Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149690.roa
File:                     AS149690.roa (raw, json)
Hash identifier:          yVO5LadKpi08kbxFu8NkK9XUlmMDaKfJN7lAw8nXD3s=
Subject key identifier:   DA:FB:55:C0:76:86:6D:05:5D:29:35:87:47:85:BB:05:5A:7A:B9:BE
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       77EB8D369428C5EB065B43203A77DFFE9B4C5598
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149690.roa
Signing time:             Tue 06 May 2025 04:00:00 +0000
ROA not before:           Tue 06 May 2025 03:55:00 +0000
ROA not after:            Tue 05 May 2026 04:00:00 +0000
asID:                     149690
IP address blocks:        2001:df1:1340::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 07 Jun 2025 03:41:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:eb:8d:36:94:28:c5:eb:06:5b:43:20:3a:77:df:fe:9b:4c:55:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: May  6 03:55:00 2025 GMT
            Not After : May  5 04:00:00 2026 GMT
        Subject: CN=DAFB55C076866D055D2935874785BB055A7AB9BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:b7:46:92:02:f1:49:26:ac:26:33:29:e3:
                    4b:b8:a7:c7:48:ea:20:2a:9a:48:c9:db:2f:42:49:
                    b6:76:da:bb:06:c5:a4:18:92:c2:e1:1e:0c:88:a5:
                    10:41:9b:8f:e6:3d:eb:bd:95:db:84:b4:c0:6a:3d:
                    b7:74:b8:e6:0b:9b:b2:d5:b1:5b:06:34:a3:1d:de:
                    a3:9e:fb:7f:46:bc:31:63:dc:ab:d5:a1:2e:64:68:
                    45:e2:0e:d4:b5:a6:82:b6:0b:14:f8:37:97:ad:e7:
                    b2:45:f0:f4:71:e2:06:99:a0:fb:a5:23:6c:da:6f:
                    cb:86:34:3a:38:a2:36:13:d8:24:de:34:f7:1a:6f:
                    25:75:3b:5a:82:7a:98:75:8a:12:32:57:df:cd:a4:
                    ad:69:87:99:9f:b8:c8:2b:72:90:c6:c5:b3:62:db:
                    ed:6e:ea:8c:c3:8a:00:03:ef:4f:a5:54:14:ef:fc:
                    18:02:7a:3d:fd:52:2e:a2:bd:42:39:f3:46:8f:5c:
                    5b:84:d2:b1:10:31:9c:ef:63:d7:7f:4d:d1:7e:b4:
                    3a:a4:99:26:23:ac:0a:1d:69:0f:12:cf:4d:17:3d:
                    e6:86:48:51:67:2d:55:cb:90:09:fd:3f:b4:d3:7b:
                    65:ea:90:3b:78:10:15:97:f1:e0:b8:c0:2d:98:ec:
                    21:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:FB:55:C0:76:86:6D:05:5D:29:35:87:47:85:BB:05:5A:7A:B9:BE
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:1340::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:46:75:6f:ae:cb:29:60:19:0b:42:66:78:a5:99:30:08:7c:
         87:f5:53:40:f7:35:7a:ba:1e:c0:81:89:d2:98:8d:2b:89:f5:
         eb:3d:c9:7e:55:68:ea:4d:2b:df:0c:df:cd:56:e0:df:9b:68:
         ce:3a:74:de:be:e6:65:6c:0a:46:4c:24:b1:eb:fb:9a:25:45:
         86:d2:55:a2:12:26:84:35:f3:55:8a:ed:28:3a:0e:a7:2f:ed:
         a0:ed:2e:0a:52:cf:4b:88:e4:bc:13:bc:54:8a:3d:a3:73:b0:
         f4:3d:72:62:12:63:1f:9d:0d:5e:90:e2:b6:43:ab:bc:37:c9:
         a6:2d:eb:5e:89:6a:bd:e7:a3:fc:8e:32:83:ed:a6:c2:53:50:
         13:62:db:fb:7b:cf:03:e0:52:f3:b0:8a:31:a1:bb:f4:d4:a9:
         e8:3c:06:be:95:8f:1e:68:83:39:39:cd:71:e8:9e:49:ce:9f:
         e2:db:af:19:56:96:98:04:b0:bf:bf:d5:dd:e6:b6:1d:39:89:
         5c:70:8d:0b:78:24:71:f1:39:8d:55:71:44:0e:da:c7:1a:6d:
         51:87:0a:fe:47:65:86:44:c7:86:c4:a4:3e:23:4a:cb:a6:79:
         de:80:9e:f3:04:bd:2f:a2:2d:45:20:e1:9d:34:2f:7b:e3:5c:
         5a:0a:7a:00
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUd+uNNpQoxesGW0MgOnff/ptMVZgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDUwNjAzNTUwMFoX
DTI2MDUwNTA0MDAwMFowMzExMC8GA1UEAxMoREFGQjU1QzA3Njg2NkQwNTVEMjkz
NTg3NDc4NUJCMDU1QTdBQjlCRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuMt0aSAvFJJqwmMynjS7inx0jqICqaSMnbL0JJtnbauwbFpBiSwuEeDIil
EEGbj+Y9672V24S0wGo9t3S45gubstWxWwY0ox3eo577f0a8MWPcq9WhLmRoReIO
1LWmgrYLFPg3l63nskXw9HHiBpmg+6UjbNpvy4Y0OjiiNhPYJN409xpvJXU7WoJ6
mHWKEjJX382krWmHmZ+4yCtykMbFs2Lb7W7qjMOKAAPvT6VUFO/8GAJ6Pf1SLqK9
QjnzRo9cW4TSsRAxnO9j139N0X60OqSZJiOsCh1pDxLPTRc95oZIUWctVcuQCf0/
tNN7ZeqQO3gQFZfx4LjALZjsIbECAwEAAaOCAdMwggHPMB0GA1UdDgQWBBTa+1XA
doZtBV0pNYdHhbsFWnq5vjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTY5MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfETQDANBgkqhkiG9w0BAQsFAAOCAQEAS0Z1b67LKWAZC0Jm
eKWZMAh8h/VTQPc1eroewIGJ0piNK4n16z3JflVo6k0r3wzfzVbg35tozjp03r7m
ZWwKRkwksev7miVFhtJVohImhDXzVYrtKDoOpy/toO0uClLPS4jkvBO8VIo9o3Ow
9D1yYhJjH50NXpDitkOrvDfJpi3rXolqveej/I4yg+2mwlNQE2Lb+3vPA+BS87CK
MaG79NSp6DwGvpWPHmiDOTnNceieSc6f4tuvGVaWmASwv7/V3ea2HTmJXHCNC3gk
cfE5jVVxRA7axxptUYcK/kdlhkTHhsSkPiNKy6Z53oCe8wS9L6ItRSDhnTQve+Nc
Wgp6AA==
-----END CERTIFICATE-----