Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152407.roa
File:                     AS152407.roa (raw, json)
Hash identifier:          IwaHOsSGqOj6SFT7t9+HY53vpT596XeDHTeZEeqqtpc=
Subject key identifier:   33:B4:1F:04:E2:EE:85:76:09:18:AA:86:5D:62:3B:8A:E9:5E:75:75
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       3343ECFB7E8058D9088DFA7C58D640E9E2499616
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152407.roa
Signing time:             Thu 06 Feb 2025 10:44:51 +0000
ROA not before:           Thu 06 Feb 2025 10:39:51 +0000
ROA not after:            Thu 05 Feb 2026 10:44:51 +0000
asID:                     152407
IP address blocks:        157.20.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Apr 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:43:ec:fb:7e:80:58:d9:08:8d:fa:7c:58:d6:40:e9:e2:49:96:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Feb  6 10:39:51 2025 GMT
            Not After : Feb  5 10:44:51 2026 GMT
        Subject: CN=33B41F04E2EE85760918AA865D623B8AE95E7575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cc:1f:f3:f5:92:e3:2f:e0:29:53:3b:2b:e3:
                    7d:92:fd:8b:fc:e7:15:73:8b:fe:60:fd:67:87:dd:
                    a2:13:13:c0:54:04:e6:cc:23:27:9b:2f:90:c6:02:
                    7d:17:39:46:f6:3e:f5:e3:27:d9:6a:5b:65:17:c9:
                    69:f3:93:12:8a:bc:90:65:75:4d:b0:01:7e:95:29:
                    2f:58:93:d1:a3:6e:2b:ed:07:79:f9:d3:c2:1b:af:
                    5e:68:c3:79:b7:c8:51:e8:6b:b4:9b:56:ed:b1:7f:
                    69:21:e4:5e:17:7a:b7:6a:af:0d:51:9b:ff:fb:12:
                    cd:d3:09:91:23:84:b3:01:f2:fc:c7:3b:5b:52:f4:
                    69:8c:c1:bb:69:b0:b5:bb:ca:5a:48:f8:80:55:ed:
                    42:40:14:74:20:65:be:23:76:29:8b:ab:52:5a:3d:
                    4e:d2:11:d9:b6:8a:b0:02:d1:76:64:ae:fe:d8:e5:
                    a7:6d:3f:0a:b4:31:6f:3f:1b:52:6f:2b:9f:a7:98:
                    18:46:c0:14:fd:1b:a6:c7:02:bd:76:e1:c3:a4:e4:
                    af:52:be:42:a6:2c:86:d9:98:02:2b:fd:6d:e0:e2:
                    a8:d3:75:49:e0:f8:4d:f2:3d:7e:e1:32:e4:94:ab:
                    c2:c9:11:cf:cd:8f:79:59:7c:da:33:44:19:c7:83:
                    19:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:B4:1F:04:E2:EE:85:76:09:18:AA:86:5D:62:3B:8A:E9:5E:75:75
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:26:99:cd:30:06:dd:50:0b:0f:f8:4c:e1:c3:1f:0a:bf:19:
         5a:e6:f1:01:6f:39:77:8d:09:69:c8:4a:5b:08:9a:71:a3:77:
         c2:7a:bc:ad:5e:87:24:ec:64:ea:8d:64:52:11:a6:fe:0d:80:
         2b:b9:39:d5:ed:d6:e8:43:eb:c3:8b:8b:b7:e5:25:9a:2e:49:
         7e:ee:cb:fd:c5:13:2a:15:30:25:16:6b:93:28:7a:f0:76:a2:
         af:83:d4:ac:48:be:1c:9e:81:d9:25:b7:ca:55:13:83:8a:95:
         70:46:09:95:e7:9f:92:3a:96:37:bf:9b:19:c1:20:3e:22:08:
         48:a6:6b:83:73:dd:62:f8:31:b0:9e:5c:5c:bc:f4:0a:e1:98:
         5d:a5:97:62:dd:f7:0d:e8:45:95:c3:c2:1e:e3:3d:7d:2c:cc:
         30:a5:40:cd:6d:2a:28:02:df:a1:16:0f:60:e3:f9:84:57:a6:
         7f:79:2b:07:9d:7b:57:1b:e7:1d:67:ce:7f:c6:f7:6f:6a:d2:
         42:6a:f8:df:cd:b4:cb:57:11:8b:02:89:f8:47:7a:d3:e2:4a:
         0a:3d:cb:ec:da:02:77:68:16:93:29:2a:62:82:3a:e5:12:2e:
         f7:1c:c9:ba:a0:a2:53:23:33:b7:38:32:62:a5:88:71:03:ec:
         3e:fa:e1:d5
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUM0Ps+36AWNkIjfp8WNZA6eJJlhYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1MVoX
DTI2MDIwNTEwNDQ1MVowMzExMC8GA1UEAxMoMzNCNDFGMDRFMkVFODU3NjA5MThB
QTg2NUQ2MjNCOEFFOTVFNzU3NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/MH/P1kuMv4ClTOyvjfZL9i/znFXOL/mD9Z4fdohMTwFQE5swjJ5svkMYC
fRc5RvY+9eMn2WpbZRfJafOTEoq8kGV1TbABfpUpL1iT0aNuK+0HefnTwhuvXmjD
ebfIUehrtJtW7bF/aSHkXhd6t2qvDVGb//sSzdMJkSOEswHy/Mc7W1L0aYzBu2mw
tbvKWkj4gFXtQkAUdCBlviN2KYurUlo9TtIR2baKsALRdmSu/tjlp20/CrQxbz8b
Um8rn6eYGEbAFP0bpscCvXbhw6Tkr1K+QqYshtmYAiv9beDiqNN1SeD4TfI9fuEy
5JSrwskRz82PeVl82jNEGceDGeECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQztB8E
4u6FdgkYqoZdYjuK6V51dTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjQwNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0UXDANBgkqhkiG9w0BAQsFAAOCAQEATiaZzTAG3VALD/hM4cMf
Cr8ZWubxAW85d40JachKWwiacaN3wnq8rV6HJOxk6o1kUhGm/g2AK7k51e3W6EPr
w4uLt+Ulmi5Jfu7L/cUTKhUwJRZrkyh68Hair4PUrEi+HJ6B2SW3ylUTg4qVcEYJ
leefkjqWN7+bGcEgPiIISKZrg3PdYvgxsJ5cXLz0CuGYXaWXYt33DehFlcPCHuM9
fSzMMKVAzW0qKALfoRYPYOP5hFemf3krB517VxvnHWfOf8b3b2rSQmr43820y1cR
iwKJ+Ed60+JKCj3L7NoCd2gWkykqYoI65RIu9xzJuqCiUyMztzgyYqWIcQPsPvrh
1Q==
-----END CERTIFICATE-----