Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153152.roa
File:                     AS153152.roa (raw, json)
Hash identifier:          gAsP2f15f2Gr9RBtNKOGP3R9Swn9hKViJxAKRt+Z7z4=
Subject key identifier:   60:DC:D9:AC:C6:C7:1A:F8:67:0C:DF:12:79:7E:A4:84:F7:06:FB:14
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       598875358139014A45BD9ECB5CD7B44F26BB5260
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153152.roa
Signing time:             Wed 15 Oct 2025 08:29:11 +0000
ROA not before:           Wed 15 Oct 2025 08:24:11 +0000
ROA not after:            Wed 14 Oct 2026 08:29:11 +0000
asID:                     153152
IP address blocks:        160.191.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 03:04:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:88:75:35:81:39:01:4a:45:bd:9e:cb:5c:d7:b4:4f:26:bb:52:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Oct 15 08:24:11 2025 GMT
            Not After : Oct 14 08:29:11 2026 GMT
        Subject: CN=60DCD9ACC6C71AF8670CDF12797EA484F706FB14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cb:c6:fd:5b:6b:05:e2:e6:c2:b2:bd:46:02:
                    c9:0b:87:d9:39:d6:c9:34:9f:6d:e5:f8:79:d8:7b:
                    16:3b:fe:65:f0:b2:23:fc:95:1b:2d:d4:11:30:33:
                    96:26:08:d0:df:cc:78:20:a6:6a:05:c0:b4:85:43:
                    2e:06:b5:16:15:24:15:41:36:9e:90:d6:dd:9b:03:
                    ae:a5:97:b5:0e:62:cd:38:0f:9c:85:ce:d3:6e:f6:
                    36:66:6e:5f:2e:72:c0:fb:33:09:40:39:ea:db:02:
                    73:27:14:8d:7f:6b:da:f3:89:94:41:cf:9e:5a:e2:
                    61:c9:32:a5:21:6e:6d:df:35:4d:ea:17:bb:f0:e1:
                    dd:18:de:c1:32:c2:c6:d8:dd:70:a9:6e:ef:61:27:
                    44:13:db:7a:4b:ca:a5:11:dc:c8:02:68:c7:05:04:
                    a1:67:78:9a:b8:c1:ab:d1:0b:e9:43:20:43:98:e0:
                    4f:48:41:0e:40:7e:ba:d0:dc:f6:e0:8b:f4:bb:25:
                    97:58:a1:aa:03:4e:7e:08:b9:14:ca:c5:97:d9:b9:
                    6b:1c:51:3b:aa:8b:03:41:ee:e3:3f:2c:7f:9b:3b:
                    44:b0:7b:6a:75:a3:95:5f:10:f4:e1:30:f9:3b:95:
                    d7:c8:01:67:27:44:a5:bb:f7:bc:bd:4c:3c:3d:e1:
                    c2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DC:D9:AC:C6:C7:1A:F8:67:0C:DF:12:79:7E:A4:84:F7:06:FB:14
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:38:77:26:6b:6a:0b:a2:63:e4:2a:a9:e8:73:fc:f6:50:d7:
         55:be:43:cb:2d:73:42:05:3d:c6:fb:c1:93:cc:7e:31:b5:63:
         35:e1:c4:1f:c7:9a:33:af:c7:bc:69:d7:59:bb:fc:d4:a5:95:
         5d:77:af:70:49:dc:87:bb:68:6b:d1:09:68:58:68:f6:ca:28:
         2d:08:d1:68:e5:e5:7d:a2:4a:b0:6a:12:ef:a9:f4:e8:d4:ad:
         6e:48:c8:fe:6b:ec:51:5e:6d:38:5c:a7:4f:7f:fc:81:a8:9c:
         d8:be:de:6e:87:78:70:ea:54:17:56:c3:38:5f:76:9a:0e:02:
         a6:34:79:31:94:90:85:34:14:2e:1e:37:c1:f8:39:4d:a2:df:
         f6:38:91:eb:97:74:ca:c0:a5:31:63:72:5d:71:3b:b7:73:c3:
         e8:48:1d:b1:04:33:84:2b:a8:aa:cf:c2:62:44:ad:3d:ed:af:
         79:55:3c:d9:83:76:92:fe:e0:36:e1:70:c6:79:59:54:4a:93:
         75:6f:22:e8:d0:4c:e0:66:63:cc:ae:92:ec:e4:5e:7a:eb:5d:
         3f:3f:b1:c3:17:91:42:75:3c:60:7e:1b:d6:7b:36:49:95:5a:
         ff:f2:b5:11:3a:b0:7b:05:ae:2b:95:85:a9:8e:6d:a7:0e:10:
         00:b2:8c:c5
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUWYh1NYE5AUpFvZ7LXNe0Tya7UmAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MTAxNTA4MjQxMVoX
DTI2MTAxNDA4MjkxMVowMzExMC8GA1UEAxMoNjBEQ0Q5QUNDNkM3MUFGODY3MENE
RjEyNzk3RUE0ODRGNzA2RkIxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTLxv1bawXi5sKyvUYCyQuH2TnWyTSfbeX4edh7Fjv+ZfCyI/yVGy3UETAz
liYI0N/MeCCmagXAtIVDLga1FhUkFUE2npDW3ZsDrqWXtQ5izTgPnIXO0272NmZu
Xy5ywPszCUA56tsCcycUjX9r2vOJlEHPnlriYckypSFubd81TeoXu/Dh3RjewTLC
xtjdcKlu72EnRBPbekvKpRHcyAJoxwUEoWd4mrjBq9EL6UMgQ5jgT0hBDkB+utDc
9uCL9Lsll1ihqgNOfgi5FMrFl9m5axxRO6qLA0Hu4z8sf5s7RLB7anWjlV8Q9OEw
+TuV18gBZydEpbv3vL1MPD3hwsECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRg3Nms
xsca+GcM3xJ5fqSE9wb7FDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzE1Mi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaC/ujANBgkqhkiG9w0BAQsFAAOCAQEAITh3JmtqC6Jj5Cqp6HP8
9lDXVb5Dyy1zQgU9xvvBk8x+MbVjNeHEH8eaM6/HvGnXWbv81KWVXXevcEnch7to
a9EJaFho9sooLQjRaOXlfaJKsGoS76n06NStbkjI/mvsUV5tOFynT3/8gaic2L7e
bod4cOpUF1bDOF92mg4CpjR5MZSQhTQULh43wfg5TaLf9jiR65d0ysClMWNyXXE7
t3PD6EgdsQQzhCuoqs/CYkStPe2veVU82YN2kv7gNuFwxnlZVEqTdW8i6NBM4GZj
zK6S7OReeutdPz+xwxeRQnU8YH4b1ns2SZVa//K1ETqwewWuK5WFqY5tpw4QALKM
xQ==
-----END CERTIFICATE-----