Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149903.roa
File:                     AS149903.roa (raw, json)
Hash identifier:          foWwTm2ZfHBQ6YA7rr4aT7kzSAS9Emq8mjGUfQgnsGc=
Subject key identifier:   C4:99:0F:68:8F:A8:7D:C1:56:31:0C:DB:49:47:FB:2C:60:AE:48:FA
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       70BB6FDA5C2BD0CD960A71C4C07F97BE39E3AB86
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149903.roa
Signing time:             Tue 26 Dec 2023 07:00:00 +0000
ROA not before:           Tue 26 Dec 2023 06:55:00 +0000
ROA not after:            Tue 24 Dec 2024 07:00:00 +0000
asID:                     149903
IP address blocks:        103.190.108.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:bb:6f:da:5c:2b:d0:cd:96:0a:71:c4:c0:7f:97:be:39:e3:ab:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Dec 26 06:55:00 2023 GMT
            Not After : Dec 24 07:00:00 2024 GMT
        Subject: CN=C4990F688FA87DC156310CDB4947FB2C60AE48FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:26:83:8c:5b:01:b5:29:c1:52:9c:58:de:1c:
                    d4:83:70:0d:67:3a:12:c4:56:f8:48:db:dd:b1:ef:
                    32:86:ec:4a:2d:34:49:e1:8e:ca:64:29:6d:bb:61:
                    70:13:ef:00:7d:ee:bc:64:15:2b:06:fb:14:d5:b7:
                    83:4f:72:04:22:48:10:73:a4:01:39:a7:92:5f:30:
                    1b:d2:91:5a:e9:b6:db:21:56:fc:a7:bb:72:69:17:
                    1b:07:4e:49:52:5d:f7:53:23:67:e0:aa:ce:39:16:
                    d0:5a:f5:52:17:d4:20:cc:15:c7:f6:24:29:42:24:
                    7b:9b:1a:44:93:3c:f8:89:e6:81:b7:0b:ca:d6:4b:
                    d4:27:95:5c:bc:e9:e2:80:58:46:f5:c9:3e:67:45:
                    9e:e7:db:47:ce:7c:7c:bf:8d:60:e7:7f:fc:b5:a6:
                    8d:86:db:db:9a:7b:68:9e:2a:a4:6c:5d:c3:02:ce:
                    9f:3d:17:29:78:e3:34:11:ce:80:ca:0a:a5:a0:64:
                    f0:09:02:dc:5c:10:28:72:5c:00:90:6f:71:de:dd:
                    9e:6f:39:80:f7:31:60:ab:82:b7:cd:38:f2:26:b3:
                    ca:b3:2f:0a:d3:05:80:4e:10:6e:80:12:ec:13:46:
                    74:9b:76:26:81:53:97:9f:3a:2c:fa:62:01:5a:bd:
                    a1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:99:0F:68:8F:A8:7D:C1:56:31:0C:DB:49:47:FB:2C:60:AE:48:FA
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS149903.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.190.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:ee:70:ad:8d:a3:7b:ba:05:83:06:8c:d3:14:93:77:db:6e:
         19:74:58:31:c9:c9:8f:bd:18:08:0c:54:b5:5b:46:1f:70:da:
         47:b0:d2:e8:6f:28:4b:de:93:52:02:fe:51:2c:5f:cd:06:cd:
         bd:fc:a5:46:7a:5f:05:9a:d7:48:25:7b:0c:bf:ee:68:82:6a:
         04:e9:d1:36:8d:8c:1f:47:81:7b:64:47:d9:2d:58:ea:e2:93:
         29:75:df:52:66:25:12:a6:aa:22:c7:02:49:ba:7f:dd:f6:b6:
         58:c2:b4:c6:d9:cd:29:2b:a5:87:0e:00:73:f8:c8:40:14:d7:
         9b:61:16:72:94:d1:6a:4f:72:79:51:9c:d7:8b:c3:d6:32:15:
         74:78:d4:0f:bb:db:f1:97:79:15:b0:1a:13:a4:17:15:59:8c:
         4e:3a:25:05:73:e5:b5:6d:46:8b:b7:83:27:d8:53:3a:77:3e:
         32:3e:0b:73:32:2a:05:d2:56:1c:4e:6a:96:3a:8b:85:ed:ed:
         b9:68:75:28:09:ce:01:d0:6c:19:39:8d:4d:a7:84:dd:68:53:
         c1:9d:0e:28:dd:2f:80:8a:75:ec:9a:fa:c7:e8:f2:9a:81:53:
         55:0b:cc:44:12:6d:72:d2:4e:91:46:f9:8f:61:1b:36:68:57:
         65:99:da:a6
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUcLtv2lwr0M2WCnHEwH+Xvjnjq4YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTIzMTIyNjA2NTUwMFoX
DTI0MTIyNDA3MDAwMFowMzExMC8GA1UEAxMoQzQ5OTBGNjg4RkE4N0RDMTU2MzEw
Q0RCNDk0N0ZCMkM2MEFFNDhGQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwmg4xbAbUpwVKcWN4c1INwDWc6EsRW+Ejb3bHvMobsSi00SeGOymQpbbth
cBPvAH3uvGQVKwb7FNW3g09yBCJIEHOkATmnkl8wG9KRWum22yFW/Ke7cmkXGwdO
SVJd91MjZ+CqzjkW0Fr1UhfUIMwVx/YkKUIke5saRJM8+InmgbcLytZL1CeVXLzp
4oBYRvXJPmdFnufbR858fL+NYOd//LWmjYbb25p7aJ4qpGxdwwLOnz0XKXjjNBHO
gMoKpaBk8AkC3FwQKHJcAJBvcd7dnm85gPcxYKuCt8048iazyrMvCtMFgE4QboAS
7BNGdJt2JoFTl586LPpiAVq9oc0CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTEmQ9o
j6h9wVYxDNtJR/ssYK5I+jAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0OTkwMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAWe+bDANBgkqhkiG9w0BAQsFAAOCAQEAi+5wrY2je7oFgwaM0xST
d9tuGXRYMcnJj70YCAxUtVtGH3DaR7DS6G8oS96TUgL+USxfzQbNvfylRnpfBZrX
SCV7DL/uaIJqBOnRNo2MH0eBe2RH2S1Y6uKTKXXfUmYlEqaqIscCSbp/3fa2WMK0
xtnNKSulhw4Ac/jIQBTXm2EWcpTRak9yeVGc14vD1jIVdHjUD7vb8Zd5FbAaE6QX
FVmMTjolBXPltW1Gi7eDJ9hTOnc+Mj4LczIqBdJWHE5qljqLhe3tuWh1KAnOAdBs
GTmNTaeE3WhTwZ0OKN0vgIp17Jr6x+jymoFTVQvMRBJtctJOkUb5j2EbNmhXZZna
pg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:43:48 2024 by rpki-client on console-ams.rpki-client.org