Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/323430363a313334303a3a2f33322d3430203d3e20313430343037.roa
File:                     323430363a313334303a3a2f33322d3430203d3e20313430343037.roa (raw, json)
Hash identifier:          NloRN/KvVOfP2gOHZv5SKsFWw6tMgshmag0wYmz9lTQ=
Subject key identifier:   F0:B9:10:B7:F2:DC:CD:02:79:2B:83:38:0D:A1:B7:3E:0B:66:57:0B
Certificate issuer:       /CN=F10DEA85A199138D0AD96DC4D3CB537CDA662C53
Certificate serial:       42EA5B28273078ECC53CD578E14FFB2A818C31E9
Authority key identifier: F1:0D:EA:85:A1:99:13:8D:0A:D9:6D:C4:D3:CB:53:7C:DA:66:2C:53
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/323430363a313334303a3a2f33322d3430203d3e20313430343037.roa
Signing time:             Wed 15 May 2024 09:01:01 +0000
ROA not before:           Wed 15 May 2024 08:56:01 +0000
ROA not after:            Wed 14 May 2025 09:01:01 +0000
asID:                     140407
IP address blocks:        2406:1340::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.crl
                          rsync://repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:ea:5b:28:27:30:78:ec:c5:3c:d5:78:e1:4f:fb:2a:81:8c:31:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F10DEA85A199138D0AD96DC4D3CB537CDA662C53
        Validity
            Not Before: May 15 08:56:01 2024 GMT
            Not After : May 14 09:01:01 2025 GMT
        Subject: CN=F0B910B7F2DCCD02792B83380DA1B73E0B66570B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f3:48:d1:10:86:79:75:32:29:86:4a:3d:d2:
                    db:fa:f3:41:e4:5c:7e:f2:b8:29:e6:59:cc:ac:fc:
                    dc:6d:c0:78:b5:35:fb:9d:64:15:3e:3c:9b:f9:b4:
                    da:9a:27:f0:76:99:ae:b4:c5:44:25:bf:65:5d:78:
                    01:81:56:7f:9d:19:10:d3:9e:97:5e:0b:81:9c:88:
                    bf:cb:4c:85:f0:ee:64:d2:57:e6:eb:75:7b:81:59:
                    ee:f6:29:ae:28:38:8c:c3:f9:73:37:8f:b9:be:c4:
                    c8:df:8c:3e:b5:b5:44:49:e8:41:e0:6e:7c:8e:f2:
                    01:c3:93:83:2c:d7:a2:b0:ab:b6:84:67:c6:6e:c4:
                    5f:c4:80:c6:3b:c7:10:75:10:6e:fb:64:67:10:f9:
                    bf:61:38:1d:5f:a2:37:b6:07:6e:81:dc:5a:84:c1:
                    72:0e:83:f1:7b:d1:2b:b0:e6:2a:3b:75:ea:82:d4:
                    67:76:d6:77:4c:a7:b1:25:0d:ea:7a:6e:a3:0f:17:
                    4b:3e:79:83:d8:98:dc:07:6c:f7:dd:51:cf:0d:87:
                    b9:bf:99:d0:49:dc:c4:70:e3:fa:d9:66:be:ab:e6:
                    b7:80:50:ab:dd:05:db:4b:9b:4a:72:c5:73:20:17:
                    d2:87:c7:a4:95:f4:f8:99:f6:a9:64:db:0e:d6:f1:
                    6e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B9:10:B7:F2:DC:CD:02:79:2B:83:38:0D:A1:B7:3E:0B:66:57:0B
            X509v3 Authority Key Identifier:
                keyid:F1:0D:EA:85:A1:99:13:8D:0A:D9:6D:C4:D3:CB:53:7C:DA:66:2C:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/F10DEA85A199138D0AD96DC4D3CB537CDA662C53.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c596bcc8-38cd-4437-80b1-5bae9f857937/0/323430363a313334303a3a2f33322d3430203d3e20313430343037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:1340::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:7c:dd:37:9d:08:14:b1:4c:70:44:5c:e7:7d:7d:cc:d9:dc:
         d4:4a:16:ed:6c:34:bb:41:c3:78:b6:78:b6:cb:09:db:a5:0d:
         7d:41:66:c6:4c:43:36:61:f8:3b:f9:cf:7a:4f:33:cf:0b:93:
         65:87:c7:c0:b3:ce:98:52:11:87:56:80:71:4e:68:b7:99:c6:
         44:20:b2:a4:f5:0a:3e:bc:d1:d1:1b:6f:42:0e:d7:d8:e0:05:
         20:08:6f:5a:86:6a:22:c6:98:91:5f:94:0c:8f:3c:c0:a5:4e:
         ee:e0:ca:9e:ed:cb:a3:0f:40:17:8b:a6:b7:6d:dc:80:64:a8:
         c8:e4:f1:8a:78:f9:a0:f0:13:a8:db:19:17:8c:3e:13:ae:7a:
         42:68:9c:a7:ee:ff:c5:f5:75:4f:1e:e9:3b:4f:1e:d0:97:ca:
         f3:c4:57:dc:bb:12:d6:9e:d2:4d:91:f1:49:0a:40:ec:56:df:
         7f:dd:79:8c:1e:b6:b0:1d:a6:94:21:10:87:c2:a8:37:cc:fb:
         9d:d1:f3:ab:bb:b0:a8:ca:4b:20:76:8a:14:d2:42:c8:66:9d:
         62:06:b5:19:f8:85:4a:f4:af:2c:7b:c9:31:41:12:f7:ff:da:
         46:1c:7f:3d:9e:ca:e5:c1:9d:4b:bf:c3:dc:6c:58:dd:4b:2a:
         84:94:fb:cd
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUQupbKCcweOzFPNV44U/7KoGMMekwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjEwREVBODVBMTk5MTM4RDBBRDk2REM0RDNDQjUzN0NE
QTY2MkM1MzAeFw0yNDA1MTUwODU2MDFaFw0yNTA1MTQwOTAxMDFaMDMxMTAvBgNV
BAMTKEYwQjkxMEI3RjJEQ0NEMDI3OTJCODMzODBEQTFCNzNFMEI2NjU3MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/80jREIZ5dTIphko90tv680Hk
XH7yuCnmWcys/NxtwHi1NfudZBU+PJv5tNqaJ/B2ma60xUQlv2VdeAGBVn+dGRDT
npdeC4GciL/LTIXw7mTSV+brdXuBWe72Ka4oOIzD+XM3j7m+xMjfjD61tURJ6EHg
bnyO8gHDk4Ms16Kwq7aEZ8ZuxF/EgMY7xxB1EG77ZGcQ+b9hOB1foje2B26B3FqE
wXIOg/F70Suw5io7deqC1Gd21ndMp7ElDep6bqMPF0s+eYPYmNwHbPfdUc8Nh7m/
mdBJ3MRw4/rZZr6r5reAUKvdBdtLm0pyxXMgF9KHx6SV9PiZ9qlk2w7W8W53AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQU8LkQt/LczQJ5K4M4DaG3PgtmVwswHwYDVR0j
BBgwFoAU8Q3qhaGZE40K2W3E08tTfNpmLFMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
NTk2YmNjOC0zOGNkLTQ0MzctODBiMS01YmFlOWY4NTc5MzcvMC9GMTBERUE4NUEx
OTkxMzhEMEFEOTZEQzREM0NCNTM3Q0RBNjYyQzUzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvRjEwREVBODVBMTk5MTM4RDBBRDk2REM0RDNDQjUzN0NEQTY2
MkM1My5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2M1OTZiY2M4LTM4Y2QtNDQzNy04
MGIxLTViYWU5Zjg1NzkzNy8wLzMyMzQzMDM2M2EzMTMzMzQzMDNhM2EyZjMzMzIy
ZDM0MzAyMDNkM2UyMDMxMzQzMDM0MzAzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQGE0AwDQYJKoZI
hvcNAQELBQADggEBAHp83TedCBSxTHBEXOd9fczZ3NRKFu1sNLtBw3i2eLbLCdul
DX1BZsZMQzZh+Dv5z3pPM88Lk2WHx8CzzphSEYdWgHFOaLeZxkQgsqT1Cj680dEb
b0IO19jgBSAIb1qGaiLGmJFflAyPPMClTu7gyp7ty6MPQBeLprdt3IBkqMjk8Yp4
+aDwE6jbGReMPhOuekJonKfu/8X1dU8e6TtPHtCXyvPEV9y7Etae0k2R8UkKQOxW
33/deYwetrAdppQhEIfCqDfM+53R86u7sKjKSyB2ihTSQshmnWIGtRn4hUr0ryx7
yTFBEvf/2kYcfz2eyuXBnUu/w9xsWN1LKoSU+80=
-----END CERTIFICATE-----
Generated at Mon Nov 25 23:52:55 2024 by rpki-client on console-ams.rpki-client.org