Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/323430343a613163303a3a2f33322d3332203d3e203535363939.roa
File:                     323430343a613163303a3a2f33322d3332203d3e203535363939.roa (raw, json)
Hash identifier:          8hhOR4WCINakOuDn9ngdKAlBm2vVq/aSfVO70m35uwA=
Subject key identifier:   D5:F4:62:2A:DC:19:6A:29:7C:CB:81:59:B2:30:D7:01:4A:39:23:B5
Certificate issuer:       /CN=1976DD7D4FBDFBEB355F0B96690613959E106872
Certificate serial:       3719AFB4444F94408095967F02B402E0565D4404
Authority key identifier: 19:76:DD:7D:4F:BD:FB:EB:35:5F:0B:96:69:06:13:95:9E:10:68:72
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1976DD7D4FBDFBEB355F0B96690613959E106872.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/323430343a613163303a3a2f33322d3332203d3e203535363939.roa
Signing time:             Thu 17 Jul 2025 12:00:01 +0000
ROA not before:           Thu 17 Jul 2025 11:55:01 +0000
ROA not after:            Thu 16 Jul 2026 12:00:01 +0000
asID:                     55699
IP address blocks:        2404:a1c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/1976DD7D4FBDFBEB355F0B96690613959E106872.crl
                          rsync://repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/1976DD7D4FBDFBEB355F0B96690613959E106872.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1976DD7D4FBDFBEB355F0B96690613959E106872.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 01:28:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:19:af:b4:44:4f:94:40:80:95:96:7f:02:b4:02:e0:56:5d:44:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1976DD7D4FBDFBEB355F0B96690613959E106872
        Validity
            Not Before: Jul 17 11:55:01 2025 GMT
            Not After : Jul 16 12:00:01 2026 GMT
        Subject: CN=D5F4622ADC196A297CCB8159B230D7014A3923B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:fa:f9:70:9e:42:97:38:ec:74:95:ce:21:bf:
                    4d:87:23:69:72:98:d9:42:15:c1:a2:84:96:50:98:
                    d4:37:07:cc:a3:03:c7:1c:47:bb:31:fb:96:de:73:
                    e9:99:b1:d2:5e:b2:f8:9f:92:eb:db:6d:1d:ae:9b:
                    68:02:8d:e0:fa:24:2f:12:d9:f6:51:40:ff:26:00:
                    28:22:9e:d1:5a:dc:a0:af:ea:ac:68:7f:df:6c:86:
                    2c:bf:b5:49:c1:a0:78:61:0e:6e:d8:8b:a2:d5:57:
                    84:7c:df:ec:21:82:97:37:a9:5a:f8:04:d5:ac:1d:
                    1d:34:88:94:9f:af:45:f5:90:ba:90:e3:b3:f7:ea:
                    2a:89:b3:c5:17:e0:b0:43:c2:b4:0a:44:f0:22:f1:
                    12:34:75:06:05:4b:ad:b1:62:af:e8:72:b8:91:9a:
                    b2:3f:77:2e:f2:22:c2:0b:a9:30:7f:59:74:91:f4:
                    71:8f:14:da:36:2f:96:08:97:52:1c:d1:a1:83:c6:
                    18:b3:30:cf:96:31:80:6d:83:20:ed:6d:fb:8a:d0:
                    ab:67:59:91:83:8d:2b:4c:01:80:54:47:db:1b:fa:
                    ae:4d:a7:2f:0f:00:35:54:53:f3:f5:0a:1f:73:df:
                    28:34:ed:90:b5:4a:62:12:60:ce:0c:a1:aa:7d:6b:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F4:62:2A:DC:19:6A:29:7C:CB:81:59:B2:30:D7:01:4A:39:23:B5
            X509v3 Authority Key Identifier:
                keyid:19:76:DD:7D:4F:BD:FB:EB:35:5F:0B:96:69:06:13:95:9E:10:68:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/1976DD7D4FBDFBEB355F0B96690613959E106872.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1976DD7D4FBDFBEB355F0B96690613959E106872.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/b599ed96-d408-4418-b82a-5d5a8e6657f3/0/323430343a613163303a3a2f33322d3332203d3e203535363939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:a1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:75:58:ff:bb:14:d4:7e:eb:4d:18:07:0a:58:ce:b7:ff:28:
         22:0c:93:f1:a6:a5:cb:96:f5:46:64:fd:79:35:1e:62:0b:a5:
         79:09:4a:48:ba:c1:47:54:82:0b:44:86:9e:d8:01:f2:a3:c7:
         20:21:2c:32:3e:42:c9:ef:5c:95:cf:c1:0e:89:98:0f:60:f1:
         cb:a2:86:cb:67:b3:e1:11:d9:83:80:e5:23:30:57:d2:2e:f7:
         1a:14:3f:f2:b5:7a:5d:07:72:cf:3c:50:9f:bc:9b:49:cc:be:
         90:1a:85:22:f0:1e:81:8b:11:06:7c:ba:11:26:f2:fe:91:f8:
         c4:65:4b:c3:22:c0:91:53:a7:b9:5f:ff:73:4f:17:21:b1:40:
         8c:f7:b8:95:f9:8c:ec:87:1f:b6:17:af:57:3e:69:61:cd:75:
         a5:09:1c:ef:1d:86:80:83:2e:e7:ac:de:91:7f:10:a7:13:14:
         67:d5:78:ec:e9:d7:9a:23:60:38:b3:34:75:1f:ea:97:47:1b:
         6a:63:d9:5b:72:48:bb:16:d0:32:41:96:ae:c2:8d:f1:51:41:
         16:e7:69:e7:65:59:a5:6d:d1:d6:0d:c5:b9:cf:3f:de:1f:28:
         c2:3f:f5:5f:a9:89:f8:26:9b:6d:ba:bf:7d:87:91:3d:09:81:
         fd:ad:fa:aa
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUNxmvtERPlECAlZZ/ArQC4FZdRAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTk3NkREN0Q0RkJERkJFQjM1NUYwQjk2NjkwNjEzOTU5
RTEwNjg3MjAeFw0yNTA3MTcxMTU1MDFaFw0yNjA3MTYxMjAwMDFaMDMxMTAvBgNV
BAMTKEQ1RjQ2MjJBREMxOTZBMjk3Q0NCODE1OUIyMzBENzAxNEEzOTIzQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr+vlwnkKXOOx0lc4hv02HI2ly
mNlCFcGihJZQmNQ3B8yjA8ccR7sx+5bec+mZsdJesvifkuvbbR2um2gCjeD6JC8S
2fZRQP8mACgintFa3KCv6qxof99shiy/tUnBoHhhDm7Yi6LVV4R83+whgpc3qVr4
BNWsHR00iJSfr0X1kLqQ47P36iqJs8UX4LBDwrQKRPAi8RI0dQYFS62xYq/ocriR
mrI/dy7yIsILqTB/WXSR9HGPFNo2L5YIl1Ic0aGDxhizMM+WMYBtgyDtbfuK0Ktn
WZGDjStMAYBUR9sb+q5Npy8PADVUU/P1Ch9z3yg07ZC1SmISYM4Moap9a/xbAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQU1fRiKtwZail8y4FZsjDXAUo5I7UwHwYDVR0j
BBgwFoAUGXbdfU+9++s1XwuWaQYTlZ4QaHIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
NTk5ZWQ5Ni1kNDA4LTQ0MTgtYjgyYS01ZDVhOGU2NjU3ZjMvMC8xOTc2REQ3RDRG
QkRGQkVCMzU1RjBCOTY2OTA2MTM5NTlFMTA2ODcyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTk3NkREN0Q0RkJERkJFQjM1NUYwQjk2NjkwNjEzOTU5RTEw
Njg3Mi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2I1OTllZDk2LWQ0MDgtNDQxOC1i
ODJhLTVkNWE4ZTY2NTdmMy8wLzMyMzQzMDM0M2E2MTMxNjMzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM1MzUzNjM5Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkBKHAMA0GCSqGSIb3
DQEBCwUAA4IBAQCbdVj/uxTUfutNGAcKWM63/ygiDJPxpqXLlvVGZP15NR5iC6V5
CUpIusFHVIILRIae2AHyo8cgISwyPkLJ71yVz8EOiZgPYPHLoobLZ7PhEdmDgOUj
MFfSLvcaFD/ytXpdB3LPPFCfvJtJzL6QGoUi8B6BixEGfLoRJvL+kfjEZUvDIsCR
U6e5X/9zTxchsUCM97iV+Yzshx+2F69XPmlhzXWlCRzvHYaAgy7nrN6RfxCnExRn
1Xjs6deaI2A4szR1H+qXRxtqY9lbcki7FtAyQZauwo3xUUEW52nnZVmlbdHWDcW5
zz/eHyjCP/VfqYn4Jpttur99h5E9CYH9rfqq
-----END CERTIFICATE-----
Generated at Thu Aug 7 20:21:59 2025 by rpki-client