Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58389.roa
File:                     AS58389.roa (raw, json)
Hash identifier:          heddE3zpvUIeM+caw5FsQI/7jEwmnpbP3OvvAD3WwIg=
Subject key identifier:   08:69:07:14:3B:AD:4E:84:E0:09:FC:7F:BB:6C:8D:42:95:25:AA:46
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       43378B6B17B15AE3E0AF3FFC12A064BD897851BF
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58389.roa
Signing time:             Tue 15 Jul 2025 02:41:08 +0000
ROA not before:           Tue 15 Jul 2025 02:36:08 +0000
ROA not after:            Tue 14 Jul 2026 02:41:08 +0000
asID:                     58389
IP address blocks:        114.198.240.0/21 maxlen: 24
                          114.198.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 07 Aug 2025 20:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:37:8b:6b:17:b1:5a:e3:e0:af:3f:fc:12:a0:64:bd:89:78:51:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jul 15 02:36:08 2025 GMT
            Not After : Jul 14 02:41:08 2026 GMT
        Subject: CN=086907143BAD4E84E009FC7FBB6C8D429525AA46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:89:ff:fd:1b:f3:ea:7a:4f:63:2c:57:82:3f:
                    21:f5:5b:ee:a5:7b:20:fc:b0:99:d8:1d:cf:c4:13:
                    ed:de:0c:bc:6a:c5:9c:82:e0:9a:11:ec:b5:d5:db:
                    9d:f0:24:78:60:6d:5f:e6:2a:bf:69:be:ea:c6:18:
                    d4:08:ad:da:9e:bf:75:61:16:ab:1c:ed:37:a9:29:
                    11:e5:d3:8d:db:bf:7e:5e:6f:b1:36:17:56:45:61:
                    cf:d3:b6:66:82:1e:14:e1:66:4a:75:77:46:2a:74:
                    44:b9:29:de:9c:c6:c3:20:c7:16:66:1f:4a:5c:e0:
                    92:13:f5:c3:07:bc:83:ae:49:ed:2e:62:de:ab:25:
                    87:4d:de:1d:d0:cb:be:67:55:69:99:17:9d:89:68:
                    91:29:04:56:ee:7a:54:80:3b:e4:ec:9e:72:d9:91:
                    aa:e2:3e:24:34:17:13:0a:32:21:0c:82:fa:05:1b:
                    f6:6a:31:95:ff:7d:ef:0b:c2:4c:c9:9c:49:08:85:
                    21:1c:a0:05:cc:b3:1d:47:79:db:e7:6c:a1:fc:e6:
                    00:d7:56:94:9d:83:c7:ab:b7:90:1b:0c:32:31:ba:
                    98:3b:c5:7f:84:72:19:3c:46:b7:39:55:dc:08:ec:
                    8e:1a:82:6b:46:9b:32:2b:99:eb:98:c8:6c:a3:4b:
                    de:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:69:07:14:3B:AD:4E:84:E0:09:FC:7F:BB:6C:8D:42:95:25:AA:46
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS58389.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.198.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:5c:c3:f9:d5:18:eb:34:26:93:82:58:d6:fe:02:1f:89:88:
         65:f3:3a:ad:9a:30:51:93:c0:d8:d0:a2:70:39:09:81:48:cd:
         b4:64:a6:82:58:0d:73:27:98:91:b5:15:66:0f:dc:47:02:c1:
         2e:df:67:30:9a:79:94:1a:3d:79:a3:98:5c:d0:81:c9:56:bd:
         22:4c:32:95:e6:5f:29:9d:10:76:5b:c7:5b:f0:50:09:8a:0a:
         94:6b:bb:66:73:a2:22:7b:06:e9:ad:02:94:00:18:f2:ed:5a:
         58:18:56:26:bb:a3:44:36:f8:6f:f7:70:21:8d:00:6f:ae:ea:
         42:d5:a6:d1:25:71:45:c8:8d:cb:22:52:d4:12:fc:3a:b9:59:
         28:b8:fa:df:74:03:33:39:fb:d1:c7:d2:67:19:e5:48:bd:9e:
         3b:9b:f8:e5:69:0c:19:f5:6c:aa:a8:ab:b7:40:7f:f8:1a:4d:
         ee:11:2c:3a:dd:df:e1:f8:fd:83:94:14:9d:3a:87:26:a4:ad:
         ff:96:da:2d:96:33:e2:22:bb:ea:14:a2:d2:34:0c:28:47:8f:
         6e:bd:2f:92:46:b6:9c:05:83:90:de:6a:ef:dc:cc:c9:11:c2:
         61:1e:ef:5f:01:c1:86:a7:61:62:f4:c2:00:b2:1e:a0:fc:67:
         0d:61:17:af
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUQzeLaxexWuPgrz/8EqBkvYl4Ub8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDcxNTAyMzYwOFoX
DTI2MDcxNDAyNDEwOFowMzExMC8GA1UEAxMoMDg2OTA3MTQzQkFENEU4NEUwMDlG
QzdGQkI2QzhENDI5NTI1QUE0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJaJ//0b8+p6T2MsV4I/IfVb7qV7IPywmdgdz8QT7d4MvGrFnILgmhHstdXb
nfAkeGBtX+Yqv2m+6sYY1Ait2p6/dWEWqxztN6kpEeXTjdu/fl5vsTYXVkVhz9O2
ZoIeFOFmSnV3Rip0RLkp3pzGwyDHFmYfSlzgkhP1wwe8g65J7S5i3qslh03eHdDL
vmdVaZkXnYlokSkEVu56VIA75OyectmRquI+JDQXEwoyIQyC+gUb9moxlf997wvC
TMmcSQiFIRygBcyzHUd52+dsofzmANdWlJ2Dx6u3kBsMMjG6mDvFf4RyGTxGtzlV
3AjsjhqCa0abMiuZ65jIbKNL3osCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQIaQcU
O61OhOAJ/H+7bI1ClSWqRjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwC4Y3cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzU4Mzg5LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDcsbwMA0GCSqGSIb3DQEBCwUAA4IBAQCLXMP51RjrNCaTgljW/gIf
iYhl8zqtmjBRk8DY0KJwOQmBSM20ZKaCWA1zJ5iRtRVmD9xHAsEu32cwmnmUGj15
o5hc0IHJVr0iTDKV5l8pnRB2W8db8FAJigqUa7tmc6IiewbprQKUABjy7VpYGFYm
u6NENvhv93AhjQBvrupC1abRJXFFyI3LIlLUEvw6uVkouPrfdAMzOfvRx9JnGeVI
vZ47m/jlaQwZ9WyqqKu3QH/4Gk3uESw63d/h+P2DlBSdOocmpK3/ltotljPiIrvq
FKLSNAwoR49uvS+SRracBYOQ3mrv3MzJEcJhHu9fAcGGp2Fi9MIAsh6g/GcNYRev
-----END CERTIFICATE-----
Generated at Mon Aug 4 18:18:46 2025 by rpki-client