Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142389.roa
File:                     AS142389.roa (raw, json)
Hash identifier:          9Y8JLLdwufY4X85X5JSs+ag4CNnwFa4CK2bnIIOzkGM=
Subject key identifier:   A0:71:62:32:97:1D:75:FB:60:1E:D3:E8:BB:E5:82:1A:AA:D0:38:B2
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       697C710D995C350708CE8C89760B0182981899F3
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142389.roa
Signing time:             Tue 31 Dec 2024 17:00:00 +0000
ROA not before:           Tue 31 Dec 2024 16:55:00 +0000
ROA not after:            Tue 30 Dec 2025 17:00:00 +0000
asID:                     142389
IP address blocks:        103.172.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:7c:71:0d:99:5c:35:07:08:ce:8c:89:76:0b:01:82:98:18:99:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Dec 31 16:55:00 2024 GMT
            Not After : Dec 30 17:00:00 2025 GMT
        Subject: CN=A0716232971D75FB601ED3E8BBE5821AAAD038B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:92:ae:00:cf:96:8c:dd:9b:56:6f:20:84:1d:
                    26:75:46:98:25:e2:99:be:93:44:f2:20:27:2b:3d:
                    f4:4d:3f:f8:8d:15:5c:54:d1:e7:4f:52:58:51:4b:
                    83:72:51:c0:60:a1:fb:19:c8:fb:8c:09:8f:aa:49:
                    e6:ef:3b:7a:d3:11:46:07:ac:bb:e0:24:51:c3:24:
                    ef:45:e0:f3:6f:fd:92:bb:ff:71:77:a0:4c:fd:e8:
                    57:a3:bb:6e:6f:e8:73:f9:e9:16:ac:12:3c:85:87:
                    9a:13:73:41:4d:89:cc:eb:94:c7:ab:cd:d0:25:ed:
                    53:66:5e:a5:42:45:5f:c9:a9:4e:1c:db:d3:fe:38:
                    21:64:ac:e8:d2:74:36:47:f4:01:3b:e8:41:39:b3:
                    09:d3:cc:19:cc:3e:d0:76:c4:59:24:88:11:22:47:
                    9c:f9:4a:60:09:5f:00:c5:88:a7:c5:d6:16:e6:da:
                    2d:a6:c0:ea:ea:d1:79:e3:3d:ff:00:f9:f3:1c:22:
                    c6:14:51:19:a3:f4:b7:dd:14:23:c1:6c:bd:ef:81:
                    b9:e5:74:32:b3:49:62:51:63:9c:df:fb:e0:76:8f:
                    00:ee:68:49:c8:a9:f8:8d:ba:35:c0:3d:aa:34:31:
                    57:b2:4c:44:f8:cd:ee:17:bc:a6:82:6a:fa:ea:8c:
                    04:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:71:62:32:97:1D:75:FB:60:1E:D3:E8:BB:E5:82:1A:AA:D0:38:B2
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS142389.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:12:5d:6a:85:62:07:72:4b:76:0b:40:54:34:85:57:67:20:
         44:c1:33:27:cd:c6:25:30:0d:a0:29:4f:e0:6d:77:95:18:32:
         61:b9:a4:23:b0:4b:5c:5e:10:75:3a:a4:85:be:94:4a:9f:fc:
         81:46:de:2e:c2:c9:f0:e9:d4:45:35:c0:8b:34:0d:be:6d:a5:
         5d:c2:b3:38:d2:4f:7a:47:7e:16:a5:05:e0:79:9f:58:65:d1:
         c7:57:de:57:83:61:71:be:a3:79:02:16:a8:e0:4f:47:8d:64:
         e7:1a:0f:e0:71:32:0b:03:9f:dc:a6:89:50:ae:17:36:79:0c:
         4c:94:21:19:d4:20:ad:8c:d2:97:03:d8:84:b3:5f:e2:c6:4b:
         1f:3a:ed:92:5e:93:68:ba:98:72:20:fd:3c:28:b6:30:61:a4:
         fe:cc:0a:bf:db:bd:f2:1e:c4:7d:0b:2c:e0:99:60:9a:f9:17:
         d1:71:cf:4b:a9:0a:8b:46:f3:49:6e:fc:92:57:bb:95:ba:11:
         6d:67:34:14:6d:20:42:bc:d3:81:41:11:60:32:de:63:69:d6:
         11:94:63:81:f9:20:3e:d1:55:c5:7f:0f:28:22:ce:62:f9:af:
         40:8c:40:4c:92:3c:85:c7:60:f0:17:9b:46:ef:90:72:26:49:
         75:6c:e9:01
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUaXxxDZlcNQcIzoyJdgsBgpgYmfMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTIzMTE2NTUwMFoX
DTI1MTIzMDE3MDAwMFowMzExMC8GA1UEAxMoQTA3MTYyMzI5NzFENzVGQjYwMUVE
M0U4QkJFNTgyMUFBQUQwMzhCMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMOSrgDPlozdm1ZvIIQdJnVGmCXimb6TRPIgJys99E0/+I0VXFTR509SWFFL
g3JRwGCh+xnI+4wJj6pJ5u87etMRRgesu+AkUcMk70Xg82/9krv/cXegTP3oV6O7
bm/oc/npFqwSPIWHmhNzQU2JzOuUx6vN0CXtU2ZepUJFX8mpThzb0/44IWSs6NJ0
Nkf0ATvoQTmzCdPMGcw+0HbEWSSIESJHnPlKYAlfAMWIp8XWFubaLabA6urReeM9
/wD58xwixhRRGaP0t90UI8Fsve+BueV0MrNJYlFjnN/74HaPAO5oScip+I26NcA9
qjQxV7JMRPjN7he8poJq+uqMBNECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSgcWIy
lx11+2Ae0+i75YIaqtA4sjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MjM4OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGeskDANBgkqhkiG9w0BAQsFAAOCAQEAmhJdaoViB3JLdgtAVDSF
V2cgRMEzJ83GJTANoClP4G13lRgyYbmkI7BLXF4QdTqkhb6USp/8gUbeLsLJ8OnU
RTXAizQNvm2lXcKzONJPekd+FqUF4HmfWGXRx1feV4Nhcb6jeQIWqOBPR41k5xoP
4HEyCwOf3KaJUK4XNnkMTJQhGdQgrYzSlwPYhLNf4sZLHzrtkl6TaLqYciD9PCi2
MGGk/swKv9u98h7EfQss4JlgmvkX0XHPS6kKi0bzSW78kle7lboRbWc0FG0gQrzT
gUERYDLeY2nWEZRjgfkgPtFVxX8PKCLOYvmvQIxATJI8hcdg8BebRu+QciZJdWzp
AQ==
-----END CERTIFICATE-----