Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/323430343a34303a3a2f33322d3438203d3e20313338313036.roa
File:                     323430343a34303a3a2f33322d3438203d3e20313338313036.roa (raw, json)
Hash identifier:          y5kSrkZuiwMGD9QWDm9x2qICFewL0ronD0gEk8WVvus=
Subject key identifier:   2A:22:84:4B:0B:FF:7C:C5:EC:2E:03:22:5C:DF:D8:DE:DA:51:84:63
Certificate issuer:       /CN=25FB03D0A2C3547C3A38ACAE2A752BB15A245E15
Certificate serial:       56EB1DB4B938DA3C2C98856369327C24EB579080
Authority key identifier: 25:FB:03:D0:A2:C3:54:7C:3A:38:AC:AE:2A:75:2B:B1:5A:24:5E:15
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/323430343a34303a3a2f33322d3438203d3e20313338313036.roa
Signing time:             Tue 23 Sep 2025 01:00:02 +0000
ROA not before:           Tue 23 Sep 2025 00:55:02 +0000
ROA not after:            Tue 22 Sep 2026 01:00:02 +0000
asID:                     138106
IP address blocks:        2404:40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.crl
                          rsync://repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 10:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:eb:1d:b4:b9:38:da:3c:2c:98:85:63:69:32:7c:24:eb:57:90:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25FB03D0A2C3547C3A38ACAE2A752BB15A245E15
        Validity
            Not Before: Sep 23 00:55:02 2025 GMT
            Not After : Sep 22 01:00:02 2026 GMT
        Subject: CN=2A22844B0BFF7CC5EC2E03225CDFD8DEDA518463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3c:c0:8f:09:f3:8b:51:86:bb:9e:e2:45:0f:
                    65:1d:55:26:32:20:8f:2a:70:ac:88:75:d4:7a:5e:
                    4b:7e:1b:fc:72:3f:c4:99:c1:d2:0e:31:d9:da:be:
                    87:51:67:6d:d8:14:18:ce:3d:a5:b3:d1:5c:f4:71:
                    46:15:e9:b5:64:47:c4:0d:0b:2c:49:2c:9b:d5:7e:
                    70:75:1c:2f:fd:84:5c:8a:f0:28:91:d7:7f:1c:48:
                    d4:95:4b:8b:6d:bb:7b:6f:f4:c4:27:ff:ef:7e:06:
                    61:13:65:78:af:43:a0:a7:16:5a:66:34:92:71:c0:
                    2c:4a:fa:77:39:f6:c4:d7:14:84:d6:c3:ba:65:89:
                    8e:e1:c1:e8:75:8b:53:2c:9b:aa:74:78:64:74:3f:
                    e8:8c:55:fe:94:54:bc:5f:da:41:61:fa:33:1a:69:
                    50:ea:64:9c:fe:f4:3c:cd:67:c2:6d:e9:05:56:fd:
                    27:74:b8:33:dc:7c:21:33:70:4f:1a:64:23:0e:bb:
                    ff:8a:3b:8f:63:b9:7f:cf:3b:ff:d8:d7:2b:77:0a:
                    b5:90:69:fd:bd:23:aa:c6:27:2e:c0:c2:6f:db:b5:
                    15:ac:c4:2c:91:22:cb:e0:6e:df:6a:9d:0d:27:ee:
                    60:5a:80:79:87:f8:a8:3e:15:5c:8b:9b:c3:d6:3e:
                    d2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:22:84:4B:0B:FF:7C:C5:EC:2E:03:22:5C:DF:D8:DE:DA:51:84:63
            X509v3 Authority Key Identifier:
                keyid:25:FB:03:D0:A2:C3:54:7C:3A:38:AC:AE:2A:75:2B:B1:5A:24:5E:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/25FB03D0A2C3547C3A38ACAE2A752BB15A245E15.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/018c6831-8f40-4a20-813e-878558e80c26/0/323430343a34303a3a2f33322d3438203d3e20313338313036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:4f:78:6c:3e:ed:fc:8e:b2:cd:f3:94:2d:e0:3b:4e:83:59:
         64:ce:62:d8:a2:c9:0e:9a:d7:7a:24:96:54:26:59:7d:52:65:
         ba:36:6a:b6:f1:37:a9:59:1f:bc:fb:1e:d5:97:44:8e:0f:12:
         fc:ae:4c:14:b5:6b:17:d9:8f:67:b0:4e:ed:c9:62:d9:f0:90:
         ca:48:ab:a2:72:df:c4:4f:3f:98:ae:d5:34:eb:bb:bb:ab:de:
         ae:38:cc:6b:2e:ee:6f:1b:2e:3d:b2:10:78:be:18:8a:2e:82:
         b2:2f:4e:19:06:e1:d9:16:96:4d:2c:7d:f4:b8:a5:25:d0:c6:
         18:2e:8c:85:91:b1:2a:96:6f:75:fa:f2:37:38:56:3b:28:bc:
         e2:30:46:2a:7b:bf:cb:8b:e1:10:c8:13:d7:11:f5:9f:49:b2:
         00:71:48:52:72:1c:50:e6:19:a7:f2:59:eb:c2:1c:50:05:02:
         1f:cb:ca:4e:76:3d:a6:9c:93:1e:56:77:6d:b7:a1:53:ee:70:
         19:f7:54:fe:11:c8:08:cc:13:2a:82:5f:19:b0:f2:99:0a:fb:
         19:21:ef:b7:a1:41:4b:94:ee:56:d5:5a:66:59:cf:59:3d:54:
         77:e2:9a:57:c9:d2:3b:60:bf:39:e3:d9:09:61:b0:cf:48:22:
         2d:c2:ad:7d
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUVusdtLk42jwsmIVjaTJ8JOtXkIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVGQjAzRDBBMkMzNTQ3QzNBMzhBQ0FFMkE3NTJCQjE1
QTI0NUUxNTAeFw0yNTA5MjMwMDU1MDJaFw0yNjA5MjIwMTAwMDJaMDMxMTAvBgNV
BAMTKDJBMjI4NDRCMEJGRjdDQzVFQzJFMDMyMjVDREZEOERFREE1MTg0NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDePMCPCfOLUYa7nuJFD2UdVSYy
II8qcKyIddR6Xkt+G/xyP8SZwdIOMdnavodRZ23YFBjOPaWz0Vz0cUYV6bVkR8QN
CyxJLJvVfnB1HC/9hFyK8CiR138cSNSVS4ttu3tv9MQn/+9+BmETZXivQ6CnFlpm
NJJxwCxK+nc59sTXFITWw7pliY7hweh1i1Msm6p0eGR0P+iMVf6UVLxf2kFh+jMa
aVDqZJz+9DzNZ8Jt6QVW/Sd0uDPcfCEzcE8aZCMOu/+KO49juX/PO//Y1yt3CrWQ
af29I6rGJy7Awm/btRWsxCyRIsvgbt9qnQ0n7mBagHmH+Kg+FVyLm8PWPtKjAgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQUKiKESwv/fMXsLgMiXN/Y3tpRhGMwHwYDVR0j
BBgwFoAUJfsD0KLDVHw6OKyuKnUrsVokXhUwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
MThjNjgzMS04ZjQwLTRhMjAtODEzZS04Nzg1NThlODBjMjYvMC8yNUZCMDNEMEEy
QzM1NDdDM0EzOEFDQUUyQTc1MkJCMTVBMjQ1RTE1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjVGQjAzRDBBMkMzNTQ3QzNBMzhBQ0FFMkE3NTJCQjE1QTI0
NUUxNS5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMDE4YzY4MzEtOGY0MC00YTIwLTgx
M2UtODc4NTU4ZTgwYzI2LzAvMzIzNDMwMzQzYTM0MzAzYTNhMmYzMzMyMmQzNDM4
MjAzZDNlMjAzMTMzMzgzMTMwMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkBABAMA0GCSqGSIb3DQEB
CwUAA4IBAQCgT3hsPu38jrLN85Qt4DtOg1lkzmLYoskOmtd6JJZUJll9UmW6Nmq2
8TepWR+8+x7Vl0SODxL8rkwUtWsX2Y9nsE7tyWLZ8JDKSKuict/ETz+YrtU067u7
q96uOMxrLu5vGy49shB4vhiKLoKyL04ZBuHZFpZNLH30uKUl0MYYLoyFkbEqlm91
+vI3OFY7KLziMEYqe7/Li+EQyBPXEfWfSbIAcUhSchxQ5hmn8lnrwhxQBQIfy8pO
dj2mnJMeVndtt6FT7nAZ91T+EcgIzBMqgl8ZsPKZCvsZIe+3oUFLlO5W1VpmWc9Z
PVR34ppXydI7YL8549kJYbDPSCItwq19
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:32:27 2025 by rpki-client