Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152438.roa
File:                     AS152438.roa (raw, json)
Hash identifier:          Gn1jcN0/dG68V4L668s2pDOxRh7gTd/0ftsK6TyEvUg=
Subject key identifier:   8B:99:E8:14:AD:C0:BF:18:DB:EA:B0:4F:3E:22:31:7F:41:F4:1E:15
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       5BB5DF856077731ABA618593D86AB5D4DC08E948
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152438.roa
Signing time:             Thu 06 Feb 2025 10:44:51 +0000
ROA not before:           Thu 06 Feb 2025 10:39:51 +0000
ROA not after:            Thu 05 Feb 2026 10:44:51 +0000
asID:                     152438
IP address blocks:        157.66.50.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Apr 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:b5:df:85:60:77:73:1a:ba:61:85:93:d8:6a:b5:d4:dc:08:e9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Feb  6 10:39:51 2025 GMT
            Not After : Feb  5 10:44:51 2026 GMT
        Subject: CN=8B99E814ADC0BF18DBEAB04F3E22317F41F41E15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:35:c6:18:4d:08:28:a0:51:37:2b:0d:bf:0e:
                    20:6a:0f:64:8e:36:17:0e:17:ad:f9:51:62:2f:fd:
                    da:d7:92:f9:d7:0a:96:a8:bf:65:f8:9c:d0:5d:24:
                    f5:1f:49:5f:0e:78:21:db:c9:f3:f2:b5:ba:c4:f0:
                    b1:cf:25:4e:d6:47:92:cd:00:94:fc:2a:2b:91:0e:
                    fb:52:7d:fa:9d:39:46:29:91:e4:b5:3f:a0:46:d1:
                    c4:91:cb:3a:9d:17:7b:b6:57:be:ae:99:a3:8d:87:
                    e8:20:4f:76:6e:1e:13:b0:41:4b:b7:24:33:ff:f4:
                    af:c5:73:22:d5:f7:44:e7:db:ea:19:d5:35:e6:8d:
                    e4:4e:90:b7:8b:64:54:22:64:63:c9:b7:93:e3:73:
                    2d:9b:e4:b9:ed:9d:f0:bc:75:fd:d5:22:e5:70:f2:
                    0f:08:9d:76:8b:cc:7c:92:c5:3f:7a:f9:95:eb:b4:
                    a1:19:b0:32:68:75:30:f5:a3:98:61:65:4c:39:f4:
                    99:e1:a1:1e:31:91:b9:19:ba:cc:40:10:e4:48:f6:
                    0a:66:1e:e0:96:05:cc:07:6f:8b:34:44:25:04:03:
                    b8:b0:77:e1:b1:c0:8e:8a:78:db:dd:1a:0d:5e:0d:
                    9b:23:87:ad:24:a2:b3:69:e0:f0:4f:f2:7a:d1:a8:
                    79:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:99:E8:14:AD:C0:BF:18:DB:EA:B0:4F:3E:22:31:7F:41:F4:1E:15
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:76:36:73:e5:99:7e:75:b4:e4:7e:99:db:c9:a9:de:bd:38:
         2e:a8:34:4d:57:11:3d:b4:b3:f6:13:77:c0:53:5f:1b:06:71:
         df:07:46:83:10:1a:f9:40:ed:f1:dc:22:57:15:54:f5:12:c4:
         de:ff:cd:66:a8:8d:0a:21:30:27:42:8c:0b:e2:64:95:04:36:
         b0:b7:12:1e:53:14:53:28:f3:82:00:d4:eb:ba:93:59:3d:62:
         4d:74:03:31:61:4f:53:ac:8e:64:43:b8:c6:18:3c:32:37:62:
         1e:ff:de:84:b5:9d:a4:1f:99:a5:51:2c:a8:18:9c:f6:03:68:
         14:1d:14:98:00:1c:38:ea:db:eb:7f:16:f2:fd:dd:00:8a:ae:
         71:6b:c2:41:51:33:2f:20:e1:96:5d:c7:c7:71:33:49:f6:7c:
         30:79:89:3c:8f:77:07:75:d6:d2:86:30:61:19:14:55:60:86:
         12:91:52:b8:da:dd:13:6a:aa:2e:c2:ea:de:ca:ed:60:dc:86:
         fc:b7:17:b3:60:68:81:5f:c8:eb:6f:27:00:0f:45:51:4a:67:
         3a:eb:06:cb:fb:9f:7b:d6:13:97:6b:30:65:81:00:9b:c1:d7:
         3e:44:e0:dc:d8:db:9e:15:e4:8d:74:df:83:2a:85:a8:70:1d:
         5f:28:8c:a3
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUW7XfhWB3cxq6YYWT2Gq11NwI6UgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1MVoX
DTI2MDIwNTEwNDQ1MVowMzExMC8GA1UEAxMoOEI5OUU4MTRBREMwQkYxOERCRUFC
MDRGM0UyMjMxN0Y0MUY0MUUxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKk1xhhNCCigUTcrDb8OIGoPZI42Fw4XrflRYi/92teS+dcKlqi/Zfic0F0k
9R9JXw54IdvJ8/K1usTwsc8lTtZHks0AlPwqK5EO+1J9+p05RimR5LU/oEbRxJHL
Op0Xe7ZXvq6Zo42H6CBPdm4eE7BBS7ckM//0r8VzItX3ROfb6hnVNeaN5E6Qt4tk
VCJkY8m3k+NzLZvkue2d8Lx1/dUi5XDyDwiddovMfJLFP3r5leu0oRmwMmh1MPWj
mGFlTDn0meGhHjGRuRm6zEAQ5Ej2CmYe4JYFzAdvizREJQQDuLB34bHAjop4290a
DV4NmyOHrSSis2ng8E/yetGoeZcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSLmegU
rcC/GNvqsE8+IjF/QfQeFTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjQzOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ1CMjANBgkqhkiG9w0BAQsFAAOCAQEAGnY2c+WZfnW05H6Z28mp
3r04Lqg0TVcRPbSz9hN3wFNfGwZx3wdGgxAa+UDt8dwiVxVU9RLE3v/NZqiNCiEw
J0KMC+JklQQ2sLcSHlMUUyjzggDU67qTWT1iTXQDMWFPU6yOZEO4xhg8MjdiHv/e
hLWdpB+ZpVEsqBic9gNoFB0UmAAcOOrb638W8v3dAIqucWvCQVEzLyDhll3Hx3Ez
SfZ8MHmJPI93B3XW0oYwYRkUVWCGEpFSuNrdE2qqLsLq3srtYNyG/LcXs2BogV/I
628nAA9FUUpnOusGy/ufe9YTl2swZYEAm8HXPkTg3NjbnhXkjXTfgyqFqHAdXyiM
ow==
-----END CERTIFICATE-----