Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153553.roa
File:                     AS153553.roa (raw, json)
Hash identifier:          IpTIQBnYYM7z9zH8LqI3RdW2S1I/xnJYRCDmym9cmBQ=
Subject key identifier:   04:FF:E0:F8:7E:81:1E:35:C2:18:3E:2C:ED:86:A7:BC:F4:94:C3:4B
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       2BD2267B4BF778F0E296C4A61BEC36024D680F0D
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153553.roa
Signing time:             Tue 18 Feb 2025 01:53:13 +0000
ROA not before:           Tue 18 Feb 2025 01:48:13 +0000
ROA not after:            Tue 17 Feb 2026 01:53:13 +0000
asID:                     153553
IP address blocks:        161.248.164.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d2:26:7b:4b:f7:78:f0:e2:96:c4:a6:1b:ec:36:02:4d:68:0f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb 18 01:48:13 2025 GMT
            Not After : Feb 17 01:53:13 2026 GMT
        Subject: CN=04FFE0F87E811E35C2183E2CED86A7BCF494C34B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:99:69:7e:3e:79:63:4f:44:00:26:f6:3c:f4:
                    04:73:7e:96:b8:42:21:58:6f:a6:67:64:91:5b:19:
                    98:c6:dc:12:83:5b:3f:92:ad:ec:50:20:2e:1a:cb:
                    57:04:87:25:a8:d5:b6:6f:d2:3c:36:d1:22:59:e2:
                    c0:60:1f:f7:49:05:a9:20:3a:70:2a:a6:a1:71:a8:
                    d3:6c:e9:c6:36:fa:9c:80:7a:25:25:e3:9e:a4:50:
                    89:90:a9:25:a9:ee:f0:1f:ae:bb:d9:9e:63:31:b8:
                    93:61:08:a1:29:55:9d:85:93:41:70:ba:bc:a3:a5:
                    c6:03:d4:0c:aa:50:c0:21:cb:fb:c7:51:e4:28:36:
                    31:96:ae:2b:fe:cb:62:d7:46:8e:fd:c6:5f:7d:04:
                    e5:3d:b5:03:cb:48:e2:87:55:60:8a:3f:80:3c:72:
                    2d:75:1b:3d:86:86:07:89:e6:88:8f:20:b1:d8:fe:
                    eb:a9:7b:52:da:95:3e:39:8e:82:ed:8c:44:08:f2:
                    f3:02:28:2b:f6:eb:52:ae:57:d3:e0:14:b8:a3:2b:
                    6e:99:ec:53:d5:8e:3e:d6:33:a0:51:cf:c8:d5:fb:
                    80:d1:47:b2:69:f4:79:ea:22:97:5e:58:a6:5a:f5:
                    de:12:8c:ff:1b:13:ee:94:05:6c:78:98:e2:05:73:
                    6f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FF:E0:F8:7E:81:1E:35:C2:18:3E:2C:ED:86:A7:BC:F4:94:C3:4B
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153553.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:11:cf:1a:9c:e3:82:ce:48:83:04:2d:27:aa:bd:0c:01:51:
         8a:f2:6e:0a:53:51:cf:95:f1:fc:a6:b4:f9:cb:53:bb:3b:42:
         9d:3b:45:1b:f2:7f:aa:ee:4c:1e:83:6d:33:12:14:91:b7:4a:
         b7:97:da:20:5e:67:df:28:8a:85:27:bf:ec:f5:c1:52:54:5a:
         c2:1a:a5:fb:8a:e3:0a:31:dc:54:bc:c4:6d:79:62:9f:0d:4a:
         d1:75:77:12:fb:fa:e0:a4:1b:46:f0:43:6a:38:ae:12:15:d2:
         9b:a9:2a:14:36:71:55:98:23:c6:12:48:55:d5:1b:8a:0c:5e:
         78:40:48:8a:d8:a8:7d:ac:23:10:ce:e5:97:7b:4f:df:9c:78:
         7e:63:38:23:b9:87:4d:ac:03:ab:71:b6:55:07:e3:14:ea:2b:
         ef:a3:e3:61:79:32:86:06:f2:de:20:9b:42:a2:c5:5a:1e:a1:
         d1:59:7e:50:f2:e2:7f:6c:03:f0:d2:2e:a7:19:1f:a8:25:fa:
         28:02:f1:8b:19:c1:13:05:75:f1:50:02:44:35:51:ff:1b:c9:
         e7:85:5a:bd:66:ba:66:56:98:6b:ad:00:32:1d:75:41:30:de:
         21:5f:37:22:ea:a2:91:38:79:25:e9:1c:47:b6:bd:dc:ca:8a:
         67:94:30:ef
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUK9Ime0v3ePDilsSmG+w2Ak1oDw0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIxODAxNDgxM1oX
DTI2MDIxNzAxNTMxM1owMzExMC8GA1UEAxMoMDRGRkUwRjg3RTgxMUUzNUMyMTgz
RTJDRUQ4NkE3QkNGNDk0QzM0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSZaX4+eWNPRAAm9jz0BHN+lrhCIVhvpmdkkVsZmMbcEoNbP5Kt7FAgLhrL
VwSHJajVtm/SPDbRIlniwGAf90kFqSA6cCqmoXGo02zpxjb6nIB6JSXjnqRQiZCp
Janu8B+uu9meYzG4k2EIoSlVnYWTQXC6vKOlxgPUDKpQwCHL+8dR5Cg2MZauK/7L
YtdGjv3GX30E5T21A8tI4odVYIo/gDxyLXUbPYaGB4nmiI8gsdj+66l7UtqVPjmO
gu2MRAjy8wIoK/brUq5X0+AUuKMrbpnsU9WOPtYzoFHPyNX7gNFHsmn0eeoil15Y
plr13hKM/xsT7pQFbHiY4gVzb5MCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQE/+D4
foEeNcIYPizthqe89JTDSzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzU1My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaH4pDANBgkqhkiG9w0BAQsFAAOCAQEAMxHPGpzjgs5IgwQtJ6q9
DAFRivJuClNRz5Xx/Ka0+ctTuztCnTtFG/J/qu5MHoNtMxIUkbdKt5faIF5n3yiK
hSe/7PXBUlRawhql+4rjCjHcVLzEbXlinw1K0XV3Evv64KQbRvBDajiuEhXSm6kq
FDZxVZgjxhJIVdUbigxeeEBIitiofawjEM7ll3tP35x4fmM4I7mHTawDq3G2VQfj
FOor76PjYXkyhgby3iCbQqLFWh6h0Vl+UPLif2wD8NIupxkfqCX6KALxixnBEwV1
8VACRDVR/xvJ54VavWa6ZlaYa60AMh11QTDeIV83IuqikTh5JekcR7a93MqKZ5Qw
7w==
-----END CERTIFICATE-----