Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a393a3a2f34382d3438203d3e20313437313337.roa
File:                     323430303a343661303a393a3a2f34382d3438203d3e20313437313337.roa (raw, json)
Hash identifier:          4P+oZRZmcq8v7Ko2RuYBDL0ECJM0rg954w7A0PDC6Vw=
Subject key identifier:   52:93:65:BE:28:B9:2B:9D:06:72:BB:AA:E6:7B:8F:69:BC:3E:13:93
Certificate issuer:       /CN=9A52B6405ED406A7B17C4478D516DF3E37282980
Certificate serial:       762C5FEE1E4A8F50E2C6CC4CCCC5DDDBBE3961C1
Authority key identifier: 9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a393a3a2f34382d3438203d3e20313437313337.roa
Signing time:             Thu 08 Aug 2024 19:04:34 +0000
ROA not before:           Thu 08 Aug 2024 18:59:34 +0000
ROA not after:            Thu 07 Aug 2025 19:04:34 +0000
asID:                     147137
IP address blocks:        2400:46a0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl
                          rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 15:09:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:2c:5f:ee:1e:4a:8f:50:e2:c6:cc:4c:cc:c5:dd:db:be:39:61:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9A52B6405ED406A7B17C4478D516DF3E37282980
        Validity
            Not Before: Aug  8 18:59:34 2024 GMT
            Not After : Aug  7 19:04:34 2025 GMT
        Subject: CN=529365BE28B92B9D0672BBAAE67B8F69BC3E1393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:90:c4:c7:db:d8:01:76:cd:c3:2c:b6:54:60:
                    17:39:d3:bf:52:8f:65:64:de:da:bc:fb:e9:b1:f1:
                    0f:65:ca:9a:3a:ef:74:be:ad:56:da:ad:00:00:10:
                    5a:04:b3:ec:0b:6c:e2:c5:02:14:43:50:90:57:8b:
                    27:3e:13:62:3d:a3:b6:65:e8:bd:66:05:51:74:37:
                    96:b2:90:0d:0c:19:6c:28:62:ed:b6:87:a4:1f:db:
                    2c:6c:87:2c:78:c2:93:8a:c2:eb:59:d7:75:51:7c:
                    01:6b:af:f8:52:8c:e2:9a:59:d1:01:58:a0:aa:41:
                    7e:42:b2:4e:eb:d4:6c:38:43:78:52:9d:32:08:60:
                    2b:dc:02:64:08:11:40:d2:35:16:25:27:23:82:ea:
                    79:0e:62:21:04:ca:d9:47:2b:fb:a1:e3:9a:85:a6:
                    c5:09:c8:32:ac:cc:66:1f:76:77:30:99:87:30:95:
                    06:36:9d:df:64:0a:0d:29:9c:9b:9e:2f:c6:5a:53:
                    d4:3d:34:26:ad:dd:30:46:f8:9b:ea:52:ed:c0:3e:
                    af:70:c7:ec:e3:70:23:18:35:92:73:7c:7a:8f:c7:
                    a0:94:c6:a0:3a:61:78:21:16:ac:fb:ac:b5:e2:a6:
                    53:4e:86:1c:7c:df:23:06:a7:d6:92:bc:ae:4a:be:
                    08:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:93:65:BE:28:B9:2B:9D:06:72:BB:AA:E6:7B:8F:69:BC:3E:13:93
            X509v3 Authority Key Identifier:
                keyid:9A:52:B6:40:5E:D4:06:A7:B1:7C:44:78:D5:16:DF:3E:37:28:29:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/9A52B6405ED406A7B17C4478D516DF3E37282980.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/9A52B6405ED406A7B17C4478D516DF3E37282980.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/3a665c32-6daf-472b-bce6-317d5d6c789e/0/323430303a343661303a393a3a2f34382d3438203d3e20313437313337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:46a0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:6f:52:0f:33:a7:1f:5b:73:35:f2:9e:21:7b:92:3f:30:eb:
         8f:08:09:8a:a2:62:10:18:48:39:c9:17:b6:bc:1c:a4:41:e8:
         0a:61:9a:b0:60:a3:b4:6f:ba:5f:76:bc:63:45:8e:74:52:2e:
         90:94:da:e3:7c:b8:57:73:e3:0e:03:3a:7c:e0:5f:6e:80:a1:
         a3:46:ce:d9:16:15:f4:5b:16:16:a0:9d:ba:c3:0a:21:3b:da:
         a9:95:a3:66:c8:f8:74:8f:89:f2:71:4f:08:40:c3:65:52:1e:
         ff:26:d0:fe:5a:69:c9:ae:7c:00:23:6e:d7:19:a6:94:61:a2:
         18:51:a0:ab:be:c3:19:a6:0f:a9:5f:49:8b:cd:0b:84:30:52:
         f3:61:cb:4a:c9:dd:04:75:f5:c5:ac:c3:fb:2d:db:94:dd:58:
         7c:e7:b4:39:6d:39:24:eb:ba:53:22:e0:45:90:d7:5c:93:58:
         d1:2c:b3:85:b5:ed:1e:7e:be:cf:d1:99:2e:3c:55:a3:81:f0:
         b8:8b:ec:4e:7c:d3:4c:fa:f6:a7:7e:08:13:36:8c:c9:c3:1b:
         6b:75:46:b5:29:2d:ca:4b:ef:34:d8:12:b8:af:0e:c3:e7:a0:
         a1:00:75:2d:5b:45:ca:d2:e6:be:88:df:8d:ce:e8:22:46:22:
         dd:1a:75:02
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdixf7h5Kj1DixsxMzMXd2745YcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0Uz
NzI4Mjk4MDAeFw0yNDA4MDgxODU5MzRaFw0yNTA4MDcxOTA0MzRaMDMxMTAvBgNV
BAMTKDUyOTM2NUJFMjhCOTJCOUQwNjcyQkJBQUU2N0I4RjY5QkMzRTEzOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5kMTH29gBds3DLLZUYBc5079S
j2Vk3tq8++mx8Q9lypo673S+rVbarQAAEFoEs+wLbOLFAhRDUJBXiyc+E2I9o7Zl
6L1mBVF0N5aykA0MGWwoYu22h6Qf2yxshyx4wpOKwutZ13VRfAFrr/hSjOKaWdEB
WKCqQX5Csk7r1Gw4Q3hSnTIIYCvcAmQIEUDSNRYlJyOC6nkOYiEEytlHK/uh45qF
psUJyDKszGYfdncwmYcwlQY2nd9kCg0pnJueL8ZaU9Q9NCat3TBG+JvqUu3APq9w
x+zjcCMYNZJzfHqPx6CUxqA6YXghFqz7rLXiplNOhhx83yMGp9aSvK5KvgiTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUpNlvii5K50Gcruq5nuPabw+E5MwHwYDVR0j
BBgwFoAUmlK2QF7UBqexfER41RbfPjcoKYAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8z
YTY2NWMzMi02ZGFmLTQ3MmItYmNlNi0zMTdkNWQ2Yzc4OWUvMC85QTUyQjY0MDVF
RDQwNkE3QjE3QzQ0NzhENTE2REYzRTM3MjgyOTgwLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOUE1MkI2NDA1RUQ0MDZBN0IxN0M0NDc4RDUxNkRGM0UzNzI4
Mjk4MC5jZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzNhNjY1YzMyLTZkYWYtNDcyYi1i
Y2U2LTMxN2Q1ZDZjNzg5ZS8wLzMyMzQzMDMwM2EzNDM2NjEzMDNhMzkzYTNhMmYz
NDM4MmQzNDM4MjAzZDNlMjAzMTM0MzczMTMzMzcucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAkAEagAAkw
DQYJKoZIhvcNAQELBQADggEBAFlvUg8zpx9bczXyniF7kj8w648ICYqiYhAYSDnJ
F7a8HKRB6AphmrBgo7Rvul92vGNFjnRSLpCU2uN8uFdz4w4DOnzgX26AoaNGztkW
FfRbFhagnbrDCiE72qmVo2bI+HSPifJxTwhAw2VSHv8m0P5aacmufAAjbtcZppRh
ohhRoKu+wxmmD6lfSYvNC4QwUvNhy0rJ3QR19cWsw/st25TdWHzntDltOSTrulMi
4EWQ11yTWNEss4W17R5+vs/RmS48VaOB8LiL7E5800z69qd+CBM2jMnDG2t1RrUp
LcpL7zTYErivDsPnoKEAdS1bRcrS5r6I343O6CJGIt0adQI=
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:01:43 2024 by rpki-client on console-fra.rpki-client.org