Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151006.roa
File:                     AS151006.roa (raw, json)
Hash identifier:          d9HC6y/9FO+/Ir1nLopyhovTkXu2Ri+UEsA8Tn3GWKc=
Subject key identifier:   C4:2B:E5:17:26:71:61:5C:B8:77:DD:C6:CA:EC:A8:50:32:FB:E8:6B
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       09BCD634F1EB391C0341260D7FA0F4DF2ED0B5A6
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151006.roa
Signing time:             Fri 29 Sep 2023 03:08:25 +0000
ROA not before:           Fri 29 Sep 2023 03:03:25 +0000
ROA not after:            Fri 27 Sep 2024 03:08:25 +0000
asID:                     151006
IP address blocks:        103.203.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 11 May 2024 13:23:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:bc:d6:34:f1:eb:39:1c:03:41:26:0d:7f:a0:f4:df:2e:d0:b5:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Sep 29 03:03:25 2023 GMT
            Not After : Sep 27 03:08:25 2024 GMT
        Subject: CN=C42BE5172671615CB877DDC6CAECA85032FBE86B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:83:c7:6b:13:92:3c:25:d8:b1:09:8b:d8:ce:
                    f1:31:7b:1b:ff:42:3d:2a:3f:f2:df:b1:63:34:47:
                    68:a6:28:43:85:a9:db:b0:c7:4d:88:b7:0e:86:98:
                    20:ab:30:2f:1d:a5:71:10:ec:28:de:3d:ca:16:30:
                    7e:e7:b4:d6:28:c3:67:85:07:aa:c0:56:9e:0d:55:
                    a3:00:cb:03:c1:cc:af:b3:23:b4:15:4b:4a:3a:f6:
                    c8:17:31:08:62:76:79:7b:6b:e9:64:a5:ff:c5:11:
                    b2:07:50:ad:ce:44:16:d9:aa:8f:0d:c6:72:5a:a7:
                    03:b9:6d:c6:70:39:f8:ab:b6:08:cc:76:c1:79:9c:
                    de:f9:73:a0:28:dd:c0:8e:88:4e:0b:11:49:fc:01:
                    41:1a:fd:62:f0:f3:52:35:fa:51:47:bf:e5:f4:03:
                    b9:d5:88:78:d7:af:0c:7f:73:90:d4:7d:a1:ce:b1:
                    65:4e:2d:78:dc:db:bd:50:75:5c:7e:e8:eb:3e:60:
                    8e:ed:b0:02:c6:1c:5a:9b:58:30:9f:04:04:5a:a0:
                    47:9e:a3:28:4b:17:a7:2d:7c:5e:96:b8:7f:8f:70:
                    f2:c0:74:81:10:f9:dc:48:1a:3e:65:af:2f:f0:7a:
                    31:3f:40:c8:cc:7a:9e:cf:cf:04:56:bd:ea:90:65:
                    b5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:E5:17:26:71:61:5C:B8:77:DD:C6:CA:EC:A8:50:32:FB:E8:6B
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151006.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.203.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:87:09:7f:b6:2f:59:8b:35:05:59:45:4e:9e:91:33:f9:56:
         c0:51:b7:3b:41:c5:9f:c8:7d:e0:2b:e9:86:61:2d:b2:72:64:
         cc:d6:09:1e:dd:de:65:7a:62:a0:96:9b:c2:06:b3:fe:b0:51:
         2d:9b:c8:0d:55:9f:25:50:79:f1:a0:87:b0:73:4e:cf:ed:de:
         54:b7:f2:1e:db:fe:29:bf:cd:83:01:d0:c0:22:49:29:8e:27:
         81:3c:a3:9a:ab:c3:ff:77:f2:ae:91:fa:39:1d:81:6e:a3:78:
         26:2d:0d:02:b3:84:19:fe:47:ed:1d:ec:21:a0:99:6f:33:ba:
         17:a0:c8:8c:98:3a:a5:0a:2b:e9:ae:11:92:7a:0a:2d:ff:4e:
         53:ef:ff:a6:14:74:b3:44:c1:18:d9:56:51:02:c0:dd:cb:b9:
         89:4a:25:dc:ed:a8:3b:5d:25:11:51:1a:05:68:fd:2b:84:d4:
         ec:24:e9:02:d3:6a:d3:7f:6e:e6:7b:be:c4:24:f9:c8:bd:0f:
         35:03:e4:c1:48:94:bc:96:07:4e:53:19:03:38:db:cc:cf:48:
         d3:e7:19:62:c8:8c:40:62:59:3d:3a:45:5e:d3:e4:4d:04:d3:
         46:9c:0e:7d:18:36:a3:41:c8:b9:f2:0e:ba:f2:50:d1:11:70:
         c7:a9:01:ec
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUCbzWNPHrORwDQSYNf6D03y7QtaYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTIzMDkyOTAzMDMyNVoX
DTI0MDkyNzAzMDgyNVowMzExMC8GA1UEAxMoQzQyQkU1MTcyNjcxNjE1Q0I4NzdE
REM2Q0FFQ0E4NTAzMkZCRTg2QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKeDx2sTkjwl2LEJi9jO8TF7G/9CPSo/8t+xYzRHaKYoQ4Wp27DHTYi3DoaY
IKswLx2lcRDsKN49yhYwfue01ijDZ4UHqsBWng1VowDLA8HMr7MjtBVLSjr2yBcx
CGJ2eXtr6WSl/8URsgdQrc5EFtmqjw3GclqnA7ltxnA5+Ku2CMx2wXmc3vlzoCjd
wI6ITgsRSfwBQRr9YvDzUjX6UUe/5fQDudWIeNevDH9zkNR9oc6xZU4teNzbvVB1
XH7o6z5gju2wAsYcWptYMJ8EBFqgR56jKEsXpy18Xpa4f49w8sB0gRD53EgaPmWv
L/B6MT9AyMx6ns/PBFa96pBlteMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTEK+UX
JnFhXLh33cbK7KhQMvvoazAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MTAwNi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGfL6jANBgkqhkiG9w0BAQsFAAOCAQEAfIcJf7YvWYs1BVlFTp6R
M/lWwFG3O0HFn8h94CvphmEtsnJkzNYJHt3eZXpioJabwgaz/rBRLZvIDVWfJVB5
8aCHsHNOz+3eVLfyHtv+Kb/NgwHQwCJJKY4ngTyjmqvD/3fyrpH6OR2BbqN4Ji0N
ArOEGf5H7R3sIaCZbzO6F6DIjJg6pQor6a4RknoKLf9OU+//phR0s0TBGNlWUQLA
3cu5iUol3O2oO10lEVEaBWj9K4TU7CTpAtNq039u5nu+xCT5yL0PNQPkwUiUvJYH
TlMZAzjbzM9I0+cZYsiMQGJZPTpFXtPkTQTTRpwOfRg2o0HIufIOuvJQ0RFwx6kB
7A==
-----END CERTIFICATE-----