Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3a2f33322d3332203d3e20313333383237.roa
File:                     323430343a613634303a3a2f33322d3332203d3e20313333383237.roa (raw, json)
Hash identifier:          jek+C8sMQzNOH2Uvvj48S7MAbmvC7ae719XDihYll7I=
Subject key identifier:   E5:E3:52:41:E6:66:D0:B1:DD:31:02:2F:51:20:3C:63:50:05:BD:9C
Certificate issuer:       /CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
Certificate serial:       473410F7FD85FFF3A2C55AACBD16F99C961F60F8
Authority key identifier: 0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3a2f33322d3332203d3e20313333383237.roa
Signing time:             Tue 13 Feb 2024 03:00:01 +0000
ROA not before:           Tue 13 Feb 2024 02:55:01 +0000
ROA not after:            Tue 11 Feb 2025 03:00:01 +0000
asID:                     133827
IP address blocks:        2404:a640::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl
                          rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 08:36:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:34:10:f7:fd:85:ff:f3:a2:c5:5a:ac:bd:16:f9:9c:96:1f:60:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0CE6A79D53D829F2A55623676E8D2A9A569F836F
        Validity
            Not Before: Feb 13 02:55:01 2024 GMT
            Not After : Feb 11 03:00:01 2025 GMT
        Subject: CN=E5E35241E666D0B1DD31022F51203C635005BD9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:48:e5:95:ff:63:0d:8c:5e:04:7f:07:58:e1:
                    b8:cf:32:49:d9:f5:1d:ba:bf:e3:4b:b0:21:b4:4c:
                    f2:80:04:ef:4c:b8:cc:1b:6e:0e:96:84:95:c6:5d:
                    70:a9:00:c1:ac:61:26:d9:a8:44:ee:1a:cd:4f:50:
                    38:c9:8d:00:4c:e4:2b:26:1d:fe:9e:bf:03:d8:6e:
                    2a:2c:3a:82:05:1e:c2:fe:ab:7c:8f:98:af:da:9b:
                    9d:f7:f1:cf:4f:7e:24:aa:08:d9:cb:5a:63:5b:e3:
                    d5:e7:bb:c4:ef:82:19:5d:e0:51:bd:38:a4:c7:af:
                    1a:61:c0:24:db:bd:87:b3:77:d9:df:5d:e1:e9:5a:
                    fc:75:35:0d:59:0d:d8:89:42:a9:e5:ca:c4:05:a1:
                    01:6d:50:fc:68:85:b1:c5:94:a0:cf:dd:60:09:ad:
                    d3:da:5d:53:73:55:24:cb:50:8c:3d:87:0f:0a:74:
                    62:59:60:02:f3:72:2c:db:3e:2a:6c:39:af:78:99:
                    12:38:08:90:b7:20:f1:a7:42:5f:1d:c0:46:c6:80:
                    d9:1e:b5:7c:f8:07:f6:c7:95:d4:10:b8:8c:2e:32:
                    6a:6e:4a:8b:3a:f9:45:5f:36:e6:d8:fb:b5:31:f3:
                    4a:6b:c8:ac:c0:e8:bc:b9:71:08:f6:22:41:af:6d:
                    b9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E3:52:41:E6:66:D0:B1:DD:31:02:2F:51:20:3C:63:50:05:BD:9C
            X509v3 Authority Key Identifier:
                keyid:0C:E6:A7:9D:53:D8:29:F2:A5:56:23:67:6E:8D:2A:9A:56:9F:83:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/0CE6A79D53D829F2A55623676E8D2A9A569F836F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/0CE6A79D53D829F2A55623676E8D2A9A569F836F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/5a990125-609a-48c8-ac86-1c3bc315bad6/0/323430343a613634303a3a2f33322d3332203d3e20313333383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:a640::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:aa:e1:3a:8e:1e:27:9e:44:0d:c9:bd:dc:f2:70:aa:7d:d2:
         06:c5:19:8e:cd:74:4f:20:ec:f2:e3:ea:0b:fc:05:c4:14:99:
         ec:6d:42:80:42:db:22:7c:c1:96:27:af:bd:d0:60:e1:5b:f6:
         4c:43:60:2d:e8:39:87:80:d9:22:60:f7:23:c2:6c:a8:47:ac:
         45:5e:c9:4f:82:a3:92:13:b9:63:ce:f4:e4:fc:fd:e4:4f:14:
         fb:f1:e0:67:db:ab:73:5a:c3:77:d4:d6:bd:5c:ec:39:a8:87:
         2a:6d:f0:f9:2c:81:d4:5f:27:06:51:7d:49:90:f7:1d:7b:ea:
         37:61:67:d0:c9:3e:57:a2:0b:0e:36:c2:8e:29:e3:ce:e5:d9:
         2d:c0:d2:4d:10:00:fd:77:bd:ad:7b:35:8f:ee:7a:51:c5:35:
         6e:33:f7:6e:a7:50:61:84:1f:ae:f3:c4:72:0a:be:55:94:e9:
         71:76:e8:c0:00:81:c4:69:a5:cc:af:23:08:d1:c8:5b:d7:7a:
         b7:d8:e0:c7:57:89:b7:96:e2:b1:f0:70:83:87:66:b4:35:4b:
         97:2e:e3:4a:66:e2:1c:ea:38:35:ee:20:8d:25:8c:48:3e:21:
         70:26:b0:1d:9d:38:aa:b3:0c:51:94:e4:6a:4f:62:10:a4:42:
         2c:f6:82:d0
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIURzQQ9/2F//OixVqsvRb5nJYfYPgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1
NjlGODM2RjAeFw0yNDAyMTMwMjU1MDFaFw0yNTAyMTEwMzAwMDFaMDMxMTAvBgNV
BAMTKEU1RTM1MjQxRTY2NkQwQjFERDMxMDIyRjUxMjAzQzYzNTAwNUJEOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfSOWV/2MNjF4EfwdY4bjPMknZ
9R26v+NLsCG0TPKABO9MuMwbbg6WhJXGXXCpAMGsYSbZqETuGs1PUDjJjQBM5Csm
Hf6evwPYbiosOoIFHsL+q3yPmK/am5338c9PfiSqCNnLWmNb49Xnu8Tvghld4FG9
OKTHrxphwCTbvYezd9nfXeHpWvx1NQ1ZDdiJQqnlysQFoQFtUPxohbHFlKDP3WAJ
rdPaXVNzVSTLUIw9hw8KdGJZYALzcizbPipsOa94mRI4CJC3IPGnQl8dwEbGgNke
tXz4B/bHldQQuIwuMmpuSos6+UVfNubY+7Ux80pryKzA6Ly5cQj2IkGvbbmBAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU5eNSQeZm0LHdMQIvUSA8Y1AFvZwwHwYDVR0j
BBgwFoAUDOannVPYKfKlViNnbo0qmlafg28wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby81
YTk5MDEyNS02MDlhLTQ4YzgtYWM4Ni0xYzNiYzMxNWJhZDYvMC8wQ0U2QTc5RDUz
RDgyOUYyQTU1NjIzNjc2RThEMkE5QTU2OUY4MzZGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMENFNkE3OUQ1M0Q4MjlGMkE1NTYyMzY3NkU4RDJBOUE1NjlG
ODM2Ri5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzVhOTkwMTI1LTYwOWEtNDhjOC1h
Yzg2LTFjM2JjMzE1YmFkNi8wLzMyMzQzMDM0M2E2MTM2MzQzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDMxMzMzMzM4MzIzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQEpkAwDQYJKoZI
hvcNAQELBQADggEBAG2q4TqOHieeRA3JvdzycKp90gbFGY7NdE8g7PLj6gv8BcQU
mextQoBC2yJ8wZYnr73QYOFb9kxDYC3oOYeA2SJg9yPCbKhHrEVeyU+Co5ITuWPO
9OT8/eRPFPvx4Gfbq3Naw3fU1r1c7Dmohypt8PksgdRfJwZRfUmQ9x176jdhZ9DJ
PleiCw42wo4p487l2S3A0k0QAP13va17NY/uelHFNW4z926nUGGEH67zxHIKvlWU
6XF26MAAgcRppcyvIwjRyFvXerfY4MdXibeW4rHwcIOHZrQ1S5cu40pm4hzqODXu
II0ljEg+IXAmsB2dOKqzDFGU5GpPYhCkQiz2gtA=
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:16 2024 by rpki-client on console-fra.rpki-client.org