Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS140407.roa
File:                     AS140407.roa (raw, json)
Hash identifier:          LEH8KiA8dwiO9I9ORd9mgXijwoffzfd8MnVQIEWP6D8=
Subject key identifier:   72:ED:AF:F7:85:AE:38:ED:7A:5E:0A:37:60:ED:6C:6F:76:A6:D9:15
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       6236C4DA54245322730ADB65182B322652C8ACB6
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS140407.roa
Signing time:             Fri 07 Mar 2025 04:00:00 +0000
ROA not before:           Fri 07 Mar 2025 03:55:00 +0000
ROA not after:            Fri 06 Mar 2026 04:00:00 +0000
asID:                     140407
IP address blocks:        2001:df1:3fc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:36:c4:da:54:24:53:22:73:0a:db:65:18:2b:32:26:52:c8:ac:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Mar  7 03:55:00 2025 GMT
            Not After : Mar  6 04:00:00 2026 GMT
        Subject: CN=72EDAFF785AE38ED7A5E0A3760ED6C6F76A6D915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:49:d1:3c:b0:c4:fc:8e:10:df:12:19:95:
                    a5:b5:3a:41:2c:b2:a9:cf:77:a2:51:df:13:9a:91:
                    42:38:b7:b3:5d:59:52:99:e8:56:1a:25:4a:87:ed:
                    ee:ae:3e:33:e3:7d:e6:49:bc:b9:43:a6:b9:6d:a5:
                    75:7f:96:93:bc:69:c1:9f:fb:d4:26:74:99:4c:00:
                    4a:8f:3c:21:ca:69:a7:ad:be:da:65:80:fd:82:e0:
                    35:cc:fe:6a:f6:1f:2d:de:9f:40:4b:a9:57:3c:46:
                    d0:a8:3f:57:51:4f:b4:7c:2d:e5:bf:a9:58:b9:39:
                    f5:a2:f8:0c:59:a1:a4:78:a2:5d:39:80:c5:60:0d:
                    e2:fa:67:4e:08:0b:c6:5b:f0:a1:1c:13:2e:32:ec:
                    80:59:48:68:7a:b6:20:4a:fa:d0:33:52:3a:f7:a0:
                    b3:ce:ce:a9:b6:a7:ee:ec:81:a7:ab:7f:85:f1:f9:
                    a5:0e:8c:93:74:57:83:4c:61:57:de:d5:1c:35:eb:
                    1b:23:62:36:ac:8a:16:44:29:66:75:53:1f:63:b7:
                    76:2c:69:fd:2f:49:22:2c:49:c2:5b:41:d1:05:a7:
                    4e:ad:32:1a:09:f2:32:d9:ea:6d:ea:07:a6:58:f6:
                    f6:d5:2f:79:ab:d9:d7:01:08:4b:b3:aa:10:63:b3:
                    af:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:ED:AF:F7:85:AE:38:ED:7A:5E:0A:37:60:ED:6C:6F:76:A6:D9:15
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS140407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:3fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:7f:0d:c2:ad:4f:a6:b7:85:98:2b:5f:88:d3:ce:03:91:a0:
         d0:2a:c3:b0:11:5b:d6:01:4a:d1:0f:22:83:40:da:29:c0:a8:
         7c:28:3b:81:a7:a7:22:c4:fb:a9:06:78:c9:61:af:ec:5e:13:
         24:16:fe:93:2e:a4:e7:74:61:18:00:b3:e8:de:f5:04:79:22:
         56:5d:da:94:69:f9:2b:78:84:f6:35:19:77:9f:e0:31:d2:29:
         80:cd:76:11:87:e3:2b:a4:d5:26:4e:6f:ac:68:0d:16:cb:c4:
         9c:49:68:8f:d0:08:54:df:c5:6b:db:6c:22:06:68:bc:80:22:
         a9:fa:f5:ba:5b:81:d1:52:99:5f:76:06:b9:c4:f3:b0:1c:b5:
         f9:5e:95:7f:e7:5a:fc:77:e8:16:9a:e2:bf:76:5b:e5:fa:26:
         c8:fc:e4:21:3b:53:00:db:cf:ad:a1:62:69:e8:3c:e7:78:43:
         6a:42:cf:1a:55:bb:38:59:46:00:16:8b:84:ec:07:79:87:dd:
         e8:dd:03:97:b1:6c:85:f0:68:49:f9:8e:56:b2:e6:5e:27:47:
         e5:b6:3d:f4:da:67:96:32:5d:0b:95:6b:3f:d0:1b:11:81:f6:
         de:9a:d8:7e:e1:9a:c2:c7:c6:f6:27:71:f8:c3:6c:3b:c3:f3:
         2f:d8:94:66
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUYjbE2lQkUyJzCttlGCsyJlLIrLYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDMwNzAzNTUwMFoX
DTI2MDMwNjA0MDAwMFowMzExMC8GA1UEAxMoNzJFREFGRjc4NUFFMzhFRDdBNUUw
QTM3NjBFRDZDNkY3NkE2RDkxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuMSdE8sMT8jhDfEhmVpbU6QSyyqc93olHfE5qRQji3s11ZUpnoVholSoft
7q4+M+N95km8uUOmuW2ldX+Wk7xpwZ/71CZ0mUwASo88Icppp62+2mWA/YLgNcz+
avYfLd6fQEupVzxG0Kg/V1FPtHwt5b+pWLk59aL4DFmhpHiiXTmAxWAN4vpnTggL
xlvwoRwTLjLsgFlIaHq2IEr60DNSOvegs87Oqban7uyBp6t/hfH5pQ6Mk3RXg0xh
V97VHDXrGyNiNqyKFkQpZnVTH2O3dixp/S9JIixJwltB0QWnTq0yGgnyMtnqbeoH
plj29tUveavZ1wEIS7OqEGOzrysCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRy7a/3
ha447XpeCjdg7WxvdqbZFTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MDQwNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfE/wDANBgkqhkiG9w0BAQsFAAOCAQEAlX8Nwq1PpreFmCtf
iNPOA5Gg0CrDsBFb1gFK0Q8ig0DaKcCofCg7gaenIsT7qQZ4yWGv7F4TJBb+ky6k
53RhGACz6N71BHkiVl3alGn5K3iE9jUZd5/gMdIpgM12EYfjK6TVJk5vrGgNFsvE
nEloj9AIVN/Fa9tsIgZovIAiqfr1uluB0VKZX3YGucTzsBy1+V6Vf+da/HfoFpri
v3Zb5fomyPzkITtTANvPraFiaeg853hDakLPGlW7OFlGABaLhOwHeYfd6N0Dl7Fs
hfBoSfmOVrLmXidH5bY99NpnljJdC5VrP9AbEYH23prYfuGawsfG9idx+MNsO8Pz
L9iUZg==
-----END CERTIFICATE-----