Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142349.roa
File:                     AS142349.roa (raw, json)
Hash identifier:          4SAE8y0AR4vyulK9SZFMkioU7DCl20GbvKbm9kq8GRw=
Subject key identifier:   10:98:C0:BB:54:D2:3C:68:43:7E:14:98:A1:4D:35:BF:BD:94:C9:13
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       3C79D85246C56B9EA346642D6CCD81796424375E
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142349.roa
Signing time:             Thu 02 Jan 2025 08:54:41 +0000
ROA not before:           Thu 02 Jan 2025 08:49:41 +0000
ROA not after:            Thu 01 Jan 2026 08:54:41 +0000
asID:                     142349
IP address blocks:        103.169.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:79:d8:52:46:c5:6b:9e:a3:46:64:2d:6c:cd:81:79:64:24:37:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Jan  2 08:49:41 2025 GMT
            Not After : Jan  1 08:54:41 2026 GMT
        Subject: CN=1098C0BB54D23C68437E1498A14D35BFBD94C913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ee:21:7d:ac:1f:b0:c7:b0:ea:dc:31:b9:3d:
                    33:88:19:e1:f6:54:19:78:ec:50:7e:38:a7:8e:2f:
                    0e:f2:fd:77:e8:3d:ea:47:d0:96:3c:65:1e:7f:a0:
                    00:35:9d:b3:53:25:b5:c9:27:e9:9d:60:56:95:e0:
                    f6:11:8a:19:99:1b:9a:b4:66:7f:dd:b9:bc:34:67:
                    28:32:e1:3e:06:d6:0b:07:56:26:11:4b:d9:14:f9:
                    89:0b:5a:8f:b5:17:0e:67:e9:f1:f3:1b:66:a5:38:
                    f2:aa:37:81:bc:19:43:5e:a3:e4:ef:39:df:0f:87:
                    99:f8:64:ef:cb:dd:0c:3d:8b:2e:41:63:74:ac:c9:
                    e4:a3:30:d8:67:ed:5c:85:f5:1a:30:42:b6:08:39:
                    0d:f3:2d:67:bc:6e:0f:f6:e0:e3:61:b1:cb:06:b0:
                    85:2d:48:ce:b8:69:cb:e6:47:9e:14:fe:62:45:b3:
                    6f:e4:8b:2c:67:91:06:00:5d:6b:17:d8:14:35:c2:
                    43:b8:cc:44:e8:36:c5:8d:43:4f:45:b9:d9:f8:7f:
                    07:65:27:d6:21:8f:cc:b8:45:ec:76:5f:0a:bd:a2:
                    85:a9:8a:ba:5e:41:d4:17:cd:be:79:83:8f:0f:32:
                    0e:fc:0e:ab:3a:f1:7f:f0:d2:c7:91:1e:23:c0:f9:
                    f9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:98:C0:BB:54:D2:3C:68:43:7E:14:98:A1:4D:35:BF:BD:94:C9:13
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142349.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.169.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:88:5c:f7:e3:64:e2:5d:85:4c:eb:72:3e:47:c2:58:ce:c8:
         9a:d9:b9:bb:f3:26:00:42:2f:b2:eb:45:04:cc:7e:21:f9:89:
         88:d7:dc:3d:b7:49:73:93:85:35:53:e4:4e:c1:41:28:59:15:
         79:5d:86:b1:9d:ca:cc:2b:f0:d3:15:ee:80:96:45:74:dc:7d:
         c6:9a:63:7b:04:3f:d9:71:6a:d4:4e:97:f6:5a:1e:7e:ac:0d:
         60:e2:e6:d7:9e:90:00:1a:e9:78:86:c6:16:ff:0f:d1:f9:13:
         46:10:57:53:fb:53:8f:ac:aa:8f:71:7c:5c:29:fb:1d:cf:a4:
         45:c6:5b:fa:88:94:49:be:3f:15:fc:bd:73:c6:1e:9b:8f:bf:
         31:58:e8:47:6f:a2:8f:78:75:e1:0e:b1:71:82:05:0c:2a:ca:
         04:0d:1d:63:b2:d1:e8:6b:ec:13:19:d0:b3:74:2f:1c:07:51:
         85:a9:21:6d:7d:6b:86:42:e5:e4:b0:59:2d:b0:f2:1c:02:c4:
         2b:3a:e0:5b:64:38:43:a9:c2:5b:e8:9e:52:3d:3b:f1:db:01:
         fc:c6:55:a8:c9:b6:97:8a:5c:06:eb:6e:0b:ef:50:94:8e:94:
         81:16:93:73:a1:47:23:eb:ce:77:e7:a7:ab:34:79:73:0a:25:
         3c:82:42:02
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUPHnYUkbFa56jRmQtbM2BeWQkN14wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDEwMjA4NDk0MVoX
DTI2MDEwMTA4NTQ0MVowMzExMC8GA1UEAxMoMTA5OEMwQkI1NEQyM0M2ODQzN0Ux
NDk4QTE0RDM1QkZCRDk0QzkxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOruIX2sH7DHsOrcMbk9M4gZ4fZUGXjsUH44p44vDvL9d+g96kfQljxlHn+g
ADWds1Mltckn6Z1gVpXg9hGKGZkbmrRmf925vDRnKDLhPgbWCwdWJhFL2RT5iQta
j7UXDmfp8fMbZqU48qo3gbwZQ16j5O853w+Hmfhk78vdDD2LLkFjdKzJ5KMw2Gft
XIX1GjBCtgg5DfMtZ7xuD/bg42GxywawhS1Izrhpy+ZHnhT+YkWzb+SLLGeRBgBd
axfYFDXCQ7jMROg2xY1DT0W52fh/B2Un1iGPzLhF7HZfCr2ihamKul5B1BfNvnmD
jw8yDvwOqzrxf/DSx5EeI8D5+XsCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQQmMC7
VNI8aEN+FJihTTW/vZTJEzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MjM0OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGepRzANBgkqhkiG9w0BAQsFAAOCAQEAUIhc9+Nk4l2FTOtyPkfC
WM7Imtm5u/MmAEIvsutFBMx+IfmJiNfcPbdJc5OFNVPkTsFBKFkVeV2GsZ3KzCvw
0xXugJZFdNx9xppjewQ/2XFq1E6X9loefqwNYOLm156QABrpeIbGFv8P0fkTRhBX
U/tTj6yqj3F8XCn7Hc+kRcZb+oiUSb4/Ffy9c8Yem4+/MVjoR2+ij3h14Q6xcYIF
DCrKBA0dY7LR6GvsExnQs3QvHAdRhakhbX1rhkLl5LBZLbDyHALEKzrgW2Q4Q6nC
W+ieUj078dsB/MZVqMm2l4pcButuC+9QlI6UgRaTc6FHI+vOd+enqzR5cwolPIJC
Ag==
-----END CERTIFICATE-----