Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/323430303a643934303a3230303a3a2f34382d3438203d3e20313336303838.roa
File:                     323430303a643934303a3230303a3a2f34382d3438203d3e20313336303838.roa (raw, json)
Hash identifier:          4Ty2vpIt889S6H4qW9mr7XDARxD9ahCYWHY74BSfHxA=
Subject key identifier:   AE:41:41:6D:2B:EE:7D:E4:F5:E9:92:D6:86:AB:47:BF:54:21:57:17
Certificate issuer:       /CN=D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F
Certificate serial:       18868DFB0D6DC3812304E4F65B149362096F72FE
Authority key identifier: D3:FB:61:D7:46:A4:47:67:D4:51:8D:6E:9F:D1:FB:D8:D0:BE:92:3F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/323430303a643934303a3230303a3a2f34382d3438203d3e20313336303838.roa
Signing time:             Mon 31 Jul 2023 00:07:18 +0000
ROA not before:           Mon 31 Jul 2023 00:02:18 +0000
ROA not after:            Mon 29 Jul 2024 00:07:18 +0000
asID:                     136088
IP address blocks:        2400:d940:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.crl
                          rsync://repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 31 Mar 2024 17:21:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:86:8d:fb:0d:6d:c3:81:23:04:e4:f6:5b:14:93:62:09:6f:72:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F
        Validity
            Not Before: Jul 31 00:02:18 2023 GMT
            Not After : Jul 29 00:07:18 2024 GMT
        Subject: CN=AE41416D2BEE7DE4F5E992D686AB47BF54215717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:30:69:94:17:ad:52:ff:46:10:cd:1c:a5:9a:
                    2b:a1:50:ff:1f:9d:11:f5:ab:53:98:9a:b4:d9:63:
                    ab:39:77:b1:92:5d:b0:d6:c4:01:8b:71:48:68:12:
                    a8:09:13:81:da:a4:87:a1:43:85:79:55:69:82:39:
                    0a:27:b4:1a:7c:07:36:0d:28:85:da:fe:a6:2a:51:
                    88:83:8b:ab:c0:fb:3a:7c:91:74:b4:1c:7c:9e:67:
                    4a:97:7e:99:1e:aa:14:4d:fa:0b:8b:17:52:ca:a2:
                    63:6d:84:35:f2:ca:1f:75:ea:8a:23:73:84:62:e5:
                    5b:95:24:d4:a1:15:36:c4:1e:50:39:ed:46:46:74:
                    b0:cd:59:30:1a:64:20:38:4c:f3:87:0d:3f:16:18:
                    8f:84:e3:40:8f:cd:6d:4c:43:51:ec:77:cc:c7:3b:
                    16:6f:be:d0:92:ea:6b:c0:66:b0:4b:70:70:63:b5:
                    49:5a:8a:40:de:fa:b8:01:dc:a2:87:f2:1f:50:b7:
                    04:be:31:92:e0:27:37:52:e1:73:98:43:e9:0a:23:
                    61:26:64:28:62:b8:86:c7:a6:ea:8f:82:2c:1c:b5:
                    9f:70:ce:d2:64:11:bd:30:1d:9c:41:a3:67:1a:91:
                    b3:d9:5a:52:17:98:f3:72:00:70:d3:c0:ce:ff:6c:
                    62:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:41:41:6D:2B:EE:7D:E4:F5:E9:92:D6:86:AB:47:BF:54:21:57:17
            X509v3 Authority Key Identifier:
                keyid:D3:FB:61:D7:46:A4:47:67:D4:51:8D:6E:9F:D1:FB:D8:D0:BE:92:3F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/D3FB61D746A44767D4518D6E9FD1FBD8D0BE923F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/73f4ec1c-9535-4cbf-9c7a-fd32c830edba/0/323430303a643934303a3230303a3a2f34382d3438203d3e20313336303838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:d940:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:c8:4d:7e:2d:77:fb:26:c6:e2:76:8c:d7:1a:17:85:30:30:
         f5:78:b6:f4:85:2b:3d:10:68:4c:92:95:2a:f7:98:e4:3e:8c:
         cf:b8:1f:14:38:2d:ee:07:14:a1:5d:92:1b:8a:0e:cd:56:e0:
         89:c3:0f:fd:29:9b:95:dc:f2:54:13:26:9e:d7:79:fc:85:5f:
         9c:f9:26:08:56:91:47:55:55:bc:13:c0:52:61:95:22:9b:29:
         24:78:b0:03:fc:72:19:5d:aa:b7:f0:ed:ee:a4:84:b3:5c:b3:
         a6:d9:e8:f9:30:d5:db:69:08:ee:9f:83:35:01:e6:88:67:7a:
         7d:32:ff:9a:5b:c0:23:de:a8:4c:66:75:ef:b3:e7:bd:07:15:
         2e:e5:11:80:4b:27:82:8c:de:9d:6f:3c:8c:59:1b:4f:74:fe:
         d3:a1:21:6a:fb:fb:d9:9b:7f:7c:48:ed:1b:d1:8f:b7:33:d3:
         fc:6b:6a:de:b9:d5:64:9b:fd:2c:c4:8e:b6:46:be:ea:3a:54:
         44:ec:56:60:1d:88:ea:1d:cb:0a:f0:e0:87:e7:57:29:05:74:
         16:3f:49:7b:9a:53:2e:1a:46:d2:a6:29:e5:aa:ea:af:64:af:
         aa:6c:f0:07:a3:4d:5b:00:db:29:c1:2e:90:76:a5:61:7e:1e:
         4d:d3:db:e4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGIaN+w1tw4EjBOT2WxSTYglvcv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDNGQjYxRDc0NkE0NDc2N0Q0NTE4RDZFOUZEMUZCRDhE
MEJFOTIzRjAeFw0yMzA3MzEwMDAyMThaFw0yNDA3MjkwMDA3MThaMDMxMTAvBgNV
BAMTKEFFNDE0MTZEMkJFRTdERTRGNUU5OTJENjg2QUI0N0JGNTQyMTU3MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIMGmUF61S/0YQzRylmiuhUP8f
nRH1q1OYmrTZY6s5d7GSXbDWxAGLcUhoEqgJE4HapIehQ4V5VWmCOQontBp8BzYN
KIXa/qYqUYiDi6vA+zp8kXS0HHyeZ0qXfpkeqhRN+guLF1LKomNthDXyyh916ooj
c4Ri5VuVJNShFTbEHlA57UZGdLDNWTAaZCA4TPOHDT8WGI+E40CPzW1MQ1Hsd8zH
OxZvvtCS6mvAZrBLcHBjtUlaikDe+rgB3KKH8h9QtwS+MZLgJzdS4XOYQ+kKI2Em
ZChiuIbHpuqPgiwctZ9wztJkEb0wHZxBo2cakbPZWlIXmPNyAHDTwM7/bGIvAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUrkFBbSvufeT16ZLWhqtHv1QhVxcwHwYDVR0j
BBgwFoAU0/th10akR2fUUY1un9H72NC+kj8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby83
M2Y0ZWMxYy05NTM1LTRjYmYtOWM3YS1mZDMyYzgzMGVkYmEvMC9EM0ZCNjFENzQ2
QTQ0NzY3RDQ1MThENkU5RkQxRkJEOEQwQkU5MjNGLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRDNGQjYxRDc0NkE0NDc2N0Q0NTE4RDZFOUZEMUZCRDhEMEJF
OTIzRi5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzczZjRlYzFjLTk1MzUtNGNiZi05
YzdhLWZkMzJjODMwZWRiYS8wLzMyMzQzMDMwM2E2NDM5MzQzMDNhMzIzMDMwM2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzMzM2MzAzODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJADZ
QAIAMA0GCSqGSIb3DQEBCwUAA4IBAQCGyE1+LXf7JsbidozXGheFMDD1eLb0hSs9
EGhMkpUq95jkPozPuB8UOC3uBxShXZIbig7NVuCJww/9KZuV3PJUEyae13n8hV+c
+SYIVpFHVVW8E8BSYZUimykkeLAD/HIZXaq38O3upISzXLOm2ej5MNXbaQjun4M1
AeaIZ3p9Mv+aW8Aj3qhMZnXvs+e9BxUu5RGASyeCjN6dbzyMWRtPdP7ToSFq+/vZ
m398SO0b0Y+3M9P8a2reudVkm/0sxI62Rr7qOlRE7FZgHYjqHcsK8OCH51cpBXQW
P0l7mlMuGkbSpinlquqvZK+qbPAHo01bANspwS6QdqVhfh5N09vk
-----END CERTIFICATE-----
Generated at Thu Mar 28 14:00:46 2024 by rpki-client on console-fra.rpki-client.org