Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/323430343a636534303a313030303a3a2f33362d3336203d3e20313338383834.roa
File:                     323430343a636534303a313030303a3a2f33362d3336203d3e20313338383834.roa (raw, json)
Hash identifier:          Y5QaBXK/Lu/qym2uqPJsRL5ONo2Cq+L5YI+KATzLWJk=
Subject key identifier:   90:74:9C:31:C9:31:90:B6:6A:76:A6:13:A0:B9:08:C7:79:77:26:7D
Certificate issuer:       /CN=88BD1AAEA16D8A24550416CDB95E232152249B3E
Certificate serial:       682AA8EC4C5AD0AC1C3134C4F3E458A33E431549
Authority key identifier: 88:BD:1A:AE:A1:6D:8A:24:55:04:16:CD:B9:5E:23:21:52:24:9B:3E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88BD1AAEA16D8A24550416CDB95E232152249B3E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/323430343a636534303a313030303a3a2f33362d3336203d3e20313338383834.roa
Signing time:             Wed 30 Jul 2025 17:00:01 +0000
ROA not before:           Wed 30 Jul 2025 16:55:01 +0000
ROA not after:            Wed 29 Jul 2026 17:00:01 +0000
asID:                     138884
IP address blocks:        2404:ce40:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/88BD1AAEA16D8A24550416CDB95E232152249B3E.crl
                          rsync://repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/88BD1AAEA16D8A24550416CDB95E232152249B3E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88BD1AAEA16D8A24550416CDB95E232152249B3E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 12 Aug 2025 02:39:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:2a:a8:ec:4c:5a:d0:ac:1c:31:34:c4:f3:e4:58:a3:3e:43:15:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88BD1AAEA16D8A24550416CDB95E232152249B3E
        Validity
            Not Before: Jul 30 16:55:01 2025 GMT
            Not After : Jul 29 17:00:01 2026 GMT
        Subject: CN=90749C31C93190B66A76A613A0B908C77977267D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0a:69:7f:a2:81:a4:ca:f8:a2:c6:21:84:ce:
                    31:2d:ce:8c:db:85:3f:2b:80:8d:e1:ce:9a:c5:b0:
                    dd:06:96:81:ba:fa:0c:1e:4d:5f:90:8d:74:7f:d7:
                    53:1d:88:5f:53:53:e9:a8:f0:b7:97:21:9d:d4:6a:
                    22:2d:50:5c:28:b8:2b:87:45:b9:7e:38:85:33:20:
                    bc:dd:3d:b2:af:65:12:c7:ac:b9:3c:e0:d7:86:f3:
                    2b:ad:c9:79:a9:e1:81:8e:27:3f:1a:f7:23:74:76:
                    aa:e8:fe:d2:34:69:fe:db:2b:c3:e8:bf:4c:7b:4d:
                    a5:61:1d:c4:fa:f0:a5:78:17:fd:49:5f:7c:9f:56:
                    86:a7:89:d7:e6:99:ce:9d:68:26:85:a5:3e:2b:20:
                    a1:a8:91:cb:32:0d:7b:82:8c:33:15:dd:5e:20:8c:
                    39:c0:08:a0:0f:f1:09:63:76:fc:29:0e:f4:e4:20:
                    35:9d:f1:e2:d0:1f:e4:aa:ed:6e:e0:81:4d:46:44:
                    19:cb:da:9c:f8:00:16:74:41:65:12:0f:db:58:e9:
                    de:f0:f4:9c:b8:bd:c6:c7:f4:41:b7:43:0c:96:28:
                    e8:56:06:ca:de:2d:21:9c:3f:8a:ae:01:2e:2e:e7:
                    ce:88:32:a5:6f:fb:cc:55:52:8f:e5:fa:c3:f7:07:
                    73:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:74:9C:31:C9:31:90:B6:6A:76:A6:13:A0:B9:08:C7:79:77:26:7D
            X509v3 Authority Key Identifier:
                keyid:88:BD:1A:AE:A1:6D:8A:24:55:04:16:CD:B9:5E:23:21:52:24:9B:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/88BD1AAEA16D8A24550416CDB95E232152249B3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/88BD1AAEA16D8A24550416CDB95E232152249B3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b20c6d69-6290-402f-a84e-d289c6e93a73/0/323430343a636534303a313030303a3a2f33362d3336203d3e20313338383834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:ce40:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5d:1a:2c:af:d6:b8:84:a3:b5:8a:60:90:e2:90:82:35:fd:5c:
         6c:0a:1e:67:c9:39:01:8a:fb:e7:5e:0e:0c:89:fc:d4:7d:31:
         a0:9e:8e:1a:ae:5f:ea:f7:fb:4c:e6:81:0f:37:19:15:df:4f:
         a3:36:20:a4:f2:5b:b2:75:9a:2c:b2:08:fe:55:7b:bf:1e:c6:
         18:11:f5:10:fa:48:d7:f2:0c:9f:8d:69:27:67:cd:d3:cd:29:
         5e:0b:32:05:9b:c0:18:df:2d:4e:7b:57:11:99:53:b8:84:01:
         a6:2c:a2:3d:04:6f:a1:0c:4d:79:bb:aa:02:49:73:d2:42:03:
         a1:5a:b7:52:47:dd:66:0c:2f:47:25:1b:83:b2:06:c7:5d:cc:
         90:bd:9e:26:bb:d5:24:d5:e2:05:45:f6:c8:a5:d0:aa:1e:ca:
         c6:e5:66:2d:31:3d:16:d7:19:6c:c9:a4:d6:0a:e2:6a:d2:1d:
         22:a5:50:21:85:02:6a:d4:57:76:a7:4b:a6:c4:4e:db:c6:58:
         06:8b:4a:5e:45:51:0b:84:94:35:2e:d4:04:22:b1:41:f8:df:
         3e:39:df:bf:88:f4:b5:b2:03:06:53:7f:31:7b:2d:73:d3:67:
         a0:a3:07:e8:02:4e:6c:01:4c:42:18:23:17:e1:d6:62:7f:bc:
         9e:85:33:a6
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUaCqo7Exa0KwcMTTE8+RYoz5DFUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhCRDFBQUVBMTZEOEEyNDU1MDQxNkNEQjk1RTIzMjE1
MjI0OUIzRTAeFw0yNTA3MzAxNjU1MDFaFw0yNjA3MjkxNzAwMDFaMDMxMTAvBgNV
BAMTKDkwNzQ5QzMxQzkzMTkwQjY2QTc2QTYxM0EwQjkwOEM3Nzk3NzI2N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBCml/ooGkyviixiGEzjEtzozb
hT8rgI3hzprFsN0GloG6+gweTV+QjXR/11MdiF9TU+mo8LeXIZ3UaiItUFwouCuH
Rbl+OIUzILzdPbKvZRLHrLk84NeG8yutyXmp4YGOJz8a9yN0dqro/tI0af7bK8Po
v0x7TaVhHcT68KV4F/1JX3yfVoanidfmmc6daCaFpT4rIKGokcsyDXuCjDMV3V4g
jDnACKAP8QljdvwpDvTkIDWd8eLQH+Sq7W7ggU1GRBnL2pz4ABZ0QWUSD9tY6d7w
9Jy4vcbH9EG3QwyWKOhWBsreLSGcP4quAS4u586IMqVv+8xVUo/l+sP3B3MfAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUkHScMckxkLZqdqYToLkIx3l3Jn0wHwYDVR0j
BBgwFoAUiL0arqFtiiRVBBbNuV4jIVIkmz4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
MjBjNmQ2OS02MjkwLTQwMmYtYTg0ZS1kMjg5YzZlOTNhNzMvMC84OEJEMUFBRUEx
NkQ4QTI0NTUwNDE2Q0RCOTVFMjMyMTUyMjQ5QjNFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvODhCRDFBQUVBMTZEOEEyNDU1MDQxNkNEQjk1RTIzMjE1MjI0
OUIzRS5jZXIwgawGCCsGAQUFBwELBIGfMIGcMIGZBggrBgEFBQcwC4aBjHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2IyMGM2ZDY5LTYyOTAtNDAyZi1h
ODRlLWQyODljNmU5M2E3My8wLzMyMzQzMDM0M2E2MzY1MzQzMDNhMzEzMDMwMzAz
YTNhMmYzMzM2MmQzMzM2MjAzZDNlMjAzMTMzMzgzODM4MzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQk
BM5AEDANBgkqhkiG9w0BAQsFAAOCAQEAXRosr9a4hKO1imCQ4pCCNf1cbAoeZ8k5
AYr7514ODIn81H0xoJ6OGq5f6vf7TOaBDzcZFd9PozYgpPJbsnWaLLII/lV7vx7G
GBH1EPpI1/IMn41pJ2fN080pXgsyBZvAGN8tTntXEZlTuIQBpiyiPQRvoQxNebuq
Aklz0kIDoVq3UkfdZgwvRyUbg7IGx13MkL2eJrvVJNXiBUX2yKXQqh7KxuVmLTE9
FtcZbMmk1griatIdIqVQIYUCatRXdqdLpsRO28ZYBotKXkVRC4SUNS7UBCKxQfjf
Pjnfv4j0tbIDBlN/MXstc9NnoKMH6AJObAFMQhgjF+HWYn+8noUzpg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:38:47 2025 by rpki-client