Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935363a3a2f34382d3438203d3e20313333383237.roa
File:                     323430343a613634303a3935363a3a2f34382d3438203d3e20313333383237.roa (raw, json)
Hash identifier:          uemijTEUzM6v+SLnBz5fQZNNPk+8+Dwu2ZxIazlAu94=
Subject key identifier:   65:09:AE:86:38:77:4F:8C:17:E0:8A:9E:19:74:95:EE:D7:51:D7:C5
Certificate issuer:       /CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
Certificate serial:       7730604EAB595294BF0DCE2B0C95ABB0BEB84699
Authority key identifier: 0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935363a3a2f34382d3438203d3e20313333383237.roa
Signing time:             Thu 07 Sep 2023 03:51:18 +0000
ROA not before:           Thu 07 Sep 2023 03:46:18 +0000
ROA not after:            Thu 05 Sep 2024 03:51:18 +0000
asID:                     133827
IP address blocks:        2404:a640:956::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl
                          rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:30:60:4e:ab:59:52:94:bf:0d:ce:2b:0c:95:ab:b0:be:b8:46:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
        Validity
            Not Before: Sep  7 03:46:18 2023 GMT
            Not After : Sep  5 03:51:18 2024 GMT
        Subject: CN=6509AE8638774F8C17E08A9E197495EED751D7C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:59:56:e4:0d:70:eb:4c:eb:0a:a3:c4:0e:a3:
                    ca:bc:c9:b4:0b:57:03:87:18:10:3e:41:66:51:74:
                    e1:08:d8:a7:22:05:21:34:ca:27:8a:8a:47:e0:6a:
                    7d:ef:04:15:cc:3b:b4:42:1b:fe:11:ee:5f:75:25:
                    54:5c:5d:83:9c:90:80:dd:6c:51:7c:38:d2:5e:55:
                    19:e8:38:27:69:08:03:f2:62:ad:ac:94:94:00:c0:
                    7e:38:fa:2d:ce:8d:67:0f:c2:8a:92:d3:ca:b5:db:
                    b8:9d:02:7d:4b:28:04:2e:10:23:e9:03:02:45:59:
                    f4:de:b4:a0:cf:ac:a8:3f:44:67:83:2e:eb:f8:6d:
                    41:d6:f2:0b:5e:9e:21:92:e6:ff:58:36:d3:79:16:
                    77:db:21:1c:72:67:b8:0b:af:86:d3:d1:c8:bb:95:
                    17:91:93:fc:59:9f:25:af:53:0a:79:04:a0:fa:14:
                    3d:ba:d0:bc:f0:7d:69:04:bf:4e:de:b5:ac:f4:f9:
                    f3:5f:4f:54:87:91:17:d5:13:e3:ad:24:08:d9:97:
                    84:3c:fd:ac:77:8e:a8:e3:6d:85:b3:c2:b5:25:f1:
                    28:90:6b:1d:b2:25:b6:1a:3b:fe:d0:4f:6c:b6:94:
                    72:b5:53:a1:12:80:c5:ff:3c:73:9b:86:a3:f1:c3:
                    6a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:09:AE:86:38:77:4F:8C:17:E0:8A:9E:19:74:95:EE:D7:51:D7:C5
            X509v3 Authority Key Identifier:
                keyid:0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935363a3a2f34382d3438203d3e20313333383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:a640:956::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:40:18:dc:88:19:34:f3:6b:8e:f0:65:0b:f3:2f:dd:80:e6:
         4c:67:86:ea:d4:72:e1:03:5b:10:2f:2b:1e:cd:ec:1f:72:42:
         62:3d:22:66:51:2b:fb:99:fa:56:8e:fc:9d:06:44:97:62:91:
         c4:19:48:c0:a0:32:f8:91:04:26:81:46:a6:da:a0:4c:b9:9f:
         89:63:b1:55:a7:50:62:24:26:e7:2d:01:d3:22:02:c7:7f:7e:
         39:fe:77:21:ff:46:ee:dc:ad:e0:29:33:86:c8:a0:df:b5:6e:
         0c:39:05:61:d0:fe:f2:11:58:43:7f:55:f8:b3:65:8e:ae:34:
         3c:af:61:5a:96:a3:59:a7:70:02:3a:a9:8f:19:56:3f:ae:d4:
         90:fa:49:b6:5a:6f:78:f8:fe:b0:1d:55:62:c0:82:f9:91:28:
         67:14:c8:75:1c:d6:d8:2e:65:59:81:b5:10:46:df:cd:b8:b7:
         13:85:26:33:03:81:f5:a3:f0:23:ce:3d:d6:95:00:1a:4f:56:
         cb:a4:98:3d:22:1e:1c:78:47:bc:fa:2b:de:59:07:30:5d:8f:
         f8:e4:31:28:b3:4d:fc:0c:f4:e6:69:93:73:ae:18:9a:4a:48:
         8e:c4:21:28:87:c3:e4:ea:e9:e1:66:8f:13:07:f1:6f:e5:b4:
         18:5e:e2:90
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUdzBgTqtZUpS/Dc4rDJWrsL64RpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1
NjlGODM2RjAeFw0yMzA5MDcwMzQ2MThaFw0yNDA5MDUwMzUxMThaMDMxMTAvBgNV
BAMTKDY1MDlBRTg2Mzg3NzRGOEMxN0UwOEE5RTE5NzQ5NUVFRDc1MUQ3QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWVbkDXDrTOsKo8QOo8q8ybQL
VwOHGBA+QWZRdOEI2KciBSE0yieKikfgan3vBBXMO7RCG/4R7l91JVRcXYOckIDd
bFF8ONJeVRnoOCdpCAPyYq2slJQAwH44+i3OjWcPwoqS08q127idAn1LKAQuECPp
AwJFWfTetKDPrKg/RGeDLuv4bUHW8gteniGS5v9YNtN5FnfbIRxyZ7gLr4bT0ci7
lReRk/xZnyWvUwp5BKD6FD260LzwfWkEv07etaz0+fNfT1SHkRfVE+OtJAjZl4Q8
/ax3jqjjbYWzwrUl8SiQax2yJbYaO/7QT2y2lHK1U6ESgMX/PHObhqPxw2pJAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUZQmuhjh3T4wX4IqeGXSV7tdR18UwHwYDVR0j
BBgwFoAUDOannVPYKfKlViNnbo0qmlafg28wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YTk5MDEyNS02MDlhLTQ4YzgtYWM4Ni0xYzNiYzMxNWJhZDYvMC8wQ0U2QTc5RDUz
RDgyOUYyQTU1NjIzNjc2RThEMkE5QTU2OUY4MzZGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1NjlG
ODM2Ri5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVhOTkwMTI1LTYwOWEtNDhjOC1h
Yzg2LTFjM2JjMzE1YmFkNi8wLzMyMzQzMDM0M2E2MTM2MzQzMDNhMzkzNTM2M2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzMzMzMzgzMjM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJASm
QAlWMA0GCSqGSIb3DQEBCwUAA4IBAQA1QBjciBk082uO8GUL8y/dgOZMZ4bq1HLh
A1sQLysezewfckJiPSJmUSv7mfpWjvydBkSXYpHEGUjAoDL4kQQmgUam2qBMuZ+J
Y7FVp1BiJCbnLQHTIgLHf345/nch/0bu3K3gKTOGyKDftW4MOQVh0P7yEVhDf1X4
s2WOrjQ8r2FalqNZp3ACOqmPGVY/rtSQ+km2Wm94+P6wHVViwIL5kShnFMh1HNbY
LmVZgbUQRt/NuLcThSYzA4H1o/Ajzj3WlQAaT1bLpJg9Ih4ceEe8+iveWQcwXY/4
5DEos038DPTmaZNzrhiaSkiOxCEoh8Pk6unhZo8TB/Fv5bQYXuKQ
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:16 2024 by rpki-client on console-fra.rpki-client.org