Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203537363935.roa
File:                     323430373a623963303a3a2f33322d3438203d3e203537363935.roa (raw, json)
Hash identifier:          tEG9JFKiDdsjMGlGAtGF9ff7/fO0QNV3vFqHY+f6qAc=
Subject key identifier:   3F:21:7C:99:BF:00:CD:E5:65:40:4D:91:8C:71:A0:CC:66:FE:79:2F
Certificate issuer:       /CN=A9121C330000/serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
Certificate serial:       2A39EF0800D2A74EBAABB0D4A8A04ACDF9682FFE
Authority key identifier: 9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203537363935.roa
Signing time:             Sun 05 Oct 2025 22:31:18 +0000
ROA not before:           Sun 05 Oct 2025 22:26:18 +0000
ROA not after:            Sun 04 Oct 2026 22:31:18 +0000
asID:                     57695
IP address blocks:        2407:b9c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl
                          rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 00:56:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:39:ef:08:00:d2:a7:4e:ba:ab:b0:d4:a8:a0:4a:cd:f9:68:2f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121C330000, serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
        Validity
            Not Before: Oct  5 22:26:18 2025 GMT
            Not After : Oct  4 22:31:18 2026 GMT
        Subject: CN=3F217C99BF00CDE565404D918C71A0CC66FE792F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9a:19:6d:1b:37:31:43:3d:49:e0:93:90:c5:
                    07:11:4e:38:bc:4e:46:71:43:7c:da:7a:96:90:db:
                    35:08:a6:45:b3:70:a6:4a:c2:33:64:71:0b:7a:10:
                    53:93:6c:24:85:93:00:66:18:97:90:af:af:7c:a1:
                    60:d0:0e:d6:87:4f:c3:60:b5:9f:f9:ee:34:9b:ab:
                    d7:95:18:c9:0f:1a:7e:1f:51:c1:77:cc:b1:19:bd:
                    1e:8e:76:41:77:ac:82:69:11:6a:3d:9f:b9:6b:b8:
                    0f:e8:93:1f:a5:01:50:26:5a:24:2f:e4:a9:2b:d4:
                    7c:a6:83:8c:f6:c7:da:a3:b6:0b:62:b7:20:d1:d5:
                    a9:79:d8:eb:d4:f7:73:05:45:15:e0:6c:b3:5d:80:
                    30:3e:ed:8b:4d:9e:4e:18:a0:26:c6:31:54:55:f7:
                    af:ee:f3:b3:fe:54:68:ba:fb:02:6c:02:b5:35:95:
                    9c:ac:74:13:f0:f7:50:b2:4b:3d:88:79:f2:a5:c2:
                    34:44:a7:14:a7:2d:eb:27:61:67:08:fe:67:48:30:
                    8a:3e:27:e4:ce:41:c5:76:44:c3:04:c9:2d:15:19:
                    08:52:eb:49:34:bb:e9:51:ca:51:ca:78:f8:1f:fb:
                    cf:e1:d7:bd:1e:4d:2d:c3:41:99:66:fd:f5:69:02:
                    7a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:21:7C:99:BF:00:CD:E5:65:40:4D:91:8C:71:A0:CC:66:FE:79:2F
            X509v3 Authority Key Identifier:
                keyid:9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e203537363935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:b9:79:eb:2b:ac:bf:8f:1b:4b:cf:85:cd:8b:1b:bc:b9:29:
         fc:e6:6a:de:56:1f:ad:52:84:fd:a6:d1:a3:86:1b:b4:a7:ec:
         45:bd:b4:b2:2b:06:f9:72:f0:88:54:fb:8c:b9:07:6e:88:48:
         d6:83:84:92:8a:1d:19:09:98:42:fd:72:24:e9:86:bf:cd:16:
         b0:22:d1:eb:e3:84:98:7e:1c:9a:0a:f2:6f:32:5c:fe:20:72:
         5c:93:85:f0:b9:84:be:6d:4f:8e:c0:12:76:74:b6:77:90:eb:
         e2:2b:a3:c3:a4:60:67:3a:54:ee:6c:fa:11:71:15:24:6a:15:
         94:8e:ef:16:70:f9:48:5a:c4:9a:05:e8:ff:cd:cd:2b:86:27:
         e1:db:e2:0b:5b:7c:5e:44:dd:ee:64:61:81:02:6e:0d:f5:6a:
         84:01:b3:4a:86:56:88:82:f7:ff:12:5c:7e:34:0f:bb:4f:40:
         88:b9:a1:a1:49:23:02:93:c2:d5:d5:92:7f:a9:62:57:f5:bf:
         ff:da:0e:8c:44:a1:7c:a0:c6:8b:43:06:fa:d6:d2:75:73:b5:
         eb:62:6b:c9:63:73:c9:34:1b:4a:8b:c0:40:b8:bf:e3:d5:bc:
         7b:10:3f:c1:aa:cb:ca:6c:8f:3d:b6:fe:5e:da:a2:68:8f:81:
         3e:2f:7c:c6
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUKjnvCADSp066q7DUqKBKzfloL/4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMjFDMzMwMDAwMTEwLwYDVQQFEyg5Q0YwNUU3MDI0
RDRBNDg3RTBCNzlFMkY1NzUyNUJGMzQ1REI1M0VDMB4XDTI1MTAwNTIyMjYxOFoX
DTI2MTAwNDIyMzExOFowMzExMC8GA1UEAxMoM0YyMTdDOTlCRjAwQ0RFNTY1NDA0
RDkxOEM3MUEwQ0M2NkZFNzkyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALeaGW0bNzFDPUngk5DFBxFOOLxORnFDfNp6lpDbNQimRbNwpkrCM2RxC3oQ
U5NsJIWTAGYYl5Cvr3yhYNAO1odPw2C1n/nuNJur15UYyQ8afh9RwXfMsRm9Ho52
QXesgmkRaj2fuWu4D+iTH6UBUCZaJC/kqSvUfKaDjPbH2qO2C2K3INHVqXnY69T3
cwVFFeBss12AMD7ti02eThigJsYxVFX3r+7zs/5UaLr7AmwCtTWVnKx0E/D3ULJL
PYh58qXCNESnFKct6ydhZwj+Z0gwij4n5M5BxXZEwwTJLRUZCFLrSTS76VHKUcp4
+B/7z+HXvR5NLcNBmWb99WkCeksCAwEAAaOCAe0wggHpMB0GA1UdDgQWBBQ/IXyZ
vwDN5WVATZGMcaDMZv55LzAfBgNVHSMEGDAWgBSc8F5wJNSkh+C3ni9XUlvzRdtT
7DAOBgNVHQ8BAf8EBAMCB4AwYQYDVR0fBFowWDBWoFSgUoZQcnN5bmM6Ly9yc3lu
Yy5ycC5raS9yZXBvL21pc2FrYWlvLzAvOUNGMDVFNzAyNEQ0QTQ4N0UwQjc5RTJG
NTc1MjVCRjM0NURCNTNFQy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAC
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2
MTFFMkJCNDY4RjdDNzJGRDFGRjIvblBCZWNDVFVwSWZndDU0dlYxSmI4MFhiVS13
LmNlcjB4BggrBgEFBQcBCwRsMGowaAYIKwYBBQUHMAuGXHJzeW5jOi8vcnN5bmMu
cnAua2kvcmVwby9taXNha2Fpby8wLzMyMzQzMDM3M2E2MjM5NjMzMDNhM2EyZjMz
MzIyZDM0MzgyMDNkM2UyMDM1MzczNjM5MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkB7nAMA0GCSqG
SIb3DQEBCwUAA4IBAQAnuXnrK6y/jxtLz4XNixu8uSn85mreVh+tUoT9ptGjhhu0
p+xFvbSyKwb5cvCIVPuMuQduiEjWg4SSih0ZCZhC/XIk6Ya/zRawItHr44SYfhya
CvJvMlz+IHJck4XwuYS+bU+OwBJ2dLZ3kOviK6PDpGBnOlTubPoRcRUkahWUju8W
cPlIWsSaBej/zc0rhifh2+ILW3xeRN3uZGGBAm4N9WqEAbNKhlaIgvf/Elx+NA+7
T0CIuaGhSSMCk8LV1ZJ/qWJX9b//2g6MRKF8oMaLQwb61tJ1c7XrYmvJY3PJNBtK
i8BAuL/j1bx7ED/BqsvKbI89tv5e2qJoj4E+L3zG
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:58:54 2025 by rpki-client