Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203233393631.roa
File:                     323430373a623963303a3a2f33322d3438203d3e203233393631.roa (raw, json)
Hash identifier:          Chrj9m4BrE2U2pfcWlFNBSg+oO8sOSxTQ6ekpt4BV7I=
Subject key identifier:   71:D7:1E:CF:BB:54:00:0E:56:B0:AA:E2:90:4A:F3:64:B8:3B:2B:FF
Certificate issuer:       /CN=A9121C330000/serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
Certificate serial:       36FC715809DFA618DF076857F9E417BD130F7423
Authority key identifier: 9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203233393631.roa
Signing time:             Sun 05 Oct 2025 22:31:17 +0000
ROA not before:           Sun 05 Oct 2025 22:26:17 +0000
ROA not after:            Sun 04 Oct 2026 22:31:17 +0000
asID:                     23961
IP address blocks:        2407:b9c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl
                          rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 15:52:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:fc:71:58:09:df:a6:18:df:07:68:57:f9:e4:17:bd:13:0f:74:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121C330000, serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
        Validity
            Not Before: Oct  5 22:26:17 2025 GMT
            Not After : Oct  4 22:31:17 2026 GMT
        Subject: CN=71D71ECFBB54000E56B0AAE2904AF364B83B2BFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:dc:6e:00:06:5f:c7:34:0f:ec:78:cc:7e:
                    c9:b3:1e:0b:b3:a7:ef:5a:a6:a3:ab:0f:fa:fb:68:
                    96:a4:e1:e5:85:f7:83:06:72:71:4b:03:6c:4b:27:
                    e8:1d:e7:5e:8d:b0:d2:c0:4b:90:7a:7d:eb:f1:56:
                    e0:ec:39:b2:e1:ca:56:2d:23:ef:02:26:f5:35:95:
                    39:ec:b1:3a:ac:ce:25:d7:61:89:31:9d:f8:d5:20:
                    6e:f8:14:9c:a6:1c:71:cf:10:68:8c:99:87:83:72:
                    fd:b6:06:1b:4f:66:e9:a5:67:47:f0:96:09:8e:98:
                    82:e3:c5:08:25:7f:4b:85:bc:24:db:33:0f:7f:6d:
                    07:5a:fd:34:52:f4:b6:66:0a:28:35:61:1e:ce:ff:
                    5f:57:c3:f2:c5:7e:60:5a:6d:5a:32:20:3b:ff:63:
                    0b:3a:4d:33:53:60:ac:96:0d:a3:7e:08:b0:68:4c:
                    02:38:ed:38:3d:15:ac:0d:54:be:ac:47:00:60:40:
                    7a:c4:67:f9:0b:92:92:1d:9a:e9:6a:d8:14:d1:42:
                    d0:a0:d5:d8:13:10:94:23:a6:9b:13:3c:0d:59:f2:
                    b0:21:d0:81:cf:68:e2:29:ea:f1:da:99:8b:0c:f9:
                    d5:f9:98:12:42:e2:b0:14:05:db:e2:20:ff:97:5f:
                    7e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D7:1E:CF:BB:54:00:0E:56:B0:AA:E2:90:4A:F3:64:B8:3B:2B:FF
            X509v3 Authority Key Identifier:
                keyid:9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203233393631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:9a:8e:33:71:61:e5:0d:6a:c0:76:33:2a:c7:5e:c4:01:7b:
         4f:65:78:b1:3c:82:12:f8:19:8f:0d:47:ac:f8:f7:1f:72:c2:
         59:b8:01:0c:c1:6d:d4:1a:34:39:d0:df:79:3e:b6:d4:38:ec:
         72:66:2c:d9:3c:9a:c8:43:11:70:1c:a9:3f:6b:27:ce:c2:5e:
         e4:18:ed:ec:da:f9:5c:70:9e:73:c6:a5:62:99:55:f1:33:07:
         1b:d8:b8:a8:e9:50:1f:8d:7d:8a:36:ff:93:e6:8d:53:29:54:
         f2:e3:a3:a9:1a:ca:a2:50:0f:46:65:81:bf:57:1e:3d:b8:38:
         6f:5d:17:b3:58:e5:4a:bc:e3:49:6c:77:32:ac:7f:69:e6:8e:
         24:7b:52:fa:af:cd:28:c0:a0:d4:8f:f3:48:35:f9:f7:1e:dc:
         d2:be:60:12:3e:d4:52:73:75:57:25:a7:1c:ae:a0:b2:c4:58:
         45:88:0d:ae:79:ea:c2:07:5e:98:86:81:8d:d3:e4:71:65:6e:
         a1:c6:6b:50:48:ea:c0:3a:f9:8a:35:53:8f:97:62:aa:08:a0:
         ac:d9:17:36:58:ed:be:85:6a:29:1b:03:e4:7a:70:34:f6:20:
         bd:66:62:93:a8:a6:cc:22:c7:fc:55:00:ac:ee:b0:fe:e0:aa:
         ca:6e:44:79
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUNvxxWAnfphjfB2hX+eQXvRMPdCMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMjFDMzMwMDAwMTEwLwYDVQQFEyg5Q0YwNUU3MDI0
RDRBNDg3RTBCNzlFMkY1NzUyNUJGMzQ1REI1M0VDMB4XDTI1MTAwNTIyMjYxN1oX
DTI2MTAwNDIyMzExN1owMzExMC8GA1UEAxMoNzFENzFFQ0ZCQjU0MDAwRTU2QjBB
QUUyOTA0QUYzNjRCODNCMkJGRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALS73G4ABl/HNA/seMx+ybMeC7On71qmo6sP+vtolqTh5YX3gwZycUsDbEsn
6B3nXo2w0sBLkHp96/FW4Ow5suHKVi0j7wIm9TWVOeyxOqzOJddhiTGd+NUgbvgU
nKYccc8QaIyZh4Ny/bYGG09m6aVnR/CWCY6YguPFCCV/S4W8JNszD39tB1r9NFL0
tmYKKDVhHs7/X1fD8sV+YFptWjIgO/9jCzpNM1NgrJYNo34IsGhMAjjtOD0VrA1U
vqxHAGBAesRn+QuSkh2a6WrYFNFC0KDV2BMQlCOmmxM8DVnysCHQgc9o4inq8dqZ
iwz51fmYEkLisBQF2+Ig/5dffoECAwEAAaOCAe0wggHpMB0GA1UdDgQWBBRx1x7P
u1QADlawquKQSvNkuDsr/zAfBgNVHSMEGDAWgBSc8F5wJNSkh+C3ni9XUlvzRdtT
7DAOBgNVHQ8BAf8EBAMCB4AwYQYDVR0fBFowWDBWoFSgUoZQcnN5bmM6Ly9yc3lu
Yy5ycC5raS9yZXBvL21pc2FrYWlvLzAvOUNGMDVFNzAyNEQ0QTQ4N0UwQjc5RTJG
NTc1MjVCRjM0NURCNTNFQy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAC
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2
MTFFMkJCNDY4RjdDNzJGRDFGRjIvblBCZWNDVFVwSWZndDU0dlYxSmI4MFhiVS13
LmNlcjB4BggrBgEFBQcBCwRsMGowaAYIKwYBBQUHMAuGXHJzeW5jOi8vcnN5bmMu
cnAua2kvcmVwby9taXNha2Fpby8wLzMyMzQzMDM3M2E2MjM5NjMzMDNhM2EyZjMz
MzIyZDM0MzgyMDNkM2UyMDMyMzMzOTM2MzEucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkB7nAMA0GCSqG
SIb3DQEBCwUAA4IBAQAomo4zcWHlDWrAdjMqx17EAXtPZXixPIIS+BmPDUes+Pcf
csJZuAEMwW3UGjQ50N95PrbUOOxyZizZPJrIQxFwHKk/ayfOwl7kGO3s2vlccJ5z
xqVimVXxMwcb2Lio6VAfjX2KNv+T5o1TKVTy46OpGsqiUA9GZYG/Vx49uDhvXRez
WOVKvONJbHcyrH9p5o4ke1L6r80owKDUj/NINfn3HtzSvmASPtRSc3VXJaccrqCy
xFhFiA2ueerCB16YhoGN0+RxZW6hxmtQSOrAOvmKNVOPl2KqCKCs2Rc2WO2+hWop
GwPkenA09iC9ZmKTqKbMIsf8VQCs7rD+4KrKbkR5
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:19:53 2025 by rpki-client