Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150517.roa
File:                     AS150517.roa (raw, json)
Hash identifier:          c0KQX6WA+HhVw3P4UI7jK+KoqVZoCDhpDRPGUvgSJWA=
Subject key identifier:   89:52:86:D7:6C:7E:A9:B3:FB:0F:62:4A:3F:1F:C5:69:84:2D:5F:3B
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       399BF9EF81D8C1F66E46230E4A83B4FFB1BFFE77
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150517.roa
Signing time:             Thu 19 Dec 2024 04:00:00 +0000
ROA not before:           Thu 19 Dec 2024 03:55:00 +0000
ROA not after:            Thu 18 Dec 2025 04:00:00 +0000
asID:                     150517
IP address blocks:        103.68.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Feb 2025 06:34:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:9b:f9:ef:81:d8:c1:f6:6e:46:23:0e:4a:83:b4:ff:b1:bf:fe:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Dec 19 03:55:00 2024 GMT
            Not After : Dec 18 04:00:00 2025 GMT
        Subject: CN=895286D76C7EA9B3FB0F624A3F1FC569842D5F3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:52:72:de:db:b9:e4:48:01:c1:c8:93:40:
                    e1:d0:fb:04:f9:f0:7c:d6:6f:60:c6:e9:f9:fe:71:
                    6a:45:a9:c2:58:77:ca:c9:44:f0:04:33:db:4f:b1:
                    d1:7e:0a:f9:16:e0:04:63:90:c2:7e:bf:81:42:d4:
                    50:55:50:99:ce:d1:50:c1:66:b0:2e:0b:ba:48:58:
                    c5:a5:4b:09:51:87:1f:39:c9:8d:92:35:df:62:bd:
                    2d:e9:e5:00:09:9a:96:ab:90:6e:59:e3:48:66:20:
                    5f:c1:62:37:e8:26:89:ce:85:be:b8:33:97:c5:c1:
                    b3:ea:95:dd:56:c8:58:9c:0e:59:dd:48:83:81:37:
                    d6:03:93:64:5d:69:e0:ce:6f:91:f7:d4:e6:63:ed:
                    10:7c:88:a0:d8:98:fc:5b:53:91:7a:be:e5:88:f6:
                    58:84:8a:5a:7e:c1:f0:53:4d:b7:f2:6c:61:40:63:
                    7d:31:03:0a:df:2a:a1:2f:88:51:31:3f:29:43:42:
                    f3:9d:3e:cf:80:36:3c:6c:e7:45:72:68:25:87:23:
                    b3:40:59:ed:1b:3c:90:c3:26:e9:93:c9:73:59:ec:
                    24:fc:55:8f:bb:7a:75:fd:2f:e7:b5:3b:2b:86:fb:
                    82:a0:ac:fe:b1:e1:76:2c:6d:45:a6:2f:a1:f8:08:
                    f7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:52:86:D7:6C:7E:A9:B3:FB:0F:62:4A:3F:1F:C5:69:84:2D:5F:3B
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:ee:61:6f:56:23:67:3c:b3:5f:95:e2:dd:ee:14:ab:bb:ac:
         2b:28:85:4b:88:f0:84:65:86:77:59:94:67:86:4d:f2:b1:02:
         ad:68:a3:fa:7e:58:4b:68:6e:fb:60:f5:9a:94:66:89:d3:ff:
         71:ae:2e:ba:8c:f2:f4:ae:a1:d8:2b:15:95:d1:fb:db:98:d3:
         84:81:19:95:34:ad:fc:7f:6f:2a:f7:52:e4:6d:1b:05:2f:fc:
         68:81:de:d5:4d:13:bc:48:34:84:cb:37:08:55:94:bd:0d:51:
         ad:94:c4:a2:4f:4a:4e:e4:42:a3:18:03:32:8a:76:75:5f:92:
         ef:d4:46:ef:fd:5a:f5:bb:e3:03:5c:60:b5:9d:4f:5b:e7:50:
         a2:59:c2:ae:f6:61:73:0e:76:60:38:f8:60:07:0b:f1:78:09:
         d8:f9:d0:93:c8:6a:a1:2f:38:50:c6:5b:6c:d0:20:38:7b:61:
         86:5f:98:94:88:0b:fc:2d:1e:85:37:db:c3:06:4b:07:f7:5f:
         21:50:b8:5d:f5:21:b4:a2:29:14:19:11:c8:72:b5:2d:58:26:
         a9:71:61:91:e3:36:93:d5:1e:73:c6:63:7c:27:72:13:4e:f0:
         ae:02:88:36:25:bc:e0:68:0e:58:c2:48:93:02:23:39:80:9c:
         bc:80:80:bd
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUOZv574HYwfZuRiMOSoO0/7G//ncwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTIxOTAzNTUwMFoX
DTI1MTIxODA0MDAwMFowMzExMC8GA1UEAxMoODk1Mjg2RDc2QzdFQTlCM0ZCMEY2
MjRBM0YxRkM1Njk4NDJENUYzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkCUnLe27nkSAHByJNA4dD7BPnwfNZvYMbp+f5xakWpwlh3yslE8AQz20+x
0X4K+RbgBGOQwn6/gULUUFVQmc7RUMFmsC4LukhYxaVLCVGHHznJjZI132K9Lenl
AAmalquQblnjSGYgX8FiN+gmic6Fvrgzl8XBs+qV3VbIWJwOWd1Ig4E31gOTZF1p
4M5vkffU5mPtEHyIoNiY/FtTkXq+5Yj2WISKWn7B8FNNt/JsYUBjfTEDCt8qoS+I
UTE/KUNC850+z4A2PGznRXJoJYcjs0BZ7Rs8kMMm6ZPJc1nsJPxVj7t6df0v57U7
K4b7gqCs/rHhdixtRaYvofgI95sCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSJUobX
bH6ps/sPYko/H8VphC1fOzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MDUxNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAWdE1jANBgkqhkiG9w0BAQsFAAOCAQEAMe5hb1YjZzyzX5Xi3e4U
q7usKyiFS4jwhGWGd1mUZ4ZN8rECrWij+n5YS2hu+2D1mpRmidP/ca4uuozy9K6h
2CsVldH725jThIEZlTSt/H9vKvdS5G0bBS/8aIHe1U0TvEg0hMs3CFWUvQ1RrZTE
ok9KTuRCoxgDMop2dV+S79RG7/1a9bvjA1xgtZ1PW+dQolnCrvZhcw52YDj4YAcL
8XgJ2PnQk8hqoS84UMZbbNAgOHthhl+YlIgL/C0ehTfbwwZLB/dfIVC4XfUhtKIp
FBkRyHK1LVgmqXFhkeM2k9Uec8ZjfCdyE07wrgKINiW84GgOWMJIkwIjOYCcvICA
vQ==
-----END CERTIFICATE-----