Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58404.roa
File:                     AS58404.roa (raw, json)
Hash identifier:          XMrCB0uFYTnhZ0xbTp01LqxuRwlsFswh81o1BS2s8sw=
Subject key identifier:   6F:0D:CE:48:9F:D0:27:EE:7A:08:8F:70:7D:3C:12:AD:6F:91:E9:F1
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       6E094EF1F52372827EF76D347C2E1D3350F01CF6
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58404.roa
Signing time:             Tue 11 Nov 2025 06:00:09 +0000
ROA not before:           Tue 11 Nov 2025 05:55:09 +0000
ROA not after:            Tue 10 Nov 2026 06:00:09 +0000
asID:                     58404
IP address blocks:        123.253.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Nov 2025 04:34:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:09:4e:f1:f5:23:72:82:7e:f7:6d:34:7c:2e:1d:33:50:f0:1c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Nov 11 05:55:09 2025 GMT
            Not After : Nov 10 06:00:09 2026 GMT
        Subject: CN=6F0DCE489FD027EE7A088F707D3C12AD6F91E9F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:50:80:41:fe:b8:e2:a8:62:4e:c2:76:46:54:
                    a3:d7:68:04:69:dd:8a:8a:37:a9:ca:91:71:fc:19:
                    ed:0e:70:c2:a9:8e:44:77:da:ad:9f:0b:3f:d8:6d:
                    90:72:b5:2e:c0:0b:a3:2e:61:8b:1f:9b:ec:6f:67:
                    fe:cd:d8:6f:65:1d:71:fa:93:2b:ca:37:86:25:9c:
                    4a:e7:c7:00:82:c9:b1:2e:2c:f1:44:ae:ce:40:e4:
                    b3:69:ae:8b:7b:12:28:33:bd:ec:53:c9:39:07:e5:
                    a8:65:74:50:a7:ee:94:66:39:cd:2f:64:89:d9:c8:
                    b9:5d:85:7e:99:9c:8e:b1:df:53:36:60:2f:1a:d5:
                    68:7f:37:46:9b:d3:07:65:3d:ba:66:e2:90:a0:c1:
                    52:90:bf:5c:fd:11:c6:cc:48:57:30:2d:b5:c2:fb:
                    ff:b7:19:88:59:05:15:5e:34:72:be:55:94:fc:9d:
                    51:6e:40:2c:b0:b5:ca:9a:74:fd:f2:54:e7:d4:ca:
                    8e:89:7d:4b:67:f5:78:56:3c:86:b9:ae:2a:1a:d0:
                    02:87:6f:db:e4:a1:e7:5e:46:ad:7f:2a:ac:be:1a:
                    a2:68:a4:84:b2:01:8b:e5:b9:35:66:e2:8b:39:29:
                    ab:25:39:d2:9a:43:92:59:71:4e:f8:03:e4:91:70:
                    de:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0D:CE:48:9F:D0:27:EE:7A:08:8F:70:7D:3C:12:AD:6F:91:E9:F1
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58404.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:b5:13:28:d0:9a:9e:3d:18:72:88:f1:f0:81:59:f7:1f:8f:
         2d:e2:ff:51:5a:6b:7e:56:a6:e8:30:8d:88:63:2d:bf:9c:80:
         21:8a:19:52:51:b3:da:6a:82:e7:b4:d6:67:fc:a4:55:23:27:
         59:c7:e7:66:9a:b8:75:10:7e:91:46:5f:00:d0:58:f3:07:7f:
         36:6c:59:5f:13:63:ce:50:66:77:30:56:1d:24:a6:45:91:29:
         fa:da:6f:c5:ce:c7:42:5b:5d:bf:0f:96:77:e8:5b:5c:66:09:
         bb:fa:94:17:59:0f:f1:53:ea:6c:7e:d5:d5:79:df:b2:be:c4:
         17:9f:ad:d4:d7:f3:e4:5f:05:1b:8b:84:af:96:5e:05:8a:7c:
         ab:8a:33:fe:f0:65:49:c0:26:80:d8:14:3f:c3:cd:67:fd:da:
         47:9a:d8:74:54:eb:35:b7:8e:80:28:4c:13:b6:5d:88:26:2a:
         03:89:ea:5f:f4:4a:66:9f:40:bd:33:6d:37:41:c8:a4:e9:44:
         14:0a:0f:28:80:5a:fb:e3:50:c8:f3:a6:78:8e:7d:5f:3c:aa:
         d1:84:00:5c:64:2d:30:a1:94:57:1c:a0:97:b7:f5:ed:97:c9:
         ca:bc:67:e2:61:fe:d6:0d:cb:07:36:19:21:49:77:f3:50:bb:
         3f:01:f3:ff
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUbglO8fUjcoJ+9200fC4dM1DwHPYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MTExMTA1NTUwOVoX
DTI2MTExMDA2MDAwOVowMzExMC8GA1UEAxMoNkYwRENFNDg5RkQwMjdFRTdBMDg4
RjcwN0QzQzEyQUQ2RjkxRTlGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFQgEH+uOKoYk7CdkZUo9doBGndioo3qcqRcfwZ7Q5wwqmORHfarZ8LP9ht
kHK1LsALoy5hix+b7G9n/s3Yb2UdcfqTK8o3hiWcSufHAILJsS4s8USuzkDks2mu
i3sSKDO97FPJOQflqGV0UKfulGY5zS9kidnIuV2FfpmcjrHfUzZgLxrVaH83RpvT
B2U9umbikKDBUpC/XP0RxsxIVzAttcL7/7cZiFkFFV40cr5VlPydUW5ALLC1ypp0
/fJU59TKjol9S2f1eFY8hrmuKhrQAodv2+Sh515GrX8qrL4aomikhLIBi+W5NWbi
izkpqyU50ppDkllxTvgD5JFw3msCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRvDc5I
n9An7noIj3B9PBKtb5Hp8TAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwC4Y3cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzU4NDA0LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCe/0cMA0GCSqGSIb3DQEBCwUAA4IBAQAMtRMo0JqePRhyiPHwgVn3
H48t4v9RWmt+VqboMI2IYy2/nIAhihlSUbPaaoLntNZn/KRVIydZx+dmmrh1EH6R
Rl8A0FjzB382bFlfE2POUGZ3MFYdJKZFkSn62m/FzsdCW12/D5Z36FtcZgm7+pQX
WQ/xU+psftXVed+yvsQXn63U1/PkXwUbi4Svll4FinyrijP+8GVJwCaA2BQ/w81n
/dpHmth0VOs1t46AKEwTtl2IJioDiepf9Epmn0C9M203Qcik6UQUCg8ogFr741DI
86Z4jn1fPKrRhABcZC0woZRXHKCXt/Xtl8nKvGfiYf7WDcsHNhkhSXfzULs/AfP/
-----END CERTIFICATE-----