLTI2NGUtNDIzZi05
ZTA4LTBiMjkwMGRhNjk0OS8wLzMyMzQzMDMyM2EzNjM5MzgzMDNhMzEzMDMwMzAz
YTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzNTM5MzIzNzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJAJp
gBAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZ89zCLQ/wCGWEQpM75HXTE9PzqYmYPMsN
okqj3AlBsZNAAxHeWhS3pFcMpDC45aLc0jVQMftRx8shw4iDenpsvS7X0k79CVIv
jAbSD4wzyeXv8LreFcjjs90e0ojjhV+ivPbzvEXPHo5qaBU1n+SfjowiSZBL0sbH
h0us7mGX/DUw/z3wbgXXJ638PDEttlWzp96UWSXpBIC3BIH+AS5gCU2rC6gSyZDc
9g70PqTGHQkcg/66ooPcSf31Tm9SY9QwaBdU74jbqwxFOzgKOIiIaXpiZYMKgHnN
MJWvU6ThF7BoKMlAcr1+/FOUINh6RML0/jPGZAYWCf1ymMt6Tdux
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:11:23 2025 by rpki-client