Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/323430303a396338303a3a2f33322d3438203d3e203538333936.roa
File:                     323430303a396338303a3a2f33322d3438203d3e203538333936.roa (raw, json)
Hash identifier:          TF0wUy+dNaoOGoHOxxQXpCTB1A5mPRPhzdO0eyVTG9Y=
Subject key identifier:   82:E6:7D:9D:95:24:44:75:5A:09:3B:4E:77:85:5D:C5:78:FC:05:65
Certificate issuer:       /CN=019C4E26EEC252EA61FBB09FD856CDD057CEAD8C
Certificate serial:       7EC02360B7D4D0483D1800836A549931CA940BE4
Authority key identifier: 01:9C:4E:26:EE:C2:52:EA:61:FB:B0:9F:D8:56:CD:D0:57:CE:AD:8C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/323430303a396338303a3a2f33322d3438203d3e203538333936.roa
Signing time:             Sat 27 Sep 2025 17:00:02 +0000
ROA not before:           Sat 27 Sep 2025 16:55:02 +0000
ROA not after:            Sat 26 Sep 2026 17:00:02 +0000
asID:                     58396
IP address blocks:        2400:9c80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.crl
                          rsync://repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 08:18:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:c0:23:60:b7:d4:d0:48:3d:18:00:83:6a:54:99:31:ca:94:0b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=019C4E26EEC252EA61FBB09FD856CDD057CEAD8C
        Validity
            Not Before: Sep 27 16:55:02 2025 GMT
            Not After : Sep 26 17:00:02 2026 GMT
        Subject: CN=82E67D9D952444755A093B4E77855DC578FC0565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:58:02:81:b2:12:9f:a9:fb:a2:79:58:9d:eb:
                    15:97:56:96:1d:c8:ef:13:21:ee:e6:ec:cd:41:03:
                    b9:2b:c9:43:a4:ab:74:b0:4d:18:d1:db:27:95:8e:
                    2a:e8:a8:96:9b:fb:01:ab:de:61:6e:a3:23:ce:50:
                    ae:fb:b6:36:5b:1e:ec:71:e4:57:06:95:bd:68:45:
                    f6:b8:f9:7a:6e:3c:f1:48:a5:f6:67:d9:df:62:09:
                    6a:d9:ea:8e:aa:05:2a:a8:57:31:bc:c7:e5:93:eb:
                    a3:38:23:33:c0:9a:98:7b:25:01:5a:ed:70:db:41:
                    dd:d1:97:51:8d:20:40:01:ff:27:1e:e7:ee:2f:ff:
                    59:ba:5a:41:0d:b2:66:40:95:10:5c:ce:10:3e:57:
                    65:a8:4e:09:45:db:5b:a8:ec:00:62:3a:e1:4a:b0:
                    e1:18:25:6d:87:cd:ca:c0:f9:3d:da:03:c7:eb:0e:
                    79:61:8e:32:8d:8e:82:5a:b2:59:29:35:df:f9:09:
                    80:9c:05:d9:20:e2:f8:99:f1:48:86:cc:db:39:27:
                    39:02:25:86:fd:01:d1:9b:75:8d:d8:5a:ba:09:38:
                    4c:bb:75:e7:6a:2e:20:03:db:5d:0b:98:7d:de:38:
                    24:7a:85:6c:1e:70:57:7b:d3:93:0f:bb:fe:bc:d2:
                    61:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E6:7D:9D:95:24:44:75:5A:09:3B:4E:77:85:5D:C5:78:FC:05:65
            X509v3 Authority Key Identifier:
                keyid:01:9C:4E:26:EE:C2:52:EA:61:FB:B0:9F:D8:56:CD:D0:57:CE:AD:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/019C4E26EEC252EA61FBB09FD856CDD057CEAD8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/bd5c4715-282e-457f-b89e-041bf9110af8/0/323430303a396338303a3a2f33322d3438203d3e203538333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:9c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:b5:36:27:52:74:17:ad:83:b6:95:f0:01:ec:e6:21:6e:90:
         7f:1c:c9:c2:9c:38:cf:55:29:70:f8:bc:c7:34:c6:d8:d2:1f:
         97:57:60:bc:01:af:1e:88:cb:5a:77:4c:d5:40:9c:16:16:70:
         90:93:27:cc:8f:d1:d5:80:63:9d:a4:b6:66:e6:4b:94:23:2f:
         13:de:96:58:c2:b9:d2:7a:b4:a0:ff:27:28:00:3a:74:79:5c:
         fd:c6:0d:8b:1a:52:97:3e:1e:ef:f1:53:87:89:10:1b:22:04:
         20:6c:08:c8:43:38:99:d0:e9:f5:3b:fd:ab:f4:22:d4:96:a3:
         4d:d6:97:e6:73:31:f2:92:2f:bf:1b:79:9c:d2:56:90:7e:89:
         8f:ce:59:ca:ca:5e:8a:80:2e:a6:42:75:29:39:e5:94:0d:14:
         ea:ea:1a:78:dc:58:89:e3:90:b0:55:d1:35:99:e6:26:d1:11:
         45:3a:aa:42:9b:83:10:dd:6b:1f:f7:38:9b:f6:2a:79:89:a0:
         e4:3d:3e:47:2e:52:3f:27:fb:14:09:67:ca:e0:67:51:f1:94:
         2d:5f:32:f5:6b:53:05:45:ae:f1:e3:45:89:66:a9:85:ed:83:
         d0:97:da:5b:ef:ec:37:c2:5a:fd:b8:9d:01:6a:6e:db:8c:c1:
         87:2e:62:a4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUfsAjYLfU0Eg9GACDalSZMcqUC+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDE5QzRFMjZFRUMyNTJFQTYxRkJCMDlGRDg1NkNERDA1
N0NFQUQ4QzAeFw0yNTA5MjcxNjU1MDJaFw0yNjA5MjYxNzAwMDJaMDMxMTAvBgNV
BAMTKDgyRTY3RDlEOTUyNDQ0NzU1QTA5M0I0RTc3ODU1REM1NzhGQzA1NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYWAKBshKfqfuieVid6xWXVpYd
yO8TIe7m7M1BA7kryUOkq3SwTRjR2yeVjiroqJab+wGr3mFuoyPOUK77tjZbHuxx
5FcGlb1oRfa4+XpuPPFIpfZn2d9iCWrZ6o6qBSqoVzG8x+WT66M4IzPAmph7JQFa
7XDbQd3Rl1GNIEAB/yce5+4v/1m6WkENsmZAlRBczhA+V2WoTglF21uo7ABiOuFK
sOEYJW2HzcrA+T3aA8frDnlhjjKNjoJaslkpNd/5CYCcBdkg4viZ8UiGzNs5JzkC
JYb9AdGbdY3YWroJOEy7dedqLiAD210LmH3eOCR6hWwecFd705MPu/680mE1AgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUguZ9nZUkRHVaCTtOd4VdxXj8BWUwHwYDVR0j
BBgwFoAUAZxOJu7CUuph+7Cf2FbN0FfOrYwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9i
ZDVjNDcxNS0yODJlLTQ1N2YtYjg5ZS0wNDFiZjkxMTBhZjgvMC8wMTlDNEUyNkVF
QzI1MkVBNjFGQkIwOUZEODU2Q0REMDU3Q0VBRDhDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMDE5QzRFMjZFRUMyNTJFQTYxRkJCMDlGRDg1NkNERDA1N0NF
QUQ4Qy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2JkNWM0NzE1LTI4MmUtNDU3Zi1i
ODllLTA0MWJmOTExMGFmOC8wLzMyMzQzMDMwM2EzOTYzMzgzMDNhM2EyZjMzMzIy
ZDM0MzgyMDNkM2UyMDM1MzgzMzM5MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkAJyAMA0GCSqGSIb3
DQEBCwUAA4IBAQAbtTYnUnQXrYO2lfAB7OYhbpB/HMnCnDjPVSlw+LzHNMbY0h+X
V2C8Aa8eiMtad0zVQJwWFnCQkyfMj9HVgGOdpLZm5kuUIy8T3pZYwrnSerSg/yco
ADp0eVz9xg2LGlKXPh7v8VOHiRAbIgQgbAjIQziZ0On1O/2r9CLUlqNN1pfmczHy
ki+/G3mc0laQfomPzlnKyl6KgC6mQnUpOeWUDRTq6hp43FiJ45CwVdE1meYm0RFF
OqpCm4MQ3Wsf9zib9ip5iaDkPT5HLlI/J/sUCWfK4GdR8ZQtXzL1a1MFRa7x40WJ
ZqmF7YPQl9pb7+w3wlr9uJ0Bam7bjMGHLmKk
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:58:37 2025 by rpki-client