Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/323430363a323430303a3a2f33322d3438203d3e203435323837.roa
File:                     323430363a323430303a3a2f33322d3438203d3e203435323837.roa (raw, json)
Hash identifier:          Ds4sooWsPPhN9QBsUnzPXSJ13sDorHxDSx5pSjqvAr4=
Subject key identifier:   A9:65:97:01:74:A5:84:73:A1:C2:C3:EA:E1:C8:49:66:C7:C9:04:9D
Certificate issuer:       /CN=DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7
Certificate serial:       65EE5047FDE7AF4A633A77BE3DFE79D9105B64A6
Authority key identifier: DC:1F:CA:69:CA:5B:7A:3A:3E:48:25:B3:CA:FC:C3:BD:1B:C0:6E:B7
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/323430363a323430303a3a2f33322d3438203d3e203435323837.roa
Signing time:             Mon 31 Jul 2023 00:02:34 +0000
ROA not before:           Sun 30 Jul 2023 23:57:34 +0000
ROA not after:            Mon 29 Jul 2024 00:02:34 +0000
asID:                     45287
IP address blocks:        2406:2400::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.crl
                          rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 16:36:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ee:50:47:fd:e7:af:4a:63:3a:77:be:3d:fe:79:d9:10:5b:64:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7
        Validity
            Not Before: Jul 30 23:57:34 2023 GMT
            Not After : Jul 29 00:02:34 2024 GMT
        Subject: CN=A965970174A58473A1C2C3EAE1C84966C7C9049D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:c9:ca:77:7f:be:27:fa:91:cc:35:d6:4f:b5:
                    fe:80:e3:ee:6c:ff:8e:f4:8d:81:95:d1:f4:e3:66:
                    48:87:fb:6e:ec:ca:de:65:57:9e:2e:ff:8c:27:11:
                    b6:f4:ad:e8:1d:b4:74:c8:2c:66:b1:99:7e:4e:a6:
                    3c:47:28:82:4e:c2:52:56:5a:cb:91:6e:d4:46:3b:
                    a6:11:dc:c8:e7:2b:b0:4c:6d:f8:98:b2:a4:45:64:
                    b0:6c:db:a8:43:67:4c:a6:f4:91:b5:05:5f:f0:2b:
                    63:0b:96:88:be:2e:71:6b:d2:19:91:38:fa:3a:cc:
                    f0:53:51:0b:ba:99:66:30:09:85:ad:4d:3a:1f:97:
                    4b:aa:7d:b0:bb:d5:7e:64:dc:dd:31:bb:e8:f4:34:
                    c0:b3:d2:db:68:50:3b:0e:ff:5e:d8:58:44:e5:85:
                    99:92:c2:18:b8:8e:d9:c1:d5:62:26:88:63:5a:f9:
                    0a:97:8f:83:bb:aa:f7:3c:85:f2:14:f2:12:a6:d4:
                    ee:8b:fa:7f:7f:40:dd:2a:0d:d2:7d:c9:e9:d2:2a:
                    bf:40:8c:34:a8:81:4c:2d:e8:20:a2:af:60:04:17:
                    2e:58:ab:0d:e5:64:51:a5:50:00:0f:62:cd:94:fc:
                    35:5e:5d:d8:cc:80:5a:a9:ff:7c:c0:3a:53:22:2d:
                    fb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:65:97:01:74:A5:84:73:A1:C2:C3:EA:E1:C8:49:66:C7:C9:04:9D
            X509v3 Authority Key Identifier:
                keyid:DC:1F:CA:69:CA:5B:7A:3A:3E:48:25:B3:CA:FC:C3:BD:1B:C0:6E:B7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/DC1FCA69CA5B7A3A3E4825B3CAFCC3BD1BC06EB7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/98249fc3-6c84-4e91-b067-a0c6a840a3a9/0/323430363a323430303a3a2f33322d3438203d3e203435323837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:2400::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:4c:ba:91:31:fd:7e:bf:92:ce:95:72:6f:cc:c6:1e:e1:b8:
         04:bf:53:ee:ef:ac:31:81:6e:31:ec:7f:0e:95:c1:0d:0b:3d:
         b0:1c:b4:f2:6d:7d:05:6b:06:78:b6:63:93:c7:0e:f2:d1:c6:
         e5:87:60:c8:c1:c6:fa:d7:32:59:d8:ae:ef:2b:2f:df:f4:53:
         54:83:63:50:7e:df:3a:7a:6a:c9:8b:da:c4:fe:be:67:03:48:
         d8:b9:d1:6f:f6:1b:f6:20:e9:3c:7c:d9:fa:8d:87:ed:d8:74:
         b0:8c:f4:90:68:01:1d:d7:c1:8b:d1:08:cf:94:e8:89:a3:79:
         94:32:ad:46:4b:a6:00:1a:79:1f:c2:ec:69:f3:0c:6b:08:5e:
         7b:56:21:ff:c5:9d:77:92:24:38:43:4e:d1:5e:88:4b:9b:97:
         6f:05:de:ac:4c:72:5e:28:95:f6:72:eb:e7:45:bc:99:66:16:
         66:39:2d:8a:05:55:9b:69:55:8a:2a:1e:02:fe:a4:08:aa:0e:
         4a:de:84:19:24:ec:84:64:d2:1f:b6:08:53:3c:3a:08:9b:9e:
         5a:89:99:8f:af:22:2e:eb:32:c2:ed:4b:2b:70:c0:ed:96:44:
         ad:da:fb:db:84:5e:5f:83:e1:64:7c:83:74:c2:4c:da:14:f4:
         17:6b:1c:87
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUZe5QR/3nr0pjOne+Pf552RBbZKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREMxRkNBNjlDQTVCN0EzQTNFNDgyNUIzQ0FGQ0MzQkQx
QkMwNkVCNzAeFw0yMzA3MzAyMzU3MzRaFw0yNDA3MjkwMDAyMzRaMDMxMTAvBgNV
BAMTKEE5NjU5NzAxNzRBNTg0NzNBMUMyQzNFQUUxQzg0OTY2QzdDOTA0OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0ycp3f74n+pHMNdZPtf6A4+5s
/470jYGV0fTjZkiH+27syt5lV54u/4wnEbb0regdtHTILGaxmX5OpjxHKIJOwlJW
WsuRbtRGO6YR3MjnK7BMbfiYsqRFZLBs26hDZ0ym9JG1BV/wK2MLloi+LnFr0hmR
OPo6zPBTUQu6mWYwCYWtTTofl0uqfbC71X5k3N0xu+j0NMCz0ttoUDsO/17YWETl
hZmSwhi4jtnB1WImiGNa+QqXj4O7qvc8hfIU8hKm1O6L+n9/QN0qDdJ9yenSKr9A
jDSogUwt6CCir2AEFy5Yqw3lZFGlUAAPYs2U/DVeXdjMgFqp/3zAOlMiLfv3AgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUqWWXAXSlhHOhwsPq4chJZsfJBJ0wHwYDVR0j
BBgwFoAU3B/Kacpbejo+SCWzyvzDvRvAbrcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
ODI0OWZjMy02Yzg0LTRlOTEtYjA2Ny1hMGM2YTg0MGEzYTkvMC9EQzFGQ0E2OUNB
NUI3QTNBM0U0ODI1QjNDQUZDQzNCRDFCQzA2RUI3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvREMxRkNBNjlDQTVCN0EzQTNFNDgyNUIzQ0FGQ0MzQkQxQkMw
NkVCNy5jZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzk4MjQ5ZmMzLTZjODQtNGU5MS1i
MDY3LWEwYzZhODQwYTNhOS8wLzMyMzQzMDM2M2EzMjM0MzAzMDNhM2EyZjMzMzIy
ZDM0MzgyMDNkM2UyMDM0MzUzMjM4Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkBiQAMA0GCSqGSIb3
DQEBCwUAA4IBAQACTLqRMf1+v5LOlXJvzMYe4bgEv1Pu76wxgW4x7H8OlcENCz2w
HLTybX0FawZ4tmOTxw7y0cblh2DIwcb61zJZ2K7vKy/f9FNUg2NQft86emrJi9rE
/r5nA0jYudFv9hv2IOk8fNn6jYft2HSwjPSQaAEd18GL0QjPlOiJo3mUMq1GS6YA
Gnkfwuxp8wxrCF57ViH/xZ13kiQ4Q07RXohLm5dvBd6sTHJeKJX2cuvnRbyZZhZm
OS2KBVWbaVWKKh4C/qQIqg5K3oQZJOyEZNIftghTPDoIm55aiZmPryIu6zLC7Usr
cMDtlkSt2vvbhF5fg+FkfIN0wkzaFPQXaxyH
-----END CERTIFICATE-----
Generated at Wed Mar 27 04:37:33 2024 by rpki-client on console-ams.rpki-client.org