Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS150249.roa
File:                     AS150249.roa (raw, json)
Hash identifier:          95llwq1W7qrCrMmpC/EjyNVFc76uuUGi2SEyc30Jl1Q=
Subject key identifier:   A4:7D:CA:53:A1:F7:F5:54:A1:90:55:DF:1D:84:3E:5C:99:99:A3:D4
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       50147E458A67F47C16DC922851B53722002FE681
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS150249.roa
Signing time:             Thu 06 Feb 2025 10:44:54 +0000
ROA not before:           Thu 06 Feb 2025 10:39:54 +0000
ROA not after:            Thu 05 Feb 2026 10:44:54 +0000
asID:                     150249
IP address blocks:        157.10.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:14:7e:45:8a:67:f4:7c:16:dc:92:28:51:b5:37:22:00:2f:e6:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:54 2025 GMT
            Not After : Feb  5 10:44:54 2026 GMT
        Subject: CN=A47DCA53A1F7F554A19055DF1D843E5C9999A3D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:49:2d:e4:af:fe:7c:db:0c:8f:e9:33:f0:74:
                    99:1b:47:3d:0d:45:f6:f3:62:0f:56:64:0b:6b:f9:
                    45:49:82:3b:13:e5:55:b6:3d:8a:c1:a7:a0:69:e0:
                    4c:da:a1:e9:1b:52:7a:1d:a7:49:d5:fe:e9:61:8d:
                    7a:09:8a:24:01:ef:78:f9:33:63:3a:ee:96:8b:4c:
                    87:11:65:39:da:ef:e5:ae:91:a4:5c:e1:3a:a9:20:
                    10:d3:5e:94:b0:fa:07:93:d7:ea:0a:d0:de:94:be:
                    f7:a8:3a:94:53:7d:00:bc:48:63:fc:ed:96:ca:7c:
                    ec:82:7f:76:09:96:81:66:45:9a:e2:e2:8a:52:c5:
                    c7:da:73:d2:e0:68:39:1b:f7:b7:a7:20:75:67:b9:
                    0a:12:31:c5:af:c6:b0:27:2f:ce:7f:86:2f:78:19:
                    41:e1:7a:c8:d5:54:28:59:4c:c6:c4:e5:08:d8:b9:
                    83:6c:18:e2:ed:25:e6:16:12:30:b0:da:82:7f:79:
                    05:ef:20:64:23:65:e7:54:fe:34:8a:28:8e:cd:42:
                    9d:e9:58:5d:59:fb:17:5b:f4:74:71:46:23:40:c1:
                    8a:81:6a:5e:0d:90:db:48:bc:a0:91:d0:a4:d4:11:
                    f1:c9:22:8f:f2:fb:db:c7:62:d7:49:51:43:6a:b0:
                    52:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7D:CA:53:A1:F7:F5:54:A1:90:55:DF:1D:84:3E:5C:99:99:A3:D4
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS150249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d5:51:b6:53:2a:7f:ff:e8:69:d5:dc:bc:17:8f:49:a1:05:
         41:05:53:e2:23:0b:d1:56:59:dd:0e:dd:58:ea:f7:69:26:f3:
         d7:79:db:49:31:b3:a3:c5:b7:82:53:4b:c4:ac:3e:91:63:f9:
         a1:d4:8c:4e:14:8c:37:ca:6b:5a:b1:79:e1:b6:e9:89:01:28:
         6e:01:f0:69:db:c4:f4:45:a5:79:3f:ba:25:f2:25:07:32:6c:
         40:cd:51:f6:12:2d:83:8b:1c:4c:32:33:d6:64:0b:12:12:26:
         22:86:48:60:3b:94:3d:3e:35:50:d9:70:d5:3e:ef:36:3c:b5:
         22:62:7f:cc:52:28:b8:7f:77:cf:06:2e:8a:c8:a4:ec:1f:c9:
         16:df:dc:7c:eb:ce:84:e3:8d:28:ba:40:2e:01:b9:43:67:4d:
         20:9d:c1:f0:43:b6:0c:90:d3:f7:77:b6:4a:d3:8d:14:9b:f3:
         3b:9c:d6:7e:60:10:39:da:37:1f:62:42:8d:17:57:e9:67:2e:
         d7:32:cd:31:b8:ce:a7:0d:94:4d:82:2a:41:cf:7e:db:25:ab:
         23:26:70:79:c9:c0:ec:c8:72:be:a5:83:ab:2e:34:40:25:32:
         e8:87:2e:96:0f:38:3a:18:2a:c8:40:bf:ed:8c:03:c3:bc:ff:
         1d:73:23:0b
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUUBR+RYpn9HwW3JIoUbU3IgAv5oEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1NFoX
DTI2MDIwNTEwNDQ1NFowMzExMC8GA1UEAxMoQTQ3RENBNTNBMUY3RjU1NEExOTA1
NURGMUQ4NDNFNUM5OTk5QTNENDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdJLeSv/nzbDI/pM/B0mRtHPQ1F9vNiD1ZkC2v5RUmCOxPlVbY9isGnoGng
TNqh6RtSeh2nSdX+6WGNegmKJAHvePkzYzrulotMhxFlOdrv5a6RpFzhOqkgENNe
lLD6B5PX6grQ3pS+96g6lFN9ALxIY/ztlsp87IJ/dgmWgWZFmuLiilLFx9pz0uBo
ORv3t6cgdWe5ChIxxa/GsCcvzn+GL3gZQeF6yNVUKFlMxsTlCNi5g2wY4u0l5hYS
MLDagn95Be8gZCNl51T+NIoojs1CnelYXVn7F1v0dHFGI0DBioFqXg2Q20i8oJHQ
pNQR8ckij/L728di10lRQ2qwUlkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSkfcpT
off1VKGQVd8dhD5cmZmj1DAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MDI0OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAJ0KtTANBgkqhkiG9w0BAQsFAAOCAQEAcdVRtlMqf//oadXcvBeP
SaEFQQVT4iML0VZZ3Q7dWOr3aSbz13nbSTGzo8W3glNLxKw+kWP5odSMThSMN8pr
WrF54bbpiQEobgHwadvE9EWleT+6JfIlBzJsQM1R9hItg4scTDIz1mQLEhImIoZI
YDuUPT41UNlw1T7vNjy1ImJ/zFIouH93zwYuisik7B/JFt/cfOvOhOONKLpALgG5
Q2dNIJ3B8EO2DJDT93e2StONFJvzO5zWfmAQOdo3H2JCjRdX6Wcu1zLNMbjOpw2U
TYIqQc9+2yWrIyZwecnA7MhyvqWDqy40QCUy6Iculg84OhgqyEC/7YwDw7z/HXMj
Cw==
-----END CERTIFICATE-----