Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149713.roa
File:                     AS149713.roa (raw, json)
Hash identifier:          cEortDd/iuXWcb5eoAXJupoAr/3NgM+rmjcrUDYwz0E=
Subject key identifier:   57:2D:CD:73:88:29:B3:38:03:B5:38:B8:98:57:21:00:7E:C0:72:60
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       748980F57A795DCA8D860784804BBC7E3BECFA3E
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149713.roa
Signing time:             Fri 18 Jul 2025 10:16:35 +0000
ROA not before:           Fri 18 Jul 2025 10:11:35 +0000
ROA not after:            Fri 17 Jul 2026 10:16:35 +0000
asID:                     149713
IP address blocks:        2406:85c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 24 Jul 2025 00:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:89:80:f5:7a:79:5d:ca:8d:86:07:84:80:4b:bc:7e:3b:ec:fa:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jul 18 10:11:35 2025 GMT
            Not After : Jul 17 10:16:35 2026 GMT
        Subject: CN=572DCD738829B33803B538B8985721007EC07260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ce:8c:7a:07:22:9f:f0:94:85:ed:ee:63:23:
                    93:88:14:9e:cf:c8:c5:fe:ed:ce:79:14:27:1f:11:
                    1d:b9:6e:ea:92:d4:14:a2:a0:34:6d:25:21:60:82:
                    26:3d:9c:88:c7:36:6f:d5:7b:e9:b2:f4:d3:14:99:
                    54:c9:2e:89:26:07:7f:53:88:e8:a9:c5:0e:5a:8a:
                    b4:33:fb:57:5d:27:9c:67:aa:81:b0:1b:9b:c3:bb:
                    41:d9:1c:1c:d9:80:50:07:94:72:1c:e5:74:b8:c1:
                    78:b8:a0:b0:16:0d:91:ab:32:70:7e:2e:4a:f8:f6:
                    d3:f0:6a:23:f1:14:a5:e5:a9:79:c1:00:6e:86:d2:
                    5e:1f:ef:97:bf:46:91:26:4c:9f:80:5c:e0:f6:39:
                    99:4d:e0:e6:e0:61:92:17:f4:b2:9e:4b:3d:be:a9:
                    ec:8c:86:9b:90:df:29:6c:26:a4:a1:64:be:51:99:
                    c6:94:8d:d0:0b:0b:ca:90:72:33:1f:ca:60:60:dc:
                    74:04:1e:81:30:61:f4:1f:87:6f:ff:c5:f8:0d:15:
                    58:97:1f:5a:52:85:8f:12:01:54:ad:11:c2:5b:2d:
                    6c:5e:35:ca:46:36:15:44:20:2a:c6:8f:45:2c:8c:
                    de:18:99:20:48:d5:df:7f:74:2f:19:55:4a:3c:9d:
                    21:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2D:CD:73:88:29:B3:38:03:B5:38:B8:98:57:21:00:7E:C0:72:60
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149713.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:85c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:d5:20:ea:aa:50:68:95:3e:c2:d8:6d:56:dd:65:63:e5:8a:
         b0:6c:57:da:93:1f:18:4c:1d:47:72:29:36:90:69:dd:e5:61:
         28:12:8e:1a:ab:eb:2b:b2:a7:dc:23:7e:f8:a5:23:66:fb:f9:
         66:3f:46:6f:da:1a:d2:11:39:c7:f5:06:a7:a2:74:8d:f9:8b:
         27:8a:78:a6:c2:df:f4:08:5c:fc:4f:51:af:1b:83:f5:14:3b:
         a6:1a:3b:d7:3f:4e:8a:c4:3a:86:84:6c:f8:eb:1c:d2:dd:d3:
         15:66:03:ad:c3:e2:f5:75:96:6a:a1:a1:36:ed:dc:9b:83:87:
         6d:10:60:ea:46:a3:ee:aa:ea:4b:05:3c:c2:6b:f4:05:10:bf:
         9b:07:a8:e6:38:32:af:97:d4:9e:8a:3f:c4:a1:1a:bf:e3:d6:
         f7:08:37:f0:33:99:9a:ee:ad:e9:50:6a:0a:38:56:cb:7e:6d:
         a3:80:60:dc:79:4d:75:f8:25:d1:97:73:2c:34:ba:a6:5a:76:
         67:24:98:4b:11:d2:13:62:05:54:fe:e8:d9:11:00:3c:0d:bd:
         83:62:3e:9d:90:64:d1:af:d2:47:31:80:02:12:ff:19:79:9a:
         f5:cd:49:07:d8:ea:a6:32:04:b1:ff:79:d7:97:85:af:f8:ca:
         19:fd:34:59
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgIUdImA9Xp5XcqNhgeEgEu8fjvs+j4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDcxODEwMTEzNVoX
DTI2MDcxNzEwMTYzNVowMzExMC8GA1UEAxMoNTcyRENENzM4ODI5QjMzODAzQjUz
OEI4OTg1NzIxMDA3RUMwNzI2MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALTOjHoHIp/wlIXt7mMjk4gUns/Ixf7tznkUJx8RHblu6pLUFKKgNG0lIWCC
Jj2ciMc2b9V76bL00xSZVMkuiSYHf1OI6KnFDlqKtDP7V10nnGeqgbAbm8O7Qdkc
HNmAUAeUchzldLjBeLigsBYNkasycH4uSvj20/BqI/EUpeWpecEAbobSXh/vl79G
kSZMn4Bc4PY5mU3g5uBhkhf0sp5LPb6p7IyGm5DfKWwmpKFkvlGZxpSN0AsLypBy
Mx/KYGDcdAQegTBh9B+Hb//F+A0VWJcfWlKFjxIBVK0RwlstbF41ykY2FUQgKsaP
RSyM3hiZIEjV3390LxlVSjydIZ8CAwEAAaOCAdEwggHNMB0GA1UdDgQWBBRXLc1z
iCmzOAO1OLiYVyEAfsByYDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTcxMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8w
DQQCAAIwBwMFACQGhcAwDQYJKoZIhvcNAQELBQADggEBAI/VIOqqUGiVPsLYbVbd
ZWPlirBsV9qTHxhMHUdyKTaQad3lYSgSjhqr6yuyp9wjfvilI2b7+WY/Rm/aGtIR
Ocf1BqeidI35iyeKeKbC3/QIXPxPUa8bg/UUO6YaO9c/TorEOoaEbPjrHNLd0xVm
A63D4vV1lmqhoTbt3JuDh20QYOpGo+6q6ksFPMJr9AUQv5sHqOY4Mq+X1J6KP8Sh
Gr/j1vcIN/AzmZrurelQago4Vst+baOAYNx5TXX4JdGXcyw0uqZadmckmEsR0hNi
BVT+6NkRADwNvYNiPp2QZNGv0kcxgAIS/xl5mvXNSQfY6qYyBLH/edeXha/4yhn9
NFk=
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:56:33 2025 by rpki-client