Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/323430313a666363303a3a2f33322d3332203d3e203535363939.roa
File:                     323430313a666363303a3a2f33322d3332203d3e203535363939.roa (raw, json)
Hash identifier:          5cDvASSSj5sgi5R/tLR1qG9GN5wCnWdvAIo2SBaiM2c=
Subject key identifier:   74:5D:B8:3D:C3:74:9B:B4:1D:88:21:2D:53:05:6A:4B:95:37:E9:67
Certificate issuer:       /CN=31BD46BE7D53E57838D5FD894590B8AFF16D366C
Certificate serial:       0D193014189D7940453D48E0E437434E2CB4104A
Authority key identifier: 31:BD:46:BE:7D:53:E5:78:38:D5:FD:89:45:90:B8:AF:F1:6D:36:6C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/31BD46BE7D53E57838D5FD894590B8AFF16D366C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/323430313a666363303a3a2f33322d3332203d3e203535363939.roa
Signing time:             Sat 16 Sep 2023 06:00:00 +0000
ROA not before:           Sat 16 Sep 2023 05:55:00 +0000
ROA not after:            Sat 14 Sep 2024 06:00:00 +0000
asID:                     55699
IP address blocks:        2401:fcc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/31BD46BE7D53E57838D5FD894590B8AFF16D366C.crl
                          rsync://repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/31BD46BE7D53E57838D5FD894590B8AFF16D366C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/31BD46BE7D53E57838D5FD894590B8AFF16D366C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 20:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:19:30:14:18:9d:79:40:45:3d:48:e0:e4:37:43:4e:2c:b4:10:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31BD46BE7D53E57838D5FD894590B8AFF16D366C
        Validity
            Not Before: Sep 16 05:55:00 2023 GMT
            Not After : Sep 14 06:00:00 2024 GMT
        Subject: CN=745DB83DC3749BB41D88212D53056A4B9537E967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:98:3e:ed:9e:83:27:fd:a0:c2:58:d6:b9:d8:
                    17:ff:a4:3b:9e:39:cd:d8:4e:7b:9a:f4:fc:7f:9c:
                    13:d1:f4:b8:05:67:7f:bc:02:61:24:87:08:60:89:
                    a7:db:cd:1f:d9:a7:a7:8f:86:b4:ea:53:9d:94:a7:
                    84:2b:00:56:5d:2e:d3:77:8d:bd:3e:7d:ae:a6:66:
                    f5:e7:a3:ff:0a:30:ee:87:bf:6b:6c:f3:8f:19:f7:
                    ed:04:67:9b:80:b5:83:1a:36:f5:0c:d8:0e:46:84:
                    27:91:68:9d:0b:88:1a:d0:31:30:cd:bb:09:bb:2a:
                    4b:c7:25:88:8d:ae:0b:2d:28:ac:be:13:c6:eb:c5:
                    cf:ae:e9:0d:6b:53:61:9b:a7:71:e2:60:97:ff:da:
                    99:f8:a1:10:cd:5e:46:85:ac:1c:cd:72:da:86:97:
                    9e:f1:00:b1:69:0f:c9:be:2d:73:22:f1:a9:42:eb:
                    22:69:1f:70:e7:d2:08:05:cb:c3:9d:c1:70:c0:9d:
                    6e:95:d5:01:71:5a:a1:6d:c1:3b:a7:ba:d3:d0:ae:
                    a1:41:4c:a9:03:27:cb:2a:91:bb:1f:3e:e2:d8:53:
                    31:7e:90:f5:8e:a2:f3:43:e3:ad:4c:d4:8c:81:2b:
                    04:8a:05:d0:59:83:e9:9e:64:1b:13:fa:bf:5c:9e:
                    ef:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5D:B8:3D:C3:74:9B:B4:1D:88:21:2D:53:05:6A:4B:95:37:E9:67
            X509v3 Authority Key Identifier:
                keyid:31:BD:46:BE:7D:53:E5:78:38:D5:FD:89:45:90:B8:AF:F1:6D:36:6C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/31BD46BE7D53E57838D5FD894590B8AFF16D366C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/31BD46BE7D53E57838D5FD894590B8AFF16D366C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/66ad09f3-0023-4445-8416-5cbde13fdd40/0/323430313a666363303a3a2f33322d3332203d3e203535363939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:fcc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:80:e9:c7:f7:3c:a3:3c:95:c5:a3:a2:51:9e:b4:d1:7c:d7:
         8d:c1:f8:57:6a:83:98:cc:4a:3f:99:b7:8d:14:c4:46:be:32:
         28:3b:89:99:06:d0:53:e7:7b:1b:95:c3:6f:26:c9:b2:1b:ae:
         2f:1c:2d:97:20:2b:43:40:39:d4:2e:61:f9:35:4c:4d:63:29:
         79:e3:31:82:fc:7a:81:b3:0c:a6:3a:c7:94:f3:4b:45:55:83:
         5c:0d:c0:e2:07:5d:e1:86:c0:bc:36:08:b4:27:50:3e:44:91:
         b9:94:b1:0a:af:e1:42:63:f6:04:c5:42:01:ae:cf:68:05:ce:
         d1:14:b7:96:69:c1:59:93:59:93:67:96:11:ae:eb:c2:f1:ca:
         71:29:6a:f4:cb:07:d8:d7:d0:dc:77:11:8d:f1:29:aa:52:e1:
         3b:91:e0:45:95:52:c9:a6:8e:26:41:6d:41:bc:73:fc:b8:01:
         f3:e1:f1:68:4d:b8:d3:a3:a2:bf:b1:69:b9:84:ce:e4:15:ad:
         80:49:96:52:cb:2c:1a:99:78:84:8b:7b:e7:57:30:d6:06:cf:
         04:62:d5:1a:ca:49:74:78:e8:f7:d2:75:94:62:61:87:e3:a2:
         2d:7d:15:46:f5:a7:a7:85:e4:00:ba:ae:50:c4:98:5b:eb:ea:
         09:0d:b3:6d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUDRkwFBideUBFPUjg5DdDTiy0EEowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzFCRDQ2QkU3RDUzRTU3ODM4RDVGRDg5NDU5MEI4QUZG
MTZEMzY2QzAeFw0yMzA5MTYwNTU1MDBaFw0yNDA5MTQwNjAwMDBaMDMxMTAvBgNV
BAMTKDc0NURCODNEQzM3NDlCQjQxRDg4MjEyRDUzMDU2QTRCOTUzN0U5NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbmD7tnoMn/aDCWNa52Bf/pDue
Oc3YTnua9Px/nBPR9LgFZ3+8AmEkhwhgiafbzR/Zp6ePhrTqU52Up4QrAFZdLtN3
jb0+fa6mZvXno/8KMO6Hv2ts848Z9+0EZ5uAtYMaNvUM2A5GhCeRaJ0LiBrQMTDN
uwm7KkvHJYiNrgstKKy+E8brxc+u6Q1rU2Gbp3HiYJf/2pn4oRDNXkaFrBzNctqG
l57xALFpD8m+LXMi8alC6yJpH3Dn0ggFy8OdwXDAnW6V1QFxWqFtwTunutPQrqFB
TKkDJ8sqkbsfPuLYUzF+kPWOovND461M1IyBKwSKBdBZg+meZBsT+r9cnu+nAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUdF24PcN0m7QdiCEtUwVqS5U36WcwHwYDVR0j
BBgwFoAUMb1Gvn1T5Xg41f2JRZC4r/FtNmwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
NmFkMDlmMy0wMDIzLTQ0NDUtODQxNi01Y2JkZTEzZmRkNDAvMC8zMUJENDZCRTdE
NTNFNTc4MzhENUZEODk0NTkwQjhBRkYxNkQzNjZDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMzFCRDQ2QkU3RDUzRTU3ODM4RDVGRDg5NDU5MEI4QUZGMTZE
MzY2Qy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY2YWQwOWYzLTAwMjMtNDQ0NS04
NDE2LTVjYmRlMTNmZGQ0MC8wLzMyMzQzMDMxM2E2NjYzNjMzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM1MzUzNjM5Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkAfzAMA0GCSqGSIb3
DQEBCwUAA4IBAQBogOnH9zyjPJXFo6JRnrTRfNeNwfhXaoOYzEo/mbeNFMRGvjIo
O4mZBtBT53sblcNvJsmyG64vHC2XICtDQDnULmH5NUxNYyl54zGC/HqBswymOseU
80tFVYNcDcDiB13hhsC8Ngi0J1A+RJG5lLEKr+FCY/YExUIBrs9oBc7RFLeWacFZ
k1mTZ5YRruvC8cpxKWr0ywfY19DcdxGN8SmqUuE7keBFlVLJpo4mQW1BvHP8uAHz
4fFoTbjTo6K/sWm5hM7kFa2ASZZSyywamXiEi3vnVzDWBs8EYtUaykl0eOj30nWU
YmGH46ItfRVG9aenheQAuq5QxJhb6+oJDbNt
-----END CERTIFICATE-----
Generated at Wed Mar 27 18:48:30 2024 by rpki-client on console-fra.rpki-client.org