Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152003.roa
File:                     AS152003.roa (raw, json)
Hash identifier:          Gzoi6ugbP0nam8bCzjpJRB7/BG3opGH01pLEbbHevL0=
Subject key identifier:   9D:FD:4E:D1:8F:D3:09:77:91:71:D8:BF:C7:46:81:53:45:96:3D:AF
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       1DB86706DA615891B7EFB770BCFAE9C067B5368A
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152003.roa
Signing time:             Thu 04 Sep 2025 02:04:57 +0000
ROA not before:           Thu 04 Sep 2025 01:59:57 +0000
ROA not after:            Thu 03 Sep 2026 02:04:57 +0000
asID:                     152003
IP address blocks:        160.191.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 10 Sep 2025 14:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:b8:67:06:da:61:58:91:b7:ef:b7:70:bc:fa:e9:c0:67:b5:36:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Sep  4 01:59:57 2025 GMT
            Not After : Sep  3 02:04:57 2026 GMT
        Subject: CN=9DFD4ED18FD309779171D8BFC746815345963DAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d5:33:23:d1:8d:16:e4:02:24:44:e0:ed:de:
                    67:54:fe:ce:05:68:de:79:90:86:ad:cc:a2:af:60:
                    9d:fe:b9:53:f8:ea:f1:16:ad:4e:be:b9:1c:9a:c4:
                    82:8d:6a:ed:6a:7b:de:6d:07:dc:8a:47:70:c6:ea:
                    3f:30:dd:d7:8b:4d:c9:e5:c8:eb:e1:29:17:27:42:
                    46:7a:f2:c6:d0:86:36:d2:7d:94:ef:e6:69:f9:92:
                    fe:c4:bd:c3:73:ea:8a:7c:4a:9e:1f:b0:44:e6:c6:
                    e7:64:97:d1:68:f0:b6:91:79:d2:6c:65:3f:ae:39:
                    8b:73:81:2f:41:55:cf:4f:18:47:18:a1:25:cf:b8:
                    f5:c9:33:96:f4:76:50:db:23:b0:f0:b6:10:da:7f:
                    63:b2:09:d4:68:c5:dc:e6:89:f3:c3:48:eb:3e:e5:
                    9a:c4:7f:74:a0:1b:c9:5d:10:6a:23:0d:bb:f2:73:
                    2b:c5:32:59:87:07:a8:f1:30:85:b6:0f:5b:51:6b:
                    fd:35:ee:5a:38:60:06:92:f1:1c:2b:10:0e:13:20:
                    6a:e5:33:fe:e5:3d:aa:85:42:2d:14:61:36:a6:2b:
                    fa:9a:7c:bf:7a:f8:78:16:7d:ed:8a:9a:89:3e:30:
                    fe:84:8a:d8:20:2d:a3:fd:77:b3:48:86:6b:ec:22:
                    52:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FD:4E:D1:8F:D3:09:77:91:71:D8:BF:C7:46:81:53:45:96:3D:AF
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:de:d8:36:b5:02:b7:58:56:f6:03:c0:80:c7:04:78:70:05:
         4c:49:fb:8d:e4:b8:30:55:fe:73:c5:3a:fe:bb:15:19:13:d0:
         b8:15:c0:f8:99:6f:2f:33:d3:ae:0c:5a:38:92:07:20:68:64:
         4d:9b:bd:54:19:63:e5:69:fd:82:59:74:b8:79:1e:25:fc:c4:
         d5:2e:fb:ed:a3:a8:e3:49:2f:77:5c:54:08:17:6d:78:89:f8:
         48:22:3d:70:c1:aa:b4:71:bd:1c:f6:9c:4a:df:17:23:a6:4e:
         bc:73:b0:0d:2f:02:c6:38:75:4c:e6:ea:f4:6d:2f:32:c1:33:
         6b:7d:ab:26:2e:5d:4a:95:de:b0:bd:20:da:0e:03:14:c8:64:
         b5:a6:15:04:dd:fe:33:89:e0:49:52:a4:7d:a5:6e:c7:f9:43:
         9a:d9:68:da:94:6a:4d:60:34:e3:10:99:31:7a:61:80:71:d9:
         e8:ce:93:68:05:63:6d:e5:63:b5:e8:53:87:4b:e0:80:e1:27:
         af:f9:0e:50:03:41:9d:b6:1c:25:ca:f6:41:7c:fb:93:0b:84:
         2b:71:65:b7:34:95:b8:be:3b:97:36:46:62:b4:c8:88:ea:85:
         08:28:c9:6d:71:94:85:ec:f0:21:ac:48:ea:4e:85:24:96:99:
         46:93:a6:db
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUHbhnBtphWJG377dwvPrpwGe1NoowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDkwNDAxNTk1N1oX
DTI2MDkwMzAyMDQ1N1owMzExMC8GA1UEAxMoOURGRDRFRDE4RkQzMDk3NzkxNzFE
OEJGQzc0NjgxNTM0NTk2M0RBRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHVMyPRjRbkAiRE4O3eZ1T+zgVo3nmQhq3Moq9gnf65U/jq8RatTr65HJrE
go1q7Wp73m0H3IpHcMbqPzDd14tNyeXI6+EpFydCRnryxtCGNtJ9lO/mafmS/sS9
w3PqinxKnh+wRObG52SX0WjwtpF50mxlP645i3OBL0FVz08YRxihJc+49ckzlvR2
UNsjsPC2ENp/Y7IJ1GjF3OaJ88NI6z7lmsR/dKAbyV0QaiMNu/JzK8UyWYcHqPEw
hbYPW1Fr/TXuWjhgBpLxHCsQDhMgauUz/uU9qoVCLRRhNqYr+pp8v3r4eBZ97Yqa
iT4w/oSK2CAto/13s0iGa+wiUi8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSd/U7R
j9MJd5Fx2L/HRoFTRZY9rzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjAwMy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKC/rTANBgkqhkiG9w0BAQsFAAOCAQEAjt7YNrUCt1hW9gPAgMcE
eHAFTEn7jeS4MFX+c8U6/rsVGRPQuBXA+JlvLzPTrgxaOJIHIGhkTZu9VBlj5Wn9
gll0uHkeJfzE1S777aOo40kvd1xUCBdteIn4SCI9cMGqtHG9HPacSt8XI6ZOvHOw
DS8Cxjh1TObq9G0vMsEza32rJi5dSpXesL0g2g4DFMhktaYVBN3+M4ngSVKkfaVu
x/lDmtlo2pRqTWA04xCZMXphgHHZ6M6TaAVjbeVjtehTh0vggOEnr/kOUANBnbYc
Jcr2QXz7kwuEK3FltzSVuL47lzZGYrTIiOqFCCjJbXGUhezwIaxI6k6FJJaZRpOm
2w==
-----END CERTIFICATE-----