Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/323030313a6466343a386230303a3a2f34382d3438203d3e20313337333235.roa
File:                     323030313a6466343a386230303a3a2f34382d3438203d3e20313337333235.roa (raw, json)
Hash identifier:          LStpTFj38x/DJSHD2unWGKzCQCGq7K64Z3PRgzWrJFc=
Subject key identifier:   8B:F9:16:B9:34:47:96:A6:94:B7:59:2F:B9:1D:4A:95:3A:B0:0F:B3
Certificate issuer:       /CN=9CA6DB3A7AC14D26875264793FB5D488BCF01F45
Certificate serial:       46A08D17F82931FF40C4FB2816C8C96E6C6D8D13
Authority key identifier: 9C:A6:DB:3A:7A:C1:4D:26:87:52:64:79:3F:B5:D4:88:BC:F0:1F:45
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/323030313a6466343a386230303a3a2f34382d3438203d3e20313337333235.roa
Signing time:             Mon 31 Jul 2023 00:13:38 +0000
ROA not before:           Mon 31 Jul 2023 00:08:38 +0000
ROA not after:            Mon 29 Jul 2024 00:13:38 +0000
asID:                     137325
IP address blocks:        2001:df4:8b00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.crl
                          rsync://repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:a0:8d:17:f8:29:31:ff:40:c4:fb:28:16:c8:c9:6e:6c:6d:8d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9CA6DB3A7AC14D26875264793FB5D488BCF01F45
        Validity
            Not Before: Jul 31 00:08:38 2023 GMT
            Not After : Jul 29 00:13:38 2024 GMT
        Subject: CN=8BF916B9344796A694B7592FB91D4A953AB00FB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a8:1c:ba:c4:00:7e:f0:9b:94:51:6d:f7:35:
                    13:81:53:75:05:3d:43:da:8c:f2:5f:1e:99:2e:1c:
                    0c:d5:77:04:e2:ce:ae:70:9f:93:73:41:87:9c:d5:
                    98:a6:5a:76:98:bc:f5:0c:a8:97:26:d5:59:92:22:
                    26:2d:0b:83:83:5e:e0:79:cb:6c:82:4c:a7:14:f5:
                    e4:b7:99:16:3f:fb:79:37:61:43:09:a7:42:49:18:
                    5d:27:c5:6c:bb:26:8b:f4:8d:73:0a:cf:cf:1e:e3:
                    3b:28:5d:64:f1:a0:63:6b:e6:7d:01:94:ef:d7:f5:
                    33:ab:43:e1:84:4f:68:94:3f:8c:4b:a7:ab:a7:29:
                    1f:c4:f5:9b:98:a6:a6:e8:13:a2:a0:cb:a0:f9:78:
                    48:24:ab:72:c3:0a:ca:c6:a2:b7:9d:62:11:42:c3:
                    56:ab:26:6d:c4:00:85:a9:ab:62:b7:9f:6a:93:6e:
                    87:fb:a7:8e:18:77:cb:1e:a3:ed:b9:1f:84:d2:44:
                    ba:fd:91:a5:b9:9e:fb:05:f0:d3:6b:30:a2:82:23:
                    87:55:3a:42:97:e5:e9:87:6c:20:2d:2a:af:b9:a5:
                    23:8e:8c:a3:22:8b:10:66:9d:bf:06:01:d2:80:c5:
                    fb:0a:65:07:75:e7:19:ad:4a:c2:54:92:21:5b:95:
                    0e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F9:16:B9:34:47:96:A6:94:B7:59:2F:B9:1D:4A:95:3A:B0:0F:B3
            X509v3 Authority Key Identifier:
                keyid:9C:A6:DB:3A:7A:C1:4D:26:87:52:64:79:3F:B5:D4:88:BC:F0:1F:45

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9CA6DB3A7AC14D26875264793FB5D488BCF01F45.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/90652bc6-8bb6-4f26-88b1-380dac18e268/0/323030313a6466343a386230303a3a2f34382d3438203d3e20313337333235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:8b00::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:63:50:24:a1:11:1f:ee:e7:20:b3:66:f8:cf:40:f2:c1:a9:
         ae:65:4f:ef:ea:9b:74:c3:fe:6d:ea:f2:9c:cf:0a:63:16:79:
         5e:0b:c1:7e:b8:9a:07:4f:87:5c:ed:a2:13:41:a9:12:18:45:
         2d:5b:6d:b7:58:7d:a5:79:12:ee:51:76:7d:25:64:f4:1c:51:
         eb:78:fe:d3:78:47:ad:5b:68:ff:a9:b4:80:b0:82:78:5e:05:
         3a:93:4a:01:78:22:aa:88:7f:6a:58:9d:91:08:a5:7a:ea:e0:
         bf:25:a2:fd:cf:9a:a7:8a:d7:1e:b0:8a:b0:b4:0e:19:d9:1c:
         16:f5:a2:02:a2:4d:f7:32:da:a1:d2:4c:c6:bf:d1:e4:5a:4e:
         80:e5:2d:35:8c:d6:e7:74:25:d1:4b:38:41:d5:3d:01:ee:0d:
         e6:c2:73:99:76:e6:15:6c:bb:1c:79:76:f7:0c:26:13:6c:64:
         ee:3f:3c:d0:29:78:83:67:f1:28:96:36:d7:69:c9:fe:3a:a8:
         97:ba:32:24:11:26:36:92:a2:95:a2:ab:4f:2f:ba:76:d8:ae:
         91:90:5c:f7:86:7d:9b:20:8e:4b:80:7b:91:74:18:fc:ac:0a:
         88:29:9f:7a:b5:16:5b:30:76:33:c9:7a:4f:e4:37:6f:f4:a5:
         4e:a6:78:6e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIURqCNF/gpMf9AxPsoFsjJbmxtjRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUNBNkRCM0E3QUMxNEQyNjg3NTI2NDc5M0ZCNUQ0ODhC
Q0YwMUY0NTAeFw0yMzA3MzEwMDA4MzhaFw0yNDA3MjkwMDEzMzhaMDMxMTAvBgNV
BAMTKDhCRjkxNkI5MzQ0Nzk2QTY5NEI3NTkyRkI5MUQ0QTk1M0FCMDBGQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/qBy6xAB+8JuUUW33NROBU3UF
PUPajPJfHpkuHAzVdwTizq5wn5NzQYec1ZimWnaYvPUMqJcm1VmSIiYtC4ODXuB5
y2yCTKcU9eS3mRY/+3k3YUMJp0JJGF0nxWy7Jov0jXMKz88e4zsoXWTxoGNr5n0B
lO/X9TOrQ+GET2iUP4xLp6unKR/E9ZuYpqboE6Kgy6D5eEgkq3LDCsrGoredYhFC
w1arJm3EAIWpq2K3n2qTbof7p44Yd8seo+25H4TSRLr9kaW5nvsF8NNrMKKCI4dV
OkKX5emHbCAtKq+5pSOOjKMiixBmnb8GAdKAxfsKZQd15xmtSsJUkiFblQ7hAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUi/kWuTRHlqaUt1kvuR1KlTqwD7MwHwYDVR0j
BBgwFoAUnKbbOnrBTSaHUmR5P7XUiLzwH0UwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
MDY1MmJjNi04YmI2LTRmMjYtODhiMS0zODBkYWMxOGUyNjgvMC85Q0E2REIzQTdB
QzE0RDI2ODc1MjY0NzkzRkI1RDQ4OEJDRjAxRjQ1LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUNBNkRCM0E3QUMxNEQyNjg3NTI2NDc5M0ZCNUQ0ODhCQ0Yw
MUY0NS5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzkwNjUyYmM2LThiYjYtNGYyNi04
OGIxLTM4MGRhYzE4ZTI2OC8wLzMyMzAzMDMxM2E2NDY2MzQzYTM4NjIzMDMwM2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzMzM3MzMzMjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEN
9IsAMA0GCSqGSIb3DQEBCwUAA4IBAQCOY1AkoREf7ucgs2b4z0DywamuZU/v6pt0
w/5t6vKczwpjFnleC8F+uJoHT4dc7aITQakSGEUtW223WH2leRLuUXZ9JWT0HFHr
eP7TeEetW2j/qbSAsIJ4XgU6k0oBeCKqiH9qWJ2RCKV66uC/JaL9z5qnitcesIqw
tA4Z2RwW9aICok33Mtqh0kzGv9HkWk6A5S01jNbndCXRSzhB1T0B7g3mwnOZduYV
bLsceXb3DCYTbGTuPzzQKXiDZ/EoljbXacn+OqiXujIkESY2kqKVoqtPL7p22K6R
kFz3hn2bII5LgHuRdBj8rAqIKZ96tRZbMHYzyXpP5Ddv9KVOpnhu
-----END CERTIFICATE-----
Generated at Tue Mar 26 17:57:19 2024 by rpki-client on console-ams.rpki-client.org