Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153486.roa
File:                     AS153486.roa (raw, json)
Hash identifier:          ZF8YU3Guj89SVbyf81wbmgfDCD96+0vMJ5MVl8nYXbI=
Subject key identifier:   FF:7C:93:B8:C9:49:AB:01:1C:90:9B:4A:DC:8F:95:4D:94:86:44:17
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       2DAEC77956460BE329ACA125B5ACBEEAA5C53907
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153486.roa
Signing time:             Thu 24 Apr 2025 03:49:49 +0000
ROA not before:           Thu 24 Apr 2025 03:44:49 +0000
ROA not after:            Thu 23 Apr 2026 03:49:49 +0000
asID:                     153486
IP address blocks:        160.250.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:ae:c7:79:56:46:0b:e3:29:ac:a1:25:b5:ac:be:ea:a5:c5:39:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Apr 24 03:44:49 2025 GMT
            Not After : Apr 23 03:49:49 2026 GMT
        Subject: CN=FF7C93B8C949AB011C909B4ADC8F954D94864417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:04:59:b1:a9:bd:48:fc:86:9a:18:90:89:3a:
                    b6:c8:8e:21:9b:77:28:d4:42:a4:fc:2e:11:36:8b:
                    94:9b:d1:1a:2a:6b:fa:93:bb:8f:ca:53:36:06:61:
                    6e:b1:f4:68:ed:ac:e5:97:ad:31:d7:e2:3c:a9:48:
                    0d:e2:1c:5e:a3:2f:11:40:66:d9:51:f5:b3:c1:7e:
                    b9:d4:45:ff:7e:19:54:cd:ac:46:c4:f7:66:cb:4f:
                    f2:9c:ce:de:55:1f:19:c4:e7:d4:c2:5b:12:bf:19:
                    86:9a:da:de:73:e5:6f:21:96:4b:43:06:aa:c7:f6:
                    a6:fd:91:49:56:fa:46:ce:cd:ad:82:22:5b:2e:ba:
                    0e:8f:40:6d:1e:fe:d3:64:22:f8:fe:c1:9f:51:36:
                    ab:bf:37:de:08:f2:54:10:20:d0:10:93:78:8c:97:
                    6e:5d:a8:a0:76:46:56:cc:a0:c4:50:e7:28:0e:f3:
                    cf:4a:06:dd:e1:cb:be:2c:8f:ff:d0:90:41:d5:99:
                    0b:d8:3c:87:5f:96:89:73:af:67:26:0f:aa:f9:aa:
                    62:ee:d8:b4:f9:14:63:29:f3:9a:69:86:2c:57:e8:
                    eb:51:b3:53:a5:5a:48:a2:a7:bc:79:ed:44:35:5f:
                    df:5e:18:e3:c1:5a:53:76:1b:fb:f7:52:ee:b9:60:
                    3d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7C:93:B8:C9:49:AB:01:1C:90:9B:4A:DC:8F:95:4D:94:86:44:17
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:4c:8d:63:8e:2d:a5:68:33:c2:12:94:a7:04:28:12:89:69:
         9e:b5:ca:de:6f:a2:a1:af:14:25:ed:99:c8:3a:aa:a9:16:d2:
         23:9f:72:54:e7:0c:14:6d:31:32:66:bb:3c:29:71:5f:6b:6d:
         10:6d:3c:aa:86:16:cf:4f:49:f0:50:91:cf:0d:6f:7c:7e:60:
         a3:14:ea:e9:b4:3a:48:98:b6:e5:a8:b1:1b:81:c2:b1:50:c0:
         24:6b:7e:87:29:10:f3:a8:65:49:90:e1:02:02:29:4a:2f:f1:
         9b:38:fb:32:81:e1:21:91:71:3e:f2:89:8d:cb:99:66:8f:d5:
         4c:a8:42:55:bd:16:69:27:df:c9:cc:34:1f:91:8a:71:46:c1:
         d7:2e:18:b0:cc:a8:3b:01:5d:13:05:ee:b3:5b:a8:65:d6:48:
         ec:62:6c:95:bf:a6:60:36:d0:9e:11:11:bb:2c:ec:8b:23:8e:
         29:77:de:bd:9c:2c:76:d6:78:5b:c1:94:28:5e:6e:f9:9d:e0:
         f2:d9:82:e0:50:7f:13:de:de:b1:28:8b:2d:19:78:48:e8:b7:
         04:8c:42:10:be:fe:7c:f9:d3:7b:db:be:3c:88:a8:5f:81:05:
         7c:b2:5d:ec:8e:86:80:6f:76:e1:30:5b:56:61:5a:97:a1:64:
         c7:35:81:a8
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIULa7HeVZGC+MprKEltay+6qXFOQcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDQyNDAzNDQ0OVoX
DTI2MDQyMzAzNDk0OVowMzExMC8GA1UEAxMoRkY3QzkzQjhDOTQ5QUIwMTFDOTA5
QjRBREM4Rjk1NEQ5NDg2NDQxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOsEWbGpvUj8hpoYkIk6tsiOIZt3KNRCpPwuETaLlJvRGipr+pO7j8pTNgZh
brH0aO2s5ZetMdfiPKlIDeIcXqMvEUBm2VH1s8F+udRF/34ZVM2sRsT3ZstP8pzO
3lUfGcTn1MJbEr8Zhpra3nPlbyGWS0MGqsf2pv2RSVb6Rs7NrYIiWy66Do9AbR7+
02Qi+P7Bn1E2q7833gjyVBAg0BCTeIyXbl2ooHZGVsygxFDnKA7zz0oG3eHLviyP
/9CQQdWZC9g8h1+WiXOvZyYPqvmqYu7YtPkUYynzmmmGLFfo61GzU6VaSKKnvHnt
RDVf314Y48FaU3Yb+/dS7rlgPQkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBT/fJO4
yUmrARyQm0rcj5VNlIZEFzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzQ4Ni5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaD6wjANBgkqhkiG9w0BAQsFAAOCAQEAOUyNY44tpWgzwhKUpwQo
EolpnrXK3m+ioa8UJe2ZyDqqqRbSI59yVOcMFG0xMma7PClxX2ttEG08qoYWz09J
8FCRzw1vfH5goxTq6bQ6SJi25aixG4HCsVDAJGt+hykQ86hlSZDhAgIpSi/xmzj7
MoHhIZFxPvKJjcuZZo/VTKhCVb0WaSffycw0H5GKcUbB1y4YsMyoOwFdEwXus1uo
ZdZI7GJslb+mYDbQnhERuyzsiyOOKXfevZwsdtZ4W8GUKF5u+Z3g8tmC4FB/E97e
sSiLLRl4SOi3BIxCEL7+fPnTe9u+PIioX4EFfLJd7I6GgG924TBbVmFal6FkxzWB
qA==
-----END CERTIFICATE-----