Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935373a3a2f34382d3438203d3e20313333383237.roa
File:                     323430343a613634303a3935373a3a2f34382d3438203d3e20313333383237.roa (raw, json)
Hash identifier:          zy9XZRWWi2si3xymVYSghHJjN05D/rW4YaqMjp3cU8E=
Subject key identifier:   4B:8E:6E:F1:1B:5B:B0:2A:85:C8:3D:3A:26:FE:6A:FE:F8:CA:09:89
Certificate issuer:       /CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
Certificate serial:       6BF48CD546E66080F5164588C01F7E26B37B2CC7
Authority key identifier: 0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935373a3a2f34382d3438203d3e20313333383237.roa
Signing time:             Thu 07 Sep 2023 03:51:49 +0000
ROA not before:           Thu 07 Sep 2023 03:46:49 +0000
ROA not after:            Thu 05 Sep 2024 03:51:49 +0000
asID:                     133827
IP address blocks:        2404:a640:957::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl
                          rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:f4:8c:d5:46:e6:60:80:f5:16:45:88:c0:1f:7e:26:b3:7b:2c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
        Validity
            Not Before: Sep  7 03:46:49 2023 GMT
            Not After : Sep  5 03:51:49 2024 GMT
        Subject: CN=4B8E6EF11B5BB02A85C83D3A26FE6AFEF8CA0989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a7:03:4f:b7:35:fb:d1:76:5e:cf:73:ad:b5:
                    d8:07:66:ba:e0:9d:3a:ed:10:30:ae:24:cf:87:6a:
                    02:6b:4a:9c:ea:16:fa:90:07:8c:70:c4:16:03:f1:
                    4a:e3:4e:1f:e6:cf:86:06:3d:75:fe:16:0f:b0:a4:
                    c9:32:f1:ba:0f:53:d2:12:8c:5f:f9:8a:e2:c8:ad:
                    80:f1:72:b4:32:ae:77:e8:2f:b0:68:67:a8:61:44:
                    d9:2d:e2:74:5c:ee:10:48:e5:44:ed:e6:68:96:98:
                    55:45:3d:f0:f0:7d:7b:33:92:cf:46:06:d3:9b:31:
                    55:6d:3f:88:ef:62:ce:5a:ba:e5:48:4e:38:7c:14:
                    68:e7:7e:fb:27:d3:49:69:e3:05:56:a8:f4:d7:3b:
                    b2:1d:ae:d7:c4:77:08:15:66:84:7c:b6:82:0c:a0:
                    0c:1f:3b:f1:1c:fc:38:f6:0b:1c:4e:2e:d1:6d:cd:
                    39:ca:83:0a:8a:b3:ce:10:3e:f2:e1:43:6f:c7:91:
                    79:04:1b:fd:34:7f:62:a2:90:ce:78:c4:ae:e6:f3:
                    46:5d:84:07:b1:de:c7:30:32:83:e1:7d:bb:75:9d:
                    ed:fe:3e:45:6b:52:04:60:9d:f4:b0:2c:50:82:ad:
                    e9:5b:7b:88:4f:7e:75:85:e5:4d:b2:29:9e:85:9f:
                    b4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8E:6E:F1:1B:5B:B0:2A:85:C8:3D:3A:26:FE:6A:FE:F8:CA:09:89
            X509v3 Authority Key Identifier:
                keyid:0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3935373a3a2f34382d3438203d3e20313333383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:a640:957::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:e5:1b:bc:80:11:7e:fa:3f:e3:33:a5:05:d8:b5:f5:26:9d:
         04:6e:91:2c:95:87:be:c8:c6:78:d7:fa:6b:4b:7f:fc:79:35:
         1c:1b:4f:b4:19:13:ab:d8:b4:d6:87:f2:80:9c:16:c9:e0:59:
         9d:4a:28:fe:64:4f:85:93:60:a6:ac:1b:74:6c:0f:b3:18:92:
         5a:81:fd:92:36:a0:43:cb:31:c2:1c:fa:76:c7:76:91:c5:c0:
         e7:d0:45:fa:50:c9:2c:11:bf:50:da:80:48:03:0a:fb:55:40:
         42:8a:e7:17:aa:ce:1d:25:d3:79:20:3d:80:83:5b:3b:ff:21:
         95:44:60:bf:5b:bf:f6:66:09:78:57:be:60:6d:ee:9d:f4:66:
         bb:d5:f9:7a:33:c9:2a:7b:a0:10:ee:fe:1e:6f:77:68:fa:48:
         22:30:13:cc:e9:6c:2e:9e:19:44:9b:3e:c0:65:c8:ef:35:71:
         3b:fd:a9:c4:3f:c2:14:7f:59:96:cb:e8:77:42:13:70:8d:77:
         1a:2f:62:21:17:49:f0:ba:7c:50:44:8f:d4:49:7f:ab:5f:86:
         d2:04:f7:b3:a9:16:3c:d0:c5:5c:e3:c1:ce:4b:d7:70:be:03:
         5e:90:80:79:be:03:df:e9:3d:b3:4a:1e:c5:85:34:df:5b:9b:
         48:be:25:9f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUa/SM1UbmYID1FkWIwB9+JrN7LMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1
NjlGODM2RjAeFw0yMzA5MDcwMzQ2NDlaFw0yNDA5MDUwMzUxNDlaMDMxMTAvBgNV
BAMTKDRCOEU2RUYxMUI1QkIwMkE4NUM4M0QzQTI2RkU2QUZFRjhDQTA5ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpwNPtzX70XZez3OttdgHZrrg
nTrtEDCuJM+HagJrSpzqFvqQB4xwxBYD8UrjTh/mz4YGPXX+Fg+wpMky8boPU9IS
jF/5iuLIrYDxcrQyrnfoL7BoZ6hhRNkt4nRc7hBI5UTt5miWmFVFPfDwfXszks9G
BtObMVVtP4jvYs5auuVITjh8FGjnfvsn00lp4wVWqPTXO7IdrtfEdwgVZoR8toIM
oAwfO/Ec/Dj2CxxOLtFtzTnKgwqKs84QPvLhQ2/HkXkEG/00f2KikM54xK7m80Zd
hAex3scwMoPhfbt1ne3+PkVrUgRgnfSwLFCCrelbe4hPfnWF5U2yKZ6Fn7TtAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUS45u8RtbsCqFyD06Jv5q/vjKCYkwHwYDVR0j
BBgwFoAUDOannVPYKfKlViNnbo0qmlafg28wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YTk5MDEyNS02MDlhLTQ4YzgtYWM4Ni0xYzNiYzMxNWJhZDYvMC8wQ0U2QTc5RDUz
RDgyOUYyQTU1NjIzNjc2RThEMkE5QTU2OUY4MzZGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1NjlG
ODM2Ri5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVhOTkwMTI1LTYwOWEtNDhjOC1h
Yzg2LTFjM2JjMzE1YmFkNi8wLzMyMzQzMDM0M2E2MTM2MzQzMDNhMzkzNTM3M2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzMzMzMzgzMjM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJASm
QAlXMA0GCSqGSIb3DQEBCwUAA4IBAQBG5Ru8gBF++j/jM6UF2LX1Jp0EbpEslYe+
yMZ41/prS3/8eTUcG0+0GROr2LTWh/KAnBbJ4FmdSij+ZE+Fk2CmrBt0bA+zGJJa
gf2SNqBDyzHCHPp2x3aRxcDn0EX6UMksEb9Q2oBIAwr7VUBCiucXqs4dJdN5ID2A
g1s7/yGVRGC/W7/2Zgl4V75gbe6d9Ga71fl6M8kqe6AQ7v4eb3do+kgiMBPM6Wwu
nhlEmz7AZcjvNXE7/anEP8IUf1mWy+h3QhNwjXcaL2IhF0nwunxQRI/USX+rX4bS
BPezqRY80MVc48HOS9dwvgNekIB5vgPf6T2zSh7FhTTfW5tIviWf
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:16 2024 by rpki-client on console-fra.rpki-client.org