Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139950.roa
File:                     AS139950.roa (raw, json)
Hash identifier:          hpZAnqpfbYTuDMmsTvaZeHtgs9HHF1/6BVPLIwqy0a4=
Subject key identifier:   08:A7:BE:0F:8B:38:46:69:3F:99:BA:5A:79:77:74:B7:5C:81:BF:41
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       31A5712FF98EF840AF9AFBF13A4D0F7990834C11
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139950.roa
Signing time:             Mon 22 Jan 2024 05:00:00 +0000
ROA not before:           Mon 22 Jan 2024 04:55:00 +0000
ROA not after:            Mon 20 Jan 2025 05:00:00 +0000
asID:                     139950
IP address blocks:        103.147.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a5:71:2f:f9:8e:f8:40:af:9a:fb:f1:3a:4d:0f:79:90:83:4c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jan 22 04:55:00 2024 GMT
            Not After : Jan 20 05:00:00 2025 GMT
        Subject: CN=08A7BE0F8B3846693F99BA5A797774B75C81BF41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:88:07:ff:c1:39:d9:c4:23:d3:1d:ee:15:5a:
                    8e:a5:48:cd:5c:9d:60:dc:21:c1:3b:a2:2e:03:34:
                    e2:e3:0e:99:2e:4b:59:b0:ec:4e:25:60:d2:44:34:
                    a3:a3:13:b4:69:d4:54:49:33:9e:89:04:58:e2:e1:
                    d7:d5:dc:0d:64:61:44:a5:c6:d8:50:85:eb:f3:27:
                    94:5e:da:31:ee:59:ff:f7:dd:7a:5f:72:8d:24:0b:
                    16:f7:37:46:90:a0:56:99:33:a4:b7:dc:ce:02:48:
                    0d:5b:d2:8b:60:80:22:3a:01:ac:17:ef:f3:46:13:
                    61:bf:09:4e:15:c5:4a:b9:28:30:72:c7:9e:6d:a1:
                    58:9f:67:3e:af:c8:03:3c:42:fe:e1:97:ff:bd:ba:
                    bf:a6:22:46:b9:7f:ec:d3:bf:0e:fa:58:25:5a:57:
                    77:87:4d:7d:aa:bf:6a:6c:80:4d:f7:f2:bb:94:e0:
                    f5:70:a1:70:88:a8:ab:a4:4b:fb:7f:aa:9c:a6:8b:
                    1a:28:bf:6b:17:30:d4:ec:71:54:54:8e:bb:00:60:
                    6b:67:2d:42:4e:31:de:03:71:ed:6a:2d:15:18:62:
                    26:4e:bd:39:41:cd:c3:77:57:78:97:7c:ca:b3:b7:
                    24:d3:11:fe:7c:ae:f8:f2:f2:1b:97:64:2b:d4:28:
                    1f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A7:BE:0F:8B:38:46:69:3F:99:BA:5A:79:77:74:B7:5C:81:BF:41
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS139950.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.147.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ec:df:26:f8:7d:21:a2:e4:67:66:f5:df:c4:14:f3:7c:4d:
         26:20:75:86:f6:4f:47:b7:32:a3:20:5c:ce:be:f7:72:99:a7:
         a4:45:03:2d:61:76:fe:23:68:d0:79:4b:b9:6e:57:63:f3:66:
         a1:dd:77:32:cd:60:f9:9f:a5:c1:bf:07:2d:8c:13:84:e8:2f:
         c8:db:5f:dc:22:0a:7f:b4:b1:12:64:39:1a:00:e8:62:c8:52:
         05:a9:7d:7c:79:d9:18:c2:df:5f:86:9d:30:2d:b5:dc:d1:68:
         3e:a9:59:3c:67:ea:51:dc:ab:83:86:d7:94:eb:63:f3:a4:db:
         83:38:c2:53:90:af:90:85:06:52:74:0e:0c:04:1d:67:88:b0:
         d3:6d:fa:ed:81:a4:66:a8:4f:22:81:6a:0f:04:a4:9e:e2:5e:
         d4:27:3f:77:cb:ef:5f:d3:78:74:ce:73:25:65:a5:f8:9f:e9:
         d7:d0:f9:aa:f3:13:8c:ca:5e:d3:f7:7e:00:2e:16:ce:5c:70:
         ab:8b:46:9c:75:4b:b4:b3:2d:9d:08:c1:95:d2:9b:de:c6:07:
         07:74:e5:79:76:dd:8e:9e:ee:ef:77:36:2f:88:9b:e0:99:fa:
         b3:dd:b1:40:c6:c2:5b:6a:9e:7b:b5:13:79:83:11:d9:74:2e:
         a8:e6:75:73
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUMaVxL/mO+ECvmvvxOk0PeZCDTBEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDEyMjA0NTUwMFoX
DTI1MDEyMDA1MDAwMFowMzExMC8GA1UEAxMoMDhBN0JFMEY4QjM4NDY2OTNGOTlC
QTVBNzk3Nzc0Qjc1QzgxQkY0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSIB//BOdnEI9Md7hVajqVIzVydYNwhwTuiLgM04uMOmS5LWbDsTiVg0kQ0
o6MTtGnUVEkznokEWOLh19XcDWRhRKXG2FCF6/MnlF7aMe5Z//fdel9yjSQLFvc3
RpCgVpkzpLfczgJIDVvSi2CAIjoBrBfv80YTYb8JThXFSrkoMHLHnm2hWJ9nPq/I
AzxC/uGX/726v6YiRrl/7NO/DvpYJVpXd4dNfaq/amyATffyu5Tg9XChcIioq6RL
+3+qnKaLGii/axcw1OxxVFSOuwBga2ctQk4x3gNx7WotFRhiJk69OUHNw3dXeJd8
yrO3JNMR/nyu+PLyG5dkK9QoHzUCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQIp74P
izhGaT+Zulp5d3S3XIG/QTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzOTk1MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGeTRDANBgkqhkiG9w0BAQsFAAOCAQEAOuzfJvh9IaLkZ2b138QU
83xNJiB1hvZPR7cyoyBczr73cpmnpEUDLWF2/iNo0HlLuW5XY/Nmod13Ms1g+Z+l
wb8HLYwThOgvyNtf3CIKf7SxEmQ5GgDoYshSBal9fHnZGMLfX4adMC213NFoPqlZ
PGfqUdyrg4bXlOtj86TbgzjCU5CvkIUGUnQODAQdZ4iw02367YGkZqhPIoFqDwSk
nuJe1Cc/d8vvX9N4dM5zJWWl+J/p19D5qvMTjMpe0/d+AC4Wzlxwq4tGnHVLtLMt
nQjBldKb3sYHB3TleXbdjp7u73c2L4ib4Jn6s92xQMbCW2qee7UTeYMR2XQuqOZ1
cw==
-----END CERTIFICATE-----