Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/323430353a333734303a393030333a3a2f34382d3438203d3e203338353236.roa
File:                     323430353a333734303a393030333a3a2f34382d3438203d3e203338353236.roa (raw, json)
Hash identifier:          kT/R7bHK8ETBg3uCFsDx5ClXXSv2kwLLm3Dj59CkcjU=
Subject key identifier:   B8:E3:61:53:6C:0D:07:68:66:9F:AD:3C:50:06:88:F2:5B:9A:32:0E
Certificate issuer:       /CN=560CF5B1622CB492E1C603F69D4FB9C11322520D
Certificate serial:       11260FB395CDC8D4AAD63C92CEF2DF090043FA48
Authority key identifier: 56:0C:F5:B1:62:2C:B4:92:E1:C6:03:F6:9D:4F:B9:C1:13:22:52:0D
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/560CF5B1622CB492E1C603F69D4FB9C11322520D.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/323430353a333734303a393030333a3a2f34382d3438203d3e203338353236.roa
Signing time:             Wed 27 Mar 2024 01:33:51 +0000
ROA not before:           Wed 27 Mar 2024 01:28:51 +0000
ROA not after:            Wed 26 Mar 2025 01:33:51 +0000
asID:                     38526
IP address blocks:        2405:3740:9003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/560CF5B1622CB492E1C603F69D4FB9C11322520D.crl
                          rsync://repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/560CF5B1622CB492E1C603F69D4FB9C11322520D.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/560CF5B1622CB492E1C603F69D4FB9C11322520D.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Nov 2024 09:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:26:0f:b3:95:cd:c8:d4:aa:d6:3c:92:ce:f2:df:09:00:43:fa:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560CF5B1622CB492E1C603F69D4FB9C11322520D
        Validity
            Not Before: Mar 27 01:28:51 2024 GMT
            Not After : Mar 26 01:33:51 2025 GMT
        Subject: CN=B8E361536C0D0768669FAD3C500688F25B9A320E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:45:36:a9:31:ae:a3:96:cc:1a:13:9a:a9:8f:
                    18:66:a4:1c:97:05:ff:7f:e2:12:3f:bd:cc:6b:22:
                    f8:25:58:b3:5b:56:26:a7:67:68:50:83:7b:df:21:
                    86:6d:a1:88:13:c6:99:44:db:b7:96:00:60:e5:5e:
                    a9:83:db:c8:15:41:6a:a7:3d:d4:95:e4:c9:e3:0d:
                    d7:40:30:da:77:30:5a:83:71:4b:5b:4e:0c:0c:8b:
                    b5:ec:6a:cc:e2:4c:13:95:98:a4:df:d4:ac:66:4f:
                    67:c8:b2:da:3c:f1:a2:3a:8a:e4:a1:74:1e:9c:6a:
                    09:0c:6e:bc:dd:cd:14:64:d9:94:d3:ad:6c:4e:1d:
                    a5:e2:f6:1d:dc:8a:73:a4:49:5f:1e:ee:76:24:84:
                    70:62:6c:6b:4e:af:d1:9c:96:eb:a1:ca:79:71:69:
                    8a:2a:b3:48:f1:67:09:6a:f7:0e:74:2b:b8:df:2d:
                    3d:35:93:83:17:bb:61:bb:20:11:48:fe:be:82:b5:
                    db:0f:86:2b:74:ce:fe:b9:e9:64:98:95:4f:17:d0:
                    22:d5:ed:6d:57:d8:1c:2a:60:74:d8:11:63:ae:28:
                    38:a9:5f:22:d9:45:4e:2b:82:10:38:e0:0c:6d:4f:
                    65:86:29:8f:07:61:60:9a:1d:70:4f:da:2e:b8:03:
                    c8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E3:61:53:6C:0D:07:68:66:9F:AD:3C:50:06:88:F2:5B:9A:32:0E
            X509v3 Authority Key Identifier:
                keyid:56:0C:F5:B1:62:2C:B4:92:E1:C6:03:F6:9D:4F:B9:C1:13:22:52:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/560CF5B1622CB492E1C603F69D4FB9C11322520D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/560CF5B1622CB492E1C603F69D4FB9C11322520D.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/e65e7810-67f4-41c2-8034-4652733b8dd2/0/323430353a333734303a393030333a3a2f34382d3438203d3e203338353236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2405:3740:9003::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:cf:e4:42:78:82:ab:f1:4a:6d:1c:cd:ae:e3:70:83:1a:96:
         27:dd:82:78:42:39:6f:ac:0e:77:ce:7b:7d:7c:21:ac:a3:26:
         e0:92:c9:a4:ba:65:df:91:9b:5e:d8:6a:7a:17:0a:cf:f8:22:
         3e:73:ee:18:8a:d0:b1:f3:27:2a:98:50:f2:de:89:1f:23:41:
         07:79:85:97:8d:45:ca:a9:70:78:f9:28:d3:69:8f:10:a4:ce:
         b7:07:65:c3:23:36:ba:16:6a:b9:62:fe:cb:0e:48:18:b1:f3:
         bf:62:68:8e:92:d2:82:07:85:9c:9f:d5:8b:83:9c:70:a2:c7:
         d2:b3:f5:77:58:45:54:0b:15:1b:54:a2:c2:48:2b:95:c9:2b:
         cf:cb:a8:80:64:89:9f:33:0d:26:27:9f:8d:da:a5:51:ab:49:
         ac:d6:bc:a0:f7:48:ae:0a:31:a8:59:7a:51:ed:c0:30:d1:74:
         fc:5e:e7:64:fa:4a:ae:c7:42:da:e8:ff:07:5e:9d:d4:ce:37:
         45:0e:ed:f1:66:41:fd:c6:bf:0a:99:88:8f:d5:0c:bd:5d:72:
         82:9a:2a:2b:f7:b8:62:4c:02:ef:94:26:b4:93:02:fe:a2:37:
         c6:82:24:ae:00:59:d2:16:29:9c:93:e6:99:69:40:8e:6d:d0:
         02:20:e1:99
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUESYPs5XNyNSq1jySzvLfCQBD+kgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTYwQ0Y1QjE2MjJDQjQ5MkUxQzYwM0Y2OUQ0RkI5QzEx
MzIyNTIwRDAeFw0yNDAzMjcwMTI4NTFaFw0yNTAzMjYwMTMzNTFaMDMxMTAvBgNV
BAMTKEI4RTM2MTUzNkMwRDA3Njg2NjlGQUQzQzUwMDY4OEYyNUI5QTMyMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRTapMa6jlswaE5qpjxhmpByX
Bf9/4hI/vcxrIvglWLNbVianZ2hQg3vfIYZtoYgTxplE27eWAGDlXqmD28gVQWqn
PdSV5MnjDddAMNp3MFqDcUtbTgwMi7XsasziTBOVmKTf1KxmT2fIsto88aI6iuSh
dB6cagkMbrzdzRRk2ZTTrWxOHaXi9h3cinOkSV8e7nYkhHBibGtOr9Gcluuhynlx
aYoqs0jxZwlq9w50K7jfLT01k4MXu2G7IBFI/r6CtdsPhit0zv656WSYlU8X0CLV
7W1X2BwqYHTYEWOuKDipXyLZRU4rghA44AxtT2WGKY8HYWCaHXBP2i64A8hxAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUuONhU2wNB2hmn608UAaI8luaMg4wHwYDVR0j
BBgwFoAUVgz1sWIstJLhxgP2nU+5wRMiUg0wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9l
NjVlNzgxMC02N2Y0LTQxYzItODAzNC00NjUyNzMzYjhkZDIvMC81NjBDRjVCMTYy
MkNCNDkyRTFDNjAzRjY5RDRGQjlDMTEzMjI1MjBELmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvNTYwQ0Y1QjE2MjJDQjQ5MkUxQzYwM0Y2OUQ0RkI5QzExMzIy
NTIwRC5jZXIwgaoGCCsGAQUFBwELBIGdMIGaMIGXBggrBgEFBQcwC4aBinJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2U2NWU3ODEwLTY3ZjQtNDFjMi04
MDM0LTQ2NTI3MzNiOGRkMi8wLzMyMzQzMDM1M2EzMzM3MzQzMDNhMzkzMDMwMzMz
YTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzMzM4MzUzMjM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJAU3
QJADMA0GCSqGSIb3DQEBCwUAA4IBAQBPz+RCeIKr8UptHM2u43CDGpYn3YJ4Qjlv
rA53znt9fCGsoybgksmkumXfkZte2Gp6FwrP+CI+c+4YitCx8ycqmFDy3okfI0EH
eYWXjUXKqXB4+SjTaY8QpM63B2XDIza6Fmq5Yv7LDkgYsfO/YmiOktKCB4Wcn9WL
g5xwosfSs/V3WEVUCxUbVKLCSCuVySvPy6iAZImfMw0mJ5+N2qVRq0ms1ryg90iu
CjGoWXpR7cAw0XT8Xudk+kqux0La6P8HXp3UzjdFDu3xZkH9xr8KmYiP1Qy9XXKC
mior97hiTALvlCa0kwL+ojfGgiSuAFnSFimck+aZaUCObdACIOGZ
-----END CERTIFICATE-----
Generated at Thu Nov 21 15:45:24 2024 by rpki-client on console-ams.rpki-client.org