Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152763.roa
File:                     AS152763.roa (raw, json)
Hash identifier:          hvziog5WO91l0m1sLM8lg5Fko7Aq/Hxt9l4c5PcBoa8=
Subject key identifier:   13:6C:7E:4F:A9:84:56:73:89:38:C8:69:DE:A0:E8:30:65:43:6C:B4
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       414A3DF43C8E172E56C9971A57CE8D9245A022D9
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152763.roa
Signing time:             Fri 11 Apr 2025 04:03:24 +0000
ROA not before:           Fri 11 Apr 2025 03:58:24 +0000
ROA not after:            Fri 10 Apr 2026 04:03:24 +0000
asID:                     152763
IP address blocks:        160.19.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:4a:3d:f4:3c:8e:17:2e:56:c9:97:1a:57:ce:8d:92:45:a0:22:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Apr 11 03:58:24 2025 GMT
            Not After : Apr 10 04:03:24 2026 GMT
        Subject: CN=136C7E4FA98456738938C869DEA0E83065436CB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a9:86:d5:59:d0:cf:79:3c:c4:84:f2:18:00:
                    3c:25:6b:17:8e:6a:90:5e:b1:89:89:f6:03:ab:b2:
                    cc:f2:23:02:f2:f7:e2:33:ba:c1:af:43:cd:f1:b9:
                    06:09:9c:8e:ea:71:44:05:44:69:34:b9:ca:5d:5f:
                    62:28:49:b6:08:d0:ae:e1:6a:a7:25:17:b2:ca:cd:
                    eb:86:d2:4a:0b:88:e9:59:18:35:3d:76:6c:45:08:
                    59:de:2b:85:37:29:6e:ca:87:4c:4a:49:6f:00:30:
                    d7:9d:10:a5:93:f9:88:00:52:dc:f1:75:4d:62:b4:
                    62:0d:1e:30:ce:7c:22:b4:2f:6e:ef:bc:b9:45:4d:
                    1d:92:af:8e:51:30:e9:29:94:a4:2f:74:85:8c:c1:
                    e4:d5:88:62:fa:91:26:99:13:da:8c:fe:09:78:3f:
                    83:6d:a6:ec:c3:28:cd:ec:eb:a7:d1:ea:ff:2c:ed:
                    9e:4a:bd:84:bf:f6:23:ff:09:44:ff:e3:09:13:51:
                    51:e3:90:94:27:1a:0a:de:b2:40:db:10:01:a3:50:
                    16:c0:2e:34:e4:1f:7c:95:8c:4f:a9:c4:c1:7d:e9:
                    17:e0:e6:73:a4:f3:0c:da:c3:7e:47:26:0e:ce:09:
                    de:3d:c0:1a:85:e6:a8:ed:8a:08:50:e7:da:b0:7a:
                    d1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:6C:7E:4F:A9:84:56:73:89:38:C8:69:DE:A0:E8:30:65:43:6C:B4
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152763.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:97:34:42:9b:be:fe:f8:c5:04:90:7b:34:a2:78:9c:9e:15:
         73:45:47:a6:e9:23:e9:f7:b6:d0:2f:c9:de:4b:2a:6f:53:c8:
         7b:87:f4:05:b1:ab:72:26:d2:ae:df:17:7a:ea:74:31:f5:ad:
         9f:97:7e:de:9e:b0:a8:a1:65:70:76:e7:76:03:58:c7:e5:1a:
         f5:cb:96:8f:77:0b:c7:6b:09:48:96:04:55:32:3f:1d:b5:40:
         5f:95:f6:5e:d2:41:72:50:ab:4b:e9:bc:d9:f8:31:c9:2a:d6:
         d0:b6:34:0e:7e:69:8e:be:f7:73:43:8b:79:90:bb:03:00:60:
         ae:3b:eb:92:e4:2a:69:7a:c3:d4:60:3b:cf:8d:d8:bc:45:0e:
         22:cb:3f:f9:ec:e1:08:7d:17:02:33:0b:35:69:21:52:ed:a3:
         12:12:84:93:12:75:de:9c:80:38:99:9a:fa:27:59:d3:fd:19:
         24:4c:aa:ff:a4:16:0e:1a:57:ac:9e:68:b0:cc:ee:7a:27:a9:
         f5:8a:a0:b6:37:5e:b2:81:ad:0d:2c:03:8a:cb:f5:98:54:50:
         46:bf:e3:0b:32:60:08:32:e3:d0:5e:20:1f:6a:4a:bf:47:a5:
         66:ff:88:4d:93:93:73:e4:ed:9a:a3:ad:7f:14:54:dc:5a:0d:
         8d:2b:ca:a9
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUQUo99DyOFy5WyZcaV86NkkWgItkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDQxMTAzNTgyNFoX
DTI2MDQxMDA0MDMyNFowMzExMC8GA1UEAxMoMTM2QzdFNEZBOTg0NTY3Mzg5MzhD
ODY5REVBMEU4MzA2NTQzNkNCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOphtVZ0M95PMSE8hgAPCVrF45qkF6xiYn2A6uyzPIjAvL34jO6wa9DzfG5
BgmcjupxRAVEaTS5yl1fYihJtgjQruFqpyUXssrN64bSSguI6VkYNT12bEUIWd4r
hTcpbsqHTEpJbwAw150QpZP5iABS3PF1TWK0Yg0eMM58IrQvbu+8uUVNHZKvjlEw
6SmUpC90hYzB5NWIYvqRJpkT2oz+CXg/g22m7MMozezrp9Hq/yztnkq9hL/2I/8J
RP/jCRNRUeOQlCcaCt6yQNsQAaNQFsAuNOQffJWMT6nEwX3pF+Dmc6TzDNrDfkcm
Ds4J3j3AGoXmqO2KCFDn2rB60ZsCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQTbH5P
qYRWc4k4yGneoOgwZUNstDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1Mjc2My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAT5DANBgkqhkiG9w0BAQsFAAOCAQEAgpc0Qpu+/vjFBJB7NKJ4
nJ4Vc0VHpukj6fe20C/J3ksqb1PIe4f0BbGrcibSrt8Xeup0MfWtn5d+3p6wqKFl
cHbndgNYx+Ua9cuWj3cLx2sJSJYEVTI/HbVAX5X2XtJBclCrS+m82fgxySrW0LY0
Dn5pjr73c0OLeZC7AwBgrjvrkuQqaXrD1GA7z43YvEUOIss/+ezhCH0XAjMLNWkh
Uu2jEhKEkxJ13pyAOJma+idZ0/0ZJEyq/6QWDhpXrJ5osMzueiep9YqgtjdesoGt
DSwDisv1mFRQRr/jCzJgCDLj0F4gH2pKv0elZv+ITZOTc+TtmqOtfxRU3FoNjSvK
qQ==
-----END CERTIFICATE-----