Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a32383a3a2f34382d3438203d3e20313437313337.roa
File:                     323430303a343661303a32383a3a2f34382d3438203d3e20313437313337.roa (raw, json)
Hash identifier:          BASa57B0aeCvQjUkpH58uhcpVnA7zhpchwSCS5nsYmM=
Subject key identifier:   E4:D0:61:1D:AA:19:51:83:6D:4B:4F:59:E3:24:3A:2B:9C:06:1E:7B
Certificate issuer:       /CN=9A52B6405ED406A7B17C4478D516DF3E37282980
Certificate serial:       32AA23CEA65809352308E453EAD79E59296BBD0B
Authority key identifier: 9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a32383a3a2f34382d3438203d3e20313437313337.roa
Signing time:             Fri 11 Jul 2025 09:02:22 +0000
ROA not before:           Fri 11 Jul 2025 08:57:22 +0000
ROA not after:            Fri 10 Jul 2026 09:02:22 +0000
asID:                     147137
IP address blocks:        2400:46a0:28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl
                          rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 11:28:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:aa:23:ce:a6:58:09:35:23:08:e4:53:ea:d7:9e:59:29:6b:bd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9A52B6405ED406A7B17C4478D516DF3E37282980
        Validity
            Not Before: Jul 11 08:57:22 2025 GMT
            Not After : Jul 10 09:02:22 2026 GMT
        Subject: CN=E4D0611DAA1951836D4B4F59E3243A2B9C061E7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:67:d4:89:99:21:a0:39:38:b2:87:28:47:4f:
                    59:33:86:d7:36:f9:22:4b:39:4a:ed:e5:cf:c1:42:
                    fb:6c:e7:e4:b7:34:82:4b:c9:e3:a2:9c:0e:3a:b6:
                    5c:3a:ef:88:fd:45:c9:c3:23:ca:d8:e6:91:73:c7:
                    55:5f:e6:51:58:59:41:d7:89:9a:4f:a9:d7:7b:c4:
                    7a:88:06:67:c1:2a:0c:2d:d3:27:fa:bd:55:b6:bd:
                    6f:08:3a:0a:d8:83:4d:d1:77:31:02:3b:a9:54:88:
                    0d:d1:9b:e8:cc:9c:6a:f2:70:36:f2:b2:ab:72:86:
                    f7:07:4c:a8:6d:11:b5:aa:96:8e:12:30:b0:ae:04:
                    6b:04:c0:53:58:31:45:e9:8f:f6:1f:3c:4c:b6:52:
                    af:fd:0a:11:4c:9b:02:94:10:dc:1c:c7:b1:68:23:
                    a1:7d:49:13:ca:cb:6c:a0:e9:85:88:b7:f8:36:6a:
                    63:9f:d6:84:b4:41:be:2d:a3:b6:7e:81:83:1b:c8:
                    bb:bf:47:6e:0b:01:ae:74:7c:f0:9d:b7:aa:f6:c4:
                    45:b5:fa:36:ec:7c:8d:b5:0b:fa:fc:50:a8:eb:16:
                    87:ea:b6:d8:90:1a:a3:6e:97:03:45:a5:13:8e:ce:
                    d9:a4:bf:67:f3:e5:6e:05:4d:3d:8d:7b:4e:8a:2f:
                    b1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D0:61:1D:AA:19:51:83:6D:4B:4F:59:E3:24:3A:2B:9C:06:1E:7B
            X509v3 Authority Key Identifier:
                keyid:9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a32383a3a2f34382d3438203d3e20313437313337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:46a0:28::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:dc:f8:6a:86:ea:b3:6a:de:90:f5:50:d7:79:8f:ee:7e:78:
         7d:21:82:20:3f:72:98:c7:d7:0f:d3:ca:d3:f0:20:91:99:82:
         17:d0:58:72:a5:cd:e7:54:6a:54:e8:c9:0e:36:f3:0d:22:59:
         18:3d:8f:05:6c:8a:34:20:bc:11:52:f7:e8:68:17:fc:e5:e7:
         94:62:af:94:4c:d1:8a:d9:a4:5b:20:0d:9c:27:c9:4f:34:de:
         b7:28:be:45:4f:da:8d:85:26:ba:a4:3a:05:6c:29:f8:ac:c7:
         92:ab:db:bb:65:ed:58:dc:c6:6d:2c:46:46:a1:a1:87:3c:ce:
         ae:45:64:d0:ca:7a:0c:9c:d6:2b:2d:e1:e4:72:e9:cf:4c:60:
         d5:c3:78:67:df:43:06:3d:46:86:31:6e:8e:24:ad:54:cb:cb:
         1d:2f:57:25:d3:ca:8f:38:ae:c4:8a:60:4f:e1:db:be:ba:08:
         79:4b:c6:12:bd:5a:8b:23:06:67:64:8b:5c:ae:67:cb:e9:59:
         50:3d:84:41:bc:6b:b2:38:05:17:51:60:4a:a7:55:bc:85:f3:
         82:c1:aa:6a:01:04:d8:b6:ea:ee:ad:c4:ee:47:ef:92:54:60:
         57:4b:05:37:4a:14:a8:de:4b:27:99:b0:3a:40:bf:35:a5:fb:
         36:0d:43:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMqojzqZYCTUjCORT6teeWSlrvQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0Uz
NzI4Mjk4MDAeFw0yNTA3MTEwODU3MjJaFw0yNjA3MTAwOTAyMjJaMDMxMTAvBgNV
BAMTKEU0RDA2MTFEQUExOTUxODM2RDRCNEY1OUUzMjQzQTJCOUMwNjFFN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXZ9SJmSGgOTiyhyhHT1kzhtc2
+SJLOUrt5c/BQvts5+S3NIJLyeOinA46tlw674j9RcnDI8rY5pFzx1Vf5lFYWUHX
iZpPqdd7xHqIBmfBKgwt0yf6vVW2vW8IOgrYg03RdzECO6lUiA3Rm+jMnGrycDby
sqtyhvcHTKhtEbWqlo4SMLCuBGsEwFNYMUXpj/YfPEy2Uq/9ChFMmwKUENwcx7Fo
I6F9SRPKy2yg6YWIt/g2amOf1oS0Qb4to7Z+gYMbyLu/R24LAa50fPCdt6r2xEW1
+jbsfI21C/r8UKjrFofqttiQGqNulwNFpROOztmkv2fz5W4FTT2Ne06KL7GTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5NBhHaoZUYNtS09Z4yQ6K5wGHnswHwYDVR0j
BBgwFoAUmlK2QF7UBqexfER41RbfPjcoKYAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YTY2NWMzMi02ZGFmLTQ3MmItYmNlNi0zMTdkNWQ2Yzc4OWUvMC85QTUyQjY0MDVF
RDQwNkE3QjE3QzQ0NzhENTE2REYzRTM3MjgyOTgwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0UzNzI4
Mjk4MC5jZXIwgagGCCsGAQUFBwELBIGbMIGYMIGVBggrBgEFBQcwC4aBiHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNhNjY1YzMyLTZkYWYtNDcyYi1i
Y2U2LTMxN2Q1ZDZjNzg5ZS8wLzMyMzQzMDMwM2EzNDM2NjEzMDNhMzIzODNhM2Ey
ZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzQzNzMxMzMzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACQARqAA
KDANBgkqhkiG9w0BAQsFAAOCAQEANdz4aobqs2rekPVQ13mP7n54fSGCID9ymMfX
D9PK0/AgkZmCF9BYcqXN51RqVOjJDjbzDSJZGD2PBWyKNCC8EVL36GgX/OXnlGKv
lEzRitmkWyANnCfJTzTetyi+RU/ajYUmuqQ6BWwp+KzHkqvbu2XtWNzGbSxGRqGh
hzzOrkVk0Mp6DJzWKy3h5HLpz0xg1cN4Z99DBj1GhjFujiStVMvLHS9XJdPKjziu
xIpgT+HbvroIeUvGEr1aiyMGZ2SLXK5ny+lZUD2EQbxrsjgFF1FgSqdVvIXzgsGq
agEE2Lbq7q3E7kfvklRgV0sFN0oUqN5LJ5mwOkC/NaX7Ng1DPA==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:55:05 2025 by rpki-client