Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS135477.roa
File:                     AS135477.roa (raw, json)
Hash identifier:          Ht3m6U79WWBplvEKBrCOiGnOQ3Px4lt/yDkyuJJdfnY=
Subject key identifier:   4F:F3:A1:21:6E:C6:86:EE:81:75:CC:73:93:1F:B5:F4:19:74:1D:FD
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       05BBF8D3E79A5DDBE5096D00CB954D8C79A07F86
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS135477.roa
Signing time:             Thu 24 Oct 2024 08:00:00 +0000
ROA not before:           Thu 24 Oct 2024 07:55:00 +0000
ROA not after:            Thu 23 Oct 2025 08:00:00 +0000
asID:                     135477
IP address blocks:        202.47.88.0/24 maxlen: 24
                          203.29.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:bb:f8:d3:e7:9a:5d:db:e5:09:6d:00:cb:95:4d:8c:79:a0:7f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Oct 24 07:55:00 2024 GMT
            Not After : Oct 23 08:00:00 2025 GMT
        Subject: CN=4FF3A1216EC686EE8175CC73931FB5F419741DFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:59:b6:81:94:64:e4:1d:50:53:d9:a7:8f:48:
                    ce:39:1f:3b:07:a8:6a:f6:05:12:ad:3d:10:dc:74:
                    6c:5b:90:91:29:99:93:05:29:15:6f:5f:a5:91:b5:
                    1b:7f:0e:ff:83:37:db:95:dd:25:38:99:d0:82:31:
                    68:be:6e:74:67:55:7c:71:ea:22:eb:40:82:3d:0c:
                    e6:48:fa:bb:2b:e5:fa:8f:29:1c:ab:77:10:23:92:
                    55:28:3a:e2:38:c0:ef:04:af:97:14:6c:ff:eb:57:
                    9c:4f:4d:8d:ab:db:ff:5d:e0:04:22:1d:bd:5a:c9:
                    53:14:6a:fd:e6:33:a4:cc:cb:a7:2a:2c:91:78:82:
                    53:82:af:fb:e1:61:14:8d:8c:a6:a1:f1:12:b9:0e:
                    6d:f3:cf:e0:01:d0:1a:37:65:34:ea:42:e0:5b:92:
                    56:8c:35:df:8e:40:b4:eb:20:79:4c:de:34:64:fc:
                    36:25:13:05:f7:d0:ca:03:72:9b:bb:a0:65:83:fc:
                    8e:93:93:90:e6:5a:da:3b:78:86:3b:31:ba:dd:7a:
                    55:80:ab:72:80:c6:d6:9a:bb:df:69:ba:bc:21:58:
                    79:2a:bb:91:f3:5c:8b:0c:7e:be:da:71:35:69:cc:
                    50:3e:17:55:d5:d9:ca:0d:9c:0b:0c:c4:42:f8:60:
                    76:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F3:A1:21:6E:C6:86:EE:81:75:CC:73:93:1F:B5:F4:19:74:1D:FD
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS135477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.47.88.0/24
                  203.29.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:99:92:67:7d:b6:fb:47:36:e9:81:49:56:98:13:f0:a0:59:
         d9:02:31:88:b5:c0:c2:aa:69:8a:61:79:1e:cd:04:e8:d7:6d:
         9b:bb:cf:11:7d:c0:b5:89:11:6c:02:3e:98:ba:dc:52:37:20:
         37:18:06:ab:8e:27:8b:40:67:c5:d5:38:44:42:f0:2f:6e:ef:
         93:20:6e:92:9d:aa:fd:32:12:95:7b:25:8b:49:df:c1:6d:15:
         04:47:0e:6f:6c:6b:f9:4c:fb:b9:7d:51:11:05:c2:5a:2b:02:
         ca:a0:0e:24:04:a7:22:e4:6f:98:d2:a1:e4:e2:1c:a8:e3:41:
         13:9e:d8:f1:cb:66:10:56:06:f6:34:75:9a:63:b3:5c:71:7f:
         05:eb:e0:ea:06:83:9b:34:d2:6e:31:92:28:0b:ed:43:ef:a5:
         48:04:4d:0c:4e:15:c1:3e:76:ff:26:ff:86:e7:a4:f3:69:cc:
         54:aa:11:b7:ae:0b:44:07:da:31:4d:32:bc:b8:bc:fc:cd:51:
         23:44:4d:05:45:48:b3:8b:a7:a4:fa:2e:bd:94:d0:20:a6:c1:
         07:15:dc:06:1c:0b:67:52:e1:ba:2f:99:48:9b:e9:d2:e9:c2:
         3f:b6:8c:e5:44:76:a0:82:b9:bb:18:c4:55:45:91:e1:e8:ca:
         f8:25:46:48
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUBbv40+eaXdvlCW0Ay5VNjHmgf4YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTAyNDA3NTUwMFoX
DTI1MTAyMzA4MDAwMFowMzExMC8GA1UEAxMoNEZGM0ExMjE2RUM2ODZFRTgxNzVD
QzczOTMxRkI1RjQxOTc0MURGRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5ZtoGUZOQdUFPZp49IzjkfOweoavYFEq09ENx0bFuQkSmZkwUpFW9fpZG1
G38O/4M325XdJTiZ0IIxaL5udGdVfHHqIutAgj0M5kj6uyvl+o8pHKt3ECOSVSg6
4jjA7wSvlxRs/+tXnE9Njavb/13gBCIdvVrJUxRq/eYzpMzLpyoskXiCU4Kv++Fh
FI2MpqHxErkObfPP4AHQGjdlNOpC4FuSVow1345AtOsgeUzeNGT8NiUTBffQygNy
m7ugZYP8jpOTkOZa2jt4hjsxut16VYCrcoDG1pq732m6vCFYeSq7kfNciwx+vtpx
NWnMUD4XVdXZyg2cCwzEQvhgdoECAwEAAaOCAdYwggHSMB0GA1UdDgQWBBRP86Eh
bsaG7oF1zHOTH7X0GXQd/TAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzNTQ3Ny5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQw
EgQCAAEwDAMEAMovWAMEAMsdGzANBgkqhkiG9w0BAQsFAAOCAQEAPJmSZ322+0c2
6YFJVpgT8KBZ2QIxiLXAwqppimF5Hs0E6Ndtm7vPEX3AtYkRbAI+mLrcUjcgNxgG
q44ni0BnxdU4RELwL27vkyBukp2q/TISlXsli0nfwW0VBEcOb2xr+Uz7uX1REQXC
WisCyqAOJASnIuRvmNKh5OIcqONBE57Y8ctmEFYG9jR1mmOzXHF/Bevg6gaDmzTS
bjGSKAvtQ++lSARNDE4VwT52/yb/huek82nMVKoRt64LRAfaMU0yvLi8/M1RI0RN
BUVIs4unpPouvZTQIKbBBxXcBhwLZ1Lhui+ZSJvp0unCP7aM5UR2oIK5uxjEVUWR
4ejK+CVGSA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:01:53 2024 by rpki-client on console-fra.rpki-client.org