Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149707.roa
File:                     AS149707.roa (raw, json)
Hash identifier:          VOdjRmqvIk8FeTxZvQtjYPq4BwCQUKBejq4s6R2w0nQ=
Subject key identifier:   66:A5:4D:F2:CC:4B:EB:1F:70:7F:E8:4B:61:DC:89:B1:76:88:81:61
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       4BA01CDFECEA5620CCB36FE12AAD91F7C686BF4F
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149707.roa
Signing time:             Mon 23 Jun 2025 04:00:00 +0000
ROA not before:           Mon 23 Jun 2025 03:55:00 +0000
ROA not after:            Mon 22 Jun 2026 04:00:00 +0000
asID:                     149707
IP address blocks:        2001:df1:ee40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 01 Nov 2025 23:39:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a0:1c:df:ec:ea:56:20:cc:b3:6f:e1:2a:ad:91:f7:c6:86:bf:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jun 23 03:55:00 2025 GMT
            Not After : Jun 22 04:00:00 2026 GMT
        Subject: CN=66A54DF2CC4BEB1F707FE84B61DC89B176888161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:49:57:05:2b:de:74:0a:ff:c8:f4:4d:f2:
                    7d:c9:c7:8e:4f:bd:18:7a:77:76:76:ba:ac:9a:3c:
                    38:c7:27:d3:9e:be:83:7b:7f:22:5a:03:03:0d:db:
                    8f:1f:3a:b2:34:4e:33:ce:14:7e:6f:e9:36:1e:eb:
                    a1:8a:23:9b:16:8b:37:c9:f2:91:40:5e:d6:0b:8f:
                    b3:a7:64:47:41:75:b8:be:60:2a:5e:04:73:91:2a:
                    27:57:d7:fd:83:d4:5d:d8:24:6c:43:3b:06:81:0b:
                    dc:16:c7:bc:13:96:1c:4b:79:42:f5:21:fa:4b:7a:
                    14:39:8a:93:3c:2d:54:f3:ea:ef:b8:48:f2:8d:0a:
                    cc:11:a7:d9:fc:c8:55:cf:2d:98:c3:c5:b5:e6:52:
                    cb:3e:aa:a8:6c:d5:84:b8:91:b3:f1:25:46:be:42:
                    89:fd:47:80:84:8f:40:c5:82:83:7a:51:e1:44:91:
                    dd:ff:0a:11:74:87:c2:f8:90:ce:43:be:01:21:41:
                    3d:f1:5b:42:9f:43:da:e0:e4:f0:67:ee:c2:ca:dc:
                    64:ca:41:6b:f1:27:4c:22:2a:e9:95:1d:90:d9:d0:
                    e6:e9:f3:3d:e8:2a:f6:f7:37:51:2d:26:22:8e:06:
                    ad:40:d9:30:92:73:2d:b6:9e:cd:3d:ac:08:f5:a5:
                    7d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A5:4D:F2:CC:4B:EB:1F:70:7F:E8:4B:61:DC:89:B1:76:88:81:61
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149707.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:ee40::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:05:ff:e4:0c:aa:45:37:cf:86:aa:7d:3c:a1:64:ff:f2:55:
         c0:35:97:f9:aa:bb:68:f0:6f:d0:1e:40:e9:5b:ed:30:d6:ae:
         23:73:ec:a1:5e:06:e0:1a:4e:bf:ea:b0:42:8d:d8:79:45:94:
         d3:9e:82:4f:99:ea:e3:c3:9f:4b:7d:70:17:26:bf:32:f0:04:
         9d:67:ae:1f:cf:3a:57:38:8c:f4:b6:d1:01:50:40:2a:18:0f:
         3e:db:fb:93:c4:81:5a:43:f3:e7:17:24:0c:08:85:b5:ae:49:
         df:c0:c7:9b:49:93:f3:bd:19:9b:f3:fa:3d:54:f1:4b:59:d8:
         2c:42:a4:43:ca:a5:39:f1:81:8e:95:6e:b4:a1:ee:ce:e3:85:
         5c:bf:be:e1:13:01:b6:ac:d0:73:da:b2:f3:08:0f:87:af:e2:
         56:1d:77:29:40:5a:7f:0a:f3:2a:b5:fd:fe:db:f9:6d:eb:37:
         4b:c8:11:8d:53:10:0b:96:8e:03:42:af:2c:ce:d9:59:95:48:
         e5:54:0a:ad:2c:a0:44:33:88:1d:f9:b0:73:cd:93:7d:92:9d:
         0a:bc:98:a0:da:c4:a1:03:4b:0f:b3:85:15:b6:b5:d8:00:d0:
         1f:28:44:c2:44:6f:41:25:21:8c:7f:24:27:6a:33:74:76:9e:
         56:e9:16:2b
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUS6Ac3+zqViDMs2/hKq2R98aGv08wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDYyMzAzNTUwMFoX
DTI2MDYyMjA0MDAwMFowMzExMC8GA1UEAxMoNjZBNTRERjJDQzRCRUIxRjcwN0ZF
ODRCNjFEQzg5QjE3Njg4ODE2MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALAZSVcFK950Cv/I9E3yfcnHjk+9GHp3dna6rJo8OMcn056+g3t/IloDAw3b
jx86sjROM84Ufm/pNh7roYojmxaLN8nykUBe1guPs6dkR0F1uL5gKl4Ec5EqJ1fX
/YPUXdgkbEM7BoEL3BbHvBOWHEt5QvUh+kt6FDmKkzwtVPPq77hI8o0KzBGn2fzI
Vc8tmMPFteZSyz6qqGzVhLiRs/ElRr5Cif1HgISPQMWCg3pR4USR3f8KEXSHwviQ
zkO+ASFBPfFbQp9D2uDk8GfuwsrcZMpBa/EnTCIq6ZUdkNnQ5unzPegq9vc3US0m
Io4GrUDZMJJzLbaezT2sCPWlfT8CAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRmpU3y
zEvrH3B/6Eth3ImxdoiBYTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTcwNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfHuQDANBgkqhkiG9w0BAQsFAAOCAQEAPwX/5AyqRTfPhqp9
PKFk//JVwDWX+aq7aPBv0B5A6VvtMNauI3PsoV4G4BpOv+qwQo3YeUWU056CT5nq
48OfS31wFya/MvAEnWeuH886VziM9LbRAVBAKhgPPtv7k8SBWkPz5xckDAiFta5J
38DHm0mT870Zm/P6PVTxS1nYLEKkQ8qlOfGBjpVutKHuzuOFXL++4RMBtqzQc9qy
8wgPh6/iVh13KUBafwrzKrX9/tv5bes3S8gRjVMQC5aOA0KvLM7ZWZVI5VQKrSyg
RDOIHfmwc82TfZKdCryYoNrEoQNLD7OFFba12ADQHyhEwkRvQSUhjH8kJ2ozdHae
VukWKw==
-----END CERTIFICATE-----