Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139403.roa
File:                     AS139403.roa (raw, json)
Hash identifier:          tZYjzkJ+jzmLMWdCHQ4GbW+EK2/+jnZsmUSqZchcki8=
Subject key identifier:   ED:57:6F:0F:90:56:1F:18:20:3B:3F:CE:6D:C0:7A:E1:FF:36:D3:79
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       7461009C8E474D1942E3324E551815330E0F94A0
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139403.roa
Signing time:             Mon 30 Dec 2024 05:00:00 +0000
ROA not before:           Mon 30 Dec 2024 04:55:00 +0000
ROA not after:            Mon 29 Dec 2025 05:00:00 +0000
asID:                     139403
IP address blocks:        103.143.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Feb 2025 06:34:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:61:00:9c:8e:47:4d:19:42:e3:32:4e:55:18:15:33:0e:0f:94:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Dec 30 04:55:00 2024 GMT
            Not After : Dec 29 05:00:00 2025 GMT
        Subject: CN=ED576F0F90561F18203B3FCE6DC07AE1FF36D379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ca:64:03:18:6e:5f:96:5a:2f:58:06:b7:f3:
                    ce:6b:90:cb:cb:e3:1e:fe:f4:8f:ac:58:5a:15:46:
                    3c:c2:84:c3:a6:e0:e1:c3:06:bf:62:53:bb:43:b1:
                    57:29:c5:74:11:28:d4:e8:fc:97:a1:bc:a5:4d:ac:
                    0d:a9:6a:d1:17:d7:21:88:e3:51:d9:6c:4e:91:90:
                    20:30:6b:1f:b9:5e:a0:53:59:16:cb:ad:28:a7:a1:
                    a8:0c:e3:42:17:1d:94:e5:5d:e9:33:ce:3c:85:40:
                    65:c3:1a:da:b3:2f:90:65:4a:3c:86:61:7f:f1:63:
                    61:5c:22:8e:fb:14:e1:f1:ec:1c:af:c6:24:20:5f:
                    39:39:7c:d8:ea:ff:19:c1:98:4f:61:1c:fd:48:1a:
                    22:09:c7:62:d4:41:b8:5c:59:2a:7a:98:8b:6f:fe:
                    97:73:c8:fb:50:a1:f8:01:53:9b:f5:81:5e:f8:c3:
                    b0:3c:0d:9f:c5:7e:7a:12:98:ad:6e:b5:63:8e:2f:
                    ff:0f:b3:2a:ab:85:ca:f6:cf:42:78:53:2f:e1:4a:
                    26:70:3f:a0:59:b6:c7:91:c0:68:ab:28:f6:9e:b0:
                    88:ed:5b:d7:05:ff:7d:c6:d0:92:f3:83:a4:77:fe:
                    2c:dd:16:b2:64:97:05:60:3d:bb:7f:2d:57:ad:2e:
                    4a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:57:6F:0F:90:56:1F:18:20:3B:3F:CE:6D:C0:7A:E1:FF:36:D3:79
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139403.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.143.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:bd:b6:be:c4:19:47:10:16:00:f5:e3:fd:0a:78:07:b6:c7:
         3f:e5:0f:e6:34:c4:82:90:0f:91:f1:ba:c9:27:62:cd:ae:f8:
         f8:0b:86:53:df:7b:33:8f:d9:d6:46:e4:35:4d:20:da:36:b6:
         57:b0:1d:1f:61:a5:a5:34:35:bd:1e:42:49:e3:5f:78:71:9d:
         5a:18:f6:97:80:5a:74:ab:06:cb:4b:44:62:f2:44:ef:af:87:
         cc:76:7b:77:80:a3:1e:5e:66:ff:17:2e:2b:fb:65:11:0c:fb:
         7e:bc:25:21:ea:60:ee:ea:30:a4:e3:73:3a:ea:ac:f9:a9:6e:
         c4:cb:29:0d:ff:0a:0b:0a:b1:04:2d:ba:ed:a4:49:aa:24:35:
         3e:b3:d6:fe:3f:8a:87:38:9f:5a:7d:ca:57:17:d5:91:fe:cd:
         b7:ce:70:2b:db:8a:32:22:ac:e3:77:00:3a:d3:56:80:37:8b:
         8d:ed:37:3a:18:b1:fa:fd:2e:68:d8:d1:07:40:99:58:00:63:
         cf:61:aa:25:e4:a5:d1:81:fd:f1:7e:d2:29:fc:57:b7:ae:92:
         c4:d0:64:94:8b:1a:22:d6:66:5d:6e:72:8d:a8:fe:7a:ea:87:
         93:2a:d6:9a:d6:bc:d9:d5:3f:25:bb:20:fd:8d:7a:1f:1b:7c:
         23:5e:bd:77
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUdGEAnI5HTRlC4zJOVRgVMw4PlKAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTIzMDA0NTUwMFoX
DTI1MTIyOTA1MDAwMFowMzExMC8GA1UEAxMoRUQ1NzZGMEY5MDU2MUYxODIwM0Iz
RkNFNkRDMDdBRTFGRjM2RDM3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOXKZAMYbl+WWi9YBrfzzmuQy8vjHv70j6xYWhVGPMKEw6bg4cMGv2JTu0Ox
VynFdBEo1Oj8l6G8pU2sDalq0RfXIYjjUdlsTpGQIDBrH7leoFNZFsutKKehqAzj
QhcdlOVd6TPOPIVAZcMa2rMvkGVKPIZhf/FjYVwijvsU4fHsHK/GJCBfOTl82Or/
GcGYT2Ec/UgaIgnHYtRBuFxZKnqYi2/+l3PI+1Ch+AFTm/WBXvjDsDwNn8V+ehKY
rW61Y44v/w+zKquFyvbPQnhTL+FKJnA/oFm2x5HAaKso9p6wiO1b1wX/fcbQkvOD
pHf+LN0WsmSXBWA9u38tV60uSnsCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTtV28P
kFYfGCA7P85twHrh/zbTeTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzOTQwMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGePmjANBgkqhkiG9w0BAQsFAAOCAQEAbL22vsQZRxAWAPXj/Qp4
B7bHP+UP5jTEgpAPkfG6ySdiza74+AuGU997M4/Z1kbkNU0g2ja2V7AdH2GlpTQ1
vR5CSeNfeHGdWhj2l4BadKsGy0tEYvJE76+HzHZ7d4CjHl5m/xcuK/tlEQz7frwl
Iepg7uowpONzOuqs+aluxMspDf8KCwqxBC267aRJqiQ1PrPW/j+KhzifWn3KVxfV
kf7Nt85wK9uKMiKs43cAOtNWgDeLje03Ohix+v0uaNjRB0CZWABjz2GqJeSl0YH9
8X7SKfxXt66SxNBklIsaItZmXW5yjaj+euqHkyrWmta82dU/Jbsg/Y16Hxt8I169
dw==
-----END CERTIFICATE-----