Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150279.roa
File:                     AS150279.roa (raw, json)
Hash identifier:          RTUFjirKqUDXqz7jPO1SD2mI9r+9xrnIxpMul5UimPM=
Subject key identifier:   65:5D:01:90:16:97:43:CF:91:77:9B:87:60:91:BC:E0:1C:8E:05:8F
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       11D703A0200304FBDEC88078F422223F9890DC44
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150279.roa
Signing time:             Mon 22 Jan 2024 08:00:00 +0000
ROA not before:           Mon 22 Jan 2024 07:55:00 +0000
ROA not after:            Mon 20 Jan 2025 08:00:00 +0000
asID:                     150279
IP address blocks:        2001:df1:fcc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 12 May 2024 00:20:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:d7:03:a0:20:03:04:fb:de:c8:80:78:f4:22:22:3f:98:90:dc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jan 22 07:55:00 2024 GMT
            Not After : Jan 20 08:00:00 2025 GMT
        Subject: CN=655D0190169743CF91779B876091BCE01C8E058F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:60:a3:98:76:8d:04:9e:49:75:42:70:f2:74:
                    f3:77:b1:0a:d5:ec:e8:02:10:df:84:8d:a8:be:84:
                    e7:c3:3e:8b:77:a8:6c:9d:78:5d:69:dc:46:06:b5:
                    35:f6:fa:cd:5d:41:f9:fe:09:bc:06:c1:65:a5:3c:
                    4a:e0:19:db:4a:7a:59:5d:73:07:dd:00:93:f0:8f:
                    e3:dd:41:7d:d0:d5:8f:cd:e2:33:77:ab:19:3c:94:
                    3b:f5:f6:c4:73:a5:a2:36:06:c4:f7:bb:c6:e1:a6:
                    ca:65:c4:12:e1:35:64:77:88:e3:a4:cb:76:65:5c:
                    32:28:2d:bc:48:c2:32:20:17:0e:98:d9:f1:9a:81:
                    f3:4c:ed:f8:e2:de:58:7b:7a:bc:80:5b:e8:ee:d0:
                    1f:0b:23:97:74:cd:21:fd:9c:49:76:a9:dd:f7:18:
                    b8:96:fd:09:f0:0a:93:d5:19:dc:49:90:5e:df:de:
                    4f:af:be:cb:10:43:95:d6:d6:71:71:bc:98:5e:58:
                    8a:fe:c4:a2:c1:92:48:06:9d:88:68:9f:da:95:69:
                    ff:cc:3e:d3:56:b1:c5:4c:52:78:06:71:12:b0:c0:
                    57:16:d8:29:0c:f0:f2:d5:a5:ed:95:ab:05:60:9d:
                    25:f0:8f:90:87:2c:9c:31:fe:cf:74:a8:b6:89:fa:
                    b7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:5D:01:90:16:97:43:CF:91:77:9B:87:60:91:BC:E0:1C:8E:05:8F
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150279.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:fcc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:85:fc:66:83:5d:d0:d9:4a:ec:72:c2:2a:ef:ea:1c:54:43:
         da:d2:e1:20:f8:e5:31:0e:9e:4a:e2:29:60:48:84:28:86:cb:
         6c:6e:1c:1c:b2:77:1b:e5:6d:16:6b:b0:26:ed:98:4e:78:14:
         83:e9:19:d5:c5:74:20:0c:78:92:b3:0e:5d:4a:a4:b1:6f:34:
         f6:a7:1e:c4:e8:3a:5f:6a:bc:32:93:47:80:9c:e8:49:b3:df:
         bb:6b:12:93:9c:44:80:11:d3:3b:a2:e3:2a:e4:e9:77:20:0f:
         d7:8e:db:6b:c1:a1:f8:af:0a:62:18:15:a6:9c:ce:83:4d:44:
         33:a7:f6:30:e3:12:9e:fe:2e:26:98:d1:47:54:ca:f0:b7:ac:
         3e:0e:67:8b:93:ed:93:75:d2:43:a5:59:32:50:35:c2:ae:5b:
         4e:15:84:53:19:c5:27:09:c5:1a:e7:25:e2:09:0f:cb:44:a9:
         67:79:b8:26:e5:89:b1:d2:51:c3:8d:85:7d:f6:88:1f:0d:49:
         63:fb:95:fb:54:63:28:17:53:a1:fb:b8:4f:94:58:b7:d0:43:
         aa:b5:39:57:f0:77:6d:1d:82:9c:33:dd:e7:99:35:30:1a:1f:
         ce:eb:fa:6f:5f:71:07:7d:a0:2c:91:8f:fc:7b:7d:f8:3a:c0:
         7f:3e:19:a3
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUEdcDoCADBPveyIB49CIiP5iQ3EQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDEyMjA3NTUwMFoX
DTI1MDEyMDA4MDAwMFowMzExMC8GA1UEAxMoNjU1RDAxOTAxNjk3NDNDRjkxNzc5
Qjg3NjA5MUJDRTAxQzhFMDU4RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANVgo5h2jQSeSXVCcPJ083exCtXs6AIQ34SNqL6E58M+i3eobJ14XWncRga1
Nfb6zV1B+f4JvAbBZaU8SuAZ20p6WV1zB90Ak/CP491BfdDVj83iM3erGTyUO/X2
xHOlojYGxPe7xuGmymXEEuE1ZHeI46TLdmVcMigtvEjCMiAXDpjZ8ZqB80zt+OLe
WHt6vIBb6O7QHwsjl3TNIf2cSXap3fcYuJb9CfAKk9UZ3EmQXt/eT6++yxBDldbW
cXG8mF5Yiv7EosGSSAadiGif2pVp/8w+01axxUxSeAZxErDAVxbYKQzw8tWl7ZWr
BWCdJfCPkIcsnDH+z3Soton6t68CAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRlXQGQ
FpdDz5F3m4dgkbzgHI4FjzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MDI3OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfH8wDANBgkqhkiG9w0BAQsFAAOCAQEAaIX8ZoNd0NlK7HLC
Ku/qHFRD2tLhIPjlMQ6eSuIpYEiEKIbLbG4cHLJ3G+VtFmuwJu2YTngUg+kZ1cV0
IAx4krMOXUqksW809qcexOg6X2q8MpNHgJzoSbPfu2sSk5xEgBHTO6LjKuTpdyAP
147ba8Gh+K8KYhgVppzOg01EM6f2MOMSnv4uJpjRR1TK8LesPg5ni5Ptk3XSQ6VZ
MlA1wq5bThWEUxnFJwnFGucl4gkPy0SpZ3m4JuWJsdJRw42FffaIHw1JY/uV+1Rj
KBdTofu4T5RYt9BDqrU5V/B3bR2CnDPd55k1MBofzuv6b19xB32gLJGP/Ht9+DrA
fz4Zow==
-----END CERTIFICATE-----