Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/323430323a326134303a3a2f33322d3438203d3e20313336383733.roa
File:                     323430323a326134303a3a2f33322d3438203d3e20313336383733.roa (raw, json)
Hash identifier:          YW5mycHoMYt30I/MroADwhTM9WIv2HP4LkWL7TWNYnc=
Subject key identifier:   08:A2:34:9D:C0:42:FB:31:24:C3:15:D3:6D:1C:03:FD:74:0C:5D:33
Certificate issuer:       /CN=69D341364BC344B4ED6B3A65031AACB403AB3222
Certificate serial:       13F7733B00F02310B3F4E3447B8E20C1AB0B1AEC
Authority key identifier: 69:D3:41:36:4B:C3:44:B4:ED:6B:3A:65:03:1A:AC:B4:03:AB:32:22
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/69D341364BC344B4ED6B3A65031AACB403AB3222.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/323430323a326134303a3a2f33322d3438203d3e20313336383733.roa
Signing time:             Tue 12 Mar 2024 06:00:01 +0000
ROA not before:           Tue 12 Mar 2024 05:55:01 +0000
ROA not after:            Tue 11 Mar 2025 06:00:01 +0000
asID:                     136873
IP address blocks:        2402:2a40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/69D341364BC344B4ED6B3A65031AACB403AB3222.crl
                          rsync://repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/69D341364BC344B4ED6B3A65031AACB403AB3222.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/69D341364BC344B4ED6B3A65031AACB403AB3222.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 23:05:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:f7:73:3b:00:f0:23:10:b3:f4:e3:44:7b:8e:20:c1:ab:0b:1a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69D341364BC344B4ED6B3A65031AACB403AB3222
        Validity
            Not Before: Mar 12 05:55:01 2024 GMT
            Not After : Mar 11 06:00:01 2025 GMT
        Subject: CN=08A2349DC042FB3124C315D36D1C03FD740C5D33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:f1:09:81:06:22:d7:f7:fa:65:f6:a0:3e:
                    da:3b:2c:8f:23:88:7d:a8:57:7b:26:0e:41:00:19:
                    df:88:8c:d6:bd:8c:64:52:c8:c3:c6:65:c6:bc:d2:
                    4a:81:0a:6b:37:be:33:74:41:03:b3:db:34:48:3b:
                    ce:42:a9:2c:24:d6:73:9f:f4:d8:2a:46:d2:f3:e3:
                    f4:76:97:f8:66:4d:a1:e5:db:91:0d:a2:b5:d2:31:
                    a1:9f:ae:8e:9c:e6:ba:f7:16:b2:d6:8f:7d:22:76:
                    16:f1:6a:9a:a7:83:c0:c6:f8:78:7c:ff:96:38:c6:
                    e1:54:03:d5:e3:04:d6:71:48:a4:b4:47:f9:00:2e:
                    be:90:0c:66:e0:c7:58:1b:e4:6b:e2:18:eb:c6:b6:
                    d5:09:15:7b:73:7a:4f:12:8c:2f:f8:2d:eb:1e:26:
                    15:9f:f8:40:39:21:ab:f7:0b:84:1b:6a:3a:e0:54:
                    66:41:7e:ae:a8:c9:b7:b8:1c:6b:21:b2:73:ec:30:
                    e9:55:15:b2:cf:6a:49:ef:79:0a:82:b1:a4:f9:ed:
                    89:7e:89:21:fe:b7:6c:55:17:8f:5e:1c:db:91:04:
                    d0:b1:95:f6:d6:c6:57:7f:53:20:92:28:de:fe:53:
                    ae:73:5e:a7:0b:87:dd:71:32:1c:69:c6:d4:b8:4a:
                    38:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A2:34:9D:C0:42:FB:31:24:C3:15:D3:6D:1C:03:FD:74:0C:5D:33
            X509v3 Authority Key Identifier:
                keyid:69:D3:41:36:4B:C3:44:B4:ED:6B:3A:65:03:1A:AC:B4:03:AB:32:22

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/69D341364BC344B4ED6B3A65031AACB403AB3222.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/69D341364BC344B4ED6B3A65031AACB403AB3222.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/657a6bcb-9eb6-49de-b998-0bed3c5c1278/0/323430323a326134303a3a2f33322d3438203d3e20313336383733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:2a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:5f:89:2b:43:94:37:6b:27:8a:67:4f:30:c0:4a:01:4c:c5:
         c7:8d:d8:6a:1d:47:09:48:5d:a7:3b:47:b4:08:83:10:6b:18:
         51:dd:e2:e5:87:38:f8:5c:79:23:51:f4:a1:5c:b8:e5:3e:42:
         0a:2d:51:80:5d:f5:86:49:91:7f:ed:3a:5f:ef:32:94:01:27:
         05:bf:d8:94:0c:c5:76:ad:5f:f9:0f:f7:8c:17:72:68:27:ad:
         d6:95:be:87:72:6c:81:39:87:99:54:9f:20:13:d6:bf:e7:f6:
         25:dc:d8:ec:fd:88:3c:57:31:76:6f:0e:ae:b7:b4:18:f3:ea:
         82:ba:32:cb:3c:86:fb:5f:f3:c8:c7:54:c3:41:8d:78:42:a5:
         c0:79:22:09:8f:da:c0:b0:96:ce:be:b0:e2:7d:e0:50:cb:2a:
         e8:f9:ae:e0:a8:be:63:dc:59:ae:e2:20:35:4c:58:fb:36:32:
         1d:4a:3f:0e:d2:1d:61:0e:43:51:97:3c:1f:72:0d:ab:c7:f0:
         46:0c:9d:2a:6a:b2:48:9e:f3:57:07:ce:68:a3:5a:92:e6:f0:
         73:14:49:a7:3b:d9:e2:ae:2f:e3:93:17:18:60:2f:56:28:bf:
         61:43:00:14:82:0f:84:39:34:04:4f:37:30:bc:d1:cb:3c:ed:
         95:9a:cc:fd
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUE/dzOwDwIxCz9ONEe44gwasLGuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjlEMzQxMzY0QkMzNDRCNEVENkIzQTY1MDMxQUFDQjQw
M0FCMzIyMjAeFw0yNDAzMTIwNTU1MDFaFw0yNTAzMTEwNjAwMDFaMDMxMTAvBgNV
BAMTKDA4QTIzNDlEQzA0MkZCMzEyNEMzMTVEMzZEMUMwM0ZENzQwQzVEMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7VPEJgQYi1/f6ZfagPto7LI8j
iH2oV3smDkEAGd+IjNa9jGRSyMPGZca80kqBCms3vjN0QQOz2zRIO85CqSwk1nOf
9NgqRtLz4/R2l/hmTaHl25ENorXSMaGfro6c5rr3FrLWj30idhbxapqng8DG+Hh8
/5Y4xuFUA9XjBNZxSKS0R/kALr6QDGbgx1gb5GviGOvGttUJFXtzek8SjC/4Lese
JhWf+EA5Iav3C4QbajrgVGZBfq6oybe4HGshsnPsMOlVFbLPaknveQqCsaT57Yl+
iSH+t2xVF49eHNuRBNCxlfbWxld/UyCSKN7+U65zXqcLh91xMhxpxtS4SjhvAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUCKI0ncBC+zEkwxXTbRwD/XQMXTMwHwYDVR0j
BBgwFoAUadNBNkvDRLTtazplAxqstAOrMiIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby82
NTdhNmJjYi05ZWI2LTQ5ZGUtYjk5OC0wYmVkM2M1YzEyNzgvMC82OUQzNDEzNjRC
QzM0NEI0RUQ2QjNBNjUwMzFBQUNCNDAzQUIzMjIyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNjlEMzQxMzY0QkMzNDRCNEVENkIzQTY1MDMxQUFDQjQwM0FC
MzIyMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzY1N2E2YmNiLTllYjYtNDlkZS1i
OTk4LTBiZWQzYzVjMTI3OC8wLzMyMzQzMDMyM2EzMjYxMzQzMDNhM2EyZjMzMzIy
ZDM0MzgyMDNkM2UyMDMxMzMzNjM4MzczMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQCKkAwDQYJKoZI
hvcNAQELBQADggEBACJfiStDlDdrJ4pnTzDASgFMxceN2GodRwlIXac7R7QIgxBr
GFHd4uWHOPhceSNR9KFcuOU+QgotUYBd9YZJkX/tOl/vMpQBJwW/2JQMxXatX/kP
94wXcmgnrdaVvodybIE5h5lUnyAT1r/n9iXc2Oz9iDxXMXZvDq63tBjz6oK6Mss8
hvtf88jHVMNBjXhCpcB5IgmP2sCwls6+sOJ94FDLKuj5ruCovmPcWa7iIDVMWPs2
Mh1KPw7SHWEOQ1GXPB9yDavH8EYMnSpqskie81cHzmijWpLm8HMUSac72eKuL+OT
FxhgL1Yov2FDABSCD4Q5NARPNzC80cs87ZWazP0=
-----END CERTIFICATE-----
Generated at Wed Nov 20 21:51:32 2024 by rpki-client on console-fra.rpki-client.org