Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150208.roa
File:                     AS150208.roa (raw, json)
Hash identifier:          Pv1KnXflLQ5GPWcnc5UIp58qqYgqKt+slTfhuc/iSHU=
Subject key identifier:   79:C3:7E:5B:FC:5C:9D:3A:89:C4:8A:7F:A7:1E:67:EC:FF:C7:63:7B
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       603025AC92CFC054C8A141A305801E1705967C63
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150208.roa
Signing time:             Wed 09 Apr 2025 07:00:00 +0000
ROA not before:           Wed 09 Apr 2025 06:55:00 +0000
ROA not after:            Wed 08 Apr 2026 07:00:00 +0000
asID:                     150208
IP address blocks:        2001:df3:c440::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 20:52:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:30:25:ac:92:cf:c0:54:c8:a1:41:a3:05:80:1e:17:05:96:7c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Apr  9 06:55:00 2025 GMT
            Not After : Apr  8 07:00:00 2026 GMT
        Subject: CN=79C37E5BFC5C9D3A89C48A7FA71E67ECFFC7637B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:6d:23:77:38:7f:ab:98:ee:63:77:b0:cf:
                    a6:bd:5e:48:63:f1:23:cd:2f:79:b9:2a:1c:a3:d8:
                    24:95:4f:c9:d9:fa:c2:8f:c6:9b:93:27:97:bd:63:
                    93:9f:02:82:58:b8:95:b4:e0:d8:c3:53:61:16:60:
                    6b:e2:97:61:37:e5:38:36:bc:b0:02:61:02:4a:3a:
                    8b:44:8f:a2:97:1d:c9:1c:f9:97:5c:e6:ba:92:b5:
                    d2:2c:7f:7a:79:d8:5b:8f:08:b5:35:78:3c:91:59:
                    24:0b:50:7d:73:ba:cc:e2:79:2f:20:33:a0:71:0a:
                    f9:b0:44:d8:94:02:85:de:ef:1b:82:ad:a1:59:f6:
                    2d:52:cc:5c:52:49:6b:c2:55:96:0e:f8:62:71:e6:
                    77:66:f2:83:98:29:bc:4b:e3:15:5c:c3:fb:ed:f9:
                    4e:69:97:d4:b9:b5:0f:58:0f:36:37:f1:4a:b9:f6:
                    a5:b7:fc:d7:7f:5f:d1:fe:5d:fb:9d:a0:df:f7:85:
                    b5:fe:57:8e:d1:05:7e:55:2f:12:27:ef:6c:fa:64:
                    3f:73:ac:1d:58:17:0e:43:59:71:f8:dc:7d:bf:46:
                    02:37:d5:24:57:8c:d1:7f:24:ba:3c:a4:6e:84:66:
                    52:25:ec:f2:ce:b6:b8:10:ae:75:bc:01:cc:8d:8b:
                    f5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C3:7E:5B:FC:5C:9D:3A:89:C4:8A:7F:A7:1E:67:EC:FF:C7:63:7B
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150208.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:c440::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:3f:54:71:d6:3f:b6:49:29:0e:fe:17:12:59:24:a2:8a:56:
         34:04:3c:86:ae:1a:68:92:1c:13:f0:ed:3c:1e:94:eb:44:2e:
         9d:11:d6:a4:bd:fe:60:c3:85:15:f5:d7:92:dd:15:94:d0:f1:
         e1:03:ad:45:07:a0:08:3c:6c:56:72:d4:8a:99:e4:2c:79:4e:
         24:46:08:ff:17:40:c4:87:62:49:dd:dd:35:18:66:64:84:e4:
         e0:5e:38:3a:2a:8b:7f:a7:56:ec:4f:0f:57:08:ad:63:4f:82:
         29:81:bb:c6:2a:c0:a6:0e:d4:04:9b:1f:da:e8:9a:d1:6e:df:
         19:a4:86:5d:b2:c8:1e:42:d6:6a:a5:71:0b:a6:fe:7c:64:95:
         9e:ac:66:00:55:12:57:9a:98:b0:12:f6:2b:a7:b9:1f:f0:e4:
         c3:46:36:c5:e3:d3:8c:73:93:13:fa:94:b0:1e:9b:6a:07:e4:
         7e:05:91:c8:30:88:8e:ee:67:ec:a1:3a:1a:21:95:5d:08:b8:
         82:0e:25:a2:52:5c:c3:3e:3b:71:f7:59:d5:23:1e:1b:62:fc:
         00:22:5d:10:a7:0a:4f:d9:a0:da:d2:e1:1a:0a:5e:2b:4b:21:
         f8:c9:1d:a6:f9:61:2b:5f:14:56:20:34:ce:6c:a7:e8:ac:a5:
         46:54:68:3f
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUYDAlrJLPwFTIoUGjBYAeFwWWfGMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDQwOTA2NTUwMFoX
DTI2MDQwODA3MDAwMFowMzExMC8GA1UEAxMoNzlDMzdFNUJGQzVDOUQzQTg5QzQ4
QTdGQTcxRTY3RUNGRkM3NjM3QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7/bSN3OH+rmO5jd7DPpr1eSGPxI80vebkqHKPYJJVPydn6wo/Gm5Mnl71j
k58Cgli4lbTg2MNTYRZga+KXYTflODa8sAJhAko6i0SPopcdyRz5l1zmupK10ix/
ennYW48ItTV4PJFZJAtQfXO6zOJ5LyAzoHEK+bBE2JQChd7vG4KtoVn2LVLMXFJJ
a8JVlg74YnHmd2byg5gpvEvjFVzD++35TmmX1Lm1D1gPNjfxSrn2pbf8139f0f5d
+52g3/eFtf5XjtEFflUvEifvbPpkP3OsHVgXDkNZcfjcfb9GAjfVJFeM0X8kujyk
boRmUiXs8s62uBCudbwBzI2L9TcCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBR5w35b
/FydOonEin+nHmfs/8djezAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MDIwOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfPEQDANBgkqhkiG9w0BAQsFAAOCAQEAOD9UcdY/tkkpDv4X
ElkkoopWNAQ8hq4aaJIcE/DtPB6U60QunRHWpL3+YMOFFfXXkt0VlNDx4QOtRQeg
CDxsVnLUipnkLHlOJEYI/xdAxIdiSd3dNRhmZITk4F44OiqLf6dW7E8PVwitY0+C
KYG7xirApg7UBJsf2uia0W7fGaSGXbLIHkLWaqVxC6b+fGSVnqxmAFUSV5qYsBL2
K6e5H/Dkw0Y2xePTjHOTE/qUsB6bagfkfgWRyDCIju5n7KE6GiGVXQi4gg4lolJc
wz47cfdZ1SMeG2L8ACJdEKcKT9mg2tLhGgpeK0sh+MkdpvlhK18UViA0zmyn6Kyl
RlRoPw==
-----END CERTIFICATE-----