Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/323030313a6466313a373334303a3a2f34382d3438203d3e20313530323439.roa
File:                     323030313a6466313a373334303a3a2f34382d3438203d3e20313530323439.roa (raw, json)
Hash identifier:          l8A0dkUzSxH4N0BqHgL6AzXZfIz+kSzGW/8HoGSl7ao=
Subject key identifier:   CF:A3:6B:75:05:C2:08:ED:55:91:7F:F3:46:63:B7:2B:DC:19:22:19
Certificate issuer:       /CN=968A6FAD637E47068D2FBC547FBF2C1C12F8C588
Certificate serial:       19E8BBDDBDBBB3860975A0344D45BF819BABE486
Authority key identifier: 96:8A:6F:AD:63:7E:47:06:8D:2F:BC:54:7F:BF:2C:1C:12:F8:C5:88
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/323030313a6466313a373334303a3a2f34382d3438203d3e20313530323439.roa
Signing time:             Mon 09 Sep 2024 16:00:00 +0000
ROA not before:           Mon 09 Sep 2024 15:55:00 +0000
ROA not after:            Mon 08 Sep 2025 16:00:00 +0000
asID:                     150249
IP address blocks:        2001:df1:7340::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.crl
                          rsync://repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 22:08:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:e8:bb:dd:bd:bb:b3:86:09:75:a0:34:4d:45:bf:81:9b:ab:e4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=968A6FAD637E47068D2FBC547FBF2C1C12F8C588
        Validity
            Not Before: Sep  9 15:55:00 2024 GMT
            Not After : Sep  8 16:00:00 2025 GMT
        Subject: CN=CFA36B7505C208ED55917FF34663B72BDC192219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c2:08:31:46:5b:2b:dc:1b:b3:53:27:09:0a:
                    dd:8a:ed:7c:1b:44:e4:2c:44:7b:e2:84:df:f8:f2:
                    50:43:fd:8c:b8:80:3a:21:8b:e3:4e:a8:e9:7b:f7:
                    51:43:c0:6f:c1:b9:ae:c2:7f:ec:15:47:b0:e4:9b:
                    9e:6f:cb:b3:d2:17:51:1e:0d:59:52:1d:04:00:b2:
                    f1:88:f7:ae:ed:3a:19:d4:bd:a5:3d:01:a5:20:27:
                    15:a1:cf:71:65:63:4c:5a:f4:ea:ee:b1:11:f0:86:
                    c0:e8:ac:c1:c4:29:53:c9:d7:b8:3b:aa:f7:e9:ea:
                    80:80:7c:07:4a:38:c0:44:ef:e0:09:61:bb:5d:36:
                    2e:e2:68:3d:04:4f:b1:b5:70:bd:72:0b:ca:e1:04:
                    97:73:bb:7e:5d:eb:57:80:3d:85:f3:ab:70:91:a5:
                    36:cd:40:c8:ab:7c:dc:46:64:9f:6c:83:b5:8c:99:
                    c7:00:90:48:47:fd:69:b1:16:7a:40:f1:7a:16:df:
                    23:59:a5:32:8f:55:51:52:ee:23:fa:35:54:55:5b:
                    3c:3e:a8:67:6e:ab:3d:c6:3a:e1:b0:f0:7f:e6:97:
                    e3:40:0e:da:24:e3:b8:15:ee:62:9e:31:0d:b4:8a:
                    68:b8:f8:d9:1f:f8:d4:07:04:95:fc:88:f7:18:ae:
                    da:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A3:6B:75:05:C2:08:ED:55:91:7F:F3:46:63:B7:2B:DC:19:22:19
            X509v3 Authority Key Identifier:
                keyid:96:8A:6F:AD:63:7E:47:06:8D:2F:BC:54:7F:BF:2C:1C:12:F8:C5:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/968A6FAD637E47068D2FBC547FBF2C1C12F8C588.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/a39c5484-2e37-48f9-8eba-0af4ef62947d/0/323030313a6466313a373334303a3a2f34382d3438203d3e20313530323439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:7340::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:5d:70:94:8c:9f:94:32:7d:1a:8b:81:99:56:4b:9c:a5:99:
         9e:07:5e:d4:34:b5:75:f3:df:ec:ea:f8:85:50:50:a1:8b:8b:
         c1:a6:70:83:7e:ba:0b:17:1c:8b:3f:f0:65:8e:81:fb:7f:a9:
         ed:7f:2a:e1:94:4d:ad:3d:46:56:26:50:81:a3:35:fe:88:46:
         e0:ec:71:c4:8c:7e:8b:d0:43:7d:d2:be:a1:65:22:f2:20:da:
         59:c2:0c:b8:79:d4:6c:db:d6:84:24:2c:cf:e2:76:13:b3:c0:
         45:03:20:d4:77:28:a0:cc:2b:dc:0a:50:93:cc:f3:73:f4:fd:
         30:d9:44:bd:25:72:96:69:30:80:52:4f:d2:65:5b:00:4f:88:
         c5:a9:61:c0:b8:ed:6c:96:ca:58:02:30:eb:df:97:b5:80:a9:
         80:30:ca:80:71:21:7b:54:0e:51:fc:d2:e1:bb:34:a1:fa:42:
         ed:4d:40:a0:71:52:ae:71:e1:d7:f8:26:54:68:d5:a9:48:7d:
         30:f1:fb:7b:93:2a:c9:79:75:25:65:c0:44:96:b7:55:bc:b4:
         73:5a:3f:41:ff:58:53:ac:c4:87:41:3c:f0:8f:da:74:70:bb:
         b4:81:3a:84:00:40:93:a0:a3:f3:08:d8:89:85:d3:6d:bb:c5:
         09:91:f3:0b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGei73b27s4YJdaA0TUW/gZur5IYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTY4QTZGQUQ2MzdFNDcwNjhEMkZCQzU0N0ZCRjJDMUMx
MkY4QzU4ODAeFw0yNDA5MDkxNTU1MDBaFw0yNTA5MDgxNjAwMDBaMDMxMTAvBgNV
BAMTKENGQTM2Qjc1MDVDMjA4RUQ1NTkxN0ZGMzQ2NjNCNzJCREMxOTIyMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSwggxRlsr3BuzUycJCt2K7Xwb
ROQsRHvihN/48lBD/Yy4gDohi+NOqOl791FDwG/Bua7Cf+wVR7Dkm55vy7PSF1Ee
DVlSHQQAsvGI967tOhnUvaU9AaUgJxWhz3FlY0xa9OrusRHwhsDorMHEKVPJ17g7
qvfp6oCAfAdKOMBE7+AJYbtdNi7iaD0ET7G1cL1yC8rhBJdzu35d61eAPYXzq3CR
pTbNQMirfNxGZJ9sg7WMmccAkEhH/WmxFnpA8XoW3yNZpTKPVVFS7iP6NVRVWzw+
qGduqz3GOuGw8H/ml+NADtok47gV7mKeMQ20imi4+Nkf+NQHBJX8iPcYrtrxAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUz6NrdQXCCO1VkX/zRmO3K9wZIhkwHwYDVR0j
BBgwFoAUlopvrWN+RwaNL7xUf78sHBL4xYgwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9h
MzljNTQ4NC0yZTM3LTQ4ZjktOGViYS0wYWY0ZWY2Mjk0N2QvMC85NjhBNkZBRDYz
N0U0NzA2OEQyRkJDNTQ3RkJGMkMxQzEyRjhDNTg4LmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvOTY4QTZGQUQ2MzdFNDcwNjhEMkZCQzU0N0ZCRjJDMUMxMkY4
QzU4OC5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2EzOWM1NDg0LTJlMzctNDhmOS04
ZWJhLTBhZjRlZjYyOTQ3ZC8wLzMyMzAzMDMxM2E2NDY2MzEzYTM3MzMzNDMwM2Ez
YTJmMzQzODJkMzQzODIwM2QzZTIwMzEzNTMwMzIzNDM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEN
8XNAMA0GCSqGSIb3DQEBCwUAA4IBAQBIXXCUjJ+UMn0ai4GZVkucpZmeB17UNLV1
89/s6viFUFChi4vBpnCDfroLFxyLP/BljoH7f6ntfyrhlE2tPUZWJlCBozX+iEbg
7HHEjH6L0EN90r6hZSLyINpZwgy4edRs29aEJCzP4nYTs8BFAyDUdyigzCvcClCT
zPNz9P0w2US9JXKWaTCAUk/SZVsAT4jFqWHAuO1slspYAjDr35e1gKmAMMqAcSF7
VA5R/NLhuzSh+kLtTUCgcVKuceHX+CZUaNWpSH0w8ft7kyrJeXUlZcBElrdVvLRz
Wj9B/1hTrMSHQTzwj9p0cLu0gTqEAECToKPzCNiJhdNtu8UJkfML
-----END CERTIFICATE-----
Generated at Wed Nov 20 21:51:51 2024 by rpki-client on console-fra.rpki-client.org