Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS137367.roa
File:                     AS137367.roa (raw, json)
Hash identifier:          aCqLxaEOv4PtObMhwMlDORwRd3WWnhb8sd/JzzpT3yw=
Subject key identifier:   D7:74:49:12:1D:09:E5:34:AF:6F:BA:D4:9D:AD:A5:CD:09:DD:FF:B6
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       12E1927AD09739909CBE7611CA875B29561BFBC0
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS137367.roa
Signing time:             Fri 22 Mar 2024 10:36:04 +0000
ROA not before:           Fri 22 Mar 2024 10:31:04 +0000
ROA not after:            Fri 21 Mar 2025 10:36:04 +0000
asID:                     137367
IP address blocks:        103.12.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 04 May 2024 22:45:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:e1:92:7a:d0:97:39:90:9c:be:76:11:ca:87:5b:29:56:1b:fb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Mar 22 10:31:04 2024 GMT
            Not After : Mar 21 10:36:04 2025 GMT
        Subject: CN=D77449121D09E534AF6FBAD49DADA5CD09DDFFB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c1:96:b9:ea:08:92:df:ec:e3:8d:54:f6:e0:
                    0a:13:a3:af:63:23:f4:0a:7d:1e:07:ae:ae:9b:c0:
                    58:6b:63:c6:59:be:72:91:bd:1d:83:ce:d5:1c:f4:
                    01:de:30:2c:9e:65:8f:a1:7c:83:17:f7:3f:30:19:
                    ae:d2:01:c0:95:ee:e2:8a:aa:7a:d2:59:55:41:2d:
                    a5:0a:0d:44:44:8d:b8:59:b5:f5:92:2c:10:cd:f9:
                    6b:4a:f3:f4:73:16:2b:37:ed:77:6f:b6:31:54:b6:
                    dd:16:17:e2:fd:dd:6b:c9:f8:2b:e4:88:1b:9d:5b:
                    fa:8e:87:5b:82:a0:63:d6:08:bd:81:44:f0:ba:44:
                    71:8c:6e:68:89:fb:7a:1f:d0:68:dc:24:db:e2:92:
                    fa:14:56:28:42:cf:28:78:26:ee:09:be:19:97:fc:
                    f2:4c:57:ab:fa:33:4b:85:d2:9d:e7:43:b1:03:74:
                    fb:c7:53:e2:22:66:cf:a8:6d:b3:c6:0f:81:c7:81:
                    0d:2a:15:93:48:5f:30:f1:79:b0:69:b2:59:55:59:
                    a2:e7:2b:2e:22:d7:35:1b:3c:45:64:ca:e7:36:2e:
                    99:50:d8:86:ee:d3:59:45:87:a2:04:5b:8a:ba:d1:
                    e5:ac:c8:28:fb:6d:0a:26:a7:a4:9b:54:b9:20:21:
                    12:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:74:49:12:1D:09:E5:34:AF:6F:BA:D4:9D:AD:A5:CD:09:DD:FF:B6
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS137367.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.12.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:6c:74:dc:26:33:9d:22:37:ad:ed:9d:5f:2a:36:3f:e1:ab:
         d3:52:e3:40:25:16:d6:5e:7a:bd:00:f7:17:91:de:7a:c5:31:
         00:d0:7b:a3:59:98:79:9a:ce:e6:6a:b5:8f:5e:f2:31:3c:13:
         70:b2:19:ff:f9:26:94:be:a1:f9:4f:c0:5e:27:b1:02:f2:6d:
         2b:3e:cb:98:96:dd:d6:e8:ec:80:41:62:a7:e5:3a:55:de:80:
         ba:79:3b:4a:03:51:5a:48:3f:69:d6:c4:c8:75:a6:1e:33:63:
         6e:24:9b:2b:d2:c9:93:e5:34:6b:46:59:29:df:8f:e7:1c:30:
         c2:d7:d6:29:3f:b5:4d:30:c4:29:70:43:0f:bb:ce:90:b8:55:
         79:bb:33:20:0e:f4:87:67:72:3b:bb:50:ba:e7:d6:10:19:89:
         e1:51:b2:bc:78:78:ca:d4:29:94:f2:45:b8:67:f9:8a:10:5d:
         c7:fe:35:15:44:ac:70:ae:cf:fa:f9:56:a1:1f:77:f9:69:f1:
         ec:5b:30:d3:37:1b:80:4a:f4:92:a0:0b:63:c3:e3:08:c1:b9:
         37:76:9b:d2:cf:28:bc:51:8a:fc:64:89:02:4e:dc:f3:a2:ce:
         1c:e8:0c:ee:06:d0:16:46:9b:39:d5:52:56:47:12:42:e6:e4:
         fe:5d:0f:32
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUEuGSetCXOZCcvnYRyodbKVYb+8AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDMyMjEwMzEwNFoX
DTI1MDMyMTEwMzYwNFowMzExMC8GA1UEAxMoRDc3NDQ5MTIxRDA5RTUzNEFGNkZC
QUQ0OURBREE1Q0QwOURERkZCNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJXBlrnqCJLf7OONVPbgChOjr2Mj9Ap9HgeurpvAWGtjxlm+cpG9HYPO1Rz0
Ad4wLJ5lj6F8gxf3PzAZrtIBwJXu4oqqetJZVUEtpQoNRESNuFm19ZIsEM35a0rz
9HMWKzftd2+2MVS23RYX4v3da8n4K+SIG51b+o6HW4KgY9YIvYFE8LpEcYxuaIn7
eh/QaNwk2+KS+hRWKELPKHgm7gm+GZf88kxXq/ozS4XSnedDsQN0+8dT4iJmz6ht
s8YPgceBDSoVk0hfMPF5sGmyWVVZoucrLiLXNRs8RWTK5zYumVDYhu7TWUWHogRb
irrR5azIKPttCianpJtUuSAhEgMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTXdEkS
HQnlNK9vutSdraXNCd3/tjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzNzM2Ny5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAWcMDjANBgkqhkiG9w0BAQsFAAOCAQEAEmx03CYznSI3re2dXyo2
P+Gr01LjQCUW1l56vQD3F5HeesUxANB7o1mYeZrO5mq1j17yMTwTcLIZ//kmlL6h
+U/AXiexAvJtKz7LmJbd1ujsgEFip+U6Vd6Aunk7SgNRWkg/adbEyHWmHjNjbiSb
K9LJk+U0a0ZZKd+P5xwwwtfWKT+1TTDEKXBDD7vOkLhVebszIA70h2dyO7tQuufW
EBmJ4VGyvHh4ytQplPJFuGf5ihBdx/41FUSscK7P+vlWoR93+Wnx7Fsw0zcbgEr0
kqALY8PjCMG5N3ab0s8ovFGK/GSJAk7c86LOHOgM7gbQFkabOdVSVkcSQubk/l0P
Mg==
-----END CERTIFICATE-----