Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153095.roa
File:                     AS153095.roa (raw, json)
Hash identifier:          7xwKsCi+khcRFAo4Jhrd3d0YX+NqhwtPj3xF6UFlw50=
Subject key identifier:   E0:CD:0A:2A:61:4E:B3:E0:AF:71:DF:05:38:A8:26:70:F5:72:C5:87
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       3AF7006162DFE85457D7577891CCCD6D0DE328E8
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153095.roa
Signing time:             Sun 09 Feb 2025 07:13:14 +0000
ROA not before:           Sun 09 Feb 2025 07:08:14 +0000
ROA not after:            Sun 08 Feb 2026 07:13:14 +0000
asID:                     153095
IP address blocks:        160.25.204.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f7:00:61:62:df:e8:54:57:d7:57:78:91:cc:cd:6d:0d:e3:28:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  9 07:08:14 2025 GMT
            Not After : Feb  8 07:13:14 2026 GMT
        Subject: CN=E0CD0A2A614EB3E0AF71DF0538A82670F572C587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6b:39:a4:ad:3c:59:aa:fd:65:a4:84:aa:9e:
                    69:9f:99:b6:e6:7d:85:ad:f4:f5:c1:8b:7c:87:86:
                    2b:2c:3c:71:30:cc:03:0f:ad:03:a7:c9:15:06:e5:
                    e5:b9:a4:de:b7:cc:00:33:22:b4:42:44:7f:38:be:
                    1a:25:cc:f6:38:9c:62:07:7c:c6:95:69:43:9c:5b:
                    76:42:c7:9b:d6:9d:20:9a:ec:76:2a:32:43:33:44:
                    90:81:90:7a:2d:89:a0:ec:89:fe:b6:df:0d:03:7f:
                    7c:21:8a:87:cf:5b:d5:16:97:1b:74:d3:e8:4c:df:
                    b3:1a:04:f3:b7:80:df:62:3b:32:f7:3a:6c:40:dd:
                    24:a8:07:20:64:ae:77:47:72:8d:f6:f3:6d:64:bd:
                    0a:92:82:b4:d8:f6:4e:d3:6c:9c:4c:ad:2b:a8:77:
                    16:6f:b1:e5:fa:10:2c:9c:a4:8b:1f:f4:6e:5e:76:
                    8c:e9:9e:a7:6b:3b:e1:e8:3a:0c:54:60:c9:af:63:
                    ab:e6:b7:52:8f:0a:98:29:e0:07:3c:10:76:40:b3:
                    0c:92:a3:51:18:f1:24:b4:9a:d6:96:71:1b:61:ac:
                    21:35:fa:7c:87:9d:04:25:f7:e1:0f:93:60:05:6f:
                    35:c3:4a:d3:88:dc:c9:89:d2:8e:1d:12:94:dc:b5:
                    6d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CD:0A:2A:61:4E:B3:E0:AF:71:DF:05:38:A8:26:70:F5:72:C5:87
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153095.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:a2:21:84:f3:d3:c3:28:b4:b5:65:df:07:ef:39:48:80:09:
         6e:01:ba:d4:ba:de:51:dd:db:d5:3a:2a:32:ce:79:1a:81:cc:
         a2:1e:d5:75:1b:88:8c:64:c5:14:fa:85:41:48:f1:9e:a2:09:
         b8:78:a1:02:b7:86:6c:ca:38:21:39:5d:64:8d:8e:49:5b:d0:
         8f:e7:49:90:0e:77:c5:d1:fb:e3:da:0d:00:d8:3e:5e:c1:c6:
         1e:31:6f:0d:5a:db:11:aa:53:8d:75:e0:7b:2f:24:d3:6f:44:
         a3:0b:56:44:89:ef:78:c6:5b:f5:97:e3:c7:50:59:11:29:95:
         09:41:b6:b4:47:e4:87:4b:2f:f6:90:37:18:38:af:c1:50:d7:
         95:c5:b8:d3:82:79:42:dd:6b:eb:b4:3d:f1:d7:a5:62:df:00:
         99:00:d7:f8:4f:35:2d:ac:47:90:b9:4d:c2:2d:84:f2:e2:2b:
         db:cc:28:5a:7c:3c:f7:2c:ae:c2:0c:5a:62:74:b0:1b:6b:9f:
         e8:f6:13:85:b0:b2:8e:ae:9f:ab:62:df:a4:43:ca:96:98:aa:
         0c:e8:1b:ec:50:e6:0d:82:ab:9e:c4:2c:0e:a7:27:07:09:c0:
         c9:d5:05:89:40:82:11:53:a3:05:d5:ac:01:4a:9f:ce:56:2e:
         f7:ae:0f:9b
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUOvcAYWLf6FRX11d4kczNbQ3jKOgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwOTA3MDgxNFoX
DTI2MDIwODA3MTMxNFowMzExMC8GA1UEAxMoRTBDRDBBMkE2MTRFQjNFMEFGNzFE
RjA1MzhBODI2NzBGNTcyQzU4NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFrOaStPFmq/WWkhKqeaZ+ZtuZ9ha309cGLfIeGKyw8cTDMAw+tA6fJFQbl
5bmk3rfMADMitEJEfzi+GiXM9jicYgd8xpVpQ5xbdkLHm9adIJrsdioyQzNEkIGQ
ei2JoOyJ/rbfDQN/fCGKh89b1RaXG3TT6EzfsxoE87eA32I7Mvc6bEDdJKgHIGSu
d0dyjfbzbWS9CpKCtNj2TtNsnEytK6h3Fm+x5foQLJykix/0bl52jOmep2s74eg6
DFRgya9jq+a3Uo8KmCngBzwQdkCzDJKjURjxJLSa1pZxG2GsITX6fIedBCX34Q+T
YAVvNcNK04jcyYnSjh0SlNy1bQcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTgzQoq
YU6z4K9x3wU4qCZw9XLFhzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzA5NS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAZzDANBgkqhkiG9w0BAQsFAAOCAQEAB6IhhPPTwyi0tWXfB+85
SIAJbgG61LreUd3b1ToqMs55GoHMoh7VdRuIjGTFFPqFQUjxnqIJuHihAreGbMo4
ITldZI2OSVvQj+dJkA53xdH749oNANg+XsHGHjFvDVrbEapTjXXgey8k029EowtW
RInveMZb9Zfjx1BZESmVCUG2tEfkh0sv9pA3GDivwVDXlcW404J5Qt1r67Q98del
Yt8AmQDX+E81LaxHkLlNwi2E8uIr28woWnw89yyuwgxaYnSwG2uf6PYThbCyjq6f
q2LfpEPKlpiqDOgb7FDmDYKrnsQsDqcnBwnAydUFiUCCEVOjBdWsAUqfzlYu964P
mw==
-----END CERTIFICATE-----