Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a31383a3a2f34382d3438203d3e20313437313337.roa
File:                     323430303a343661303a31383a3a2f34382d3438203d3e20313437313337.roa (raw, json)
Hash identifier:          lU4krARzF94xW6yIUtLYTvIXCuXd5JN3d9Mt84DDor8=
Subject key identifier:   2B:39:A2:72:B1:D2:30:B3:8F:0A:34:B5:DF:78:15:9B:31:A0:74:9D
Certificate issuer:       /CN=9A52B6405ED406A7B17C4478D516DF3E37282980
Certificate serial:       2CDF4B98AB379AB4E7D39397A322382381246467
Authority key identifier: 9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a31383a3a2f34382d3438203d3e20313437313337.roa
Signing time:             Thu 08 Aug 2024 19:07:18 +0000
ROA not before:           Thu 08 Aug 2024 19:02:18 +0000
ROA not after:            Thu 07 Aug 2025 19:07:18 +0000
asID:                     147137
IP address blocks:        2400:46a0:18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl
                          rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 15:09:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:df:4b:98:ab:37:9a:b4:e7:d3:93:97:a3:22:38:23:81:24:64:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9A52B6405ED406A7B17C4478D516DF3E37282980
        Validity
            Not Before: Aug  8 19:02:18 2024 GMT
            Not After : Aug  7 19:07:18 2025 GMT
        Subject: CN=2B39A272B1D230B38F0A34B5DF78159B31A0749D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:28:82:e0:9b:fb:30:01:39:b0:c1:b8:23:22:
                    8e:09:7e:e9:2e:0d:52:f5:31:ca:c0:a4:16:17:69:
                    70:08:03:6e:00:39:65:e7:67:15:09:55:b0:8c:6d:
                    3f:24:1d:c1:c0:1c:9c:b0:1c:6a:9a:20:d4:7f:75:
                    f2:f4:61:2f:3a:58:ae:40:82:bf:d1:d3:01:35:30:
                    1e:a7:58:3e:76:1b:ee:6d:f5:77:de:fc:21:bc:e7:
                    23:67:60:a7:7e:6f:fe:ed:12:8d:1f:c6:25:01:a4:
                    2b:27:0d:4d:2f:0b:c3:c9:12:2d:6f:32:83:a1:6a:
                    df:6b:a2:79:5e:e8:fe:98:6f:96:9a:42:07:7e:e4:
                    a7:58:12:03:50:9d:42:f3:8d:28:b3:e9:18:6b:c2:
                    dd:7f:4b:51:21:7f:28:b5:60:6c:eb:9d:47:b3:28:
                    14:f2:c9:dd:ac:c9:28:7a:1e:37:b8:1e:47:d0:51:
                    71:bf:42:b4:28:6c:06:c9:1e:c2:5e:29:10:2f:94:
                    49:f5:51:a3:6d:78:3c:e5:ca:b8:d6:fd:bc:ad:31:
                    94:45:34:05:5a:ec:c6:21:ff:49:23:d7:7a:2c:72:
                    60:a3:76:81:a9:65:e6:3f:67:ff:78:db:a8:d8:cd:
                    45:16:ab:c4:f6:c3:f5:3b:04:43:09:71:26:ea:f5:
                    1c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:39:A2:72:B1:D2:30:B3:8F:0A:34:B5:DF:78:15:9B:31:A0:74:9D
            X509v3 Authority Key Identifier:
                keyid:9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a31383a3a2f34382d3438203d3e20313437313337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:46a0:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:df:fd:4d:87:1c:cb:a8:31:2e:9a:a7:7b:13:a8:3b:9f:df:
         13:60:87:07:97:08:d6:7f:f0:ba:da:c1:fe:e5:c1:a4:0a:59:
         99:de:52:a3:ec:ab:45:79:8a:f5:6f:db:7c:14:5a:35:86:5c:
         62:c4:d9:dc:92:44:c5:db:89:ec:56:1f:fb:79:2d:73:d6:cf:
         c6:d6:ec:f8:65:41:57:d2:e0:ba:c6:a1:65:a2:07:72:1c:f4:
         d1:ae:af:c9:ad:9d:11:36:b8:ef:66:c3:f5:07:a6:70:ba:41:
         4c:8a:83:b1:50:28:17:8a:25:5e:75:66:19:19:ec:03:5f:4c:
         ea:9f:6c:ce:f9:82:a9:bb:5f:2d:4e:d2:25:46:c1:2a:b9:a1:
         2f:3e:2f:9a:46:ac:1f:94:a8:3e:e7:a5:f0:d0:5d:11:71:b8:
         6c:0b:eb:ef:a4:3f:58:dd:3f:13:da:1a:a0:69:7e:25:c0:42:
         77:2f:c0:87:37:fd:4c:fa:53:1f:75:1f:e7:ca:de:ca:ae:81:
         9d:14:07:7d:0a:a7:76:60:bd:a8:ac:f0:2b:84:ea:64:e1:ff:
         d9:1d:0c:73:95:a7:89:3b:85:58:d6:32:0a:38:e3:b8:2d:c4:
         68:71:27:de:d2:43:d2:1a:ff:45:de:d4:89:11:c2:5e:78:fd:
         17:6a:c3:00
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULN9LmKs3mrTn05OXoyI4I4EkZGcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0Uz
NzI4Mjk4MDAeFw0yNDA4MDgxOTAyMThaFw0yNTA4MDcxOTA3MThaMDMxMTAvBgNV
BAMTKDJCMzlBMjcyQjFEMjMwQjM4RjBBMzRCNURGNzgxNTlCMzFBMDc0OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXKILgm/swATmwwbgjIo4Jfuku
DVL1McrApBYXaXAIA24AOWXnZxUJVbCMbT8kHcHAHJywHGqaINR/dfL0YS86WK5A
gr/R0wE1MB6nWD52G+5t9Xfe/CG85yNnYKd+b/7tEo0fxiUBpCsnDU0vC8PJEi1v
MoOhat9ronle6P6Yb5aaQgd+5KdYEgNQnULzjSiz6Rhrwt1/S1Ehfyi1YGzrnUez
KBTyyd2sySh6Hje4HkfQUXG/QrQobAbJHsJeKRAvlEn1UaNteDzlyrjW/bytMZRF
NAVa7MYh/0kj13oscmCjdoGpZeY/Z/9426jYzUUWq8T2w/U7BEMJcSbq9Rz1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKzmicrHSMLOPCjS133gVmzGgdJ0wHwYDVR0j
BBgwFoAUmlK2QF7UBqexfER41RbfPjcoKYAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YTY2NWMzMi02ZGFmLTQ3MmItYmNlNi0zMTdkNWQ2Yzc4OWUvMC85QTUyQjY0MDVF
RDQwNkE3QjE3QzQ0NzhENTE2REYzRTM3MjgyOTgwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0UzNzI4
Mjk4MC5jZXIwgagGCCsGAQUFBwELBIGbMIGYMIGVBggrBgEFBQcwC4aBiHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNhNjY1YzMyLTZkYWYtNDcyYi1i
Y2U2LTMxN2Q1ZDZjNzg5ZS8wLzMyMzQzMDMwM2EzNDM2NjEzMDNhMzEzODNhM2Ey
ZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzQzNzMxMzMzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACQARqAA
GDANBgkqhkiG9w0BAQsFAAOCAQEAJ9/9TYccy6gxLpqnexOoO5/fE2CHB5cI1n/w
utrB/uXBpApZmd5So+yrRXmK9W/bfBRaNYZcYsTZ3JJExduJ7FYf+3ktc9bPxtbs
+GVBV9LgusahZaIHchz00a6vya2dETa472bD9QemcLpBTIqDsVAoF4olXnVmGRns
A19M6p9szvmCqbtfLU7SJUbBKrmhLz4vmkasH5SoPuel8NBdEXG4bAvr76Q/WN0/
E9oaoGl+JcBCdy/Ahzf9TPpTH3Uf58reyq6BnRQHfQqndmC9qKzwK4TqZOH/2R0M
c5WniTuFWNYyCjjjuC3EaHEn3tJD0hr/Rd7UiRHCXnj9F2rDAA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:01:43 2024 by rpki-client on console-fra.rpki-client.org