Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150553.roa
File:                     AS150553.roa (raw, json)
Hash identifier:          PdaJCZCEQEs+kIvTOZ1mrDYvwrUpIOqW8Q81/uCWnAA=
Subject key identifier:   48:46:3B:55:A8:9B:F1:C3:C1:BA:CF:1B:5A:08:C4:75:64:40:E0:B0
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       6E690B79A3C874EDA348946740DD776E76EC2DD2
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150553.roa
Signing time:             Thu 25 Jan 2024 03:00:00 +0000
ROA not before:           Thu 25 Jan 2024 02:55:00 +0000
ROA not after:            Thu 23 Jan 2025 03:00:00 +0000
asID:                     150553
IP address blocks:        103.81.254.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:69:0b:79:a3:c8:74:ed:a3:48:94:67:40:dd:77:6e:76:ec:2d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jan 25 02:55:00 2024 GMT
            Not After : Jan 23 03:00:00 2025 GMT
        Subject: CN=48463B55A89BF1C3C1BACF1B5A08C4756440E0B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:70:78:64:8b:d1:fb:a1:e6:67:c3:e4:dd:a8:
                    db:86:1a:60:cf:a3:d7:2e:c6:fe:77:a5:b8:2a:02:
                    5e:ed:4f:ab:c5:df:a1:04:07:02:9f:2a:e3:4a:57:
                    8c:a3:41:e1:a7:a4:38:4a:66:8d:02:0b:eb:09:3c:
                    42:b5:b4:91:e6:c0:ee:fc:ba:7b:39:94:b2:b0:79:
                    c7:82:fe:1f:e1:26:be:fc:01:16:79:b3:25:5f:a2:
                    dd:6f:d6:5a:62:74:71:75:bf:d2:f5:fd:c2:78:a2:
                    f2:97:f0:ce:9b:b3:94:3d:02:fd:71:13:da:af:11:
                    f9:f9:7b:35:c0:61:2d:82:01:d7:f7:48:a6:e2:63:
                    31:2a:9b:ca:0f:63:8b:37:17:73:74:a1:c2:01:62:
                    57:5d:25:5a:c3:7a:ef:f8:d1:ac:72:96:16:23:22:
                    41:ce:94:0f:51:a2:2c:85:89:43:ca:4a:1b:c8:c9:
                    38:cc:74:78:86:43:9c:b9:92:5f:4a:1c:a4:f9:f5:
                    dd:a5:04:8c:02:70:82:86:67:e3:52:c4:a3:9f:7e:
                    33:9c:7c:d6:3a:c3:b6:da:dd:71:29:db:86:70:fd:
                    34:f9:7f:33:ed:7f:5f:e4:e5:11:9f:2a:37:74:41:
                    4b:16:d4:70:a8:79:c0:ca:55:a5:6c:58:2d:47:68:
                    c1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:46:3B:55:A8:9B:F1:C3:C1:BA:CF:1B:5A:08:C4:75:64:40:E0:B0
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150553.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.81.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:93:98:3d:22:2f:64:8a:c2:2c:66:22:3e:1b:6a:b9:05:7a:
         d2:3b:a1:0f:03:3f:45:fa:9d:e4:35:ae:af:59:5a:78:90:69:
         5a:df:75:74:b1:26:e3:76:66:d1:8d:45:65:44:b3:ed:88:d4:
         25:4e:dc:4a:76:0a:c7:96:c5:62:1b:37:91:16:69:43:c1:b9:
         35:e3:32:c8:ea:30:f4:8a:2d:2e:50:41:95:63:7b:1a:94:66:
         e5:18:f0:9c:9b:b4:2b:e2:61:bd:d1:e1:43:d4:28:4e:7a:02:
         e9:9e:01:23:bb:fc:ca:02:d5:26:f5:3f:65:bb:b3:15:2d:11:
         70:96:82:ad:4c:d3:79:c0:9b:30:95:86:27:c1:2a:4e:9a:b4:
         75:a1:23:b7:69:b5:51:59:e0:3f:42:a4:69:6f:ea:08:f1:2c:
         98:26:2e:0f:80:0c:d9:de:44:53:1c:70:d7:60:77:27:7c:4e:
         0f:36:ba:1f:8d:b9:ea:c9:79:71:f8:9c:92:1e:e7:86:f6:ae:
         27:3e:69:2d:07:81:0e:13:3b:3c:bb:8a:7e:ec:92:cc:d2:27:
         27:54:a3:8a:14:d3:af:01:bb:17:e0:8e:45:50:66:e6:9c:3a:
         86:cc:b7:ab:f6:fa:91:74:14:03:17:54:57:a9:6a:92:66:be:
         af:82:cd:63
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUbmkLeaPIdO2jSJRnQN13bnbsLdIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDEyNTAyNTUwMFoX
DTI1MDEyMzAzMDAwMFowMzExMC8GA1UEAxMoNDg0NjNCNTVBODlCRjFDM0MxQkFD
RjFCNUEwOEM0NzU2NDQwRTBCMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZweGSL0fuh5mfD5N2o24YaYM+j1y7G/neluCoCXu1Pq8XfoQQHAp8q40pX
jKNB4aekOEpmjQIL6wk8QrW0kebA7vy6ezmUsrB5x4L+H+EmvvwBFnmzJV+i3W/W
WmJ0cXW/0vX9wnii8pfwzpuzlD0C/XET2q8R+fl7NcBhLYIB1/dIpuJjMSqbyg9j
izcXc3ShwgFiV10lWsN67/jRrHKWFiMiQc6UD1GiLIWJQ8pKG8jJOMx0eIZDnLmS
X0ocpPn13aUEjAJwgoZn41LEo59+M5x81jrDttrdcSnbhnD9NPl/M+1/X+TlEZ8q
N3RBSxbUcKh5wMpVpWxYLUdowUkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRIRjtV
qJvxw8G6zxtaCMR1ZEDgsDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MDU1My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAWdR/jANBgkqhkiG9w0BAQsFAAOCAQEAG5OYPSIvZIrCLGYiPhtq
uQV60juhDwM/Rfqd5DWur1laeJBpWt91dLEm43Zm0Y1FZUSz7YjUJU7cSnYKx5bF
Yhs3kRZpQ8G5NeMyyOow9IotLlBBlWN7GpRm5RjwnJu0K+JhvdHhQ9QoTnoC6Z4B
I7v8ygLVJvU/ZbuzFS0RcJaCrUzTecCbMJWGJ8EqTpq0daEjt2m1UVngP0KkaW/q
CPEsmCYuD4AM2d5EUxxw12B3J3xODza6H4256sl5cfickh7nhvauJz5pLQeBDhM7
PLuKfuySzNInJ1SjihTTrwG7F+CORVBm5pw6hsy3q/b6kXQUAxdUV6lqkma+r4LN
Yw==
-----END CERTIFICATE-----