Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152384.roa
File:                     AS152384.roa (raw, json)
Hash identifier:          pA0TZPpk8gLOz4VCaOX1QxDxEXEjr0VC6kGhPEAvX+4=
Subject key identifier:   A9:15:BC:95:83:31:9E:F9:5C:8C:12:4F:67:00:4A:70:DF:F5:0E:CA
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       198D7E1ED5138E1E233722DC4DCEE27D8E5E89BF
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152384.roa
Signing time:             Thu 06 Feb 2025 10:44:53 +0000
ROA not before:           Thu 06 Feb 2025 10:39:53 +0000
ROA not after:            Thu 05 Feb 2026 10:44:53 +0000
asID:                     152384
IP address blocks:        157.15.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Apr 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:8d:7e:1e:d5:13:8e:1e:23:37:22:dc:4d:ce:e2:7d:8e:5e:89:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Feb  6 10:39:53 2025 GMT
            Not After : Feb  5 10:44:53 2026 GMT
        Subject: CN=A915BC9583319EF95C8C124F67004A70DFF50ECA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2e:7b:90:a4:c8:2a:96:cf:d9:4b:84:81:93:
                    15:88:50:82:9a:f9:f8:25:38:0c:99:6b:00:77:15:
                    61:11:64:1a:7e:bf:7e:a0:17:db:b1:36:54:91:03:
                    e8:15:9a:52:dc:c1:11:7b:09:9c:65:ab:a5:6d:1c:
                    39:b0:21:30:b6:eb:c4:21:51:44:08:04:9f:67:d8:
                    b4:45:e8:7f:73:0e:24:06:48:84:97:fb:88:6e:2a:
                    ad:ca:a9:ca:77:67:e1:00:54:0d:bc:02:69:e4:f6:
                    e0:66:fc:de:a1:ba:90:a9:4e:5c:98:5c:6f:f8:49:
                    b6:82:2b:90:28:e0:c4:aa:3b:80:28:64:d2:50:2d:
                    76:66:4e:7a:ca:ed:d0:d3:8a:aa:43:df:a4:6f:dc:
                    f3:05:b7:54:e0:92:c6:0c:22:81:e7:eb:c4:8f:9d:
                    b0:b8:39:3c:54:52:63:e3:5a:69:2d:61:07:c8:a4:
                    fa:0b:d3:30:da:69:b3:62:12:db:73:b8:52:c5:51:
                    53:90:49:48:ea:6c:64:a0:a5:01:4a:d6:57:99:5e:
                    cf:b0:a5:15:3e:d6:05:33:85:b4:13:4b:14:89:cb:
                    dc:7b:f1:0d:cb:85:66:a4:fd:f9:4b:98:5b:fa:81:
                    c5:02:49:89:ab:d8:85:bd:f1:bf:aa:0e:6b:65:55:
                    e3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:15:BC:95:83:31:9E:F9:5C:8C:12:4F:67:00:4A:70:DF:F5:0E:CA
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:1e:64:5e:d2:a8:b3:f9:21:60:7a:b6:a0:38:60:06:f9:5d:
         4b:f7:b4:18:4d:b7:b6:98:4e:0c:d6:6b:1d:e6:f1:0b:63:33:
         92:1d:67:3d:23:7c:f9:22:fb:8d:c7:19:e1:e4:eb:03:bd:96:
         74:b5:4f:50:57:40:5b:58:95:56:28:99:43:8f:93:a1:06:e3:
         ac:b3:b9:82:a9:e5:d1:1f:35:a7:7b:74:39:2d:d4:e9:69:2c:
         95:9f:29:b2:e8:ea:4e:62:58:56:77:87:5a:e0:94:fe:9c:f1:
         ad:53:85:85:7e:f6:05:a6:80:fd:8a:23:59:b7:67:10:07:98:
         a8:d3:08:7f:c5:f0:0e:b5:fa:08:e6:f4:ad:ed:c3:df:48:7f:
         e4:10:fc:57:e3:f2:a1:dc:23:69:dd:e3:98:85:83:ca:b0:e5:
         a8:26:87:e0:96:fa:7d:89:a2:2f:05:bd:57:65:dc:5b:d8:c8:
         bc:f2:bc:e2:d4:7d:66:1b:52:93:99:57:88:11:11:26:6b:b5:
         16:0e:75:e6:6a:c0:49:ec:40:ec:e7:a7:b7:eb:a5:77:2a:dc:
         9d:97:d2:d0:7d:57:12:8f:e2:9e:ab:bc:b2:d3:85:30:e0:79:
         44:c3:06:fd:37:e0:23:c5:bd:b4:77:4d:b6:16:f3:78:38:77:
         36:2b:05:40
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUGY1+HtUTjh4jNyLcTc7ifY5eib8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1M1oX
DTI2MDIwNTEwNDQ1M1owMzExMC8GA1UEAxMoQTkxNUJDOTU4MzMxOUVGOTVDOEMx
MjRGNjcwMDRBNzBERkY1MEVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANUue5CkyCqWz9lLhIGTFYhQgpr5+CU4DJlrAHcVYRFkGn6/fqAX27E2VJED
6BWaUtzBEXsJnGWrpW0cObAhMLbrxCFRRAgEn2fYtEXof3MOJAZIhJf7iG4qrcqp
yndn4QBUDbwCaeT24Gb83qG6kKlOXJhcb/hJtoIrkCjgxKo7gChk0lAtdmZOesrt
0NOKqkPfpG/c8wW3VOCSxgwigefrxI+dsLg5PFRSY+NaaS1hB8ik+gvTMNpps2IS
23O4UsVRU5BJSOpsZKClAUrWV5lez7ClFT7WBTOFtBNLFInL3HvxDcuFZqT9+UuY
W/qBxQJJiavYhb3xv6oOa2VV4wkCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSpFbyV
gzGe+VyMEk9nAEpw3/UOyjAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM4NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAJ0PUDANBgkqhkiG9w0BAQsFAAOCAQEAeR5kXtKos/khYHq2oDhg
BvldS/e0GE23tphODNZrHebxC2Mzkh1nPSN8+SL7jccZ4eTrA72WdLVPUFdAW1iV
ViiZQ4+ToQbjrLO5gqnl0R81p3t0OS3U6WkslZ8psujqTmJYVneHWuCU/pzxrVOF
hX72BaaA/YojWbdnEAeYqNMIf8XwDrX6COb0re3D30h/5BD8V+Pyodwjad3jmIWD
yrDlqCaH4Jb6fYmiLwW9V2XcW9jIvPK84tR9ZhtSk5lXiBERJmu1Fg515mrASexA
7Oent+uldyrcnZfS0H1XEo/inqu8stOFMOB5RMMG/TfgI8W9tHdNthbzeDh3NisF
QA==
-----END CERTIFICATE-----