Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149744.roa
File:                     AS149744.roa (raw, json)
Hash identifier:          HPs9TdG26Io0/8lD2L2Io0wBkpeb9IAiDcP2PRmyVTo=
Subject key identifier:   47:95:8B:15:EF:98:D6:E2:2D:32:CD:4C:54:2C:9B:D4:69:2E:AC:94
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       54BF2CF28818A874356D5BC35B12C6B9CEE79B17
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149744.roa
Signing time:             Tue 10 Dec 2024 05:00:16 +0000
ROA not before:           Tue 10 Dec 2024 04:55:16 +0000
ROA not after:            Tue 09 Dec 2025 05:00:16 +0000
asID:                     149744
IP address blocks:        2001:df0:d140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:bf:2c:f2:88:18:a8:74:35:6d:5b:c3:5b:12:c6:b9:ce:e7:9b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Dec 10 04:55:16 2024 GMT
            Not After : Dec  9 05:00:16 2025 GMT
        Subject: CN=47958B15EF98D6E22D32CD4C542C9BD4692EAC94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2c:4d:93:c8:c8:1d:17:10:6a:af:69:77:76:
                    2d:3f:8f:e8:46:30:45:86:eb:84:8b:4f:a6:30:6f:
                    bd:3b:f8:57:f1:b3:23:98:9c:36:3e:97:31:ee:18:
                    1f:6a:dc:e9:17:fb:88:b1:8d:c2:63:86:5b:58:6b:
                    16:0b:bd:59:4f:7b:b6:22:4b:5b:bf:02:c6:9c:6e:
                    49:ce:e8:d2:4d:30:bc:91:cd:f7:15:4f:ab:12:36:
                    c2:9a:a9:10:0f:3f:15:45:f3:0b:9a:13:d2:bd:84:
                    8b:e9:75:69:43:d6:e3:f0:cb:1c:b3:79:d1:6b:74:
                    88:f2:d7:93:e0:98:d9:05:dd:ca:0f:cd:8f:ec:94:
                    7a:d0:f4:9b:9f:c6:d6:ae:08:34:28:9d:74:e2:ed:
                    43:ee:12:05:96:33:c9:82:94:a8:c2:9f:07:b9:9c:
                    3e:68:81:4c:0b:87:7b:5b:68:83:5f:f8:89:39:b8:
                    f5:46:13:b6:30:af:07:59:d3:ba:12:02:e9:da:91:
                    c1:c3:af:d0:c5:14:07:b2:a5:c8:76:51:7d:7b:b8:
                    6d:8b:9d:3a:c0:f9:93:a1:2c:8c:59:dc:5d:1b:76:
                    83:09:ec:b6:cf:9c:b0:58:5d:5c:61:9c:1e:fd:c7:
                    46:57:0e:d2:94:0a:82:5a:ed:53:8d:ec:d6:fe:c4:
                    e6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:95:8B:15:EF:98:D6:E2:2D:32:CD:4C:54:2C:9B:D4:69:2E:AC:94
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149744.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:d140::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:83:c6:d3:2d:e4:f4:92:cd:62:45:46:2b:05:ce:00:2b:cc:
         b9:3a:7d:66:71:bd:91:d8:29:9e:a0:e4:b6:d9:94:45:d1:e6:
         8b:3f:ea:e0:c4:b5:b4:81:e5:33:70:39:12:ba:8d:eb:75:d1:
         84:47:90:17:d7:38:68:69:f7:8a:f2:bd:41:2d:f1:4a:20:b1:
         7f:3c:aa:fe:17:69:71:99:aa:ef:fa:fe:fe:af:cf:a5:8d:ab:
         2e:3f:61:67:ba:72:c2:ec:03:61:47:3b:54:b8:ec:00:de:28:
         a8:d2:95:e7:93:1f:be:7c:0b:d9:ac:26:42:81:8d:03:a4:0e:
         c3:8f:f6:c4:43:3f:01:44:f0:a7:94:9e:8b:53:05:6d:47:89:
         c6:28:24:6a:3f:7f:bc:10:80:91:e9:c0:36:a7:f6:f8:f4:89:
         f2:65:c3:51:f8:cf:54:5e:45:e6:f8:a5:16:15:7c:68:9d:8c:
         77:62:73:39:07:2c:fd:cb:7e:82:ad:72:3f:27:8b:19:f8:47:
         25:51:8d:0e:7b:9b:bc:e9:54:f0:9e:34:e2:01:7a:59:b3:30:
         56:d2:29:a1:b7:58:00:54:37:6d:c7:af:7f:6c:99:dd:73:69:
         4c:f2:c8:99:d8:dd:36:48:68:86:08:0d:fd:df:7f:2c:5b:a3:
         a5:0a:dc:31
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUVL8s8ogYqHQ1bVvDWxLGuc7nmxcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTIxMDA0NTUxNloX
DTI1MTIwOTA1MDAxNlowMzExMC8GA1UEAxMoNDc5NThCMTVFRjk4RDZFMjJEMzJD
RDRDNTQyQzlCRDQ2OTJFQUM5NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALksTZPIyB0XEGqvaXd2LT+P6EYwRYbrhItPpjBvvTv4V/GzI5icNj6XMe4Y
H2rc6Rf7iLGNwmOGW1hrFgu9WU97tiJLW78CxpxuSc7o0k0wvJHN9xVPqxI2wpqp
EA8/FUXzC5oT0r2Ei+l1aUPW4/DLHLN50Wt0iPLXk+CY2QXdyg/Nj+yUetD0m5/G
1q4INCiddOLtQ+4SBZYzyYKUqMKfB7mcPmiBTAuHe1tog1/4iTm49UYTtjCvB1nT
uhIC6dqRwcOv0MUUB7KlyHZRfXu4bYudOsD5k6EsjFncXRt2gwnsts+csFhdXGGc
Hv3HRlcO0pQKglrtU43s1v7E5oMCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRHlYsV
75jW4i0yzUxULJvUaS6slDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTc0NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfDRQDANBgkqhkiG9w0BAQsFAAOCAQEAfYPG0y3k9JLNYkVG
KwXOACvMuTp9ZnG9kdgpnqDkttmURdHmiz/q4MS1tIHlM3A5ErqN63XRhEeQF9c4
aGn3ivK9QS3xSiCxfzyq/hdpcZmq7/r+/q/PpY2rLj9hZ7pywuwDYUc7VLjsAN4o
qNKV55MfvnwL2awmQoGNA6QOw4/2xEM/AUTwp5Sei1MFbUeJxigkaj9/vBCAkenA
Nqf2+PSJ8mXDUfjPVF5F5vilFhV8aJ2Md2JzOQcs/ct+gq1yPyeLGfhHJVGNDnub
vOlU8J404gF6WbMwVtIpobdYAFQ3bcevf2yZ3XNpTPLImdjdNkhohggN/d9/LFuj
pQrcMQ==
-----END CERTIFICATE-----