Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/323430313a383434303a3233313a3a2f34382d3438203d3e20313336313331.roa
File:                     323430313a383434303a3233313a3a2f34382d3438203d3e20313336313331.roa (raw, json)
Hash identifier:          FGjA3YaUzjk+Q4B/swMOf/6FNl/e1JQbVi/5xs5GJxc=
Subject key identifier:   13:7E:77:C3:9A:18:F4:B9:02:CF:DF:C2:33:78:67:6A:48:9F:B6:1D
Certificate issuer:       /CN=7D64B8F4CFB687141137D10F9E73FFD0BAB93F67
Certificate serial:       33A8811D61699461936D702926D50D9C49A6B1B0
Authority key identifier: 7D:64:B8:F4:CF:B6:87:14:11:37:D1:0F:9E:73:FF:D0:BA:B9:3F:67
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/323430313a383434303a3233313a3a2f34382d3438203d3e20313336313331.roa
Signing time:             Wed 15 May 2024 10:01:36 +0000
ROA not before:           Wed 15 May 2024 09:56:36 +0000
ROA not after:            Wed 14 May 2025 10:01:36 +0000
asID:                     136131
IP address blocks:        2401:8440:231::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.crl
                          rsync://repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 07:57:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:a8:81:1d:61:69:94:61:93:6d:70:29:26:d5:0d:9c:49:a6:b1:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7D64B8F4CFB687141137D10F9E73FFD0BAB93F67
        Validity
            Not Before: May 15 09:56:36 2024 GMT
            Not After : May 14 10:01:36 2025 GMT
        Subject: CN=137E77C39A18F4B902CFDFC23378676A489FB61D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c1:3d:e0:32:c9:4d:ea:59:31:f1:e4:76:a9:
                    3a:7a:03:35:52:db:7d:a3:d5:54:8f:50:eb:2b:6c:
                    66:63:ff:07:b2:c6:03:97:7c:9f:55:46:65:5d:e4:
                    41:e5:ac:ab:9e:1b:af:93:64:48:07:22:7e:0a:a0:
                    21:f0:3f:5b:b9:be:bb:74:92:1b:53:00:f0:f7:02:
                    97:5f:e9:82:b8:5e:ec:83:43:e3:af:0a:14:e4:e2:
                    10:b6:83:1d:ba:40:68:9b:51:69:ab:31:3c:35:58:
                    84:81:e4:97:8a:49:f3:9d:eb:f1:a4:fb:21:ab:a1:
                    45:30:0f:a8:79:2d:29:4b:d0:22:e0:15:67:2d:38:
                    47:a6:59:0b:9d:ad:8d:90:5d:f2:30:a1:4e:cf:a1:
                    22:2e:c3:3f:2d:a0:aa:5c:a5:a4:10:59:0d:f5:96:
                    85:fe:ae:82:d2:09:7c:1e:b6:09:7b:fe:8f:bd:77:
                    43:b4:6a:86:24:8d:ed:02:17:64:32:40:d9:90:fc:
                    73:dc:5c:cf:91:4d:14:f3:81:ea:02:d4:d4:69:e9:
                    a3:91:49:4d:52:6a:73:e0:24:b2:c8:81:ee:0d:1b:
                    f1:d4:04:38:51:fd:b5:ba:2e:57:e2:fc:49:33:b1:
                    4d:f3:62:ab:3b:1b:88:df:64:55:20:7d:e8:15:1f:
                    ff:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:7E:77:C3:9A:18:F4:B9:02:CF:DF:C2:33:78:67:6A:48:9F:B6:1D
            X509v3 Authority Key Identifier:
                keyid:7D:64:B8:F4:CF:B6:87:14:11:37:D1:0F:9E:73:FF:D0:BA:B9:3F:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/7D64B8F4CFB687141137D10F9E73FFD0BAB93F67.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/957b0d7e-eade-4318-ab20-8c7f2d5be69f/0/323430313a383434303a3233313a3a2f34382d3438203d3e20313336313331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:8440:231::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:f8:cd:4a:b7:9a:26:89:9d:54:63:4b:08:78:48:5a:dc:da:
         61:36:5c:50:54:85:31:82:24:62:2a:88:96:db:97:6b:a4:5e:
         21:6c:3e:cf:d8:d8:f6:f5:4c:c7:c7:70:bb:da:5d:a6:02:fd:
         cd:51:bf:66:c1:ff:8c:c2:2a:68:8b:1b:45:89:e5:3f:41:20:
         62:72:e2:77:fa:43:b9:67:3f:e0:ba:5e:95:d1:6a:81:3b:86:
         ae:c4:79:47:9f:c5:0b:f7:72:20:8d:cd:1a:6c:22:d8:b9:0f:
         81:24:68:0a:db:d7:04:f1:6b:75:6d:5d:43:6b:25:a9:41:18:
         d1:0d:1c:5e:29:8e:7e:7b:88:3a:20:8c:5f:44:7a:bd:b9:ca:
         93:28:1b:75:5a:3b:d1:bf:23:65:db:2e:fb:78:9c:94:ee:7d:
         be:29:a8:de:be:95:59:ff:0b:49:00:52:d8:21:ee:5b:c3:ef:
         7b:12:fe:43:4f:25:e3:ac:e8:d3:4d:23:10:06:f4:42:b1:2f:
         72:a8:90:69:bd:b1:c1:bc:e8:45:0a:a7:eb:d6:7f:7d:39:6b:
         8d:6f:27:b7:96:5f:5b:eb:7e:a1:99:10:9d:36:99:1f:4c:c6:
         64:a7:15:0e:bc:10:3c:7b:f0:84:40:8a:b0:93:cf:02:06:68:
         c7:73:db:7c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUM6iBHWFplGGTbXApJtUNnEmmsbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN0Q2NEI4RjRDRkI2ODcxNDExMzdEMTBGOUU3M0ZGRDBC
QUI5M0Y2NzAeFw0yNDA1MTUwOTU2MzZaFw0yNTA1MTQxMDAxMzZaMDMxMTAvBgNV
BAMTKDEzN0U3N0MzOUExOEY0QjkwMkNGREZDMjMzNzg2NzZBNDg5RkI2MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIwT3gMslN6lkx8eR2qTp6AzVS
232j1VSPUOsrbGZj/weyxgOXfJ9VRmVd5EHlrKueG6+TZEgHIn4KoCHwP1u5vrt0
khtTAPD3Apdf6YK4XuyDQ+OvChTk4hC2gx26QGibUWmrMTw1WISB5JeKSfOd6/Gk
+yGroUUwD6h5LSlL0CLgFWctOEemWQudrY2QXfIwoU7PoSIuwz8toKpcpaQQWQ31
loX+roLSCXwetgl7/o+9d0O0aoYkje0CF2QyQNmQ/HPcXM+RTRTzgeoC1NRp6aOR
SU1SanPgJLLIge4NG/HUBDhR/bW6Llfi/EkzsU3zYqs7G4jfZFUgfegVH/9FAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUE353w5oY9LkCz9/CM3hnakifth0wHwYDVR0j
BBgwFoAUfWS49M+2hxQRN9EPnnP/0Lq5P2cwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby85
NTdiMGQ3ZS1lYWRlLTQzMTgtYWIyMC04YzdmMmQ1YmU2OWYvMC83RDY0QjhGNENG
QjY4NzE0MTEzN0QxMEY5RTczRkZEMEJBQjkzRjY3LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvN0Q2NEI4RjRDRkI2ODcxNDExMzdEMTBGOUU3M0ZGRDBCQUI5
M0Y2Ny5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzk1N2IwZDdlLWVhZGUtNDMxOC1h
YjIwLThjN2YyZDViZTY5Zi8wLzMyMzQzMDMxM2EzODM0MzQzMDNhMzIzMzMxM2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzMzM2MzEzMzMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJAGE
QAIxMA0GCSqGSIb3DQEBCwUAA4IBAQBH+M1Kt5omiZ1UY0sIeEha3NphNlxQVIUx
giRiKoiW25drpF4hbD7P2Nj29UzHx3C72l2mAv3NUb9mwf+MwipoixtFieU/QSBi
cuJ3+kO5Zz/gul6V0WqBO4auxHlHn8UL93Igjc0abCLYuQ+BJGgK29cE8Wt1bV1D
ayWpQRjRDRxeKY5+e4g6IIxfRHq9ucqTKBt1WjvRvyNl2y77eJyU7n2+KajevpVZ
/wtJAFLYIe5bw+97Ev5DTyXjrOjTTSMQBvRCsS9yqJBpvbHBvOhFCqfr1n99OWuN
bye3ll9b636hmRCdNpkfTMZkpxUOvBA8e/CEQIqwk88CBmjHc9t8
-----END CERTIFICATE-----
Generated at Thu Nov 21 09:17:20 2024 by rpki-client on console-fra.rpki-client.org