Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141641.roa
File:                     AS141641.roa (raw, json)
Hash identifier:          UQcNbmYcuWPNbDfCDp1aT1sWiUE9LIqvT27QvACfNd8=
Subject key identifier:   1A:3C:4D:2F:C0:B7:03:9C:CC:1D:D6:A3:54:27:E4:F6:C3:A0:52:D7
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       6E20B008244C308E3F1CA9FC7E46868C91A9091B
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141641.roa
Signing time:             Fri 13 Jun 2025 08:00:00 +0000
ROA not before:           Fri 13 Jun 2025 07:55:00 +0000
ROA not after:            Fri 12 Jun 2026 08:00:00 +0000
asID:                     141641
IP address blocks:        103.160.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 19 Jun 2025 11:48:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:20:b0:08:24:4c:30:8e:3f:1c:a9:fc:7e:46:86:8c:91:a9:09:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jun 13 07:55:00 2025 GMT
            Not After : Jun 12 08:00:00 2026 GMT
        Subject: CN=1A3C4D2FC0B7039CCC1DD6A35427E4F6C3A052D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:72:e8:32:01:50:00:93:f3:0b:22:3b:4d:
                    ff:2b:79:21:f8:6f:d0:44:a0:8a:c9:0a:83:23:d1:
                    e3:76:4e:9e:34:4b:58:28:59:5c:c6:1a:d8:30:3d:
                    ff:38:57:e7:7c:16:a9:44:99:7d:0a:ec:93:2f:a3:
                    5a:a7:6f:3a:69:75:66:56:0a:9c:4d:69:d4:1e:a7:
                    c2:bb:ed:e3:e8:c2:c6:aa:85:4c:a6:19:29:3d:f8:
                    94:86:ad:9b:08:c6:b2:95:20:46:3b:56:d6:e7:a6:
                    b4:42:20:27:15:72:1b:ca:6d:a8:20:da:6d:54:8b:
                    75:57:a1:37:2a:47:3c:e9:75:10:0d:aa:fa:26:a2:
                    8f:16:c1:9d:08:24:a7:2b:f1:34:2f:3e:bc:8a:c2:
                    c1:46:6e:e7:80:bf:e1:2a:75:13:35:1b:06:03:c5:
                    4c:1f:ff:3b:42:72:b6:42:9b:12:00:62:2d:cf:58:
                    22:d1:69:c1:06:4e:eb:bb:b9:27:2b:14:68:7b:a4:
                    be:3b:21:d8:a2:86:48:14:99:b7:61:1c:4b:2c:15:
                    41:a0:31:cf:e5:cb:c3:d2:96:2a:08:71:d0:7f:54:
                    d9:2b:ba:ac:fb:84:8f:a5:81:5d:78:08:30:39:82:
                    78:a5:4c:62:16:07:d0:6e:0b:79:7e:3b:bc:8e:b4:
                    c2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3C:4D:2F:C0:B7:03:9C:CC:1D:D6:A3:54:27:E4:F6:C3:A0:52:D7
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.160.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:00:68:66:f1:a0:78:07:9a:ac:36:a6:e4:cc:96:f4:7c:68:
         65:55:55:d6:2f:41:3a:f9:fb:b5:66:b2:f2:11:c1:b2:a4:7d:
         e5:aa:0f:eb:5b:6e:ad:f2:a1:39:20:0c:cb:cb:56:39:36:e2:
         d1:53:af:ce:5b:cf:74:11:71:86:72:2a:80:b9:90:bc:57:5f:
         83:09:94:c5:50:b9:a8:ba:e9:f8:c4:55:fe:94:35:24:94:11:
         09:be:e6:9a:1a:cc:7c:71:66:7a:e2:3e:f9:f0:43:90:14:d8:
         f3:23:86:22:bd:6f:94:df:82:4b:69:87:e0:36:19:04:d2:4c:
         a9:c7:b7:6d:b6:94:97:dc:b2:70:26:bd:37:5f:0d:67:ef:42:
         30:95:3b:58:89:b7:ac:4e:0a:20:50:c2:88:ae:89:e4:e1:d7:
         07:cf:f3:07:ed:48:0d:32:ff:0a:70:6c:67:f2:78:d3:b3:a6:
         1a:a5:74:1b:fc:ac:37:e2:ac:98:be:1b:8f:fb:a6:ae:51:26:
         aa:52:a0:40:c9:0a:e6:bc:2d:ad:bc:8d:cb:64:78:a7:bc:c8:
         e0:fe:77:d7:7e:b9:15:c0:f7:29:6f:34:49:65:a1:84:1f:65:
         07:1f:c4:ff:b7:d2:9e:ac:3c:28:d2:b5:45:d6:48:a8:4d:59:
         e6:97:b3:6f
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUbiCwCCRMMI4/HKn8fkaGjJGpCRswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDYxMzA3NTUwMFoX
DTI2MDYxMjA4MDAwMFowMzExMC8GA1UEAxMoMUEzQzREMkZDMEI3MDM5Q0NDMURE
NkEzNTQyN0U0RjZDM0EwNTJENzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMgcugyAVAAk/MLIjtN/yt5Ifhv0ESgiskKgyPR43ZOnjRLWChZXMYa2DA9
/zhX53wWqUSZfQrsky+jWqdvOml1ZlYKnE1p1B6nwrvt4+jCxqqFTKYZKT34lIat
mwjGspUgRjtW1uemtEIgJxVyG8ptqCDabVSLdVehNypHPOl1EA2q+iaijxbBnQgk
pyvxNC8+vIrCwUZu54C/4Sp1EzUbBgPFTB//O0JytkKbEgBiLc9YItFpwQZO67u5
JysUaHukvjsh2KKGSBSZt2EcSywVQaAxz+XLw9KWKghx0H9U2Su6rPuEj6WBXXgI
MDmCeKVMYhYH0G4LeX47vI60wpcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQaPE0v
wLcDnMwd1qNUJ+T2w6BS1zAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MTY0MS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGegdjANBgkqhkiG9w0BAQsFAAOCAQEAEABoZvGgeAearDam5MyW
9HxoZVVV1i9BOvn7tWay8hHBsqR95aoP61turfKhOSAMy8tWOTbi0VOvzlvPdBFx
hnIqgLmQvFdfgwmUxVC5qLrp+MRV/pQ1JJQRCb7mmhrMfHFmeuI++fBDkBTY8yOG
Ir1vlN+CS2mH4DYZBNJMqce3bbaUl9yycCa9N18NZ+9CMJU7WIm3rE4KIFDCiK6J
5OHXB8/zB+1IDTL/CnBsZ/J407OmGqV0G/ysN+KsmL4bj/umrlEmqlKgQMkK5rwt
rbyNy2R4p7zI4P531365FcD3KW80SWWhhB9lBx/E/7fSnqw8KNK1RdZIqE1Z5pez
bw==
-----END CERTIFICATE-----