Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153155.roa
File:                     AS153155.roa (raw, json)
Hash identifier:          jMbOeOh59HEjrslJ1F5pet6Q0lc7kSVnVngSP2DZ0xA=
Subject key identifier:   FB:EB:CE:8B:2A:4E:A7:1C:9D:8C:1B:D1:8D:8E:2E:F0:2A:24:C8:6D
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       21C42B3DAEDE5D030A73D4F65325D8AF8A1A80E6
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153155.roa
Signing time:             Thu 06 Feb 2025 10:44:58 +0000
ROA not before:           Thu 06 Feb 2025 10:39:58 +0000
ROA not after:            Thu 05 Feb 2026 10:44:58 +0000
asID:                     153155
IP address blocks:        160.191.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 09 Jun 2025 01:18:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c4:2b:3d:ae:de:5d:03:0a:73:d4:f6:53:25:d8:af:8a:1a:80:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:58 2025 GMT
            Not After : Feb  5 10:44:58 2026 GMT
        Subject: CN=FBEBCE8B2A4EA71C9D8C1BD18D8E2EF02A24C86D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d7:6f:5b:30:c0:f0:a6:7a:5d:bb:b1:c2:cb:
                    e0:e6:a4:f7:a5:3a:a7:c2:48:d6:f8:33:e5:e8:ed:
                    74:dd:60:d0:8c:5e:b3:20:4c:09:04:b4:66:85:37:
                    b9:c1:db:f8:64:ad:09:09:a6:f1:08:43:6c:eb:b6:
                    44:6c:11:02:b9:22:25:76:d1:38:c5:2d:54:68:58:
                    d3:12:3b:2d:ee:d4:49:58:d2:c9:2b:ff:22:3f:c1:
                    49:c8:5e:bc:b0:70:05:6a:ee:a0:15:bb:c3:10:ac:
                    e6:63:34:25:31:34:fa:f9:1b:a5:e7:e6:69:d2:3f:
                    09:84:84:7b:3e:78:ee:03:b2:b9:4d:be:7e:c4:a4:
                    ed:35:74:fa:98:d2:d7:c1:59:2e:f5:4d:02:0a:44:
                    e1:1d:2a:a2:74:9e:14:9d:d3:cc:87:c0:70:01:05:
                    bf:7b:f0:88:08:00:24:d5:18:03:bb:87:a5:e9:dd:
                    6c:09:ae:fa:e2:d8:97:75:d0:54:d1:4c:f7:5f:5a:
                    47:c4:76:93:6b:eb:fd:26:87:e9:85:14:da:cb:4d:
                    2e:95:bf:38:60:db:32:ca:e9:65:5c:d7:e6:51:5e:
                    13:0c:a3:cf:b6:d4:4c:59:1e:37:69:8f:8f:d6:49:
                    5b:53:78:ad:ad:93:83:9d:5c:c1:0f:4a:6b:d7:7d:
                    f1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EB:CE:8B:2A:4E:A7:1C:9D:8C:1B:D1:8D:8E:2E:F0:2A:24:C8:6D
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153155.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:27:dd:c8:cd:9a:04:e0:0d:bc:c1:22:3b:a9:6a:df:ce:bd:
         4a:d6:be:76:b7:d1:94:59:24:6b:87:a2:19:63:83:fa:ec:03:
         58:a3:e7:de:26:4c:fc:47:c3:3f:ea:5b:be:82:f5:1c:be:3f:
         86:91:25:2a:f1:a7:1a:44:dc:84:7f:f7:e6:e6:8a:85:5f:77:
         60:fb:1b:a3:5f:34:e9:d6:a0:89:51:43:1b:7f:5a:05:91:d8:
         5d:79:54:d6:92:e2:08:f7:bc:09:fb:5c:9b:3d:3f:03:53:ec:
         4c:f1:1b:a7:93:56:2c:34:7c:35:ec:ce:34:a3:37:45:8b:63:
         05:df:b7:9d:21:48:91:55:60:55:6e:c9:f8:08:03:45:41:77:
         82:89:9b:be:9d:ca:1a:67:5c:36:91:98:32:71:8e:04:85:4e:
         20:ba:92:ad:12:54:c2:0a:f2:42:d5:50:fd:ec:c4:80:fd:d2:
         47:c6:f6:ad:2c:9e:e4:19:e8:67:69:b4:44:9e:57:a0:af:36:
         63:3c:8c:43:53:49:84:63:99:9d:34:ea:77:1b:bd:3d:64:4e:
         91:02:63:dc:3e:b6:bb:db:7c:27:38:cb:e0:87:d9:f3:4f:63:
         fc:4a:25:46:e6:a4:cf:3b:23:18:65:06:5e:67:20:3d:de:2c:
         5c:5d:b8:20
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUIcQrPa7eXQMKc9T2UyXYr4oagOYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1OFoX
DTI2MDIwNTEwNDQ1OFowMzExMC8GA1UEAxMoRkJFQkNFOEIyQTRFQTcxQzlEOEMx
QkQxOEQ4RTJFRjAyQTI0Qzg2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3Xb1swwPCmel27scLL4Oak96U6p8JI1vgz5ejtdN1g0IxesyBMCQS0ZoU3
ucHb+GStCQmm8QhDbOu2RGwRArkiJXbROMUtVGhY0xI7Le7USVjSySv/Ij/BSche
vLBwBWruoBW7wxCs5mM0JTE0+vkbpefmadI/CYSEez547gOyuU2+fsSk7TV0+pjS
18FZLvVNAgpE4R0qonSeFJ3TzIfAcAEFv3vwiAgAJNUYA7uHpendbAmu+uLYl3XQ
VNFM919aR8R2k2vr/SaH6YUU2stNLpW/OGDbMsrpZVzX5lFeEwyjz7bUTFkeN2mP
j9ZJW1N4ra2Tg51cwQ9Ka9d98XcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBT7686L
Kk6nHJ2MG9GNji7wKiTIbTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzE1NS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaC/wDANBgkqhkiG9w0BAQsFAAOCAQEANCfdyM2aBOANvMEiO6lq
3869Sta+drfRlFkka4eiGWOD+uwDWKPn3iZM/EfDP+pbvoL1HL4/hpElKvGnGkTc
hH/35uaKhV93YPsbo1806dagiVFDG39aBZHYXXlU1pLiCPe8Cftcmz0/A1PsTPEb
p5NWLDR8NezONKM3RYtjBd+3nSFIkVVgVW7J+AgDRUF3gombvp3KGmdcNpGYMnGO
BIVOILqSrRJUwgryQtVQ/ezEgP3SR8b2rSye5BnoZ2m0RJ5XoK82YzyMQ1NJhGOZ
nTTqdxu9PWROkQJj3D62u9t8JzjL4IfZ809j/EolRuakzzsjGGUGXmcgPd4sXF24
IA==
-----END CERTIFICATE-----