Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS139408.roa
File:                     AS139408.roa (raw, json)
Hash identifier:          tmRCwhcIrPE8YFOBKha8g9cHkdDPU6+QqMFS0FFPJQo=
Subject key identifier:   25:5A:B0:BF:D2:FB:AE:3D:C8:DC:BE:B1:76:74:32:15:16:8A:3B:DD
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       1D77204DE3E795BF51E91C1C616C25EA8BD4DDF2
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS139408.roa
Signing time:             Thu 06 Feb 2025 10:44:48 +0000
ROA not before:           Thu 06 Feb 2025 10:39:48 +0000
ROA not after:            Thu 05 Feb 2026 10:44:48 +0000
asID:                     139408
IP address blocks:        160.22.68.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:77:20:4d:e3:e7:95:bf:51:e9:1c:1c:61:6c:25:ea:8b:d4:dd:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:48 2025 GMT
            Not After : Feb  5 10:44:48 2026 GMT
        Subject: CN=255AB0BFD2FBAE3DC8DCBEB176743215168A3BDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:00:d6:cf:fc:ad:8d:8f:f6:b9:f8:b0:d0:a7:
                    05:4e:a6:a1:20:b2:72:bc:97:c9:ab:45:8b:eb:44:
                    f5:76:a6:55:fe:0a:c7:7c:22:aa:b1:8f:d5:c5:66:
                    67:da:5e:fa:37:69:67:c3:91:25:a0:8c:0f:92:5e:
                    8b:f6:7f:20:06:32:de:90:e6:3b:2d:cb:80:f8:c9:
                    be:a9:42:ee:aa:47:e9:81:70:68:53:f2:da:bb:3c:
                    b9:76:c7:c3:05:e9:be:64:05:cb:6f:7f:be:36:7f:
                    ed:48:f5:dd:39:0c:3e:ed:32:0d:37:6a:7e:71:39:
                    be:bc:98:5a:3c:d7:e4:00:6a:a1:f2:92:5d:8e:43:
                    12:f8:bc:8e:08:98:b7:6f:e0:de:4a:9f:9c:ab:dd:
                    0d:5a:fa:8c:cb:8c:0e:b3:e6:e0:68:0b:7c:20:37:
                    5a:2a:7b:d3:32:3c:1c:a8:e1:38:c2:b5:70:d8:91:
                    d4:a5:27:69:ea:30:8d:2a:26:24:28:62:dd:47:07:
                    95:03:11:12:61:42:25:b2:84:23:22:bc:98:74:4a:
                    61:da:f9:a8:b1:fc:d1:c1:61:e4:7d:dd:1e:69:e7:
                    e5:93:3e:2a:8c:3a:86:cc:77:02:57:0e:26:64:15:
                    53:5b:23:99:4a:5a:3d:38:8a:84:7b:31:aa:70:f4:
                    25:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5A:B0:BF:D2:FB:AE:3D:C8:DC:BE:B1:76:74:32:15:16:8A:3B:DD
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS139408.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:c8:1e:a1:9b:dc:d8:fc:d7:58:ab:44:6c:68:37:43:91:a3:
         b7:bd:b5:6e:d7:4c:0d:2c:e9:eb:8d:ee:f0:0a:85:12:27:07:
         87:34:d8:74:21:69:6e:49:1a:a9:38:d1:b6:c9:4f:f4:ca:57:
         05:b3:df:4b:74:23:18:c9:f3:2c:c9:a8:9c:72:eb:41:43:b2:
         b3:45:7e:8d:b6:75:4d:ee:d8:44:c7:4c:eb:cc:23:3c:a6:1d:
         06:84:48:8b:f6:62:8a:75:d0:11:9e:0b:67:87:f2:eb:34:aa:
         a3:1f:e9:13:1a:fd:61:de:1c:49:63:37:3a:2c:27:9a:f1:86:
         22:d2:85:a2:cc:a9:b9:58:38:ed:71:8d:07:2f:31:67:20:e4:
         6c:0d:1e:8a:6e:c4:ab:81:97:83:11:48:47:37:e4:94:e7:59:
         c7:51:83:2a:5b:46:9e:af:08:06:6f:a8:9f:36:34:37:f1:f8:
         f2:11:ff:2b:9e:85:bc:d6:1c:18:c3:9d:bf:78:96:e4:75:f7:
         fa:04:ce:ad:d9:da:11:cc:30:3f:7a:e9:8b:89:f2:14:93:11:
         a0:cc:06:74:d2:07:a5:b8:35:4a:49:2d:87:7e:56:dc:2d:12:
         c0:52:19:75:cf:8b:e5:9b:61:92:e1:d9:c5:c0:e9:28:e1:8d:
         ed:2e:38:09
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUHXcgTePnlb9R6RwcYWwl6ovU3fIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk0OFoX
DTI2MDIwNTEwNDQ0OFowMzExMC8GA1UEAxMoMjU1QUIwQkZEMkZCQUUzREM4RENC
RUIxNzY3NDMyMTUxNjhBM0JERDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8A1s/8rY2P9rn4sNCnBU6moSCycryXyatFi+tE9XamVf4Kx3wiqrGP1cVm
Z9pe+jdpZ8ORJaCMD5Jei/Z/IAYy3pDmOy3LgPjJvqlC7qpH6YFwaFPy2rs8uXbH
wwXpvmQFy29/vjZ/7Uj13TkMPu0yDTdqfnE5vryYWjzX5ABqofKSXY5DEvi8jgiY
t2/g3kqfnKvdDVr6jMuMDrPm4GgLfCA3Wip70zI8HKjhOMK1cNiR1KUnaeowjSom
JChi3UcHlQMREmFCJbKEIyK8mHRKYdr5qLH80cFh5H3dHmnn5ZM+Kow6hsx3AlcO
JmQVU1sjmUpaPTiKhHsxqnD0JTkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQlWrC/
0vuuPcjcvrF2dDIVFoo73TAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzEzOTQwOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAWRDANBgkqhkiG9w0BAQsFAAOCAQEAN8geoZvc2PzXWKtEbGg3
Q5Gjt721btdMDSzp643u8AqFEicHhzTYdCFpbkkaqTjRtslP9MpXBbPfS3QjGMnz
LMmonHLrQUOys0V+jbZ1Te7YRMdM68wjPKYdBoRIi/ZiinXQEZ4LZ4fy6zSqox/p
Exr9Yd4cSWM3OiwnmvGGItKFosypuVg47XGNBy8xZyDkbA0eim7Eq4GXgxFIRzfk
lOdZx1GDKltGnq8IBm+onzY0N/H48hH/K56FvNYcGMOdv3iW5HX3+gTOrdnaEcww
P3rpi4nyFJMRoMwGdNIHpbg1Skkth35W3C0SwFIZdc+L5ZthkuHZxcDpKOGN7S44
CQ==
-----END CERTIFICATE-----