Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153134.roa
File:                     AS153134.roa (raw, json)
Hash identifier:          ssmD1f5G+80BgjpAEBmONBCmsPt3A1gUU4WnpptaTcc=
Subject key identifier:   9C:BC:97:70:99:48:C7:85:17:58:E5:4F:BB:FE:BF:CB:EF:9D:E9:2F
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       17BFA36818F12418769153492220D9B24C56CD
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153134.roa
Signing time:             Sun 09 Feb 2025 07:46:09 +0000
ROA not before:           Sun 09 Feb 2025 07:41:09 +0000
ROA not after:            Sun 08 Feb 2026 07:46:09 +0000
asID:                     153134
IP address blocks:        160.191.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 09 Apr 2025 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:bf:a3:68:18:f1:24:18:76:91:53:49:22:20:d9:b2:4c:56:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Feb  9 07:41:09 2025 GMT
            Not After : Feb  8 07:46:09 2026 GMT
        Subject: CN=9CBC97709948C7851758E54FBBFEBFCBEF9DE92F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2d:e6:16:52:0a:c6:6b:0f:80:7d:53:95:ce:
                    ba:ed:21:c4:ce:d3:23:93:82:54:b8:5f:48:a1:c0:
                    09:8c:f4:88:3d:04:25:03:79:e3:24:ba:45:43:fa:
                    65:d2:90:a5:0e:65:73:66:76:32:dc:c6:4c:0f:f5:
                    af:24:b9:17:d3:17:2a:ad:bb:96:0a:1f:99:e0:b5:
                    cd:38:b4:30:23:18:33:85:30:e8:1e:c5:8f:20:a1:
                    bb:74:46:23:0f:36:d7:d6:35:af:f3:fc:40:e9:68:
                    38:0a:9a:b7:93:ac:bd:c1:71:31:69:bb:22:66:a9:
                    3b:a1:6b:1d:f6:f0:79:24:2e:f3:cb:ed:a9:30:24:
                    70:72:4e:c2:60:d0:3e:74:c4:16:32:19:f5:af:28:
                    e1:5e:8b:a8:df:ba:1e:5e:d8:45:c0:06:75:06:44:
                    c8:74:a9:99:18:a5:6c:4e:97:ad:fb:de:b8:ff:3b:
                    6e:2f:b4:1e:64:04:19:d9:56:93:9a:77:ee:19:26:
                    f4:f2:c3:d5:a6:6a:e9:a6:4e:19:9a:6d:5b:d9:d0:
                    68:31:7c:a1:a9:3a:46:75:11:4e:6b:0b:44:b6:59:
                    bb:f1:b6:05:ff:43:4d:9d:39:a8:31:fe:38:48:b9:
                    ee:b1:77:99:eb:9b:d2:99:74:29:7a:65:d2:70:31:
                    47:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:BC:97:70:99:48:C7:85:17:58:E5:4F:BB:FE:BF:CB:EF:9D:E9:2F
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:82:9d:7a:b8:92:66:79:e5:b1:d8:d6:dc:67:98:99:89:77:
         ae:ed:47:21:75:91:bf:1b:8a:8b:f4:6f:65:84:50:72:95:84:
         b9:7d:8a:83:75:56:42:18:73:32:12:51:47:a5:84:45:84:c0:
         53:c0:b7:0f:f6:a8:b0:a4:3a:ba:3d:aa:42:2d:03:fd:f4:fc:
         c0:de:7a:5d:63:db:7d:5b:c3:bc:8c:7a:31:5c:e1:2c:9b:b7:
         a8:e4:bb:7b:29:6b:cd:17:2d:d9:74:cd:ab:89:be:5d:47:80:
         0c:72:37:8e:f2:4e:c1:82:db:b1:2c:50:46:98:0b:2e:20:55:
         e2:92:ea:58:38:d6:10:72:44:b3:26:6b:20:4b:93:40:30:4c:
         0f:9f:93:39:d9:74:09:48:32:f1:98:ba:ee:57:51:3f:93:b0:
         0e:6a:af:e9:30:85:40:d6:25:96:fd:44:c9:e2:a3:29:0a:e6:
         23:7b:57:fe:65:77:94:71:b4:6f:79:ed:08:25:ac:e5:b6:ae:
         99:0e:58:10:f0:7a:72:6d:d1:c5:17:e4:d5:21:27:d6:09:3e:
         30:2f:3c:30:21:29:29:76:66:5f:89:57:9c:02:15:9f:ea:3f:
         df:61:24:f2:2f:2e:b5:24:94:ac:2c:40:c9:56:22:2a:15:1f:
         8a:8b:ce:1f
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgITF7+jaBjxJBh2kVNJIiDZskxWzTANBgkqhkiG9w0BAQsF
ADBKMRUwEwYDVQQDEwxBOTE4NjIxNDAwMDAxMTAvBgNVBAUTKDYwRjhCRTlDMTY2
MjVDNDI0QjI2OUVFMDZDNjRBODNCQUI4NTA2RDQwHhcNMjUwMjA5MDc0MTA5WhcN
MjYwMjA4MDc0NjA5WjAzMTEwLwYDVQQDEyg5Q0JDOTc3MDk5NDhDNzg1MTc1OEU1
NEZCQkZFQkZDQkVGOURFOTJGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvS3mFlIKxmsPgH1Tlc667SHEztMjk4JUuF9IocAJjPSIPQQlA3njJLpFQ/pl
0pClDmVzZnYy3MZMD/WvJLkX0xcqrbuWCh+Z4LXNOLQwIxgzhTDoHsWPIKG7dEYj
DzbX1jWv8/xA6Wg4Cpq3k6y9wXExabsiZqk7oWsd9vB5JC7zy+2pMCRwck7CYNA+
dMQWMhn1ryjhXouo37oeXthFwAZ1BkTIdKmZGKVsTpet+964/ztuL7QeZAQZ2VaT
mnfuGSb08sPVpmrppk4Zmm1b2dBoMXyhqTpGdRFOawtEtlm78bYF/0NNnTmoMf44
SLnusXeZ65vSmXQpemXScDFH4wIDAQABo4IB0DCCAcwwHQYDVR0OBBYEFJy8l3CZ
SMeFF1jlT7v+v8vvnekvMB8GA1UdIwQYMBaAFGD4vpwWYlxCSyae4GxkqDurhQbU
MA4GA1UdDwEB/wQEAwIHgDBpBgNVHR8EYjBgMF6gXKBahlhyc3luYzovL3JlcG8t
cnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8xLzYwRjhCRTlDMTY2MjVDNDI0
QjI2OUVFMDZDNjRBODNCQUI4NTA2RDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggr
BgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0
RjIwMUQ2NjExRTI4QUM4ODM3QzcyRkQxRkYyL1lQaS1uQlppWEVKTEpwN2diR1Nv
TzZ1RkJ0US5jZXIwVAYIKwYBBQUHAQsESDBGMEQGCCsGAQUFBzALhjhyc3luYzov
L3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8xL0FTMTUzMTM0LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAoL84MA0GCSqGSIb3DQEBCwUAA4IBAQCIgp16uJJmeeWx2NbcZ5iZ
iXeu7UchdZG/G4qL9G9lhFBylYS5fYqDdVZCGHMyElFHpYRFhMBTwLcP9qiwpDq6
PapCLQP99PzA3npdY9t9W8O8jHoxXOEsm7eo5Lt7KWvNFy3ZdM2rib5dR4AMcjeO
8k7BgtuxLFBGmAsuIFXikupYONYQckSzJmsgS5NAMEwPn5M52XQJSDLxmLruV1E/
k7AOaq/pMIVA1iWW/UTJ4qMpCuYje1f+ZXeUcbRvee0IJazltq6ZDlgQ8HpybdHF
F+TVISfWCT4wLzwwISkpdmZfiVecAhWf6j/fYSTyLy61JJSsLEDJViIqFR+Ki84f
-----END CERTIFICATE-----