Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/323430303a663334303a3a2f33322d3438203d3e20313331373436.roa
File:                     323430303a663334303a3a2f33322d3438203d3e20313331373436.roa (raw, json)
Hash identifier:          5AsJP/y4L1wuWQ7JbC6ov+eOub5b4P0fq+E5OhPcklk=
Subject key identifier:   82:DD:B9:EC:6F:50:CA:1B:55:D3:DD:F2:45:34:26:84:02:6B:15:17
Certificate issuer:       /CN=CB8106D827747D008C9DE9181B4EC6739C8EE800
Certificate serial:       79401243B4248EC71313E4253C3B74B4A569D95B
Authority key identifier: CB:81:06:D8:27:74:7D:00:8C:9D:E9:18:1B:4E:C6:73:9C:8E:E8:00
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CB8106D827747D008C9DE9181B4EC6739C8EE800.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/323430303a663334303a3a2f33322d3438203d3e20313331373436.roa
Signing time:             Mon 31 Jul 2023 00:09:46 +0000
ROA not before:           Mon 31 Jul 2023 00:04:46 +0000
ROA not after:            Mon 29 Jul 2024 00:09:46 +0000
asID:                     131746
IP address blocks:        2400:f340::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/CB8106D827747D008C9DE9181B4EC6739C8EE800.crl
                          rsync://repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/CB8106D827747D008C9DE9181B4EC6739C8EE800.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CB8106D827747D008C9DE9181B4EC6739C8EE800.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:40:12:43:b4:24:8e:c7:13:13:e4:25:3c:3b:74:b4:a5:69:d9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CB8106D827747D008C9DE9181B4EC6739C8EE800
        Validity
            Not Before: Jul 31 00:04:46 2023 GMT
            Not After : Jul 29 00:09:46 2024 GMT
        Subject: CN=82DDB9EC6F50CA1B55D3DDF245342684026B1517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ba:c7:66:a8:d1:47:36:c9:dd:cd:70:93:06:
                    ee:b0:4c:18:40:47:f7:93:97:82:7d:b8:31:5f:49:
                    36:be:2b:a6:13:e6:5b:97:c3:68:c4:af:5c:3b:8b:
                    10:f7:d6:e9:9f:49:4a:0d:60:10:71:48:16:1e:14:
                    4e:c6:a8:f8:81:e2:de:e6:ad:ab:31:99:7c:20:5c:
                    c5:b4:08:12:f7:89:ff:1f:3a:5b:10:92:05:b7:3f:
                    db:3c:f8:b6:3b:4c:05:52:28:43:ad:9c:22:32:09:
                    f9:d8:3a:1f:9b:f2:3f:bd:7c:d7:73:40:99:29:80:
                    54:c4:8e:ad:f2:f7:c9:34:6d:4a:8e:0b:f5:ea:48:
                    b6:00:11:cf:bf:72:79:f3:fa:0e:cd:96:1d:04:6a:
                    a8:97:21:20:72:a3:89:1a:4e:ba:7b:32:3b:01:ae:
                    97:67:41:4c:22:83:3c:26:91:27:a6:bb:70:7b:c6:
                    42:9f:74:a3:a4:12:6f:8d:60:f3:a8:35:df:33:b4:
                    62:28:28:8c:10:89:67:10:b5:14:0e:8f:20:f2:f8:
                    ec:75:22:6e:33:f5:69:af:91:ad:10:26:38:8a:90:
                    cb:8e:9e:3c:84:a2:fc:47:51:f5:d9:14:44:8a:5c:
                    d5:d8:b3:0c:1b:fa:0b:9c:ed:57:37:bf:bf:2f:a0:
                    8e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DD:B9:EC:6F:50:CA:1B:55:D3:DD:F2:45:34:26:84:02:6B:15:17
            X509v3 Authority Key Identifier:
                keyid:CB:81:06:D8:27:74:7D:00:8C:9D:E9:18:1B:4E:C6:73:9C:8E:E8:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/CB8106D827747D008C9DE9181B4EC6739C8EE800.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/CB8106D827747D008C9DE9181B4EC6739C8EE800.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/6be578d0-d3aa-4f0f-bb9d-f74b49c6a655/0/323430303a663334303a3a2f33322d3438203d3e20313331373436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:f340::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:ce:1e:d6:05:78:2e:e8:a6:b2:cc:3d:d3:90:9a:42:34:5c:
         4f:03:20:64:3f:a0:29:4c:23:5c:05:94:f9:4c:66:fa:51:e2:
         38:ba:7c:ed:f4:99:db:cb:fa:a9:0a:79:b2:12:b4:e0:ac:5d:
         d7:dc:a0:4a:0e:51:67:4b:73:71:b6:ea:69:a1:a8:7c:19:67:
         26:b8:0b:d8:b9:07:f7:b7:7e:f8:fd:3e:df:de:26:05:d6:4d:
         27:32:97:12:11:b4:ab:d7:8f:39:74:8b:c2:23:5b:19:f4:78:
         ac:f4:38:6e:e5:d2:0e:04:eb:79:3b:fe:02:eb:09:7f:b8:bc:
         ca:b7:69:a4:ca:ab:d2:c3:1e:a4:97:8c:76:10:e2:d1:0c:eb:
         38:4b:b9:06:88:e8:90:e2:e5:17:84:a8:58:10:a3:bf:50:17:
         9a:e5:0b:f9:6a:e6:eb:ad:96:2c:db:8a:50:52:1a:d5:a2:e6:
         4e:4e:ab:ad:8c:7c:66:c5:a0:8f:9c:3d:42:a0:b6:89:74:fb:
         6d:d7:b9:97:c9:35:d8:48:e4:9d:83:8a:f1:54:dd:76:c4:b0:
         fe:21:12:77:1d:24:c3:dd:18:89:ef:4d:2c:7b:ef:33:74:98:
         35:af:3b:45:ff:07:ef:ba:04:9f:9c:ee:7a:6a:6a:59:e0:9b:
         f0:99:a2:b2
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUeUASQ7QkjscTE+QlPDt0tKVp2VswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0I4MTA2RDgyNzc0N0QwMDhDOURFOTE4MUI0RUM2NzM5
QzhFRTgwMDAeFw0yMzA3MzEwMDA0NDZaFw0yNDA3MjkwMDA5NDZaMDMxMTAvBgNV
BAMTKDgyRERCOUVDNkY1MENBMUI1NUQzRERGMjQ1MzQyNjg0MDI2QjE1MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdusdmqNFHNsndzXCTBu6wTBhA
R/eTl4J9uDFfSTa+K6YT5luXw2jEr1w7ixD31umfSUoNYBBxSBYeFE7GqPiB4t7m
rasxmXwgXMW0CBL3if8fOlsQkgW3P9s8+LY7TAVSKEOtnCIyCfnYOh+b8j+9fNdz
QJkpgFTEjq3y98k0bUqOC/XqSLYAEc+/cnnz+g7Nlh0EaqiXISByo4kaTrp7MjsB
rpdnQUwigzwmkSemu3B7xkKfdKOkEm+NYPOoNd8ztGIoKIwQiWcQtRQOjyDy+Ox1
Im4z9Wmvka0QJjiKkMuOnjyEovxHUfXZFESKXNXYswwb+guc7Vc3v78voI6TAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUgt257G9QyhtV093yRTQmhAJrFRcwHwYDVR0j
BBgwFoAUy4EG2Cd0fQCMnekYG07Gc5yO6AAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
YmU1NzhkMC1kM2FhLTRmMGYtYmI5ZC1mNzRiNDljNmE2NTUvMC9DQjgxMDZEODI3
NzQ3RDAwOEM5REU5MTgxQjRFQzY3MzlDOEVFODAwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQ0I4MTA2RDgyNzc0N0QwMDhDOURFOTE4MUI0RUM2NzM5QzhF
RTgwMC5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzZiZTU3OGQwLWQzYWEtNGYwZi1i
YjlkLWY3NGI0OWM2YTY1NS8wLzMyMzQzMDMwM2E2NjMzMzQzMDNhM2EyZjMzMzIy
ZDM0MzgyMDNkM2UyMDMxMzMzMTM3MzQzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQA80AwDQYJKoZI
hvcNAQELBQADggEBABTOHtYFeC7oprLMPdOQmkI0XE8DIGQ/oClMI1wFlPlMZvpR
4ji6fO30mdvL+qkKebIStOCsXdfcoEoOUWdLc3G26mmhqHwZZya4C9i5B/e3fvj9
Pt/eJgXWTScylxIRtKvXjzl0i8IjWxn0eKz0OG7l0g4E63k7/gLrCX+4vMq3aaTK
q9LDHqSXjHYQ4tEM6zhLuQaI6JDi5ReEqFgQo79QF5rlC/lq5uutlizbilBSGtWi
5k5Oq62MfGbFoI+cPUKgtol0+23XuZfJNdhI5J2DivFU3XbEsP4hEncdJMPdGInv
TSx77zN0mDWvO0X/B++6BJ+c7npqalngm/CZorI=
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:46:06 2024 by rpki-client on console-fra.rpki-client.org