Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149324.roa
File:                     AS149324.roa (raw, json)
Hash identifier:          rkl7sied/CCyLH3MlRJJGdFIzLwaO751GoKnd5qChY4=
Subject key identifier:   67:C4:36:C0:F5:EC:46:CF:0C:E4:E5:19:B5:8E:1D:A9:9A:3E:C7:E9
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       1FE83CEED833200C9F1D477822ECB52DA5ECE297
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149324.roa
Signing time:             Wed 24 Apr 2024 04:14:36 +0000
ROA not before:           Wed 24 Apr 2024 04:09:36 +0000
ROA not after:            Wed 23 Apr 2025 04:14:36 +0000
asID:                     149324
IP address blocks:        2001:df0:5dc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:e8:3c:ee:d8:33:20:0c:9f:1d:47:78:22:ec:b5:2d:a5:ec:e2:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Apr 24 04:09:36 2024 GMT
            Not After : Apr 23 04:14:36 2025 GMT
        Subject: CN=67C436C0F5EC46CF0CE4E519B58E1DA99A3EC7E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fa:25:c7:e3:68:31:ab:ea:da:df:b5:75:46:
                    6b:6c:f2:8b:50:7d:f0:be:a2:d3:e8:43:24:46:b5:
                    fc:1d:09:35:99:d3:a6:2e:c4:66:f2:72:28:46:08:
                    15:98:c1:be:cc:05:40:54:92:4f:66:db:67:16:7f:
                    4b:12:b1:9f:6f:ed:5d:08:40:25:46:fb:bb:1a:eb:
                    68:6a:b7:41:44:bc:8f:61:6a:fc:12:be:d2:a5:5c:
                    3b:d1:78:29:46:08:55:36:34:2f:cf:26:ed:39:43:
                    df:0b:54:af:03:40:09:3a:8f:0b:cd:14:ba:7b:84:
                    c5:86:44:d4:8e:20:c1:18:15:c3:c5:f8:d1:15:d2:
                    cc:a6:6a:2a:53:16:1f:93:5f:eb:fa:6b:dc:dd:f9:
                    ee:c9:40:75:30:0f:7e:6c:52:ee:45:2c:ae:a2:5a:
                    29:ae:6b:58:ee:34:9b:ab:a7:be:a4:84:fe:6e:a0:
                    c2:84:20:36:ff:09:5a:6b:98:63:ad:16:b7:61:41:
                    8f:b2:11:f8:23:7f:31:5d:af:4b:55:83:72:cb:9d:
                    a4:8b:8b:c6:75:bd:40:73:d9:b1:54:d4:28:73:e5:
                    b2:89:b0:10:df:09:8c:86:09:b6:ad:4f:e9:7b:41:
                    65:a8:ef:6f:ac:5a:c6:fb:ac:cb:db:4c:ed:8b:47:
                    f8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C4:36:C0:F5:EC:46:CF:0C:E4:E5:19:B5:8E:1D:A9:9A:3E:C7:E9
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149324.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:5dc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:30:1b:96:1d:1f:f6:c0:b1:23:7a:61:b5:d9:41:0f:d8:8a:
         31:45:02:80:18:76:cd:b8:23:b8:4d:22:07:b6:e4:03:20:43:
         b8:a7:5b:8a:69:2b:8a:0c:0f:c3:b1:9a:42:12:e0:b0:0d:91:
         46:d8:1b:54:5f:06:81:50:e1:f3:83:d5:0b:ae:d6:a7:e2:1c:
         cf:da:c2:f5:c7:01:9e:b5:a1:40:aa:5c:37:de:ef:66:e2:69:
         48:95:94:39:e8:a9:3e:7b:fd:b3:6d:c9:be:58:82:bd:f8:f6:
         da:55:31:6d:25:45:db:5b:cb:8c:4c:da:82:36:49:94:45:50:
         6a:93:7d:df:9d:86:b9:ca:6c:f4:ba:08:cd:5c:7a:e7:8c:42:
         76:a5:62:e7:bd:2a:c8:4c:4c:16:eb:b6:eb:b1:56:d6:18:ac:
         7f:c3:09:7d:1c:bc:77:de:b3:32:13:d6:e7:7a:c4:32:c8:27:
         97:65:9a:83:b3:dc:ff:3d:18:b9:9a:aa:71:5f:55:8d:d0:85:
         85:40:ed:66:cf:f2:36:cd:3e:c1:aa:1b:45:3e:45:cd:c5:3a:
         3c:f1:f1:ca:9c:a1:86:9a:65:eb:85:73:7f:5e:9a:e6:69:31:
         9d:3f:23:f9:55:5e:f6:a0:28:b8:0e:e5:45:14:1b:7f:8e:1d:
         7d:37:0c:c6
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUH+g87tgzIAyfHUd4Iuy1LaXs4pcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDQyNDA0MDkzNloX
DTI1MDQyMzA0MTQzNlowMzExMC8GA1UEAxMoNjdDNDM2QzBGNUVDNDZDRjBDRTRF
NTE5QjU4RTFEQTk5QTNFQzdFOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJz6JcfjaDGr6trftXVGa2zyi1B98L6i0+hDJEa1/B0JNZnTpi7EZvJyKEYI
FZjBvswFQFSST2bbZxZ/SxKxn2/tXQhAJUb7uxrraGq3QUS8j2Fq/BK+0qVcO9F4
KUYIVTY0L88m7TlD3wtUrwNACTqPC80UunuExYZE1I4gwRgVw8X40RXSzKZqKlMW
H5Nf6/pr3N357slAdTAPfmxS7kUsrqJaKa5rWO40m6unvqSE/m6gwoQgNv8JWmuY
Y60Wt2FBj7IR+CN/MV2vS1WDcsudpIuLxnW9QHPZsVTUKHPlsomwEN8JjIYJtq1P
6XtBZajvb6xaxvusy9tM7YtH+J0CAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRnxDbA
9exGzwzk5Rm1jh2pmj7H6TAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTMyNC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfBdwDANBgkqhkiG9w0BAQsFAAOCAQEAIjAblh0f9sCxI3ph
tdlBD9iKMUUCgBh2zbgjuE0iB7bkAyBDuKdbimkrigwPw7GaQhLgsA2RRtgbVF8G
gVDh84PVC67Wp+Icz9rC9ccBnrWhQKpcN97vZuJpSJWUOeipPnv9s23JvliCvfj2
2lUxbSVF21vLjEzagjZJlEVQapN9352Gucps9LoIzVx654xCdqVi570qyExMFuu2
67FW1hisf8MJfRy8d96zMhPW53rEMsgnl2Wag7Pc/z0YuZqqcV9VjdCFhUDtZs/y
Ns0+waobRT5FzcU6PPHxypyhhppl64Vzf16a5mkxnT8j+VVe9qAouA7lRRQbf44d
fTcMxg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:14:28 2024 by rpki-client on console-ams.rpki-client.org