Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS141642.roa
File:                     AS141642.roa (raw, json)
Hash identifier:          aQF46dYeu6rmFxSUPlACdYstMprqWp+kb/EupxSGwE8=
Subject key identifier:   04:4D:D0:95:9E:EF:71:81:C9:96:5C:5B:66:74:B7:F3:D6:77:4D:B5
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       449AA5B1968FA145310286E17236E5365196C509
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS141642.roa
Signing time:             Mon 21 Jul 2025 06:10:26 +0000
ROA not before:           Mon 21 Jul 2025 06:05:26 +0000
ROA not after:            Mon 20 Jul 2026 06:10:26 +0000
asID:                     141642
IP address blocks:        157.15.139.0/24 maxlen: 24
                          160.191.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 24 Jul 2025 16:46:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:9a:a5:b1:96:8f:a1:45:31:02:86:e1:72:36:e5:36:51:96:c5:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jul 21 06:05:26 2025 GMT
            Not After : Jul 20 06:10:26 2026 GMT
        Subject: CN=044DD0959EEF7181C9965C5B6674B7F3D6774DB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f3:25:2c:8c:4c:b1:37:a5:13:04:24:81:e1:
                    9e:74:10:31:ea:e6:13:a3:b0:37:4b:8d:4a:c7:0c:
                    90:7f:e8:5c:0e:b4:11:29:11:0f:c1:1a:84:a3:b6:
                    78:eb:b8:cc:03:69:75:27:48:2b:19:57:f6:4b:b4:
                    82:92:9e:93:00:05:4f:a9:2d:af:18:f9:a2:5f:51:
                    9b:83:c1:7b:e5:19:9e:f6:59:ef:18:fa:19:7b:dc:
                    8a:28:6d:05:63:88:81:37:95:d2:78:d7:b6:ef:e9:
                    d7:7c:88:59:3c:88:c3:16:4e:9a:e6:43:1b:c7:5b:
                    d0:7d:99:93:61:bb:36:af:98:14:a5:5e:e2:b1:86:
                    05:83:57:ae:9b:0a:9f:70:77:e9:1d:97:c9:b9:1e:
                    7e:10:b0:dd:ff:2d:d6:ba:7f:78:94:f6:0d:f6:1b:
                    c2:a8:66:bd:43:29:f1:cf:9c:e7:53:e9:c5:da:ad:
                    34:c9:18:d1:8c:1a:83:d1:f0:e9:99:0b:6c:4a:2c:
                    c6:19:77:ee:b5:24:13:2e:f3:9a:eb:9b:77:25:90:
                    0b:78:7c:c7:6b:77:e5:8b:93:94:6c:d5:f1:ee:65:
                    f8:ba:55:a9:06:78:01:ee:60:9e:24:bc:e8:0c:af:
                    62:fe:60:9b:3e:2f:20:5d:6d:f3:a6:3f:3c:ca:ec:
                    c6:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4D:D0:95:9E:EF:71:81:C9:96:5C:5B:66:74:B7:F3:D6:77:4D:B5
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS141642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.139.0/24
                  160.191.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:f5:20:33:3c:a1:11:99:e2:3b:bd:f2:6e:53:84:45:b9:02:
         a5:7b:01:bb:20:1c:65:b0:c7:dd:47:bd:1c:33:d5:32:69:e3:
         42:42:60:d6:85:33:76:37:3d:fe:d3:8d:44:3d:d3:4e:63:c2:
         c3:fa:1b:d3:c5:37:b2:59:73:af:b3:ef:e7:b3:ca:7e:40:57:
         b2:27:72:19:4d:21:dd:37:bf:64:20:1c:83:94:f0:2c:76:15:
         71:ed:42:7d:3a:51:70:d0:ed:0b:f3:e2:13:1c:d6:c2:c5:ad:
         35:90:80:bf:20:01:f9:8c:07:f7:98:39:29:69:d2:a6:7e:8a:
         f2:47:e3:49:0b:1d:03:4f:0b:6d:c7:ce:c5:eb:4e:6f:e7:1a:
         b8:8c:08:bf:00:f7:a8:10:18:8a:40:70:6d:62:75:f8:0c:1c:
         ef:a2:b5:84:2e:51:13:c6:18:02:9b:db:1f:fd:11:ea:8e:96:
         57:37:cf:b5:ba:7b:16:e7:71:78:77:69:1a:03:4a:e3:f7:22:
         e5:50:10:59:25:84:f6:1f:f5:6b:89:a7:ce:46:a0:86:54:55:
         6a:57:aa:d3:f5:fa:f9:7c:b2:a2:5b:ff:d6:d9:2a:cc:99:46:
         07:b2:f1:40:c8:ea:ec:94:6a:84:7a:80:6a:28:59:c2:4c:e3:
         ea:60:77:04
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIURJqlsZaPoUUxAobhcjblNlGWxQkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDcyMTA2MDUyNloX
DTI2MDcyMDA2MTAyNlowMzExMC8GA1UEAxMoMDQ0REQwOTU5RUVGNzE4MUM5OTY1
QzVCNjY3NEI3RjNENjc3NERCNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7zJSyMTLE3pRMEJIHhnnQQMermE6OwN0uNSscMkH/oXA60ESkRD8EahKO2
eOu4zANpdSdIKxlX9ku0gpKekwAFT6ktrxj5ol9Rm4PBe+UZnvZZ7xj6GXvciiht
BWOIgTeV0njXtu/p13yIWTyIwxZOmuZDG8db0H2Zk2G7Nq+YFKVe4rGGBYNXrpsK
n3B36R2XybkefhCw3f8t1rp/eJT2DfYbwqhmvUMp8c+c51PpxdqtNMkY0Ywag9Hw
6ZkLbEosxhl37rUkEy7zmuubdyWQC3h8x2t35YuTlGzV8e5l+LpVqQZ4Ae5gniS8
6AyvYv5gmz4vIF1t86Y/PMrsxi0CAwEAAaOCAdYwggHSMB0GA1UdDgQWBBQETdCV
nu9xgcmWXFtmdLfz1ndNtTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE0MTY0Mi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQw
EgQCAAEwDAMEAJ0PiwMEAKC/rTANBgkqhkiG9w0BAQsFAAOCAQEAKvUgMzyhEZni
O73yblOERbkCpXsBuyAcZbDH3Ue9HDPVMmnjQkJg1oUzdjc9/tONRD3TTmPCw/ob
08U3sllzr7Pv57PKfkBXsidyGU0h3Te/ZCAcg5TwLHYVce1CfTpRcNDtC/PiExzW
wsWtNZCAvyAB+YwH95g5KWnSpn6K8kfjSQsdA08LbcfOxetOb+cauIwIvwD3qBAY
ikBwbWJ1+Awc76K1hC5RE8YYApvbH/0R6o6WVzfPtbp7FudxeHdpGgNK4/ci5VAQ
WSWE9h/1a4mnzkaghlRValeq0/X6+Xyyolv/1tkqzJlGB7LxQMjq7JRqhHqAaihZ
wkzj6mB3BA==
-----END CERTIFICATE-----