Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152762.roa
File:                     AS152762.roa (raw, json)
Hash identifier:          9oQyP9rBzJvWZoLZO7iusERVzzsrTwLQ1xRQkYMDRCQ=
Subject key identifier:   60:70:E2:97:9C:AF:56:1F:7D:71:D0:46:2C:26:F6:53:76:B3:00:8F
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       2287687E8BB0A3D0090B10C8BC0B7BF69CE957A7
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152762.roa
Signing time:             Mon 25 Aug 2025 08:14:53 +0000
ROA not before:           Mon 25 Aug 2025 08:09:53 +0000
ROA not after:            Mon 24 Aug 2026 08:14:53 +0000
asID:                     152762
IP address blocks:        160.19.230.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 10 Sep 2025 14:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:87:68:7e:8b:b0:a3:d0:09:0b:10:c8:bc:0b:7b:f6:9c:e9:57:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Aug 25 08:09:53 2025 GMT
            Not After : Aug 24 08:14:53 2026 GMT
        Subject: CN=6070E2979CAF561F7D71D0462C26F65376B3008F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e0:56:18:00:1b:c9:98:ae:91:ab:3e:20:c5:
                    45:1b:db:90:7d:ca:de:71:6f:b7:33:be:1b:d9:75:
                    45:7a:60:e0:cd:fb:27:1a:86:1f:28:57:da:9e:eb:
                    57:56:98:86:8c:82:c5:8b:34:2e:ac:f3:c9:42:8c:
                    79:8f:2b:5e:d2:fd:fd:c9:f9:96:73:a8:70:3b:fa:
                    44:c0:3b:0f:67:b2:32:98:3c:8d:87:c4:4b:95:af:
                    68:ff:93:60:2c:63:4e:f4:35:69:25:44:55:01:33:
                    b6:82:c1:a0:90:da:40:80:99:78:37:69:0a:4f:c6:
                    74:c1:80:b3:2e:b6:c2:dd:c7:33:32:96:3e:a6:63:
                    06:80:87:6f:8d:e5:dc:59:0e:c2:44:4e:ac:8d:c2:
                    20:2c:c1:38:8e:a2:e9:ae:9c:3b:d4:8b:05:04:a9:
                    ed:79:0e:10:a2:ae:9c:b0:7a:0c:d1:9d:1e:cc:80:
                    4c:21:36:17:a6:99:c4:00:b0:b3:73:1f:6c:06:70:
                    ab:05:dd:30:78:7e:be:b6:7f:03:9d:8c:09:20:e4:
                    8d:1d:25:6a:ed:e2:e5:c6:84:45:e7:25:39:81:60:
                    96:38:48:05:b4:18:3a:f0:15:2a:00:51:8f:56:eb:
                    25:a1:fa:9d:45:ce:3f:b3:7f:9a:a9:ca:5c:8d:55:
                    56:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:70:E2:97:9C:AF:56:1F:7D:71:D0:46:2C:26:F6:53:76:B3:00:8F
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:ed:3d:af:95:9b:1d:f8:9a:ad:38:ad:05:d5:bc:68:a9:b3:
         da:f3:85:33:73:bd:08:27:84:8d:84:06:e3:39:20:35:9a:66:
         4a:e9:63:0f:e1:f9:ca:30:d7:ce:dd:09:7f:01:a1:4a:c7:80:
         46:76:50:21:99:8a:7c:e0:94:a5:bb:fc:d0:6e:e7:a0:5c:4e:
         b6:9f:f9:9c:ed:28:83:ad:35:d6:85:08:5c:f5:2f:8e:4e:5f:
         cc:8a:cc:24:ee:b2:b1:95:1c:1f:2d:f8:65:32:bf:9f:ab:d6:
         ba:39:2b:be:ea:f1:c8:df:ee:3d:dd:03:81:8b:1b:05:03:44:
         75:99:20:42:8b:56:bb:4b:74:9a:c2:26:8a:cc:8a:1f:9c:e5:
         a3:6a:b2:c7:a5:a1:27:83:17:b8:bd:e1:3f:4e:3a:c7:53:03:
         ff:70:61:7a:25:a7:c5:08:08:c4:f5:80:88:e8:d8:61:55:6d:
         7d:5c:a2:d0:da:c2:3f:95:c7:de:56:48:87:4c:05:18:3c:50:
         15:a9:5f:a2:b4:f4:fa:d1:8a:30:f9:53:78:f8:e4:11:42:1f:
         94:46:8f:72:ed:46:de:87:e3:4a:6e:23:c5:ee:3e:77:28:c9:
         01:cc:51:3c:26:0b:09:1f:b1:a6:0e:b4:8a:e2:9a:21:46:2b:
         3c:65:97:4c
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUIodofouwo9AJCxDIvAt79pzpV6cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDgyNTA4MDk1M1oX
DTI2MDgyNDA4MTQ1M1owMzExMC8GA1UEAxMoNjA3MEUyOTc5Q0FGNTYxRjdENzFE
MDQ2MkMyNkY2NTM3NkIzMDA4RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANvgVhgAG8mYrpGrPiDFRRvbkH3K3nFvtzO+G9l1RXpg4M37JxqGHyhX2p7r
V1aYhoyCxYs0LqzzyUKMeY8rXtL9/cn5lnOocDv6RMA7D2eyMpg8jYfES5WvaP+T
YCxjTvQ1aSVEVQEztoLBoJDaQICZeDdpCk/GdMGAsy62wt3HMzKWPqZjBoCHb43l
3FkOwkROrI3CICzBOI6i6a6cO9SLBQSp7XkOEKKunLB6DNGdHsyATCE2F6aZxACw
s3MfbAZwqwXdMHh+vrZ/A52MCSDkjR0lau3i5caEReclOYFgljhIBbQYOvAVKgBR
j1brJaH6nUXOP7N/mqnKXI1VVkcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRgcOKX
nK9WH31x0EYsJvZTdrMAjzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1Mjc2Mi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAT5jANBgkqhkiG9w0BAQsFAAOCAQEAU+09r5WbHfiarTitBdW8
aKmz2vOFM3O9CCeEjYQG4zkgNZpmSuljD+H5yjDXzt0JfwGhSseARnZQIZmKfOCU
pbv80G7noFxOtp/5nO0og6011oUIXPUvjk5fzIrMJO6ysZUcHy34ZTK/n6vWujkr
vurxyN/uPd0DgYsbBQNEdZkgQotWu0t0msImisyKH5zlo2qyx6WhJ4MXuL3hP046
x1MD/3BheiWnxQgIxPWAiOjYYVVtfVyi0NrCP5XH3lZIh0wFGDxQFalforT0+tGK
MPlTePjkEUIflEaPcu1G3ofjSm4jxe4+dyjJAcxRPCYLCR+xpg60iuKaIUYrPGWX
TA==
-----END CERTIFICATE-----