Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153554.roa
File:                     AS153554.roa (raw, json)
Hash identifier:          T4vn9wJLZelsd++TpqW8VX2+v5t32g2mxIbxGT1d77k=
Subject key identifier:   C6:0D:3D:60:08:13:36:A3:EB:7E:40:86:75:64:93:75:82:65:E3:61
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       563DF6F16E14CAA9B741C0323D777CB6DF2EBB9E
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153554.roa
Signing time:             Mon 03 Mar 2025 00:10:50 +0000
ROA not before:           Mon 03 Mar 2025 00:05:50 +0000
ROA not after:            Mon 02 Mar 2026 00:10:50 +0000
asID:                     153554
IP address blocks:        161.248.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Apr 2025 19:57:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:3d:f6:f1:6e:14:ca:a9:b7:41:c0:32:3d:77:7c:b6:df:2e:bb:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Mar  3 00:05:50 2025 GMT
            Not After : Mar  2 00:10:50 2026 GMT
        Subject: CN=C60D3D60081336A3EB7E4086756493758265E361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:24:81:7c:1c:9c:b0:b2:07:42:16:24:f2:a2:
                    8a:73:f3:71:64:c3:a3:9a:3b:f7:3c:79:35:08:e8:
                    a6:61:a4:86:05:e4:8b:27:66:53:80:f5:67:58:df:
                    b8:54:df:2a:a7:3f:53:c3:c3:2c:bd:f6:5c:c9:d0:
                    dd:50:de:24:f4:4a:bc:78:3c:77:1b:01:2c:6e:36:
                    65:6c:83:da:fc:50:9a:4a:fb:91:06:f3:50:3c:a0:
                    6b:34:54:03:79:61:0b:01:3d:9c:36:04:3e:7f:00:
                    41:cc:02:f4:f0:39:5c:bd:da:90:cf:f0:61:fb:bb:
                    c9:c5:ce:68:5a:e8:59:4e:a0:97:09:50:c5:5a:58:
                    e9:08:0c:f0:29:b3:3c:b5:1c:e0:55:89:59:84:82:
                    fe:a1:07:c8:e3:ca:b3:6a:92:a6:61:da:f0:14:71:
                    5b:8e:96:4f:6a:bc:13:7f:48:78:c4:6c:c8:86:82:
                    b8:92:24:c5:d2:e4:dc:d6:3e:1b:a9:31:a3:b2:c3:
                    31:2e:d0:84:38:09:f8:9d:56:f0:35:ae:06:a9:6a:
                    d7:a1:5c:ef:99:34:6c:13:3b:da:7d:bd:f2:1d:4b:
                    85:eb:09:dd:84:7b:ce:f2:a7:87:f3:e1:6f:7e:47:
                    7d:1f:3e:ff:78:fc:0d:8b:6b:f7:55:60:e5:56:f2:
                    a8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:0D:3D:60:08:13:36:A3:EB:7E:40:86:75:64:93:75:82:65:E3:61
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153554.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:20:2c:d4:47:cf:43:96:d4:fc:0c:13:b0:de:fb:3b:c3:ab:
         17:df:c4:93:4f:96:c6:c9:07:fb:1f:c4:60:a4:86:54:03:aa:
         92:27:2a:e8:80:ae:79:ed:70:43:26:c2:95:6d:89:2e:21:83:
         42:3a:db:c8:ca:cf:ed:56:14:98:b5:8a:94:c1:1c:6e:88:ca:
         a4:f0:e8:9a:3d:28:93:bb:88:da:d6:a1:92:d3:cb:40:be:99:
         18:0e:3e:43:e6:61:78:5b:01:21:7f:d7:d4:76:2e:f2:0c:e5:
         35:6a:00:54:ad:fb:83:9e:f4:3d:ba:4a:34:e6:a3:80:38:ba:
         ea:5a:79:db:2d:61:9f:3e:a9:1c:ef:8c:83:e7:49:ab:bb:f2:
         3a:01:4b:62:4d:14:ca:c2:53:dd:23:85:5a:7a:04:c8:77:48:
         cc:20:74:62:13:11:83:46:46:54:af:4c:b6:71:1e:f2:59:ee:
         68:93:a4:da:d6:2b:b7:c4:1a:53:b6:af:22:df:29:6b:a4:d6:
         28:c6:51:0b:d2:ef:8b:53:d8:af:c4:99:73:63:98:aa:49:80:
         9c:11:04:7d:d1:77:e8:6c:4e:96:93:80:e2:39:fb:e6:29:74:
         24:22:2b:99:76:a7:b7:cd:c9:e5:73:26:13:e1:17:31:5d:c8:
         4a:93:f0:6b
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUVj328W4Uyqm3QcAyPXd8tt8uu54wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDMwMzAwMDU1MFoX
DTI2MDMwMjAwMTA1MFowMzExMC8GA1UEAxMoQzYwRDNENjAwODEzMzZBM0VCN0U0
MDg2NzU2NDkzNzU4MjY1RTM2MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4kgXwcnLCyB0IWJPKiinPzcWTDo5o79zx5NQjopmGkhgXkiydmU4D1Z1jf
uFTfKqc/U8PDLL32XMnQ3VDeJPRKvHg8dxsBLG42ZWyD2vxQmkr7kQbzUDygazRU
A3lhCwE9nDYEPn8AQcwC9PA5XL3akM/wYfu7ycXOaFroWU6glwlQxVpY6QgM8Cmz
PLUc4FWJWYSC/qEHyOPKs2qSpmHa8BRxW46WT2q8E39IeMRsyIaCuJIkxdLk3NY+
G6kxo7LDMS7QhDgJ+J1W8DWuBqlq16Fc75k0bBM72n298h1LhesJ3YR7zvKnh/Ph
b35HfR8+/3j8DYtr91Vg5VbyqAUCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTGDT1g
CBM2o+t+QIZ1ZJN1gmXjYTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzU1NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKH4njANBgkqhkiG9w0BAQsFAAOCAQEALyAs1EfPQ5bU/AwTsN77
O8OrF9/Ek0+WxskH+x/EYKSGVAOqkicq6ICuee1wQybClW2JLiGDQjrbyMrP7VYU
mLWKlMEcbojKpPDomj0ok7uI2tahktPLQL6ZGA4+Q+ZheFsBIX/X1HYu8gzlNWoA
VK37g570PbpKNOajgDi66lp52y1hnz6pHO+Mg+dJq7vyOgFLYk0UysJT3SOFWnoE
yHdIzCB0YhMRg0ZGVK9MtnEe8lnuaJOk2tYrt8QaU7avIt8pa6TWKMZRC9Lvi1PY
r8SZc2OYqkmAnBEEfdF36GxOlpOA4jn75il0JCIrmXant83J5XMmE+EXMV3ISpPw
aw==
-----END CERTIFICATE-----