Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS55701.roa
File:                     AS55701.roa (raw, json)
Hash identifier:          /oYJMsskZaiiNwAw7h7JO+mT7tqghsbCv19Oljrurls=
Subject key identifier:   A0:3B:44:67:71:67:91:86:04:D2:75:FD:C1:46:06:31:01:86:DE:39
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       39EBF702E8AA4E077465FC159DE2E619C2C9C3F2
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS55701.roa
Signing time:             Tue 10 Dec 2024 05:00:09 +0000
ROA not before:           Tue 10 Dec 2024 04:55:09 +0000
ROA not after:            Tue 09 Dec 2025 05:00:09 +0000
asID:                     55701
IP address blocks:        103.163.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:eb:f7:02:e8:aa:4e:07:74:65:fc:15:9d:e2:e6:19:c2:c9:c3:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Dec 10 04:55:09 2024 GMT
            Not After : Dec  9 05:00:09 2025 GMT
        Subject: CN=A03B44677167918604D275FDC14606310186DE39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:61:d5:ca:87:35:5d:63:b1:62:fd:f8:a6:5c:
                    d0:56:a3:1e:a3:3f:17:f0:a7:9e:d7:cf:e7:47:23:
                    be:77:2a:74:e2:4c:8b:61:53:dd:1f:f2:64:e8:b4:
                    70:c6:c5:e0:34:60:5e:ed:a9:6d:43:07:69:a4:85:
                    1e:38:78:cf:69:2a:fd:39:33:2a:0a:7b:d4:9a:9e:
                    4a:2e:65:07:ad:57:1c:88:0f:3b:99:65:f9:89:0b:
                    09:e4:71:63:1f:fd:e9:1b:4f:7a:45:db:1f:34:c2:
                    12:35:13:2e:a3:90:c1:9e:eb:e0:df:01:79:4f:3d:
                    7d:73:17:f5:ca:4e:d3:60:e7:50:1a:77:65:e2:94:
                    fa:d5:80:1b:ea:c5:77:3b:e2:6b:63:d1:91:ce:5a:
                    3a:40:b0:f5:b6:73:22:58:35:04:36:bc:62:78:77:
                    e1:f7:12:56:ac:77:0c:b5:43:5c:31:0a:0c:e6:a1:
                    46:c0:31:cc:c0:bf:79:d7:16:c5:1e:14:d5:26:cc:
                    79:2c:c8:2a:8e:a2:a3:6c:7d:47:7f:d0:92:88:d3:
                    02:21:84:b1:d7:7c:e3:f1:cc:75:5e:5c:a6:98:53:
                    4e:62:0d:e1:e4:ec:ec:28:c0:dd:ee:dd:e6:44:7b:
                    90:54:69:d3:23:6e:20:63:c7:ec:ac:4a:85:76:4a:
                    97:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:3B:44:67:71:67:91:86:04:D2:75:FD:C1:46:06:31:01:86:DE:39
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS55701.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.163.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d2:c7:cc:c3:cb:57:1b:17:57:39:57:71:ef:26:ec:4b:4a:
         71:af:74:b1:bb:be:ee:b6:73:e0:17:8a:04:81:fc:a1:f4:00:
         36:16:6b:1f:88:81:a3:00:4b:5d:53:f9:1e:9b:8d:6d:72:bb:
         9a:c9:3b:69:0e:35:24:b9:84:bd:cb:c3:e8:22:52:16:b3:bf:
         b4:0a:95:c3:12:df:af:2b:ab:74:95:d1:13:77:a4:0b:33:67:
         4e:60:9a:58:8d:81:a1:99:76:32:d7:db:01:70:7a:62:5c:91:
         e7:d0:7e:f1:92:0b:47:2b:76:75:73:68:ba:68:26:a1:ee:b7:
         d0:4d:5b:27:53:c8:d5:2b:76:40:3c:fe:b0:b6:ec:d2:b2:60:
         6b:d2:fe:fd:e4:f1:d9:81:3b:a1:2a:e3:a1:3f:00:cd:43:e3:
         6a:eb:9e:98:0c:e8:c9:8a:6f:4e:0c:45:ff:fa:4f:17:07:c3:
         40:22:e8:d7:44:e1:46:4f:3c:58:05:87:13:9d:c7:4b:40:8d:
         f2:97:d7:6b:24:0d:4f:7f:2c:09:0d:f7:9c:5e:09:8b:cf:33:
         2c:09:c7:d9:c4:54:0c:97:3d:8f:51:df:1f:8c:39:dd:9a:84:
         c5:3e:8e:c6:ef:3a:3a:a0:4f:22:22:1a:26:ec:d4:8c:d4:a4:
         8b:d0:37:b6
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUOev3AuiqTgd0ZfwVneLmGcLJw/IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI0MTIxMDA0NTUwOVoX
DTI1MTIwOTA1MDAwOVowMzExMC8GA1UEAxMoQTAzQjQ0Njc3MTY3OTE4NjA0RDI3
NUZEQzE0NjA2MzEwMTg2REUzOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK9h1cqHNV1jsWL9+KZc0FajHqM/F/CnntfP50cjvncqdOJMi2FT3R/yZOi0
cMbF4DRgXu2pbUMHaaSFHjh4z2kq/TkzKgp71JqeSi5lB61XHIgPO5ll+YkLCeRx
Yx/96RtPekXbHzTCEjUTLqOQwZ7r4N8BeU89fXMX9cpO02DnUBp3ZeKU+tWAG+rF
dzvia2PRkc5aOkCw9bZzIlg1BDa8Ynh34fcSVqx3DLVDXDEKDOahRsAxzMC/edcW
xR4U1SbMeSzIKo6io2x9R3/QkojTAiGEsdd84/HMdV5cpphTTmIN4eTs7CjA3e7d
5kR7kFRp0yNuIGPH7KxKhXZKl00CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSgO0Rn
cWeRhgTSdf3BRgYxAYbeOTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwC4Y3cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzU1NzAxLnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZ6OgMA0GCSqGSIb3DQEBCwUAA4IBAQAw0sfMw8tXGxdXOVdx7ybs
S0pxr3Sxu77utnPgF4oEgfyh9AA2FmsfiIGjAEtdU/kem41tcruayTtpDjUkuYS9
y8PoIlIWs7+0CpXDEt+vK6t0ldETd6QLM2dOYJpYjYGhmXYy19sBcHpiXJHn0H7x
kgtHK3Z1c2i6aCah7rfQTVsnU8jVK3ZAPP6wtuzSsmBr0v795PHZgTuhKuOhPwDN
Q+Nq656YDOjJim9ODEX/+k8XB8NAIujXROFGTzxYBYcTncdLQI3yl9drJA1PfywJ
DfecXgmLzzMsCcfZxFQMlz2PUd8fjDndmoTFPo7G7zo6oE8iIhom7NSM1KSL0De2
-----END CERTIFICATE-----