Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141070.roa
File:                     AS141070.roa (raw, json)
Hash identifier:          VvRyLmwUCmylU2UiENvHmAIkB256HzFQQDwXYN5aUmE=
Subject key identifier:   4B:09:5A:B5:D6:6E:B4:FC:70:65:8A:E8:5C:B2:5C:E6:CA:53:E8:3F
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       4305687D1954ED6C47DF86066D95B311B877FAB9
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141070.roa
Signing time:             Tue 20 Aug 2024 03:00:00 +0000
ROA not before:           Tue 20 Aug 2024 02:55:00 +0000
ROA not after:            Tue 19 Aug 2025 03:00:00 +0000
asID:                     141070
IP address blocks:        103.165.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Feb 2025 06:34:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:05:68:7d:19:54:ed:6c:47:df:86:06:6d:95:b3:11:b8:77:fa:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Aug 20 02:55:00 2024 GMT
            Not After : Aug 19 03:00:00 2025 GMT
        Subject: CN=4B095AB5D66EB4FC70658AE85CB25CE6CA53E83F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:97:fd:26:aa:5f:81:06:7c:a4:1e:eb:72:fb:
                    e4:0f:04:75:65:53:63:b4:75:ec:57:96:3d:16:86:
                    97:ae:66:b8:ab:c7:f2:28:bf:f0:a8:51:41:5e:b9:
                    96:95:fc:1b:64:89:38:6b:44:e2:55:95:be:5a:bb:
                    68:cb:1b:9b:3f:f0:53:f1:26:18:92:3e:b1:e2:ba:
                    8a:2c:3c:bb:56:fb:17:cd:73:ce:e2:a4:95:7e:9c:
                    d1:fb:83:41:07:7d:46:04:e1:1e:ec:da:e7:53:7c:
                    7f:c5:10:d2:24:9b:91:bf:ef:3e:0c:38:a3:5d:ab:
                    b4:c4:86:d3:bd:8e:f1:76:f3:ca:1b:a4:08:ce:6b:
                    bf:b2:6a:cf:82:e9:79:93:e3:a8:dc:83:13:28:29:
                    28:c1:ec:9c:84:70:3e:dd:5c:63:3d:35:bf:1e:d2:
                    e4:44:06:aa:9d:b4:56:31:07:28:a7:c9:b7:2a:83:
                    96:04:fc:71:69:63:fb:9f:53:95:8b:14:e1:66:c3:
                    c7:d5:ff:86:ee:d6:7e:60:df:ab:63:95:7e:73:9b:
                    c5:bc:72:3d:b8:ff:92:9e:64:33:59:d1:21:8e:59:
                    c8:b1:d0:66:7b:4c:1f:98:00:d0:7a:29:8b:30:b9:
                    a4:fa:75:07:76:74:9d:48:ce:a8:b8:21:e9:05:22:
                    e5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:09:5A:B5:D6:6E:B4:FC:70:65:8A:E8:5C:B2:5C:E6:CA:53:E8:3F
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141070.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.165.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:3d:a6:12:34:3f:25:ff:3b:fb:c8:73:b7:38:e5:a7:ca:64:
         86:d3:39:5a:0a:55:3a:3c:cc:e6:36:cb:8e:15:a0:38:3a:7a:
         53:f0:2b:3d:b4:55:13:20:6b:de:04:00:77:e6:bc:91:8a:06:
         50:f6:fb:62:c8:27:28:f4:cf:51:a1:79:14:49:b3:e6:63:2b:
         4f:08:ce:3f:c7:3c:c0:1b:5c:1b:a1:1e:51:a7:fe:54:26:9a:
         ca:ab:3d:48:0a:ad:ff:09:a8:25:5f:1f:9f:44:86:23:d4:ec:
         84:73:64:0a:bb:50:fe:93:ae:52:81:0f:0d:01:e8:e2:75:6b:
         21:85:9a:de:0f:49:60:00:5a:ad:da:5a:69:9f:1a:e0:31:ac:
         5f:97:fb:17:45:fb:57:be:e9:e4:8b:9d:e2:82:fc:d4:eb:79:
         d1:54:b2:cf:e2:f2:47:1d:df:09:5a:0c:51:85:d9:70:b6:e6:
         84:90:a2:89:68:91:4f:95:ae:bb:c5:70:64:8b:79:3e:7c:a3:
         9e:09:c8:31:09:76:bf:a6:87:69:78:d7:12:7e:96:82:1e:c9:
         fd:07:07:f3:c7:3e:e6:1f:2e:10:2b:77:03:36:60:45:99:f2:
         af:96:79:40:45:d7:ee:ad:ca:48:00:8d:a5:7a:c9:ea:a2:eb:
         fb:f6:2d:5c
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUQwVofRlU7WxH34YGbZWzEbh3+rkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDgyMDAyNTUwMFoX
DTI1MDgxOTAzMDAwMFowMzExMC8GA1UEAxMoNEIwOTVBQjVENjZFQjRGQzcwNjU4
QUU4NUNCMjVDRTZDQTUzRTgzRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmX/SaqX4EGfKQe63L75A8EdWVTY7R17FeWPRaGl65muKvH8ii/8KhRQV65
lpX8G2SJOGtE4lWVvlq7aMsbmz/wU/EmGJI+seK6iiw8u1b7F81zzuKklX6c0fuD
QQd9RgThHuza51N8f8UQ0iSbkb/vPgw4o12rtMSG072O8XbzyhukCM5rv7Jqz4Lp
eZPjqNyDEygpKMHsnIRwPt1cYz01vx7S5EQGqp20VjEHKKfJtyqDlgT8cWlj+59T
lYsU4WbDx9X/hu7WfmDfq2OVfnObxbxyPbj/kp5kM1nRIY5ZyLHQZntMH5gA0Hop
izC5pPp1B3Z0nUjOqLgh6QUi5VkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRLCVq1
1m60/HBliuhcslzmylPoPzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MTA3MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGel+TANBgkqhkiG9w0BAQsFAAOCAQEAjj2mEjQ/Jf87+8hztzjl
p8pkhtM5WgpVOjzM5jbLjhWgODp6U/ArPbRVEyBr3gQAd+a8kYoGUPb7YsgnKPTP
UaF5FEmz5mMrTwjOP8c8wBtcG6EeUaf+VCaayqs9SAqt/wmoJV8fn0SGI9TshHNk
CrtQ/pOuUoEPDQHo4nVrIYWa3g9JYABardpaaZ8a4DGsX5f7F0X7V77p5Iud4oL8
1Ot50VSyz+LyRx3fCVoMUYXZcLbmhJCiiWiRT5Wuu8VwZIt5PnyjngnIMQl2v6aH
aXjXEn6Wgh7J/QcH88c+5h8uECt3AzZgRZnyr5Z5QEXX7q3KSACNpXrJ6qLr+/Yt
XA==
-----END CERTIFICATE-----