Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/323430323a613030303a3a2f33342d3334203d3e203234323131.roa
File:                     323430323a613030303a3a2f33342d3334203d3e203234323131.roa (raw, json)
Hash identifier:          ER7xpU4/Ug9QdOWr3/kEAto7PyXpFcrlkgPF8gswvWA=
Subject key identifier:   E3:01:78:17:C4:2D:7F:0E:B9:23:D4:42:DE:A2:F3:8D:1E:FD:C8:B2
Certificate issuer:       /CN=DC935B44A30F5AECC1B1A1508E4B812572AB769B
Certificate serial:       75A07E9A61AC7CFD992DB65594713CF3C6F41EAE
Authority key identifier: DC:93:5B:44:A3:0F:5A:EC:C1:B1:A1:50:8E:4B:81:25:72:AB:76:9B
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC935B44A30F5AECC1B1A1508E4B812572AB769B.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/323430323a613030303a3a2f33342d3334203d3e203234323131.roa
Signing time:             Mon 31 Jul 2023 00:04:38 +0000
ROA not before:           Sun 30 Jul 2023 23:59:38 +0000
ROA not after:            Mon 29 Jul 2024 00:04:38 +0000
asID:                     24211
IP address blocks:        2402:a000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/DC935B44A30F5AECC1B1A1508E4B812572AB769B.crl
                          rsync://repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/DC935B44A30F5AECC1B1A1508E4B812572AB769B.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC935B44A30F5AECC1B1A1508E4B812572AB769B.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:a0:7e:9a:61:ac:7c:fd:99:2d:b6:55:94:71:3c:f3:c6:f4:1e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DC935B44A30F5AECC1B1A1508E4B812572AB769B
        Validity
            Not Before: Jul 30 23:59:38 2023 GMT
            Not After : Jul 29 00:04:38 2024 GMT
        Subject: CN=E3017817C42D7F0EB923D442DEA2F38D1EFDC8B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2d:2c:d9:91:fe:bf:56:77:8a:d6:91:c9:8a:
                    fc:b9:1a:2b:a9:50:bc:87:fb:2a:e8:b5:5f:c1:2c:
                    96:e6:bf:7b:cc:1f:25:27:48:39:74:12:06:37:dc:
                    21:01:7f:89:7d:29:8e:6c:98:53:e8:a5:7d:0b:54:
                    81:d8:87:2a:fc:14:73:ba:df:47:69:af:37:ce:98:
                    a9:a0:bb:7e:ac:50:4f:d2:e7:59:ac:e1:a0:6a:82:
                    b9:47:30:28:dc:ba:27:18:25:d0:ae:d9:12:4a:9c:
                    5d:42:29:4c:e5:a8:1a:d1:6b:13:97:9c:fc:89:83:
                    f7:47:f7:bf:70:7b:c5:d7:34:86:19:d8:c5:a3:3a:
                    04:82:f1:b2:cd:88:ad:cc:0a:1c:f7:55:23:22:af:
                    f3:f9:fa:88:6a:f4:86:ab:eb:99:70:f8:73:f4:b7:
                    82:1a:56:b3:50:e4:67:34:05:96:df:6e:a4:bb:54:
                    ac:ef:d3:0a:fb:8d:8f:07:3b:fe:47:d1:c3:2f:07:
                    a4:df:d8:30:91:ac:9e:52:b6:87:e3:13:46:cf:64:
                    e8:38:36:0d:a0:b0:df:d1:92:1d:81:ff:69:0c:c0:
                    1e:5a:3c:67:44:24:8a:62:0b:8e:21:f5:23:b6:60:
                    3d:1b:3b:d6:8d:cc:8a:17:6a:e9:6b:95:29:d8:6a:
                    22:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:01:78:17:C4:2D:7F:0E:B9:23:D4:42:DE:A2:F3:8D:1E:FD:C8:B2
            X509v3 Authority Key Identifier:
                keyid:DC:93:5B:44:A3:0F:5A:EC:C1:B1:A1:50:8E:4B:81:25:72:AB:76:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/DC935B44A30F5AECC1B1A1508E4B812572AB769B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC935B44A30F5AECC1B1A1508E4B812572AB769B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/59f013f9-b4f7-458c-aac5-08041b3f65e6/0/323430323a613030303a3a2f33342d3334203d3e203234323131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:a000::/34

    Signature Algorithm: sha256WithRSAEncryption
         6c:69:3a:d1:ca:19:3b:17:34:0d:61:0d:fe:a4:15:79:06:85:
         28:13:66:7b:58:67:2a:33:75:98:8b:e1:4c:e6:36:af:81:fd:
         0e:16:5f:1c:36:c6:1d:0e:af:f3:50:a9:c9:64:51:cb:07:50:
         c9:01:fb:d8:0a:cf:17:82:dc:af:9e:2d:41:38:ac:46:72:7f:
         8c:39:79:74:4d:f4:5b:84:f3:c6:d0:35:da:44:ee:26:47:fd:
         bf:8a:5b:e4:3d:03:aa:1b:b8:aa:f7:12:f8:e7:b0:60:e9:da:
         29:a3:ed:f1:f8:ab:c6:93:be:e3:8d:27:ca:54:28:f1:a6:ef:
         90:41:d0:c3:7c:8d:81:98:ec:1a:9a:02:e3:97:1d:20:4a:49:
         14:2e:eb:93:55:83:75:d3:1b:69:36:e1:2d:14:cb:ab:37:a1:
         af:84:aa:50:08:cc:7a:0e:00:98:2f:22:50:ce:8e:a8:3c:10:
         d2:7f:ef:ff:3d:61:97:67:31:b2:2b:40:df:41:51:47:42:c9:
         fa:42:3a:fe:5b:f0:f1:05:57:12:30:04:77:50:5b:de:55:73:
         25:38:84:c3:46:f2:23:19:28:c7:0d:4d:b7:d7:16:3f:9e:7e:
         b0:d1:26:9d:fb:da:dd:35:ee:90:83:84:99:6c:b6:8e:e0:e5:
         29:29:09:5e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUdaB+mmGsfP2ZLbZVlHE888b0Hq4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREM5MzVCNDRBMzBGNUFFQ0MxQjFBMTUwOEU0QjgxMjU3
MkFCNzY5QjAeFw0yMzA3MzAyMzU5MzhaFw0yNDA3MjkwMDA0MzhaMDMxMTAvBgNV
BAMTKEUzMDE3ODE3QzQyRDdGMEVCOTIzRDQ0MkRFQTJGMzhEMUVGREM4QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcLSzZkf6/VneK1pHJivy5Giup
ULyH+yrotV/BLJbmv3vMHyUnSDl0EgY33CEBf4l9KY5smFPopX0LVIHYhyr8FHO6
30dprzfOmKmgu36sUE/S51ms4aBqgrlHMCjcuicYJdCu2RJKnF1CKUzlqBrRaxOX
nPyJg/dH979we8XXNIYZ2MWjOgSC8bLNiK3MChz3VSMir/P5+ohq9Iar65lw+HP0
t4IaVrNQ5Gc0BZbfbqS7VKzv0wr7jY8HO/5H0cMvB6Tf2DCRrJ5StofjE0bPZOg4
Ng2gsN/Rkh2B/2kMwB5aPGdEJIpiC44h9SO2YD0bO9aNzIoXaulrlSnYaiKzAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU4wF4F8Qtfw65I9RC3qLzjR79yLIwHwYDVR0j
BBgwFoAU3JNbRKMPWuzBsaFQjkuBJXKrdpswDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
OWYwMTNmOS1iNGY3LTQ1OGMtYWFjNS0wODA0MWIzZjY1ZTYvMC9EQzkzNUI0NEEz
MEY1QUVDQzFCMUExNTA4RTRCODEyNTcyQUI3NjlCLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREM5MzVCNDRBMzBGNUFFQ0MxQjFBMTUwOEU0QjgxMjU3MkFC
NzY5Qi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzU5ZjAxM2Y5LWI0ZjctNDU4Yy1h
YWM1LTA4MDQxYjNmNjVlNi8wLzMyMzQzMDMyM2E2MTMwMzAzMDNhM2EyZjMzMzQy
ZDMzMzQyMDNkM2UyMDMyMzQzMjMxMzEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgYkAqAAADANBgkqhkiG
9w0BAQsFAAOCAQEAbGk60coZOxc0DWEN/qQVeQaFKBNme1hnKjN1mIvhTOY2r4H9
DhZfHDbGHQ6v81CpyWRRywdQyQH72ArPF4Lcr54tQTisRnJ/jDl5dE30W4TzxtA1
2kTuJkf9v4pb5D0Dqhu4qvcS+OewYOnaKaPt8firxpO+440nylQo8abvkEHQw3yN
gZjsGpoC45cdIEpJFC7rk1WDddMbaTbhLRTLqzehr4SqUAjMeg4AmC8iUM6OqDwQ
0n/v/z1hl2cxsitA30FRR0LJ+kI6/lvw8QVXEjAEd1Bb3lVzJTiEw0byIxkoxw1N
t9cWP55+sNEmnfva3TXukIOEmWy2juDlKSkJXg==
-----END CERTIFICATE-----
Generated at Tue Mar 26 17:57:19 2024 by rpki-client on console-ams.rpki-client.org