Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138828.roa
File:                     AS138828.roa (raw, json)
Hash identifier:          wjZ7WvQ6geG3ypkAQc022/s0h4xa+68cQOpGoTyXuso=
Subject key identifier:   57:46:6F:EC:CA:FE:F9:C1:7D:96:A1:81:7D:8A:9E:EB:EF:91:D2:33
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       61231E3C42B0F31EB31134C29E7B40A6B4C34F38
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138828.roa
Signing time:             Wed 24 Jul 2024 08:00:00 +0000
ROA not before:           Wed 24 Jul 2024 07:55:00 +0000
ROA not after:            Wed 23 Jul 2025 08:00:00 +0000
asID:                     138828
IP address blocks:        103.55.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:23:1e:3c:42:b0:f3:1e:b3:11:34:c2:9e:7b:40:a6:b4:c3:4f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jul 24 07:55:00 2024 GMT
            Not After : Jul 23 08:00:00 2025 GMT
        Subject: CN=57466FECCAFEF9C17D96A1817D8A9EEBEF91D233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:85:f2:3d:26:11:5e:0e:e4:ac:dc:a1:ed:87:
                    2c:0a:73:ad:2f:7b:31:ab:77:00:8d:9e:83:f9:52:
                    b0:18:63:44:9b:8a:a8:d1:bb:85:80:b3:5b:e8:ae:
                    3e:4e:0a:2a:f5:c0:70:c8:fe:07:57:67:9b:0b:b0:
                    6d:eb:bb:a4:70:1c:83:55:c0:cb:be:f4:9a:1b:14:
                    78:f6:cb:56:db:dc:a6:92:d0:4a:a0:8e:88:71:ba:
                    d5:0a:b1:54:63:6e:e1:5d:cb:19:ac:c8:84:60:59:
                    6f:04:30:62:3d:df:18:25:82:2c:82:a7:a5:5d:83:
                    27:5d:fd:49:e1:c7:4c:6d:8d:3c:cd:0c:d2:6b:38:
                    88:17:21:9b:8d:40:cb:cf:52:32:75:10:34:db:bf:
                    86:7d:25:66:08:f9:e4:7d:f6:b6:c5:e7:8d:4c:c7:
                    fd:42:30:06:80:4b:ce:78:80:af:70:76:e5:88:b9:
                    3b:c8:59:f0:1b:2f:06:72:bf:0d:87:77:70:c4:30:
                    36:44:0c:d4:b9:20:a3:2a:62:e5:1e:bb:69:c5:21:
                    94:29:a9:91:6c:aa:db:bf:88:22:0b:01:64:98:d7:
                    fe:9e:b7:db:1d:38:a8:0e:da:01:37:e5:a2:02:23:
                    a0:5c:8f:49:70:c1:17:85:81:ee:4e:12:d5:0c:4e:
                    be:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:46:6F:EC:CA:FE:F9:C1:7D:96:A1:81:7D:8A:9E:EB:EF:91:D2:33
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.55.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:fa:42:90:10:26:1d:12:fa:b3:d7:c0:af:d0:5b:29:0b:05:
         5b:7c:39:c7:cd:8f:7b:47:32:10:70:b8:9f:2a:4d:62:8a:b2:
         b1:88:b4:24:2c:f6:72:43:18:67:41:37:ef:19:c4:17:a0:8d:
         b3:28:7a:27:29:58:58:d4:af:7a:72:5e:37:cf:d2:5e:71:09:
         09:b6:07:9d:de:ba:23:5f:6b:6f:1e:ec:fc:86:db:ec:9d:0e:
         0e:b7:7b:e8:3b:9d:ca:c9:b7:cb:88:82:38:ef:3b:85:f9:b1:
         01:44:00:fa:32:ae:ae:c8:1b:47:c2:24:6d:c2:b7:80:32:a8:
         b3:67:18:b2:2a:8c:96:0c:56:d2:8e:bb:c5:2b:80:f4:68:ab:
         b2:48:7f:ee:09:16:8c:3c:55:09:79:c7:43:65:ca:87:2c:aa:
         ca:dd:99:96:25:64:86:61:3a:80:8c:fe:cd:95:44:74:c0:62:
         8d:10:7b:04:55:d8:d1:c6:7c:01:bc:95:d4:ff:7b:e6:cf:3c:
         64:78:b2:e0:7a:72:55:8d:c0:1e:3e:6e:01:87:89:6a:e9:f5:
         a8:64:39:be:fd:c0:07:2e:ac:b6:ce:61:89:63:2c:07:73:f9:
         70:ad:00:20:aa:30:84:6f:3b:f2:2b:b3:37:ff:11:bd:53:1c:
         48:2b:85:7d
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUYSMePEKw8x6zETTCnntAprTDTzgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDcyNDA3NTUwMFoX
DTI1MDcyMzA4MDAwMFowMzExMC8GA1UEAxMoNTc0NjZGRUNDQUZFRjlDMTdEOTZB
MTgxN0Q4QTlFRUJFRjkxRDIzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmF8j0mEV4O5Kzcoe2HLApzrS97Mat3AI2eg/lSsBhjRJuKqNG7hYCzW+iu
Pk4KKvXAcMj+B1dnmwuwbeu7pHAcg1XAy770mhsUePbLVtvcppLQSqCOiHG61Qqx
VGNu4V3LGazIhGBZbwQwYj3fGCWCLIKnpV2DJ139SeHHTG2NPM0M0ms4iBchm41A
y89SMnUQNNu/hn0lZgj55H32tsXnjUzH/UIwBoBLzniAr3B25Yi5O8hZ8BsvBnK/
DYd3cMQwNkQM1Lkgoypi5R67acUhlCmpkWyq27+IIgsBZJjX/p632x04qA7aATfl
ogIjoFyPSXDBF4WB7k4S1QxOvnkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRXRm/s
yv75wX2WoYF9ip7r75HSMzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzODgyOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGc3nzANBgkqhkiG9w0BAQsFAAOCAQEAM/pCkBAmHRL6s9fAr9Bb
KQsFW3w5x82Pe0cyEHC4nypNYoqysYi0JCz2ckMYZ0E37xnEF6CNsyh6JylYWNSv
enJeN8/SXnEJCbYHnd66I19rbx7s/Ibb7J0ODrd76Dudysm3y4iCOO87hfmxAUQA
+jKursgbR8IkbcK3gDKos2cYsiqMlgxW0o67xSuA9Girskh/7gkWjDxVCXnHQ2XK
hyyqyt2ZliVkhmE6gIz+zZVEdMBijRB7BFXY0cZ8AbyV1P975s88ZHiy4HpyVY3A
Hj5uAYeJaun1qGQ5vv3ABy6sts5hiWMsB3P5cK0AIKowhG878iuzN/8RvVMcSCuF
fQ==
-----END CERTIFICATE-----