Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a323030303a3a2f34382d3438203d3e203539323738.roa
File:                     323430323a363938303a323030303a3a2f34382d3438203d3e203539323738.roa (raw, json)
Hash identifier:          D6GCo3ceVvJhAX1b+afxEUHTBD9rmTcpfSp7SCURViA=
Subject key identifier:   56:5F:36:C3:B0:E8:FD:F2:A7:99:84:95:23:05:51:3B:C6:26:61:93
Certificate issuer:       /CN=2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD
Certificate serial:       330B8397CFED60B0601C6D101E01AA358CD3511F
Authority key identifier: 2D:23:11:F5:63:DF:0A:F8:EB:EF:DA:21:87:16:26:B5:DD:78:C5:BD
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a323030303a3a2f34382d3438203d3e203539323738.roa
Signing time:             Thu 03 Jul 2025 06:02:22 +0000
ROA not before:           Thu 03 Jul 2025 05:57:22 +0000
ROA not after:            Thu 02 Jul 2026 06:02:22 +0000
asID:                     59278
IP address blocks:        2402:6980:2000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.crl
                          rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 23:41:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:0b:83:97:cf:ed:60:b0:60:1c:6d:10:1e:01:aa:35:8c:d3:51:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD
        Validity
            Not Before: Jul  3 05:57:22 2025 GMT
            Not After : Jul  2 06:02:22 2026 GMT
        Subject: CN=565F36C3B0E8FDF2A79984952305513BC6266193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b4:04:a7:3c:84:de:b6:c4:30:ab:63:cc:26:
                    d0:65:52:3b:62:bb:50:41:f5:3c:c3:ec:89:f4:30:
                    69:16:45:cd:aa:d5:10:e4:0c:91:79:2c:68:5a:68:
                    50:fc:49:0b:a9:cd:79:5c:70:d7:16:90:62:2f:8e:
                    be:e8:f0:85:50:5b:9e:78:7c:b9:aa:f8:d4:ba:e3:
                    3b:1a:ba:18:32:52:6d:20:f5:e4:88:27:be:7e:3b:
                    dc:6a:de:4f:9c:02:6c:49:4d:fc:53:20:5f:49:40:
                    29:19:78:92:6b:be:14:66:b7:5b:df:03:d7:59:ce:
                    9b:32:b4:53:b2:6b:f3:1d:02:6e:ed:ff:e0:f0:d2:
                    50:e4:5a:ff:89:e4:5f:02:e8:e6:90:52:cf:7c:a0:
                    bc:80:93:ea:87:82:6b:39:22:0c:c8:a0:d9:3f:98:
                    5e:6a:e0:d2:21:5e:d9:b5:8f:35:d0:ff:9e:fe:66:
                    8a:84:e2:cc:71:e4:2c:61:20:9c:f2:08:8e:f6:a9:
                    c9:81:6a:7d:45:84:e5:24:fb:67:ae:97:b2:04:c9:
                    66:2a:d3:94:41:eb:a3:83:a3:f3:11:5b:d4:3e:6f:
                    52:a5:a2:6f:af:d4:69:3c:3f:ea:10:3e:fe:31:39:
                    8d:4d:82:a5:9b:fb:d3:5e:58:ac:a3:bf:83:4d:6c:
                    66:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:5F:36:C3:B0:E8:FD:F2:A7:99:84:95:23:05:51:3B:C6:26:61:93
            X509v3 Authority Key Identifier:
                keyid:2D:23:11:F5:63:DF:0A:F8:EB:EF:DA:21:87:16:26:B5:DD:78:C5:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/2D2311F563DF0AF8EBEFDA21871626B5DD78C5BD.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/af1c79f1-264e-423f-9e08-0b2900da6949/0/323430323a363938303a323030303a3a2f34382d3438203d3e203539323738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:6980:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:bf:45:6f:61:c3:74:f0:f8:bf:64:e1:28:64:1d:c1:58:0a:
         f2:93:96:19:bf:6d:c9:7c:3b:20:e6:ef:15:89:d7:ec:65:1e:
         ba:64:62:a7:1e:20:4b:c9:f4:d6:39:96:43:4b:c3:7b:9e:89:
         39:cf:e8:b9:7f:90:cf:c0:5f:a2:fe:34:2b:fb:dc:26:94:da:
         f3:96:1b:ab:7d:ce:ff:28:4e:f4:fc:79:e0:cb:87:64:38:69:
         52:e4:2a:32:79:d5:d9:18:e6:5e:21:30:fd:6b:40:97:65:72:
         7f:4e:de:8c:8b:4f:26:8e:89:cc:e5:46:bf:c8:8c:5e:32:13:
         70:db:20:7c:b8:15:2a:65:24:21:00:88:61:92:0b:e2:8b:ec:
         29:4b:c7:b8:09:f5:e7:72:1a:ba:86:6f:2a:9a:43:a6:03:4a:
         5f:70:b8:f9:64:68:3f:82:c4:58:30:07:76:cd:ed:e9:dd:c2:
         8b:a3:32:e1:bb:42:1f:78:4e:cd:5b:bf:0f:04:0b:8b:bc:2c:
         70:3f:c2:23:21:00:2d:29:92:eb:2e:54:63:b7:f8:62:56:f3:
         80:d9:a1:39:35:84:44:73:f9:e9:c0:89:ed:8b:b3:6c:0f:0f:
         d0:10:2f:c1:50:69:05:57:3c:a0:a9:08:64:cb:57:9d:e1:d8:
         0a:33:94:1a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUMwuDl8/tYLBgHG0QHgGqNYzTUR8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkQyMzExRjU2M0RGMEFGOEVCRUZEQTIxODcxNjI2QjVE
RDc4QzVCRDAeFw0yNTA3MDMwNTU3MjJaFw0yNjA3MDIwNjAyMjJaMDMxMTAvBgNV
BAMTKDU2NUYzNkMzQjBFOEZERjJBNzk5ODQ5NTIzMDU1MTNCQzYyNjYxOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNtASnPITetsQwq2PMJtBlUjti
u1BB9TzD7In0MGkWRc2q1RDkDJF5LGhaaFD8SQupzXlccNcWkGIvjr7o8IVQW554
fLmq+NS64zsauhgyUm0g9eSIJ75+O9xq3k+cAmxJTfxTIF9JQCkZeJJrvhRmt1vf
A9dZzpsytFOya/MdAm7t/+Dw0lDkWv+J5F8C6OaQUs98oLyAk+qHgms5IgzIoNk/
mF5q4NIhXtm1jzXQ/57+ZoqE4sxx5CxhIJzyCI72qcmBan1FhOUk+2eul7IEyWYq
05RB66ODo/MRW9Q+b1Klom+v1Gk8P+oQPv4xOY1NgqWb+9NeWKyjv4NNbGaxAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUVl82w7Do/fKnmYSVIwVRO8YmYZMwHwYDVR0j
BBgwFoAULSMR9WPfCvjr79ohhxYmtd14xb0wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
ZjFjNzlmMS0yNjRlLTQyM2YtOWUwOC0wYjI5MDBkYTY5NDkvMC8yRDIzMTFGNTYz
REYwQUY4RUJFRkRBMjE4NzE2MjZCNURENzhDNUJELmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMkQyMzExRjU2M0RGMEFGOEVCRUZEQTIxODcxNjI2QjVERDc4
QzVCRC5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2FmMWM3OWYxLTI2NGUtNDIzZi05
ZTA4LTBiMjkwMGRhNjk0OS8wLzMyMzQzMDMyM2EzNjM5MzgzMDNhMzIzMDMwMzAz
YTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzNTM5MzIzNzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJAJp
gCAAMA0GCSqGSIb3DQEBCwUAA4IBAQCUv0VvYcN08Pi/ZOEoZB3BWAryk5YZv23J
fDsg5u8VidfsZR66ZGKnHiBLyfTWOZZDS8N7nok5z+i5f5DPwF+i/jQr+9wmlNrz
lhurfc7/KE70/Hngy4dkOGlS5CoyedXZGOZeITD9a0CXZXJ/Tt6Mi08mjonM5Ua/
yIxeMhNw2yB8uBUqZSQhAIhhkgvii+wpS8e4CfXnchq6hm8qmkOmA0pfcLj5ZGg/
gsRYMAd2ze3p3cKLozLhu0IfeE7NW78PBAuLvCxwP8IjIQAtKZLrLlRjt/hiVvOA
2aE5NYREc/npwInti7NsDw/QEC/BUGkFVzygqQhky1ed4dgKM5Qa
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:12:13 2025 by rpki-client