Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a373a3a2f34382d3438203d3e20313339393439.roa
File:                     323430353a616163303a373a3a2f34382d3438203d3e20313339393439.roa (raw, json)
Hash identifier:          mNE/kUBhUoa2u8S+0EWxgymuwplio5kM7Ohy0mpBSbs=
Subject key identifier:   5B:A0:B4:77:B5:FC:C2:2F:75:88:9F:43:9E:39:4B:81:51:F4:D3:05
Certificate issuer:       /CN=DA8766A90851AE44D76B8563D83586F0164FE5CF
Certificate serial:       70087164AAE6D4A999E6D4636513665CAA7095D7
Authority key identifier: DA:87:66:A9:08:51:AE:44:D7:6B:85:63:D8:35:86:F0:16:4F:E5:CF
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a373a3a2f34382d3438203d3e20313339393439.roa
Signing time:             Sun 21 Sep 2025 19:00:00 +0000
ROA not before:           Sun 21 Sep 2025 18:55:00 +0000
ROA not after:            Sun 20 Sep 2026 19:00:00 +0000
asID:                     139949
IP address blocks:        2405:aac0:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.crl
                          rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 08:44:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:08:71:64:aa:e6:d4:a9:99:e6:d4:63:65:13:66:5c:aa:70:95:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DA8766A90851AE44D76B8563D83586F0164FE5CF
        Validity
            Not Before: Sep 21 18:55:00 2025 GMT
            Not After : Sep 20 19:00:00 2026 GMT
        Subject: CN=5BA0B477B5FCC22F75889F439E394B8151F4D305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b6:e9:d5:e1:4a:15:78:98:22:6f:dc:51:c0:
                    8c:be:f6:20:0b:9c:e0:ba:9f:9e:1f:be:df:29:8b:
                    86:38:5c:b7:85:c3:e0:b3:10:47:b1:80:e9:d5:07:
                    8f:bb:9c:44:40:93:63:e8:99:72:99:39:e9:2f:6e:
                    59:1f:52:5d:05:d9:b9:58:a3:15:59:f3:6e:8b:ce:
                    42:7f:31:57:ee:20:d7:38:3c:be:8b:91:12:a8:4a:
                    91:92:f0:ae:2b:66:d2:5d:a8:19:67:71:c2:4c:b6:
                    a8:85:53:2e:50:0c:6a:c5:c0:9f:4e:b9:3f:49:17:
                    7f:01:9f:90:ae:18:40:42:14:f0:fb:4f:c7:7d:6f:
                    54:f9:18:21:ea:05:2b:e8:8b:50:43:56:62:bc:e1:
                    f5:3d:d9:1c:c1:d6:05:23:4b:c9:79:9e:5d:ec:bf:
                    72:ee:8b:d9:05:53:0f:8c:20:36:b0:82:cd:fa:7a:
                    1d:a7:d0:81:f2:5b:60:ab:a6:c0:f0:0c:da:1d:ac:
                    7d:87:65:99:c0:84:90:f8:8a:75:4a:a9:5e:cb:e8:
                    ba:47:2d:43:af:f3:c7:44:98:fc:d7:dc:d7:c4:6a:
                    da:c8:7f:76:e1:f6:50:1f:8b:8a:f6:bb:a5:d2:01:
                    ad:14:eb:77:02:89:41:a6:63:9f:40:66:fd:d3:b7:
                    c4:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:A0:B4:77:B5:FC:C2:2F:75:88:9F:43:9E:39:4B:81:51:F4:D3:05
            X509v3 Authority Key Identifier:
                keyid:DA:87:66:A9:08:51:AE:44:D7:6B:85:63:D8:35:86:F0:16:4F:E5:CF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/DA8766A90851AE44D76B8563D83586F0164FE5CF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DA8766A90851AE44D76B8563D83586F0164FE5CF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3dedc033-cd4d-4620-9372-e6e039fc06b9/0/323430353a616163303a373a3a2f34382d3438203d3e20313339393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2405:aac0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         ec:80:92:ad:7f:d8:11:cd:4f:17:87:6e:dc:0a:45:20:66:8e:
         17:e2:4b:e5:f1:5a:61:7b:8c:ac:44:64:7c:f4:86:3c:24:19:
         6c:57:e7:04:55:e6:3e:f6:f0:d6:10:65:cf:f1:42:2e:c2:bd:
         67:d3:a8:3c:91:93:ce:9f:84:cc:de:33:1c:64:60:6d:fe:da:
         97:bd:00:df:36:b6:f2:54:60:14:b2:d4:01:5a:84:2d:ed:20:
         3a:d6:7e:b6:aa:77:4a:61:0b:4b:e6:13:9b:db:2c:3d:50:49:
         22:54:dd:f3:88:47:af:25:9c:59:0a:e6:30:51:84:df:d6:30:
         2d:99:48:d2:f5:49:7d:50:ca:0d:e3:b8:2b:27:08:8c:a1:9f:
         c3:7c:62:70:ff:df:0a:4f:5a:99:ed:0e:ed:03:94:9f:fe:31:
         38:6c:eb:00:e4:ee:3d:2a:0b:1c:54:cb:79:4e:4b:c2:e4:d4:
         03:55:1f:4b:a8:e7:a4:72:52:56:fc:99:7b:06:91:e4:dc:b7:
         18:3d:fc:ce:5b:49:80:fc:45:6b:68:03:a1:87:37:08:54:6b:
         26:dc:de:8f:94:4c:fb:30:93:07:cc:5c:63:56:0b:1a:8d:dc:
         d3:c8:cc:1a:27:4d:26:57:1b:3e:44:49:bc:69:33:d4:8f:c4:
         71:7d:c3:8d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcAhxZKrm1KmZ5tRjZRNmXKpwldcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREE4NzY2QTkwODUxQUU0NEQ3NkI4NTYzRDgzNTg2RjAx
NjRGRTVDRjAeFw0yNTA5MjExODU1MDBaFw0yNjA5MjAxOTAwMDBaMDMxMTAvBgNV
BAMTKDVCQTBCNDc3QjVGQ0MyMkY3NTg4OUY0MzlFMzk0QjgxNTFGNEQzMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXtunV4UoVeJgib9xRwIy+9iAL
nOC6n54fvt8pi4Y4XLeFw+CzEEexgOnVB4+7nERAk2PomXKZOekvblkfUl0F2blY
oxVZ826LzkJ/MVfuINc4PL6LkRKoSpGS8K4rZtJdqBlnccJMtqiFUy5QDGrFwJ9O
uT9JF38Bn5CuGEBCFPD7T8d9b1T5GCHqBSvoi1BDVmK84fU92RzB1gUjS8l5nl3s
v3Lui9kFUw+MIDawgs36eh2n0IHyW2CrpsDwDNodrH2HZZnAhJD4inVKqV7L6LpH
LUOv88dEmPzX3NfEatrIf3bh9lAfi4r2u6XSAa0U63cCiUGmY59AZv3Tt8Q/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUW6C0d7X8wi91iJ9DnjlLgVH00wUwHwYDVR0j
BBgwFoAU2odmqQhRrkTXa4Vj2DWG8BZP5c8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
ZGVkYzAzMy1jZDRkLTQ2MjAtOTM3Mi1lNmUwMzlmYzA2YjkvMC9EQTg3NjZBOTA4
NTFBRTQ0RDc2Qjg1NjNEODM1ODZGMDE2NEZFNUNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREE4NzY2QTkwODUxQUU0NEQ3NkI4NTYzRDgzNTg2RjAxNjRG
RTVDRi5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNkZWRjMDMzLWNkNGQtNDYyMC05
MzcyLWU2ZTAzOWZjMDZiOS8wLzMyMzQzMDM1M2E2MTYxNjMzMDNhMzczYTNhMmYz
NDM4MmQzNDM4MjAzZDNlMjAzMTMzMzkzOTM0Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAkBarAAAcw
DQYJKoZIhvcNAQELBQADggEBAOyAkq1/2BHNTxeHbtwKRSBmjhfiS+XxWmF7jKxE
ZHz0hjwkGWxX5wRV5j728NYQZc/xQi7CvWfTqDyRk86fhMzeMxxkYG3+2pe9AN82
tvJUYBSy1AFahC3tIDrWfraqd0phC0vmE5vbLD1QSSJU3fOIR68lnFkK5jBRhN/W
MC2ZSNL1SX1Qyg3juCsnCIyhn8N8YnD/3wpPWpntDu0DlJ/+MThs6wDk7j0qCxxU
y3lOS8Lk1ANVH0uo56RyUlb8mXsGkeTctxg9/M5bSYD8RWtoA6GHNwhUaybc3o+U
TPswkwfMXGNWCxqN3NPIzBonTSZXGz5ESbxpM9SPxHF9w40=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:37:52 2025 by rpki-client