Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151004.roa
File:                     AS151004.roa (raw, json)
Hash identifier:          dOrHIyKUUwLPpRr5AIfvlGLeTogN8CsCxUIWuXxLOPM=
Subject key identifier:   5B:F8:2B:7D:59:29:D5:4B:50:12:97:EB:07:07:E0:F3:92:40:DC:9E
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       2A1C249E345217E42302D5F38D31B99D7D3EFD10
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151004.roa
Signing time:             Mon 16 Sep 2024 07:00:00 +0000
ROA not before:           Mon 16 Sep 2024 06:55:00 +0000
ROA not after:            Mon 15 Sep 2025 07:00:00 +0000
asID:                     151004
IP address blocks:        103.214.250.0/24 maxlen: 24
                          103.251.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 22:23:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:1c:24:9e:34:52:17:e4:23:02:d5:f3:8d:31:b9:9d:7d:3e:fd:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Sep 16 06:55:00 2024 GMT
            Not After : Sep 15 07:00:00 2025 GMT
        Subject: CN=5BF82B7D5929D54B501297EB0707E0F39240DC9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:98:72:e3:e5:68:4e:43:a5:dc:27:b8:df:85:
                    b9:54:43:44:ed:02:4a:08:be:1a:c9:71:51:f7:59:
                    2c:da:29:29:d6:a5:ea:a9:c2:c4:3e:b1:a9:21:e3:
                    01:40:f4:80:51:a4:cf:69:01:33:c3:59:ee:e2:cd:
                    dd:d4:b1:65:3c:ea:8d:c8:e5:ba:5d:ff:11:25:1b:
                    36:1f:1a:0c:38:0c:e8:25:36:82:87:50:6c:f2:19:
                    0d:52:04:ca:1c:cf:00:e5:50:01:b1:42:da:f4:62:
                    82:32:65:29:c1:5b:c6:88:34:ec:2a:91:24:d7:a7:
                    1a:cf:92:99:d6:97:9a:09:a2:fd:42:2c:43:f5:8c:
                    c0:26:f2:23:7a:e3:aa:6a:25:1a:85:18:dd:18:21:
                    64:89:ca:5c:e6:7f:95:5b:b9:b3:e2:db:b4:7e:c6:
                    21:34:db:91:5c:c8:6c:8a:32:7b:a6:0a:6b:8e:07:
                    f5:50:31:aa:20:ff:2a:3b:1e:78:3f:d8:38:c0:0d:
                    cf:0c:ac:02:91:ea:12:bd:5f:f8:0a:c2:41:44:d4:
                    72:00:6e:2e:50:68:12:dc:22:68:46:d4:3a:07:81:
                    db:c1:34:2f:1c:e6:61:2c:00:2a:32:a7:db:58:bb:
                    fa:c5:5b:c1:9d:e3:f3:a8:28:5e:a8:c4:5a:5f:b4:
                    c1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F8:2B:7D:59:29:D5:4B:50:12:97:EB:07:07:E0:F3:92:40:DC:9E
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151004.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.250.0/24
                  103.251.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fc:53:97:6f:9a:3e:bb:fb:84:33:5c:fa:b0:f3:1a:2a:8d:
         0d:3d:2a:7a:ed:ed:b6:29:c6:84:ad:06:dc:e6:71:19:89:ed:
         da:fc:94:a9:fe:a5:ab:41:4b:1d:b8:01:02:45:61:ca:c9:f5:
         2a:6b:25:0a:91:21:d7:d3:99:a0:2a:66:75:9b:17:2c:c3:5b:
         95:81:7d:42:e5:af:e1:d4:68:05:70:ec:e9:71:61:5e:60:2a:
         42:99:aa:26:48:d5:f9:f4:fc:5a:19:a4:37:17:a0:41:5a:e3:
         0c:0c:61:10:4d:00:4f:c6:f2:92:1c:9d:d1:33:2d:0f:af:c2:
         ab:69:51:72:f0:20:e2:ef:d4:7c:c1:60:af:e3:b7:40:c5:83:
         96:1e:b6:5e:6c:17:a0:b9:2c:c2:93:3a:29:96:93:29:75:a0:
         79:6f:33:12:7e:14:62:5d:db:b5:c5:08:d4:52:26:40:86:28:
         d5:3b:d6:85:23:a2:94:a1:f9:b4:23:26:ec:78:7e:e3:44:29:
         83:99:ea:62:a0:cb:cd:f6:94:9f:6f:37:de:dd:5e:f8:69:02:
         92:b2:7c:6a:d6:ca:40:3c:0a:86:e9:0e:61:6c:76:b1:64:1d:
         8c:6f:b7:79:4d:cf:95:82:0b:7e:00:26:fa:92:e0:c7:fc:63:
         9e:64:38:fb
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUKhwknjRSF+QjAtXzjTG5nX0+/RAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MDkxNjA2NTUwMFoX
DTI1MDkxNTA3MDAwMFowMzExMC8GA1UEAxMoNUJGODJCN0Q1OTI5RDU0QjUwMTI5
N0VCMDcwN0UwRjM5MjQwREM5RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK2YcuPlaE5DpdwnuN+FuVRDRO0CSgi+GslxUfdZLNopKdal6qnCxD6xqSHj
AUD0gFGkz2kBM8NZ7uLN3dSxZTzqjcjlul3/ESUbNh8aDDgM6CU2godQbPIZDVIE
yhzPAOVQAbFC2vRigjJlKcFbxog07CqRJNenGs+SmdaXmgmi/UIsQ/WMwCbyI3rj
qmolGoUY3RghZInKXOZ/lVu5s+LbtH7GITTbkVzIbIoye6YKa44H9VAxqiD/Kjse
eD/YOMANzwysApHqEr1f+ArCQUTUcgBuLlBoEtwiaEbUOgeB28E0LxzmYSwAKjKn
21i7+sVbwZ3j86goXqjEWl+0wZUCAwEAAaOCAdYwggHSMB0GA1UdDgQWBBRb+Ct9
WSnVS1ASl+sHB+DzkkDcnjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MTAwNC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQw
EgQCAAEwDAMEAGfW+gMEAGf7RTANBgkqhkiG9w0BAQsFAAOCAQEAGPxTl2+aPrv7
hDNc+rDzGiqNDT0qeu3ttinGhK0G3OZxGYnt2vyUqf6lq0FLHbgBAkVhysn1Kmsl
CpEh19OZoCpmdZsXLMNblYF9QuWv4dRoBXDs6XFhXmAqQpmqJkjV+fT8WhmkNxeg
QVrjDAxhEE0AT8bykhyd0TMtD6/Cq2lRcvAg4u/UfMFgr+O3QMWDlh62XmwXoLks
wpM6KZaTKXWgeW8zEn4UYl3btcUI1FImQIYo1TvWhSOilKH5tCMm7Hh+40Qpg5nq
YqDLzfaUn2833t1e+GkCkrJ8atbKQDwKhukOYWx2sWQdjG+3eU3PlYILfgAm+pLg
x/xjnmQ4+w==
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:14:29 2024 by rpki-client on console-ams.rpki-client.org