Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/323430313a343230303a3a2f33322d3438203d3e203234313935.roa
File:                     323430313a343230303a3a2f33322d3438203d3e203234313935.roa (raw, json)
Hash identifier:          xPjBnSpHmpcu0qAxiY2wE80xegcTsRNtPEAJ6PwASdw=
Subject key identifier:   4C:6E:10:28:AF:1C:4D:A3:C5:99:09:69:48:DF:10:31:D7:A8:20:56
Certificate issuer:       /CN=1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946
Certificate serial:       0F5B7195FF7F04DA640EBC173221E234A602B156
Authority key identifier: 1F:CD:47:FB:4B:D7:29:E2:2E:4F:EE:FC:E5:B6:1B:4E:1C:7F:E9:46
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/323430313a343230303a3a2f33322d3438203d3e203234313935.roa
Signing time:             Sat 12 Jul 2025 10:00:00 +0000
ROA not before:           Sat 12 Jul 2025 09:55:00 +0000
ROA not after:            Sat 11 Jul 2026 10:00:00 +0000
asID:                     24195
IP address blocks:        2401:4200::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.crl
                          rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 24 Jul 2025 22:22:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:5b:71:95:ff:7f:04:da:64:0e:bc:17:32:21:e2:34:a6:02:b1:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946
        Validity
            Not Before: Jul 12 09:55:00 2025 GMT
            Not After : Jul 11 10:00:00 2026 GMT
        Subject: CN=4C6E1028AF1C4DA3C599096948DF1031D7A82056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:49:38:b2:79:5b:f1:0e:ff:85:c6:df:85:a7:
                    82:37:46:67:75:e6:cd:47:4f:59:23:04:6d:3f:6a:
                    26:7e:c0:7f:41:a1:94:a7:07:b7:73:a1:2a:7d:be:
                    16:f5:68:14:10:1a:c7:f1:58:88:c2:01:dc:28:bf:
                    65:2c:a2:ae:bf:c8:30:e3:0d:c0:7d:50:6a:21:63:
                    f3:ee:c7:fd:5a:89:25:2e:db:fa:7f:ab:f3:69:f0:
                    1f:0e:b4:82:8b:03:fe:ea:ba:0a:3e:a7:1a:9b:c0:
                    9b:e9:8e:f9:da:a8:03:de:94:59:f9:6c:f4:36:b6:
                    90:7a:07:80:5b:b5:bb:8a:d1:c9:8a:f5:ca:54:d6:
                    54:23:5f:3d:59:6b:ba:6d:16:81:dd:e4:88:39:b7:
                    4d:43:e4:ed:06:e0:dd:bb:e3:24:e0:7e:fe:3a:98:
                    03:33:df:d2:cf:c2:1b:0c:6e:85:0c:aa:47:3e:0d:
                    e5:ae:e2:4b:92:1d:8f:81:b5:5f:93:99:00:49:df:
                    90:13:4d:df:bb:3b:03:83:1e:93:23:68:57:49:dd:
                    6a:e6:df:ef:7a:98:54:6d:af:dd:10:68:43:b2:00:
                    60:c4:cc:42:e7:48:4d:58:89:4f:40:d3:fd:72:40:
                    89:e8:33:8a:f4:04:4d:0d:69:d9:d7:a9:00:4a:62:
                    f2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6E:10:28:AF:1C:4D:A3:C5:99:09:69:48:DF:10:31:D7:A8:20:56
            X509v3 Authority Key Identifier:
                keyid:1F:CD:47:FB:4B:D7:29:E2:2E:4F:EE:FC:E5:B6:1B:4E:1C:7F:E9:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/1FCD47FB4BD729E22E4FEEFCE5B61B4E1C7FE946.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/8792a4cd-dbac-43ac-8060-2e8d42eae655/0/323430313a343230303a3a2f33322d3438203d3e203234313935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:4200::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:28:7c:bc:94:ae:d7:df:bb:01:5d:a5:a4:19:c0:6b:7b:c4:
         55:52:81:09:cf:b5:f5:ba:70:a5:51:9f:37:29:e4:19:ea:7a:
         bb:d0:25:c6:43:4d:4e:91:d5:05:4d:44:0d:53:25:d5:ec:d3:
         18:e4:d8:a2:8e:8c:5e:fe:24:23:77:51:a7:fd:37:d9:62:88:
         83:6b:ba:27:9f:81:db:0d:39:51:81:e1:7b:5c:c8:f8:19:22:
         44:11:48:d0:35:da:4f:ea:96:18:87:9b:7e:a6:c5:b5:3a:99:
         8e:ba:d9:48:33:69:35:29:0b:99:54:35:7e:17:24:93:57:ad:
         78:59:c4:01:02:94:d1:27:3e:f5:17:06:e3:50:82:b2:33:c9:
         68:7a:9b:b6:7a:b2:10:7a:89:ab:90:97:a6:48:88:70:29:2a:
         73:f1:cf:a8:f1:be:72:78:2c:42:cb:66:c1:3b:5d:a3:33:a0:
         d2:9b:73:85:4d:1e:c2:c7:88:dd:df:ef:72:a2:18:9f:a5:6e:
         61:7b:40:36:f0:62:7c:8e:47:5e:28:0c:f9:15:ea:c9:51:d7:
         e3:ec:2a:57:ec:f6:b6:28:c1:cf:99:ed:99:4f:12:86:90:78:
         10:74:3b:92:a9:49:2f:05:ce:35:4f:69:64:ad:a5:8a:d9:9c:
         e4:09:c6:32
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUD1txlf9/BNpkDrwXMiHiNKYCsVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUZDRDQ3RkI0QkQ3MjlFMjJFNEZFRUZDRTVCNjFCNEUx
QzdGRTk0NjAeFw0yNTA3MTIwOTU1MDBaFw0yNjA3MTExMDAwMDBaMDMxMTAvBgNV
BAMTKDRDNkUxMDI4QUYxQzREQTNDNTk5MDk2OTQ4REYxMDMxRDdBODIwNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDISTiyeVvxDv+Fxt+Fp4I3Rmd1
5s1HT1kjBG0/aiZ+wH9BoZSnB7dzoSp9vhb1aBQQGsfxWIjCAdwov2Usoq6/yDDj
DcB9UGohY/Pux/1aiSUu2/p/q/Np8B8OtIKLA/7qugo+pxqbwJvpjvnaqAPelFn5
bPQ2tpB6B4BbtbuK0cmK9cpU1lQjXz1Za7ptFoHd5Ig5t01D5O0G4N274yTgfv46
mAMz39LPwhsMboUMqkc+DeWu4kuSHY+BtV+TmQBJ35ATTd+7OwODHpMjaFdJ3Wrm
3+96mFRtr90QaEOyAGDEzELnSE1YiU9A0/1yQInoM4r0BE0NadnXqQBKYvIFAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUTG4QKK8cTaPFmQlpSN8QMdeoIFYwHwYDVR0j
BBgwFoAUH81H+0vXKeIuT+785bYbThx/6UYwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
NzkyYTRjZC1kYmFjLTQzYWMtODA2MC0yZThkNDJlYWU2NTUvMC8xRkNENDdGQjRC
RDcyOUUyMkU0RkVFRkNFNUI2MUI0RTFDN0ZFOTQ2LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMUZDRDQ3RkI0QkQ3MjlFMjJFNEZFRUZDRTVCNjFCNEUxQzdG
RTk0Ni5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzg3OTJhNGNkLWRiYWMtNDNhYy04
MDYwLTJlOGQ0MmVhZTY1NS8wLzMyMzQzMDMxM2EzNDMyMzAzMDNhM2EyZjMzMzIy
ZDM0MzgyMDNkM2UyMDMyMzQzMTM5MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkAUIAMA0GCSqGSIb3
DQEBCwUAA4IBAQCZKHy8lK7X37sBXaWkGcBre8RVUoEJz7X1unClUZ83KeQZ6nq7
0CXGQ01OkdUFTUQNUyXV7NMY5Niijoxe/iQjd1Gn/TfZYoiDa7onn4HbDTlRgeF7
XMj4GSJEEUjQNdpP6pYYh5t+psW1OpmOutlIM2k1KQuZVDV+FySTV614WcQBApTR
Jz71FwbjUIKyM8loepu2erIQeomrkJemSIhwKSpz8c+o8b5yeCxCy2bBO12jM6DS
m3OFTR7Cx4jd3+9yohifpW5he0A28GJ8jkdeKAz5FerJUdfj7CpX7Pa2KMHPme2Z
TxKGkHgQdDuSqUkvBc41T2lkraWK2ZzkCcYy
-----END CERTIFICATE-----
Generated at Mon Jul 21 18:13:20 2025 by rpki-client