Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/323430363a653930303a3a2f34382d3438203d3e20313332363439.roa
File:                     323430363a653930303a3a2f34382d3438203d3e20313332363439.roa (raw, json)
Hash identifier:          wG+9X966FrXEy+/eGU93wsgmxZZCxywdW61E71ZhOio=
Subject key identifier:   51:13:85:F7:2F:CE:03:F7:10:75:9C:C4:2B:A3:57:5F:CA:3D:05:44
Certificate issuer:       /CN=4ACFA054E26D225A10C6B0FD316D21263924491E
Certificate serial:       40FFCDBB180C94417F0344B42F6D2345708E800C
Authority key identifier: 4A:CF:A0:54:E2:6D:22:5A:10:C6:B0:FD:31:6D:21:26:39:24:49:1E
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4ACFA054E26D225A10C6B0FD316D21263924491E.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/323430363a653930303a3a2f34382d3438203d3e20313332363439.roa
Signing time:             Mon 02 Jun 2025 01:02:45 +0000
ROA not before:           Mon 02 Jun 2025 00:57:45 +0000
ROA not after:            Mon 01 Jun 2026 01:02:45 +0000
asID:                     132649
IP address blocks:        2406:e900::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/4ACFA054E26D225A10C6B0FD316D21263924491E.crl
                          rsync://repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/4ACFA054E26D225A10C6B0FD316D21263924491E.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4ACFA054E26D225A10C6B0FD316D21263924491E.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 11 Jun 2025 18:34:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ff:cd:bb:18:0c:94:41:7f:03:44:b4:2f:6d:23:45:70:8e:80:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ACFA054E26D225A10C6B0FD316D21263924491E
        Validity
            Not Before: Jun  2 00:57:45 2025 GMT
            Not After : Jun  1 01:02:45 2026 GMT
        Subject: CN=511385F72FCE03F710759CC42BA3575FCA3D0544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a9:b6:e2:51:cb:f4:e0:95:09:14:a8:66:27:
                    a4:63:86:94:eb:70:bc:50:87:3f:f5:35:6d:b3:88:
                    08:30:0f:14:80:6e:e2:fc:5a:0c:23:85:cd:0b:f4:
                    09:a7:7a:b3:0b:7d:34:b2:fa:75:e9:89:a5:da:62:
                    32:26:93:3b:f9:8b:79:5b:2c:4d:2d:30:7c:64:e9:
                    85:73:4c:49:c3:7e:72:36:7c:7b:fc:c8:9a:d2:34:
                    24:3d:f9:1e:35:f8:92:79:14:70:22:96:00:55:2b:
                    71:e1:31:19:0e:a7:8e:cf:fd:d1:f9:51:87:25:e9:
                    2e:6c:1c:7e:97:f0:77:dc:fa:9e:d6:90:92:39:63:
                    39:fe:17:91:eb:e4:33:47:ba:b3:83:1b:c5:1b:f1:
                    e3:3a:1f:54:e6:c7:f0:30:f6:cc:eb:54:6f:4b:f2:
                    56:d9:f9:7f:01:a9:93:61:fd:74:a8:43:70:84:3c:
                    80:9c:f3:d1:dd:1d:6f:cf:54:07:aa:2a:72:87:0b:
                    ad:cb:31:a3:88:bc:82:4d:7a:4f:81:8c:6a:5c:af:
                    5a:e8:34:32:97:02:29:64:88:20:de:70:bf:40:84:
                    b3:4e:48:2a:20:31:82:e0:0b:0b:c4:11:01:b1:a3:
                    47:d3:dd:c7:47:e9:14:b6:cb:d8:45:55:75:ae:4a:
                    83:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:13:85:F7:2F:CE:03:F7:10:75:9C:C4:2B:A3:57:5F:CA:3D:05:44
            X509v3 Authority Key Identifier:
                keyid:4A:CF:A0:54:E2:6D:22:5A:10:C6:B0:FD:31:6D:21:26:39:24:49:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/4ACFA054E26D225A10C6B0FD316D21263924491E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4ACFA054E26D225A10C6B0FD316D21263924491E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/0e46a305-df77-4587-8703-a905c53779ac/0/323430363a653930303a3a2f34382d3438203d3e20313332363439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:e900::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:a1:53:38:55:ab:56:8b:63:a8:dc:c3:76:14:3b:ca:63:1a:
         8f:76:61:f7:41:24:7e:40:53:cc:78:31:c8:dd:f2:32:9c:ee:
         72:ac:10:71:d7:c5:f4:09:26:fa:72:18:1d:c9:d1:94:5d:dc:
         da:74:fe:17:6d:11:eb:e1:4a:94:fd:d7:18:a0:65:6e:84:ae:
         6d:25:55:78:bb:e2:e3:d2:b5:95:ed:04:4e:03:f4:5e:fd:ae:
         4c:69:e7:28:c9:b6:4a:06:5c:00:bd:8f:4c:73:8c:eb:d4:fc:
         1a:46:75:88:6c:6a:58:9e:47:91:f5:ea:84:bd:fd:9b:db:33:
         eb:2b:48:e9:fd:e1:66:86:e1:c8:c6:66:30:54:6d:ad:f9:83:
         47:e8:e6:7b:b9:81:a4:a6:d2:d7:f1:41:a1:79:e9:2b:89:18:
         02:27:a5:cc:06:a4:0c:a1:5d:5d:66:2e:55:1f:82:65:d3:38:
         2e:4c:28:32:88:ec:2c:c8:38:3d:c4:89:bd:bb:e7:9e:63:86:
         ca:e5:28:40:ec:5d:98:93:e0:e5:aa:d3:74:d6:59:03:d1:15:
         7a:50:30:81:01:6b:3d:a8:77:18:98:0e:41:3e:06:25:66:23:
         4c:58:ca:27:52:32:97:c0:b7:9e:be:6f:09:a9:99:d5:70:67:
         d3:85:d2:dc
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUQP/NuxgMlEF/A0S0L20jRXCOgAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNEFDRkEwNTRFMjZEMjI1QTEwQzZCMEZEMzE2RDIxMjYz
OTI0NDkxRTAeFw0yNTA2MDIwMDU3NDVaFw0yNjA2MDEwMTAyNDVaMDMxMTAvBgNV
BAMTKDUxMTM4NUY3MkZDRTAzRjcxMDc1OUNDNDJCQTM1NzVGQ0EzRDA1NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDqbbiUcv04JUJFKhmJ6RjhpTr
cLxQhz/1NW2ziAgwDxSAbuL8Wgwjhc0L9AmnerMLfTSy+nXpiaXaYjImkzv5i3lb
LE0tMHxk6YVzTEnDfnI2fHv8yJrSNCQ9+R41+JJ5FHAilgBVK3HhMRkOp47P/dH5
UYcl6S5sHH6X8Hfc+p7WkJI5Yzn+F5Hr5DNHurODG8Ub8eM6H1Tmx/Aw9szrVG9L
8lbZ+X8BqZNh/XSoQ3CEPICc89HdHW/PVAeqKnKHC63LMaOIvIJNek+BjGpcr1ro
NDKXAilkiCDecL9AhLNOSCogMYLgCwvEEQGxo0fT3cdH6RS2y9hFVXWuSoPVAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUUROF9y/OA/cQdZzEK6NXX8o9BUQwHwYDVR0j
BBgwFoAUSs+gVOJtIloQxrD9MW0hJjkkSR4wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8w
ZTQ2YTMwNS1kZjc3LTQ1ODctODcwMy1hOTA1YzUzNzc5YWMvMC80QUNGQTA1NEUy
NkQyMjVBMTBDNkIwRkQzMTZEMjEyNjM5MjQ0OTFFLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNEFDRkEwNTRFMjZEMjI1QTEwQzZCMEZEMzE2RDIxMjYzOTI0
NDkxRS5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzBlNDZhMzA1LWRmNzctNDU4Ny04
NzAzLWE5MDVjNTM3NzlhYy8wLzMyMzQzMDM2M2E2NTM5MzAzMDNhM2EyZjM0Mzgy
ZDM0MzgyMDNkM2UyMDMxMzMzMjM2MzQzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACQG6QAAADANBgkq
hkiG9w0BAQsFAAOCAQEAUqFTOFWrVotjqNzDdhQ7ymMaj3Zh90EkfkBTzHgxyN3y
MpzucqwQcdfF9Akm+nIYHcnRlF3c2nT+F20R6+FKlP3XGKBlboSubSVVeLvi49K1
le0ETgP0Xv2uTGnnKMm2SgZcAL2PTHOM69T8GkZ1iGxqWJ5HkfXqhL39m9sz6ytI
6f3hZobhyMZmMFRtrfmDR+jme7mBpKbS1/FBoXnpK4kYAielzAakDKFdXWYuVR+C
ZdM4LkwoMojsLMg4PcSJvbvnnmOGyuUoQOxdmJPg5arTdNZZA9EVelAwgQFrPah3
GJgOQT4GJWYjTFjKJ1Iyl8C3nr5vCamZ1XBn04XS3A==
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:08:54 2025 by rpki-client