Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152378.roa
File:                     AS152378.roa (raw, json)
Hash identifier:          jFvQhuDM1HvZiWvLzN+FMPmSrT4YfJbNoPHhB13P3gU=
Subject key identifier:   CE:26:4C:A4:40:CF:8A:86:6B:18:77:4B:F1:94:73:D7:81:3B:02:C2
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       481BDAED7FCC7D6397917BBF8AC1ACF160F80B9C
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152378.roa
Signing time:             Thu 06 Feb 2025 10:44:53 +0000
ROA not before:           Thu 06 Feb 2025 10:39:53 +0000
ROA not after:            Thu 05 Feb 2026 10:44:53 +0000
asID:                     152378
IP address blocks:        157.15.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Apr 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:1b:da:ed:7f:cc:7d:63:97:91:7b:bf:8a:c1:ac:f1:60:f8:0b:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Feb  6 10:39:53 2025 GMT
            Not After : Feb  5 10:44:53 2026 GMT
        Subject: CN=CE264CA440CF8A866B18774BF19473D7813B02C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:71:6d:40:7e:39:2e:4f:70:3f:6f:f7:bf:91:
                    53:e8:80:ab:35:ab:0e:80:f9:93:f9:52:dd:58:29:
                    dd:e2:ad:1c:07:04:3e:31:39:dc:a7:78:be:fa:e2:
                    a1:7a:52:60:d6:a6:7f:7d:ec:98:ed:1a:94:38:40:
                    45:36:4f:ec:45:de:93:7f:a6:b7:d9:62:be:71:7f:
                    fa:8c:87:0e:9e:dd:f7:1d:20:1c:38:28:9b:62:2a:
                    be:a9:43:08:71:35:e9:52:7c:28:c4:20:63:12:fa:
                    40:3f:38:b9:d0:90:67:63:80:f5:cb:b1:14:3c:41:
                    11:a8:2e:dc:08:bb:1b:ed:48:1c:de:20:d0:2e:c3:
                    5a:39:54:92:fb:97:ef:f3:bb:87:7c:f7:c2:57:d9:
                    6b:53:95:7d:ed:85:3a:2b:18:be:97:65:e8:4b:15:
                    e8:0c:92:71:36:12:cc:c4:a8:57:15:19:1e:19:58:
                    e5:f6:cc:e0:32:9d:a2:ef:a3:c7:ac:d7:d0:1f:5d:
                    4f:5f:b9:d1:45:82:a3:48:9b:9c:60:ab:eb:85:8a:
                    af:b5:e3:5d:b3:13:e9:ba:90:a1:0b:45:ea:54:ac:
                    cd:a0:3d:69:9d:d9:a2:3f:03:d7:e8:5e:e7:93:95:
                    42:70:c5:df:33:68:54:4b:72:a5:51:29:e4:be:a3:
                    c0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:26:4C:A4:40:CF:8A:86:6B:18:77:4B:F1:94:73:D7:81:3B:02:C2
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152378.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:83:17:7f:93:ef:ac:0b:e8:35:99:75:ef:f9:a1:3c:5e:05:
         25:17:c1:8c:d2:ea:82:f9:32:28:5c:a6:d5:7e:7b:2f:69:5a:
         b1:17:c6:b7:16:83:51:59:f1:90:43:4d:bd:97:26:12:a9:17:
         d7:30:db:f7:f2:a4:d8:8e:5f:62:b8:a5:0f:2a:1d:43:3c:62:
         f5:87:0c:9a:bb:0e:10:36:52:97:40:97:4d:6f:6b:01:5c:a7:
         da:06:08:05:fd:6c:d2:02:20:c2:ea:5f:4a:a4:fb:cc:60:b0:
         87:09:78:f3:bf:01:33:fa:46:0f:5b:1b:53:87:ba:31:b5:fd:
         44:ce:62:a7:9c:8e:0a:1f:f8:2f:9e:9c:50:1e:79:49:94:6e:
         7b:d1:5b:58:2e:07:ff:d7:fb:6e:02:df:d1:e7:ae:bb:60:26:
         78:79:9d:32:dd:d0:5e:28:cf:23:8b:e6:f6:50:87:9e:c0:cd:
         fe:d0:d6:3b:38:4e:65:e3:89:3d:c5:6d:67:e6:56:fd:bb:8a:
         40:83:b7:4b:ca:e1:dd:52:de:04:49:f9:6d:05:eb:14:c7:c4:
         5e:bd:ea:f9:19:2b:73:dc:96:1a:89:7d:f5:a0:68:a5:3d:83:
         5c:7b:d4:a7:85:01:ee:10:36:05:14:93:dd:bd:28:2d:3d:5e:
         a3:23:be:1a
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUSBva7X/MfWOXkXu/isGs8WD4C5wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1M1oX
DTI2MDIwNTEwNDQ1M1owMzExMC8GA1UEAxMoQ0UyNjRDQTQ0MENGOEE4NjZCMTg3
NzRCRjE5NDczRDc4MTNCMDJDMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1xbUB+OS5PcD9v97+RU+iAqzWrDoD5k/lS3Vgp3eKtHAcEPjE53Kd4vvri
oXpSYNamf33smO0alDhARTZP7EXek3+mt9livnF/+oyHDp7d9x0gHDgom2IqvqlD
CHE16VJ8KMQgYxL6QD84udCQZ2OA9cuxFDxBEagu3Ai7G+1IHN4g0C7DWjlUkvuX
7/O7h3z3wlfZa1OVfe2FOisYvpdl6EsV6AyScTYSzMSoVxUZHhlY5fbM4DKdou+j
x6zX0B9dT1+50UWCo0ibnGCr64WKr7XjXbMT6bqQoQtF6lSszaA9aZ3Zoj8D1+he
55OVQnDF3zNoVEtypVEp5L6jwJkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTOJkyk
QM+KhmsYd0vxlHPXgTsCwjAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM3OC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0P1jANBgkqhkiG9w0BAQsFAAOCAQEAOYMXf5PvrAvoNZl17/mh
PF4FJRfBjNLqgvkyKFym1X57L2lasRfGtxaDUVnxkENNvZcmEqkX1zDb9/Kk2I5f
YrilDyodQzxi9YcMmrsOEDZSl0CXTW9rAVyn2gYIBf1s0gIgwupfSqT7zGCwhwl4
878BM/pGD1sbU4e6MbX9RM5ip5yOCh/4L56cUB55SZRue9FbWC4H/9f7bgLf0eeu
u2AmeHmdMt3QXijPI4vm9lCHnsDN/tDWOzhOZeOJPcVtZ+ZW/buKQIO3S8rh3VLe
BEn5bQXrFMfEXr3q+Rkrc9yWGol99aBopT2DXHvUp4UB7hA2BRST3b0oLT1eoyO+
Gg==
-----END CERTIFICATE-----