Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e20393137.roa
File:                     323430373a623963303a3a2f33322d3438203d3e20393137.roa (raw, json)
Hash identifier:          EWyx31GnzeEa34YdlCfOKBBLtKjLerW7tETk3ztfEgw=
Subject key identifier:   40:FE:40:29:B6:FC:51:64:E0:DE:DC:9C:F0:E1:3D:D0:93:09:2D:B4
Certificate issuer:       /CN=A9121C330000/serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
Certificate serial:       124189D8EE9502A446E261887CA32E6BD9907686
Authority key identifier: 9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e20393137.roa
Signing time:             Sun 05 Oct 2025 22:31:17 +0000
ROA not before:           Sun 05 Oct 2025 22:26:17 +0000
ROA not after:            Sun 04 Oct 2026 22:31:17 +0000
asID:                     917
IP address blocks:        2407:b9c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl
                          rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 00:56:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:41:89:d8:ee:95:02:a4:46:e2:61:88:7c:a3:2e:6b:d9:90:76:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121C330000, serialNumber=9CF05E7024D4A487E0B79E2F57525BF345DB53EC
        Validity
            Not Before: Oct  5 22:26:17 2025 GMT
            Not After : Oct  4 22:31:17 2026 GMT
        Subject: CN=40FE4029B6FC5164E0DEDC9CF0E13DD093092DB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:66:43:3e:82:7f:81:ce:aa:eb:2b:ff:2d:6e:
                    d8:00:9a:2f:77:2a:d4:0d:f0:fe:53:08:c4:37:c1:
                    d2:36:db:36:c8:17:87:3f:f8:40:0e:a4:3c:eb:64:
                    e9:48:8b:6e:06:32:18:24:67:fa:17:d8:f4:9f:8c:
                    95:c3:19:fd:b6:b9:76:8a:0d:b6:e7:3c:21:1c:58:
                    34:21:5d:5f:11:9a:67:be:44:d7:70:9b:de:64:85:
                    78:6d:0f:c4:37:36:43:b8:d0:dc:32:29:ad:97:32:
                    0e:8c:38:05:f5:e8:8c:30:a1:64:5c:4a:5b:1e:9c:
                    3c:92:08:d6:bc:1c:9d:8b:f6:1d:d7:44:7f:17:83:
                    c1:74:5a:d2:d4:0d:85:5f:b5:a8:e6:e3:44:cf:4b:
                    4f:6a:44:3c:87:7d:3b:e9:d6:23:df:0c:72:0f:01:
                    50:4a:9d:11:1f:dd:55:94:d5:48:56:34:d3:18:86:
                    75:b3:98:d0:51:a0:e3:a7:d3:d9:be:bf:a8:c6:e8:
                    96:bc:db:3c:91:34:5c:bb:ab:a1:90:fd:01:75:5a:
                    bd:3a:8a:5e:57:5c:88:da:d1:04:1e:11:00:fd:d4:
                    ab:ef:81:c3:72:61:40:b2:28:aa:61:50:89:c9:50:
                    55:5e:54:28:2b:c8:2f:fb:e1:db:55:e6:c7:31:29:
                    a0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FE:40:29:B6:FC:51:64:E0:DE:DC:9C:F0:E1:3D:D0:93:09:2D:B4
            X509v3 Authority Key Identifier:
                keyid:9C:F0:5E:70:24:D4:A4:87:E0:B7:9E:2F:57:52:5B:F3:45:DB:53:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/0/9CF05E7024D4A487E0B79E2F57525BF345DB53EC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nPBecCTUpIfgt54vV1Jb80XbU-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/0/323430373a623963303a3a2f33322d3438203d3e20393137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:f6:75:1e:dd:a3:83:32:86:10:5c:71:29:ce:53:d7:d8:4c:
         4b:d3:5a:91:62:2a:0c:b5:92:40:5f:8e:b6:a1:01:15:8f:c8:
         b3:e6:a6:d7:bc:8d:5c:2d:55:b1:14:46:32:1c:d3:d5:c1:91:
         5c:eb:85:6d:93:02:dc:14:c3:36:27:18:5a:6a:ef:2c:bd:31:
         94:39:c8:57:14:d1:72:74:01:f1:de:5d:57:d1:ed:da:3d:7b:
         d3:68:d5:b0:fc:94:5f:fc:d5:23:e6:3e:37:0c:cf:7e:d8:90:
         7c:49:cc:d4:40:42:2e:2c:77:a0:ac:49:2f:46:0d:e2:28:2b:
         09:1d:1d:f2:4e:18:1f:e4:98:6c:e3:6f:3b:5a:f0:63:56:7c:
         dc:fc:d9:d9:76:67:5b:19:ab:b6:3d:64:85:b8:03:4d:38:0b:
         01:00:6c:a5:1a:4e:a1:73:64:12:e6:73:40:6f:16:06:0b:99:
         a3:5c:78:1b:2b:37:d9:72:2a:3f:ed:65:e6:54:7f:9b:51:19:
         4c:3e:97:b2:73:6b:fb:c6:21:79:c2:be:23:88:98:08:c5:a8:
         79:15:f5:c5:12:83:0e:56:29:59:bd:c2:7f:1c:bd:da:1a:82:
         18:3b:78:d6:31:53:b6:d4:7e:9a:15:92:33:56:92:47:af:d4:
         11:00:89:df
-----BEGIN CERTIFICATE-----
MIIE9jCCA96gAwIBAgIUEkGJ2O6VAqRG4mGIfKMua9mQdoYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMjFDMzMwMDAwMTEwLwYDVQQFEyg5Q0YwNUU3MDI0
RDRBNDg3RTBCNzlFMkY1NzUyNUJGMzQ1REI1M0VDMB4XDTI1MTAwNTIyMjYxN1oX
DTI2MTAwNDIyMzExN1owMzExMC8GA1UEAxMoNDBGRTQwMjlCNkZDNTE2NEUwREVE
QzlDRjBFMTNERDA5MzA5MkRCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFmQz6Cf4HOqusr/y1u2ACaL3cq1A3w/lMIxDfB0jbbNsgXhz/4QA6kPOtk
6UiLbgYyGCRn+hfY9J+MlcMZ/ba5dooNtuc8IRxYNCFdXxGaZ75E13Cb3mSFeG0P
xDc2Q7jQ3DIprZcyDow4BfXojDChZFxKWx6cPJII1rwcnYv2HddEfxeDwXRa0tQN
hV+1qObjRM9LT2pEPId9O+nWI98Mcg8BUEqdER/dVZTVSFY00xiGdbOY0FGg46fT
2b6/qMbolrzbPJE0XLuroZD9AXVavTqKXldciNrRBB4RAP3Uq++Bw3JhQLIoqmFQ
iclQVV5UKCvIL/vh21XmxzEpoPUCAwEAAaOCAekwggHlMB0GA1UdDgQWBBRA/kAp
tvxRZODe3Jzw4T3QkwkttDAfBgNVHSMEGDAWgBSc8F5wJNSkh+C3ni9XUlvzRdtT
7DAOBgNVHQ8BAf8EBAMCB4AwYQYDVR0fBFowWDBWoFSgUoZQcnN5bmM6Ly9yc3lu
Yy5ycC5raS9yZXBvL21pc2FrYWlvLzAvOUNGMDVFNzAyNEQ0QTQ4N0UwQjc5RTJG
NTc1MjVCRjM0NURCNTNFQy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAC
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2
MTFFMkJCNDY4RjdDNzJGRDFGRjIvblBCZWNDVFVwSWZndDU0dlYxSmI4MFhiVS13
LmNlcjB0BggrBgEFBQcBCwRoMGYwZAYIKwYBBQUHMAuGWHJzeW5jOi8vcnN5bmMu
cnAua2kvcmVwby9taXNha2Fpby8wLzMyMzQzMDM3M2E2MjM5NjMzMDNhM2EyZjMz
MzIyZDM0MzgyMDNkM2UyMDM5MzEzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQHucAwDQYJKoZIhvcN
AQELBQADggEBAHL2dR7do4MyhhBccSnOU9fYTEvTWpFiKgy1kkBfjrahARWPyLPm
pte8jVwtVbEURjIc09XBkVzrhW2TAtwUwzYnGFpq7yy9MZQ5yFcU0XJ0AfHeXVfR
7do9e9No1bD8lF/81SPmPjcMz37YkHxJzNRAQi4sd6CsSS9GDeIoKwkdHfJOGB/k
mGzjbzta8GNWfNz82dl2Z1sZq7Y9ZIW4A004CwEAbKUaTqFzZBLmc0BvFgYLmaNc
eBsrN9lyKj/tZeZUf5tRGUw+l7Jza/vGIXnCviOImAjFqHkV9cUSgw5WKVm9wn8c
vdoaghg7eNYxU7bUfpoVkjNWkkev1BEAid8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:28:25 2025 by rpki-client