Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152380.roa
File:                     AS152380.roa (raw, json)
Hash identifier:          1KBHvLymxNpETCq3zHYSK7qarpOxk7bTCdSOaVSnXxY=
Subject key identifier:   40:53:74:66:C1:93:66:C2:D8:27:D9:39:D7:7A:26:55:2B:B7:F0:88
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       1296D389B7007E41991CA9668891A30A57AA2B10
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152380.roa
Signing time:             Thu 06 Feb 2025 10:44:55 +0000
ROA not before:           Thu 06 Feb 2025 10:39:55 +0000
ROA not after:            Thu 05 Feb 2026 10:44:55 +0000
asID:                     152380
IP address blocks:        157.15.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:96:d3:89:b7:00:7e:41:99:1c:a9:66:88:91:a3:0a:57:aa:2b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:55 2025 GMT
            Not After : Feb  5 10:44:55 2026 GMT
        Subject: CN=40537466C19366C2D827D939D77A26552BB7F088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:15:43:f0:51:e9:77:03:6c:be:fe:8a:dc:
                    f0:5f:b8:e4:4f:83:50:7f:3f:78:4d:b6:2a:94:ac:
                    6a:d7:c7:fe:da:7b:d2:7a:00:89:db:d8:ec:fa:4f:
                    91:1f:83:44:70:da:84:a3:90:6c:61:82:a6:4f:5e:
                    f3:b8:2b:be:16:48:99:3b:cb:e5:8e:ba:13:cc:1e:
                    c4:30:a6:4a:97:bb:b1:cf:da:41:df:d0:07:d5:1a:
                    b0:cc:49:cd:83:5f:44:85:80:b3:a7:7a:cd:1d:57:
                    ef:a8:bc:c8:95:1d:55:8c:ba:a9:c9:b6:04:7d:d1:
                    dc:a3:70:99:5b:9b:0a:b9:7c:b6:bc:88:40:3f:d2:
                    f4:05:f1:cc:79:6c:a6:a6:72:ff:ca:73:1d:d6:e9:
                    aa:58:8a:d2:9b:87:b4:4c:9c:fb:af:47:b2:b9:d6:
                    77:96:d7:52:cb:2a:3b:ef:8f:22:de:c0:66:31:e5:
                    b1:31:d5:fb:d9:e9:a7:9d:62:bd:b3:96:43:12:72:
                    94:fb:73:d4:69:ae:11:11:30:9e:5b:2e:0f:17:50:
                    5c:30:4e:81:4d:3a:22:76:0b:ad:11:8b:ec:2d:a5:
                    fb:9d:1f:2d:d3:60:f2:6e:ae:75:e2:97:d7:ce:e3:
                    cc:1e:4f:47:ed:76:6f:21:b2:4b:45:13:d6:aa:05:
                    ef:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:53:74:66:C1:93:66:C2:D8:27:D9:39:D7:7A:26:55:2B:B7:F0:88
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152380.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:f0:47:ef:8b:af:a0:1e:e1:fa:2d:fc:31:4b:6a:93:d0:ac:
         40:6f:ea:12:e7:64:f2:ab:34:02:68:2b:be:b3:17:8d:7a:2f:
         f3:b6:a3:44:52:a2:3f:e0:be:d5:66:b7:36:8d:41:28:2f:8c:
         74:f4:ad:bd:94:11:45:3b:00:04:0f:33:06:4b:5c:93:75:13:
         37:07:ec:26:04:85:ae:35:de:1e:a7:4b:91:23:8f:f8:a5:e8:
         4b:73:ba:5a:a2:84:a7:b3:3b:20:c6:0d:4a:03:68:6d:ba:f7:
         b3:d9:06:86:c0:8f:09:56:18:8f:53:80:a2:6b:01:1f:f2:39:
         e1:a0:2a:87:e3:75:05:f5:16:ef:ec:4c:96:e9:04:54:99:8f:
         0d:7a:10:2e:74:83:33:a0:16:c0:fc:9f:20:51:95:f1:29:27:
         98:2e:33:c0:fa:00:b1:61:1a:eb:5f:e7:92:87:5f:83:7d:d2:
         62:bd:a7:38:74:72:52:ed:46:1f:2e:ca:77:03:08:70:72:a9:
         eb:67:4b:91:2c:56:df:f5:dd:99:7e:c8:af:4b:a0:19:9a:c8:
         ce:62:77:f4:72:23:75:32:81:7b:80:d8:ae:29:89:ed:87:1e:
         59:be:8d:33:4e:57:33:42:00:81:71:f7:50:9a:52:16:aa:ae:
         65:78:ca:61
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUEpbTibcAfkGZHKlmiJGjCleqKxAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1NVoX
DTI2MDIwNTEwNDQ1NVowMzExMC8GA1UEAxMoNDA1Mzc0NjZDMTkzNjZDMkQ4MjdE
OTM5RDc3QTI2NTUyQkI3RjA4ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+JFUPwUel3A2y+/orc8F+45E+DUH8/eE22KpSsatfH/tp70noAidvY7PpP
kR+DRHDahKOQbGGCpk9e87grvhZImTvL5Y66E8wexDCmSpe7sc/aQd/QB9UasMxJ
zYNfRIWAs6d6zR1X76i8yJUdVYy6qcm2BH3R3KNwmVubCrl8tryIQD/S9AXxzHls
pqZy/8pzHdbpqliK0puHtEyc+69HsrnWd5bXUssqO++PIt7AZjHlsTHV+9npp51i
vbOWQxJylPtz1GmuEREwnlsuDxdQXDBOgU06InYLrRGL7C2l+50fLdNg8m6udeKX
187jzB5PR+12byGyS0UT1qoF74UCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRAU3Rm
wZNmwtgn2TnXeiZVK7fwiDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM4MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0PqDANBgkqhkiG9w0BAQsFAAOCAQEAePBH74uvoB7h+i38MUtq
k9CsQG/qEudk8qs0AmgrvrMXjXov87ajRFKiP+C+1Wa3No1BKC+MdPStvZQRRTsA
BA8zBktck3UTNwfsJgSFrjXeHqdLkSOP+KXoS3O6WqKEp7M7IMYNSgNobbr3s9kG
hsCPCVYYj1OAomsBH/I54aAqh+N1BfUW7+xMlukEVJmPDXoQLnSDM6AWwPyfIFGV
8SknmC4zwPoAsWEa61/nkodfg33SYr2nOHRyUu1GHy7KdwMIcHKp62dLkSxW3/Xd
mX7Ir0ugGZrIzmJ39HIjdTKBe4DYrimJ7YceWb6NM05XM0IAgXH3UJpSFqquZXjK
YQ==
-----END CERTIFICATE-----