Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153153.roa
File:                     AS153153.roa (raw, json)
Hash identifier:          yyfNbeFTk66S68u+s1W3xvhKNdhisqe42Bz47FcPMD0=
Subject key identifier:   42:34:C7:B4:9D:20:4F:35:C3:69:C3:BF:02:D2:69:AB:02:57:27:AF
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       6812DBD1216BE3B5B9E43274AE01888CD28E618D
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153153.roa
Signing time:             Thu 06 Feb 2025 10:44:50 +0000
ROA not before:           Thu 06 Feb 2025 10:39:50 +0000
ROA not after:            Thu 05 Feb 2026 10:44:50 +0000
asID:                     153153
IP address blocks:        160.191.172.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:12:db:d1:21:6b:e3:b5:b9:e4:32:74:ae:01:88:8c:d2:8e:61:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:50 2025 GMT
            Not After : Feb  5 10:44:50 2026 GMT
        Subject: CN=4234C7B49D204F35C369C3BF02D269AB025727AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:dc:16:6e:89:07:cf:7b:51:c8:95:51:6b:dd:
                    07:ef:35:74:d1:aa:1b:03:16:f4:7f:44:68:8c:1d:
                    b1:94:67:08:d4:24:fd:cb:df:4b:b5:6f:29:9c:a1:
                    41:ba:c4:8c:d5:dd:4b:fa:12:d7:67:4a:ce:9e:b3:
                    56:88:00:2d:6d:be:8e:10:39:b4:1d:28:1e:14:37:
                    5e:8c:6c:16:4c:4d:b2:cf:f9:57:b1:d6:4c:4b:64:
                    ed:98:8f:38:a6:1c:28:63:66:3b:7e:78:4d:9e:e5:
                    dc:1b:99:ec:40:2a:17:ea:36:86:9b:f0:53:05:75:
                    b4:2d:3b:d9:9a:55:98:7e:68:5a:9d:15:15:7f:1c:
                    59:73:1d:d3:57:37:1d:48:1b:cc:e5:3e:a6:c4:7f:
                    c5:fd:8f:8e:2f:82:46:87:60:6b:a5:6a:d7:8e:fc:
                    9d:e7:5d:ae:a1:8c:81:8a:24:26:6e:61:b8:d7:e0:
                    52:9f:19:84:e6:8d:fc:1c:6f:f7:b5:b7:06:02:5d:
                    f4:70:5c:75:b8:aa:4c:96:fc:6a:b8:f5:62:c0:33:
                    1f:ac:a7:ce:2a:5c:4d:79:9e:79:8b:02:54:a2:53:
                    f0:cb:81:36:cb:0b:8e:39:25:48:37:ed:dd:3e:db:
                    34:d2:e1:cb:1c:1a:de:78:46:69:bc:b8:53:cf:81:
                    0d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:34:C7:B4:9D:20:4F:35:C3:69:C3:BF:02:D2:69:AB:02:57:27:AF
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:81:07:f3:57:71:f4:42:69:0a:e8:87:d1:8e:9a:73:ab:af:
         02:ce:53:e8:f5:21:38:75:e0:30:be:f0:5f:ff:00:17:8f:dc:
         88:65:e1:60:ae:38:7a:9d:65:09:54:c0:79:69:52:8d:29:f4:
         e5:7e:db:c1:8c:99:f5:e9:77:e2:64:b7:4c:03:e0:77:13:13:
         23:62:9c:0a:5c:ab:d7:10:cf:b3:38:3d:41:21:e2:52:bb:24:
         39:d3:fd:61:c3:20:e9:24:26:f4:cd:5d:23:f5:6c:c6:57:d1:
         c5:50:e0:ab:e8:96:01:bf:a1:81:5d:21:76:a8:8f:d1:db:d9:
         29:3a:4b:be:e0:bc:04:c0:4b:b3:27:2a:3e:fb:9c:cb:61:a7:
         7c:d0:1b:8a:e1:92:0e:fd:9e:f9:ec:78:57:af:ca:f0:43:b4:
         a6:c6:a0:1c:bf:d4:cf:a9:91:f3:e2:0a:80:4d:34:66:9a:ba:
         ef:57:20:0d:7f:76:92:fa:8b:2e:09:fa:97:72:24:fe:a6:a8:
         d3:56:66:17:79:f2:d3:b0:28:7a:cd:11:1a:9b:3c:0a:f6:b0:
         4d:97:d8:c5:c3:d5:d4:c3:5c:4a:92:9f:4f:58:22:b9:1e:e5:
         2a:6c:4b:a5:75:ef:3e:42:32:71:9c:52:13:b6:f4:8b:8b:57:
         30:69:63:5d
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUaBLb0SFr47W55DJ0rgGIjNKOYY0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1MFoX
DTI2MDIwNTEwNDQ1MFowMzExMC8GA1UEAxMoNDIzNEM3QjQ5RDIwNEYzNUMzNjlD
M0JGMDJEMjY5QUIwMjU3MjdBRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM7cFm6JB897UciVUWvdB+81dNGqGwMW9H9EaIwdsZRnCNQk/cvfS7VvKZyh
QbrEjNXdS/oS12dKzp6zVogALW2+jhA5tB0oHhQ3XoxsFkxNss/5V7HWTEtk7ZiP
OKYcKGNmO354TZ7l3BuZ7EAqF+o2hpvwUwV1tC072ZpVmH5oWp0VFX8cWXMd01c3
HUgbzOU+psR/xf2Pji+CRodga6Vq1478neddrqGMgYokJm5huNfgUp8ZhOaN/Bxv
97W3BgJd9HBcdbiqTJb8arj1YsAzH6ynzipcTXmeeYsCVKJT8MuBNssLjjklSDft
3T7bNNLhyxwa3nhGaby4U8+BDfkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRCNMe0
nSBPNcNpw78C0mmrAlcnrzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzE1My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaC/rDANBgkqhkiG9w0BAQsFAAOCAQEAKIEH81dx9EJpCuiH0Y6a
c6uvAs5T6PUhOHXgML7wX/8AF4/ciGXhYK44ep1lCVTAeWlSjSn05X7bwYyZ9el3
4mS3TAPgdxMTI2KcClyr1xDPszg9QSHiUrskOdP9YcMg6SQm9M1dI/VsxlfRxVDg
q+iWAb+hgV0hdqiP0dvZKTpLvuC8BMBLsycqPvucy2GnfNAbiuGSDv2e+ex4V6/K
8EO0psagHL/Uz6mR8+IKgE00Zpq671cgDX92kvqLLgn6l3Ik/qao01ZmF3ny07Ao
es0RGps8CvawTZfYxcPV1MNcSpKfT1giuR7lKmxLpXXvPkIycZxSE7b0i4tXMGlj
XQ==
-----END CERTIFICATE-----