Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/323430333a626130303a3730303a3a2f34302d3438203d3e203234353231.roa
File:                     323430333a626130303a3730303a3a2f34302d3438203d3e203234353231.roa (raw, json)
Hash identifier:          zubx4XjBq87KwKwie4SbJb3Fj1Zuzvqgr/H/hHvCf/0=
Subject key identifier:   9F:A2:91:20:DE:13:A0:96:69:6E:44:2A:BB:82:4F:95:E0:E9:C0:CB
Certificate issuer:       /CN=C3F745EDE7F4C0D8E5674965B52080083B271E3E
Certificate serial:       196F7B989133FCDCA1921CC43EEBE8B3E34567D3
Authority key identifier: C3:F7:45:ED:E7:F4:C0:D8:E5:67:49:65:B5:20:80:08:3B:27:1E:3E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/323430333a626130303a3730303a3a2f34302d3438203d3e203234353231.roa
Signing time:             Mon 06 Oct 2025 04:02:56 +0000
ROA not before:           Mon 06 Oct 2025 03:57:56 +0000
ROA not after:            Mon 05 Oct 2026 04:02:56 +0000
asID:                     24521
IP address blocks:        2403:ba00:700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.crl
                          rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 14:25:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:6f:7b:98:91:33:fc:dc:a1:92:1c:c4:3e:eb:e8:b3:e3:45:67:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C3F745EDE7F4C0D8E5674965B52080083B271E3E
        Validity
            Not Before: Oct  6 03:57:56 2025 GMT
            Not After : Oct  5 04:02:56 2026 GMT
        Subject: CN=9FA29120DE13A096696E442ABB824F95E0E9C0CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:7d:25:72:cb:48:69:33:35:e4:11:0b:0d:
                    44:77:94:a5:9e:40:a8:46:5d:fa:8b:fa:bc:fb:48:
                    a3:9b:e1:c0:9d:6a:8b:24:e4:d6:f5:64:22:af:06:
                    6a:2b:2d:2e:eb:05:cb:42:b3:2d:bc:d2:f2:ad:6b:
                    f3:d1:bf:2b:d1:c4:5e:96:d7:83:89:d5:30:a9:3b:
                    94:bd:8b:e2:84:d9:1b:d5:0b:f3:f1:1f:73:71:b8:
                    67:de:a7:40:68:15:2a:21:af:de:21:fd:97:5f:30:
                    e7:53:f5:ed:18:68:b1:13:d4:f1:64:8c:63:60:b1:
                    fc:b9:3d:e2:90:26:4e:c8:01:2a:fc:1e:71:10:b3:
                    8f:e7:69:60:35:9a:55:03:8e:66:c0:20:e3:a9:d3:
                    aa:3c:76:6e:b2:50:31:08:3e:c9:58:f3:ef:8d:9e:
                    b2:d3:c1:1a:2c:9c:e1:23:76:f1:7d:e5:8a:5d:b0:
                    37:67:86:c6:bd:d6:5a:4e:24:e2:55:25:be:72:d7:
                    d9:18:2a:7d:b6:f4:07:f0:5d:6b:f0:5c:53:cc:f4:
                    76:2e:41:f0:16:58:f8:11:b3:31:25:39:26:13:31:
                    66:4f:ef:76:e0:ff:af:c1:fa:ed:fb:dd:b6:94:e2:
                    94:cf:5f:cc:b0:62:2c:fc:38:e4:95:a0:46:f7:b1:
                    02:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A2:91:20:DE:13:A0:96:69:6E:44:2A:BB:82:4F:95:E0:E9:C0:CB
            X509v3 Authority Key Identifier:
                keyid:C3:F7:45:ED:E7:F4:C0:D8:E5:67:49:65:B5:20:80:08:3B:27:1E:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/C3F745EDE7F4C0D8E5674965B52080083B271E3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C3F745EDE7F4C0D8E5674965B52080083B271E3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/009c22b1-1b7b-4671-ab94-5c5e74882547/0/323430333a626130303a3730303a3a2f34302d3438203d3e203234353231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:ba00:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         d7:ff:4c:6c:4c:82:44:a5:c9:be:93:a0:cf:3a:d7:02:7f:69:
         e9:05:b1:d6:a8:66:85:e4:d4:aa:55:50:c1:c8:fd:c7:40:f2:
         37:1b:e3:52:78:4a:49:47:4e:0b:03:8e:bb:2b:49:5d:6b:76:
         3b:9f:f6:d7:9a:83:ca:f8:f5:c7:fd:79:ff:35:39:18:12:ef:
         c6:99:8a:49:d9:91:54:ed:26:98:4c:98:c1:01:6b:ac:5f:92:
         c7:e8:73:c2:1c:9c:41:62:fc:7e:44:f2:72:38:ae:83:ef:0f:
         f8:52:99:5b:f9:13:c4:6f:3f:e7:8f:63:15:de:ff:b7:09:35:
         23:53:7d:e0:b0:62:39:21:f4:ef:e4:5b:48:8f:82:6a:3b:62:
         73:cc:a3:21:1c:b8:63:fe:85:f6:fd:f9:05:0f:76:38:ec:a8:
         43:f0:f0:3e:c7:e3:89:af:e4:e7:82:32:85:15:e8:fe:24:84:
         f7:83:ca:04:8a:16:a5:65:f6:e6:fa:8e:c3:ce:da:ef:3b:41:
         57:6b:d7:ed:28:30:ad:ff:03:e5:81:f3:f4:28:b1:e1:8f:3b:
         e5:7f:d5:09:a0:70:a7:35:18:8d:f2:c8:bf:7a:e3:dc:ce:b0:
         02:ac:b0:9e:ec:15:aa:8a:4d:37:a2:de:fb:72:d2:fc:a7:5a:
         67:b0:dc:58
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUGW97mJEz/NyhkhzEPuvos+NFZ9MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzNGNzQ1RURFN0Y0QzBEOEU1Njc0OTY1QjUyMDgwMDgz
QjI3MUUzRTAeFw0yNTEwMDYwMzU3NTZaFw0yNjEwMDUwNDAyNTZaMDMxMTAvBgNV
BAMTKDlGQTI5MTIwREUxM0EwOTY2OTZFNDQyQUJCODI0Rjk1RTBFOUMwQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzDn0lcstIaTM15BELDUR3lKWe
QKhGXfqL+rz7SKOb4cCdaosk5Nb1ZCKvBmorLS7rBctCsy280vKta/PRvyvRxF6W
14OJ1TCpO5S9i+KE2RvVC/PxH3NxuGfep0BoFSohr94h/ZdfMOdT9e0YaLET1PFk
jGNgsfy5PeKQJk7IASr8HnEQs4/naWA1mlUDjmbAIOOp06o8dm6yUDEIPslY8++N
nrLTwRosnOEjdvF95YpdsDdnhsa91lpOJOJVJb5y19kYKn229AfwXWvwXFPM9HYu
QfAWWPgRszElOSYTMWZP73bg/6/B+u373baU4pTPX8ywYiz8OOSVoEb3sQITAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUn6KRIN4ToJZpbkQqu4JPleDpwMswHwYDVR0j
BBgwFoAUw/dF7ef0wNjlZ0lltSCACDsnHj4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
MDljMjJiMS0xYjdiLTQ2NzEtYWI5NC01YzVlNzQ4ODI1NDcvMC9DM0Y3NDVFREU3
RjRDMEQ4RTU2NzQ5NjVCNTIwODAwODNCMjcxRTNFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQzNGNzQ1RURFN0Y0QzBEOEU1Njc0OTY1QjUyMDgwMDgzQjI3
MUUzRS5jZXIwgagGCCsGAQUFBwELBIGbMIGYMIGVBggrBgEFBQcwC4aBiHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzAwOWMyMmIxLTFiN2ItNDY3MS1h
Yjk0LTVjNWU3NDg4MjU0Ny8wLzMyMzQzMDMzM2E2MjYxMzAzMDNhMzczMDMwM2Ez
YTJmMzQzMDJkMzQzODIwM2QzZTIwMzIzNDM1MzIzMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACQDugAH
MA0GCSqGSIb3DQEBCwUAA4IBAQDX/0xsTIJEpcm+k6DPOtcCf2npBbHWqGaF5NSq
VVDByP3HQPI3G+NSeEpJR04LA467K0lda3Y7n/bXmoPK+PXH/Xn/NTkYEu/GmYpJ
2ZFU7SaYTJjBAWusX5LH6HPCHJxBYvx+RPJyOK6D7w/4Uplb+RPEbz/nj2MV3v+3
CTUjU33gsGI5IfTv5FtIj4JqO2JzzKMhHLhj/oX2/fkFD3Y47KhD8PA+x+OJr+Tn
gjKFFej+JIT3g8oEihalZfbm+o7DztrvO0FXa9ftKDCt/wPlgfP0KLHhjzvlf9UJ
oHCnNRiN8si/euPczrACrLCe7BWqik03ot77ctL8p1pnsNxY
-----END CERTIFICATE-----
Generated at Tue Oct 21 08:36:31 2025 by rpki-client