Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151526.roa
File:                     AS151526.roa (raw, json)
Hash identifier:          LLWNpToooAHOfXmpxMJPhuE47EfKoepa1KRix/h13zQ=
Subject key identifier:   DE:FD:27:BA:94:A6:48:BE:A0:50:83:55:2A:16:38:8A:66:D1:86:99
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       53989EBB3820AAF19BB2035A94CA8BBB21DBCFBB
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151526.roa
Signing time:             Thu 17 Jul 2025 08:01:17 +0000
ROA not before:           Thu 17 Jul 2025 07:56:17 +0000
ROA not after:            Thu 16 Jul 2026 08:01:17 +0000
asID:                     151526
IP address blocks:        103.249.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 24 Jul 2025 00:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:98:9e:bb:38:20:aa:f1:9b:b2:03:5a:94:ca:8b:bb:21:db:cf:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jul 17 07:56:17 2025 GMT
            Not After : Jul 16 08:01:17 2026 GMT
        Subject: CN=DEFD27BA94A648BEA05083552A16388A66D18699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3a:47:24:44:9e:62:50:be:4e:0d:aa:3b:a4:
                    22:76:ce:5e:cf:8a:3d:e3:7e:a3:06:6a:12:4e:06:
                    a6:55:8d:d2:3d:ec:37:42:42:af:29:c8:8d:33:b1:
                    ea:c0:97:aa:e1:78:c7:84:b4:44:17:d4:04:32:ba:
                    d4:b2:6f:23:c5:bc:25:14:f9:26:c7:95:e8:d6:cb:
                    36:4e:9d:19:c3:0b:00:8a:0b:32:ee:1d:ad:46:22:
                    68:6f:ee:31:cb:be:57:e9:26:66:29:19:c1:93:78:
                    52:a0:a3:d5:e2:d7:63:2c:47:33:aa:15:7e:1b:98:
                    53:d2:f3:ea:6d:79:a1:2d:b3:d8:51:16:3e:fc:b4:
                    e6:9e:1b:35:b9:f4:ad:de:38:52:85:8b:87:14:71:
                    65:08:ef:a8:c0:a7:fa:86:0e:b8:23:c4:2e:22:e5:
                    ca:e5:bb:bd:93:e7:48:34:fe:ab:2b:69:ec:80:0a:
                    59:c1:21:b7:ef:5e:71:0e:f3:ac:9b:26:d1:45:71:
                    a5:4d:f9:f4:ba:f9:d6:b4:c1:40:6f:03:7e:a7:81:
                    fe:38:67:db:f4:19:8e:1c:33:bc:65:8d:00:9a:6e:
                    65:b9:95:98:1b:fc:e9:4d:3c:6b:62:2f:7b:2a:9f:
                    f3:14:38:54:a0:d0:aa:7b:4f:bc:40:2f:df:a4:1a:
                    c8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FD:27:BA:94:A6:48:BE:A0:50:83:55:2A:16:38:8A:66:D1:86:99
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS151526.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.249.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:9c:07:44:c0:17:12:15:41:d7:13:47:e1:2b:c9:4b:86:b7:
         31:56:4b:68:a4:3c:82:78:31:07:17:da:6d:98:ea:34:47:4a:
         c9:4c:7a:db:95:62:9c:93:29:d3:6e:e8:07:32:36:5c:ba:58:
         64:f2:30:79:d5:d8:c0:ce:19:2b:61:02:d8:1a:47:57:03:55:
         34:f3:02:6b:d3:00:7f:b2:1e:da:5a:e0:e8:68:ac:f0:76:14:
         66:c3:3d:7b:bb:df:03:3a:3a:eb:0c:43:1a:d7:40:28:41:3c:
         82:02:c0:3a:23:a1:73:1d:43:33:db:e5:8b:03:ab:aa:1c:42:
         3e:85:bd:c4:1b:14:54:12:0b:15:ef:3f:b2:33:9b:a9:81:f7:
         0c:0b:2f:d5:0e:b6:a4:3f:27:0e:41:2f:5c:ce:0b:a6:17:7f:
         7f:50:a4:0e:11:62:8c:2c:a3:f0:f9:7f:bc:d7:a1:61:b6:48:
         1b:54:82:68:3e:bf:9b:76:c9:a7:81:c7:a9:9d:67:7e:77:43:
         aa:28:6a:df:3d:1c:ec:1c:19:92:d7:1b:f9:a0:15:61:af:a6:
         6b:39:5a:53:8b:ea:5c:fe:7f:74:ab:f3:ef:42:ed:49:45:c4:
         bf:5c:af:be:84:77:3e:42:33:13:f2:5f:e8:1a:f3:99:a0:3a:
         29:e2:4d:88
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUU5ieuzggqvGbsgNalMqLuyHbz7swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDcxNzA3NTYxN1oX
DTI2MDcxNjA4MDExN1owMzExMC8GA1UEAxMoREVGRDI3QkE5NEE2NDhCRUEwNTA4
MzU1MkExNjM4OEE2NkQxODY5OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAME6RyREnmJQvk4NqjukInbOXs+KPeN+owZqEk4GplWN0j3sN0JCrynIjTOx
6sCXquF4x4S0RBfUBDK61LJvI8W8JRT5JseV6NbLNk6dGcMLAIoLMu4drUYiaG/u
Mcu+V+kmZikZwZN4UqCj1eLXYyxHM6oVfhuYU9Lz6m15oS2z2FEWPvy05p4bNbn0
rd44UoWLhxRxZQjvqMCn+oYOuCPELiLlyuW7vZPnSDT+qytp7IAKWcEht+9ecQ7z
rJsm0UVxpU359Lr51rTBQG8DfqeB/jhn2/QZjhwzvGWNAJpuZbmVmBv86U08a2Iv
eyqf8xQ4VKDQqntPvEAv36QayH8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTe/Se6
lKZIvqBQg1UqFjiKZtGGmTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MTUyNi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGf54jANBgkqhkiG9w0BAQsFAAOCAQEAYJwHRMAXEhVB1xNH4SvJ
S4a3MVZLaKQ8gngxBxfabZjqNEdKyUx625VinJMp027oBzI2XLpYZPIwedXYwM4Z
K2EC2BpHVwNVNPMCa9MAf7Ie2lrg6Gis8HYUZsM9e7vfAzo66wxDGtdAKEE8ggLA
OiOhcx1DM9vliwOrqhxCPoW9xBsUVBILFe8/sjObqYH3DAsv1Q62pD8nDkEvXM4L
phd/f1CkDhFijCyj8Pl/vNehYbZIG1SCaD6/m3bJp4HHqZ1nfndDqihq3z0c7BwZ
ktcb+aAVYa+mazlaU4vqXP5/dKvz70LtSUXEv1yvvoR3PkIzE/Jf6BrzmaA6KeJN
iA==
-----END CERTIFICATE-----