Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a3430303a3a2f34302d3430203d3e20313339393439.roa
File:                     323430353a616163303a3430303a3a2f34302d3430203d3e20313339393439.roa (raw, json)
Hash identifier:          a8iO9XKyrx/7I+Oqk1y5Kkr+vsH7bAdu5KpclfnTwaY=
Subject key identifier:   A9:BA:7F:9D:8A:3F:3F:AA:63:94:40:08:89:2D:1E:70:37:EB:B1:9C
Certificate issuer:       /CN=DA8766A90851AE44D76B8563D83586F0164FE5CF
Certificate serial:       28B84707C9F532BB648896F590BAA6DE791CFBA1
Authority key identifier: DA:87:66:A9:08:51:AE:44:D7:6B:85:63:D8:35:86:F0:16:4F:E5:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a3430303a3a2f34302d3430203d3e20313339393439.roa
Signing time:             Sat 20 Sep 2025 20:00:01 +0000
ROA not before:           Sat 20 Sep 2025 19:55:01 +0000
ROA not after:            Sat 19 Sep 2026 20:00:01 +0000
asID:                     139949
IP address blocks:        2405:aac0:400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.crl
                          rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 08:44:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:b8:47:07:c9:f5:32:bb:64:88:96:f5:90:ba:a6:de:79:1c:fb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DA8766A90851AE44D76B8563D83586F0164FE5CF
        Validity
            Not Before: Sep 20 19:55:01 2025 GMT
            Not After : Sep 19 20:00:01 2026 GMT
        Subject: CN=A9BA7F9D8A3F3FAA63944008892D1E7037EBB19C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:5f:70:38:88:f2:9d:24:ca:73:64:e7:04:
                    93:38:a8:ee:5f:31:63:da:17:ba:79:8e:0d:08:6a:
                    52:dd:52:88:64:0f:d9:40:40:03:b1:67:36:8f:78:
                    ef:99:33:cb:7c:08:2e:7f:16:3e:aa:60:5e:bf:e1:
                    d1:d3:13:b3:db:3f:8a:f1:22:99:66:eb:71:61:4f:
                    ce:a2:40:23:25:ce:04:2d:6c:c8:da:08:0b:53:b9:
                    29:a1:19:1a:48:0c:a9:10:8a:2d:67:ea:cb:2d:e2:
                    19:ea:22:c3:ba:6e:d8:1d:91:22:bb:44:bd:a2:05:
                    f5:dd:78:c8:81:5d:68:ce:9a:af:21:0c:b7:82:f7:
                    eb:13:84:4c:7f:c1:8a:cc:ac:45:86:55:11:97:57:
                    0a:52:d5:04:25:68:94:eb:58:1f:95:ef:fb:89:d2:
                    1c:02:c8:73:81:10:88:02:f4:af:3c:9a:62:29:53:
                    2a:8b:73:24:7e:9a:91:6f:4c:a0:e4:e2:79:f2:a0:
                    03:86:42:20:b8:69:61:2e:18:7f:f0:0a:e6:33:f0:
                    e8:69:94:8a:58:ed:4a:ea:42:df:d9:42:1b:81:9f:
                    7c:6a:78:38:7a:3f:dc:0e:ce:7c:94:bb:51:18:e2:
                    ee:20:f9:a7:03:92:99:c6:0e:e9:c4:01:2a:eb:de:
                    01:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BA:7F:9D:8A:3F:3F:AA:63:94:40:08:89:2D:1E:70:37:EB:B1:9C
            X509v3 Authority Key Identifier:
                keyid:DA:87:66:A9:08:51:AE:44:D7:6B:85:63:D8:35:86:F0:16:4F:E5:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a3430303a3a2f34302d3430203d3e20313339393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2405:aac0:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         66:99:56:c1:a3:fe:78:1e:2e:6c:02:b3:96:5d:89:b2:b0:42:
         6d:cd:0b:25:d9:29:4f:27:7c:5a:86:89:36:81:b2:fe:ed:41:
         92:06:6e:0e:51:47:da:8c:ba:ae:5b:3a:8f:55:1f:8e:cb:92:
         1a:7e:24:39:1a:45:97:9d:f8:bc:71:f2:46:8f:8a:a8:6e:d1:
         7f:62:b3:85:6e:02:e0:6c:51:7a:5b:fd:ac:22:ee:21:f3:23:
         37:91:ba:3b:d9:2f:39:e0:d5:14:0f:13:38:ab:4f:33:c0:5d:
         20:dc:91:d5:c6:f6:e1:26:f1:fb:74:a1:31:a9:73:f1:04:04:
         01:7d:ac:9b:06:d1:a1:ae:e5:6d:9d:11:c8:07:b1:15:4a:d1:
         0f:c8:ec:cd:ed:87:00:f7:7d:d0:52:9b:0f:69:b5:53:17:42:
         2b:7d:5a:d5:30:8d:db:b4:f5:6c:30:56:d9:9b:6c:a8:8d:7d:
         e6:5c:3b:fa:f3:cd:88:41:ca:66:86:17:a6:ad:f4:5d:a0:cf:
         2d:1e:8e:32:5b:6b:f8:c0:c2:16:9b:8e:6c:79:94:de:de:62:
         a5:8b:ce:f8:fa:ab:ad:69:18:fd:3e:2c:7e:fd:41:04:a2:22:
         eb:1e:f2:31:0e:5b:59:c2:92:c8:47:cb:6b:1c:c9:7f:e3:a1:
         67:fc:37:57
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUKLhHB8n1MrtkiJb1kLqm3nkc+6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREE4NzY2QTkwODUxQUU0NEQ3NkI4NTYzRDgzNTg2RjAx
NjRGRTVDRjAeFw0yNTA5MjAxOTU1MDFaFw0yNjA5MTkyMDAwMDFaMDMxMTAvBgNV
BAMTKEE5QkE3RjlEOEEzRjNGQUE2Mzk0NDAwODg5MkQxRTcwMzdFQkIxOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2fl9wOIjynSTKc2TnBJM4qO5f
MWPaF7p5jg0IalLdUohkD9lAQAOxZzaPeO+ZM8t8CC5/Fj6qYF6/4dHTE7PbP4rx
Iplm63FhT86iQCMlzgQtbMjaCAtTuSmhGRpIDKkQii1n6sst4hnqIsO6btgdkSK7
RL2iBfXdeMiBXWjOmq8hDLeC9+sThEx/wYrMrEWGVRGXVwpS1QQlaJTrWB+V7/uJ
0hwCyHOBEIgC9K88mmIpUyqLcyR+mpFvTKDk4nnyoAOGQiC4aWEuGH/wCuYz8Ohp
lIpY7UrqQt/ZQhuBn3xqeDh6P9wOznyUu1EY4u4g+acDkpnGDunEASrr3gGDAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUqbp/nYo/P6pjlEAIiS0ecDfrsZwwHwYDVR0j
BBgwFoAU2odmqQhRrkTXa4Vj2DWG8BZP5c8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
ZGVkYzAzMy1jZDRkLTQ2MjAtOTM3Mi1lNmUwMzlmYzA2YjkvMC9EQTg3NjZBOTA4
NTFBRTQ0RDc2Qjg1NjNEODM1ODZGMDE2NEZFNUNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREE4NzY2QTkwODUxQUU0NEQ3NkI4NTYzRDgzNTg2RjAxNjRG
RTVDRi5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNkZWRjMDMzLWNkNGQtNDYyMC05
MzcyLWU2ZTAzOWZjMDZiOS8wLzMyMzQzMDM1M2E2MTYxNjMzMDNhMzQzMDMwM2Ez
YTJmMzQzMDJkMzQzMDIwM2QzZTIwMzEzMzM5MzkzNDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJAWq
wAQwDQYJKoZIhvcNAQELBQADggEBAGaZVsGj/ngeLmwCs5ZdibKwQm3NCyXZKU8n
fFqGiTaBsv7tQZIGbg5RR9qMuq5bOo9VH47Lkhp+JDkaRZed+Lxx8kaPiqhu0X9i
s4VuAuBsUXpb/awi7iHzIzeRujvZLzng1RQPEzirTzPAXSDckdXG9uEm8ft0oTGp
c/EEBAF9rJsG0aGu5W2dEcgHsRVK0Q/I7M3thwD3fdBSmw9ptVMXQit9WtUwjdu0
9WwwVtmbbKiNfeZcO/rzzYhBymaGF6at9F2gzy0ejjJba/jAwhabjmx5lN7eYqWL
zvj6q61pGP0+LH79QQSiIuse8jEOW1nCkshHy2scyX/joWf8N1c=
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:47:30 2025 by rpki-client