Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/323430333a653630303a3a2f33322d3332203d3e203538333736.roa
File:                     323430333a653630303a3a2f33322d3332203d3e203538333736.roa (raw, json)
Hash identifier:          cG/qRiVO8XZpJR2pnd55F8E6Q6uysG6sWyyzi0UdGZ8=
Subject key identifier:   D5:29:4A:03:6F:FD:6C:28:7B:2A:1D:E7:1D:24:17:5B:30:20:C9:86
Certificate issuer:       /CN=4E52504397B6835784BD4E67D8048C0D1CE3B242
Certificate serial:       28C6D5DB22A2B0EEEF1E8E8C52BE930A5E8C2E02
Authority key identifier: 4E:52:50:43:97:B6:83:57:84:BD:4E:67:D8:04:8C:0D:1C:E3:B2:42
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4E52504397B6835784BD4E67D8048C0D1CE3B242.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/323430333a653630303a3a2f33322d3332203d3e203538333736.roa
Signing time:             Mon 31 Jul 2023 00:07:27 +0000
ROA not before:           Mon 31 Jul 2023 00:02:27 +0000
ROA not after:            Mon 29 Jul 2024 00:07:27 +0000
asID:                     58376
IP address blocks:        2403:e600::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/4E52504397B6835784BD4E67D8048C0D1CE3B242.crl
                          rsync://repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/4E52504397B6835784BD4E67D8048C0D1CE3B242.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4E52504397B6835784BD4E67D8048C0D1CE3B242.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 19:44:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c6:d5:db:22:a2:b0:ee:ef:1e:8e:8c:52:be:93:0a:5e:8c:2e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4E52504397B6835784BD4E67D8048C0D1CE3B242
        Validity
            Not Before: Jul 31 00:02:27 2023 GMT
            Not After : Jul 29 00:07:27 2024 GMT
        Subject: CN=D5294A036FFD6C287B2A1DE71D24175B3020C986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7a:07:90:64:a6:d6:b7:39:c8:ca:01:ac:b2:
                    39:de:52:e7:18:a3:ec:89:98:5d:e7:81:9b:03:ec:
                    8e:14:c3:16:f5:ee:6f:28:6a:fa:4b:ed:86:95:da:
                    f0:9a:0d:b2:74:81:3d:9a:56:17:43:3d:ee:31:d8:
                    8d:1b:9d:77:34:94:c1:67:a1:ce:38:c9:9e:c7:02:
                    b0:6b:1e:98:2b:42:42:7f:ed:e0:74:89:39:8c:85:
                    b1:82:8d:4f:7c:cd:29:93:92:12:41:c0:96:cf:24:
                    41:c6:a6:8d:9a:16:84:4c:cc:67:f0:28:c3:70:dd:
                    ab:43:bb:68:53:ee:60:33:1b:58:6d:6e:46:31:dd:
                    f1:60:8f:e7:a1:d7:0e:1b:32:8c:1e:82:d6:31:2b:
                    81:91:8e:67:62:fd:5d:ee:de:a8:2f:ef:4b:f4:57:
                    db:fe:0a:7e:8d:b5:88:a9:66:bb:22:64:cb:a1:09:
                    c0:17:7a:4a:90:e0:73:99:14:ad:32:8a:83:6f:95:
                    41:dd:08:00:d1:db:36:3f:16:3f:18:ed:80:6a:52:
                    5a:8e:76:67:34:fc:2e:8f:2c:60:cb:df:3d:5e:3e:
                    6d:3b:98:c1:d0:14:e7:cb:34:9e:db:47:c2:69:94:
                    77:85:df:94:41:fd:ad:17:0a:6f:b5:ee:5c:f1:7a:
                    25:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:29:4A:03:6F:FD:6C:28:7B:2A:1D:E7:1D:24:17:5B:30:20:C9:86
            X509v3 Authority Key Identifier:
                keyid:4E:52:50:43:97:B6:83:57:84:BD:4E:67:D8:04:8C:0D:1C:E3:B2:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/4E52504397B6835784BD4E67D8048C0D1CE3B242.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/4E52504397B6835784BD4E67D8048C0D1CE3B242.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/891d3c30-95dc-4b72-ae1b-ad1e98b0e179/0/323430333a653630303a3a2f33322d3332203d3e203538333736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:e600::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:b9:e0:d9:cb:ea:96:d5:6d:4d:82:ce:ff:cc:09:a5:96:21:
         1a:cf:fa:4a:a0:b1:ee:83:fb:b9:e4:14:0f:38:e5:28:e0:23:
         4b:af:eb:f4:c1:bc:e0:56:41:34:48:ba:38:0c:c5:b4:ee:23:
         1e:19:b7:7f:47:6c:46:1d:17:54:29:96:2f:e1:a6:fc:47:8d:
         ed:02:4e:1c:73:2d:4a:ae:b3:d5:1f:34:e5:e7:48:be:86:fe:
         58:63:28:32:10:04:e6:92:b1:0f:2b:aa:94:0e:d5:cf:fa:d7:
         86:db:62:09:e9:22:16:68:ae:20:45:61:bd:ca:67:db:c5:08:
         b1:21:ed:80:75:c2:fd:27:27:3d:25:55:08:92:2d:bb:64:37:
         9b:5e:c0:9e:b5:46:01:81:d6:0a:bc:6b:df:56:cc:ef:68:18:
         35:fb:d0:5c:e4:b7:8e:de:b1:73:8a:e5:6d:94:4e:72:03:9d:
         9f:7b:c1:4b:87:3e:f2:86:53:27:8a:97:d2:7a:eb:6d:86:24:
         5b:88:df:a2:83:fa:b5:ab:fe:0c:00:34:f1:2e:f9:1f:e0:a2:
         bb:17:fc:23:c8:c8:3e:61:ec:a5:77:d6:2a:5b:9f:35:7c:3e:
         76:6d:b0:76:16:a4:ca:4b:05:63:a1:e9:60:b6:41:8e:f4:fa:
         08:59:65:3c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUKMbV2yKisO7vHo6MUr6TCl6MLgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNEU1MjUwNDM5N0I2ODM1Nzg0QkQ0RTY3RDgwNDhDMEQx
Q0UzQjI0MjAeFw0yMzA3MzEwMDAyMjdaFw0yNDA3MjkwMDA3MjdaMDMxMTAvBgNV
BAMTKEQ1Mjk0QTAzNkZGRDZDMjg3QjJBMURFNzFEMjQxNzVCMzAyMEM5ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3egeQZKbWtznIygGssjneUucY
o+yJmF3ngZsD7I4Uwxb17m8oavpL7YaV2vCaDbJ0gT2aVhdDPe4x2I0bnXc0lMFn
oc44yZ7HArBrHpgrQkJ/7eB0iTmMhbGCjU98zSmTkhJBwJbPJEHGpo2aFoRMzGfw
KMNw3atDu2hT7mAzG1htbkYx3fFgj+eh1w4bMowegtYxK4GRjmdi/V3u3qgv70v0
V9v+Cn6NtYipZrsiZMuhCcAXekqQ4HOZFK0yioNvlUHdCADR2zY/Fj8Y7YBqUlqO
dmc0/C6PLGDL3z1ePm07mMHQFOfLNJ7bR8JplHeF35RB/a0XCm+17lzxeiWlAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQU1SlKA2/9bCh7Kh3nHSQXWzAgyYYwHwYDVR0j
BBgwFoAUTlJQQ5e2g1eEvU5n2ASMDRzjskIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby84
OTFkM2MzMC05NWRjLTRiNzItYWUxYi1hZDFlOThiMGUxNzkvMC80RTUyNTA0Mzk3
QjY4MzU3ODRCRDRFNjdEODA0OEMwRDFDRTNCMjQyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNEU1MjUwNDM5N0I2ODM1Nzg0QkQ0RTY3RDgwNDhDMEQxQ0Uz
QjI0Mi5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzg5MWQzYzMwLTk1ZGMtNGI3Mi1h
ZTFiLWFkMWU5OGIwZTE3OS8wLzMyMzQzMDMzM2E2NTM2MzAzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM1MzgzMzM3MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkA+YAMA0GCSqGSIb3
DQEBCwUAA4IBAQCNueDZy+qW1W1Ngs7/zAmlliEaz/pKoLHug/u55BQPOOUo4CNL
r+v0wbzgVkE0SLo4DMW07iMeGbd/R2xGHRdUKZYv4ab8R43tAk4ccy1KrrPVHzTl
50i+hv5YYygyEATmkrEPK6qUDtXP+teG22IJ6SIWaK4gRWG9ymfbxQixIe2AdcL9
Jyc9JVUIki27ZDebXsCetUYBgdYKvGvfVszvaBg1+9Bc5LeO3rFziuVtlE5yA52f
e8FLhz7yhlMnipfSeutthiRbiN+ig/q1q/4MADTxLvkf4KK7F/wjyMg+Yeyld9Yq
W581fD52bbB2FqTKSwVjoelgtkGO9PoIWWU8
-----END CERTIFICATE-----
Generated at Wed Mar 27 15:34:03 2024 by rpki-client on console-ams.rpki-client.org