Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153925.roa
File:                     AS153925.roa (raw, json)
Hash identifier:          5NgLiF4SxBSqLgvFXjoU3zoilqgSZT4rvqYz7cU4JF0=
Subject key identifier:   45:29:3A:F8:C9:EC:6C:42:BB:51:F8:8D:29:A8:26:8A:3E:89:73:65
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       31E0D15527AC3F1E081ACC6D1F516A55EC9BD8DA
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153925.roa
Signing time:             Thu 17 Jul 2025 02:15:39 +0000
ROA not before:           Thu 17 Jul 2025 02:10:39 +0000
ROA not after:            Thu 16 Jul 2026 02:15:39 +0000
asID:                     153925
IP address blocks:        165.99.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 13:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:e0:d1:55:27:ac:3f:1e:08:1a:cc:6d:1f:51:6a:55:ec:9b:d8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jul 17 02:10:39 2025 GMT
            Not After : Jul 16 02:15:39 2026 GMT
        Subject: CN=45293AF8C9EC6C42BB51F88D29A8268A3E897365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:88:84:3d:2f:85:51:2d:21:1d:82:d2:53:ba:
                    87:77:0b:18:0a:d1:4f:e8:5a:7d:a6:93:50:0b:14:
                    f0:d7:42:3c:a9:41:27:b2:ee:78:d2:ba:1d:a0:e5:
                    ae:12:39:c4:f0:cb:29:26:c8:36:63:b7:0f:1f:9c:
                    4b:e9:bc:ca:ed:f0:6e:5c:87:d5:ad:d7:a8:59:41:
                    aa:b3:2c:de:ef:d2:a2:d9:2b:13:b9:f3:57:01:24:
                    6b:eb:06:c1:5f:72:5d:a2:0a:df:f9:69:ff:08:4d:
                    cb:ca:1d:8f:ca:1c:be:c9:78:f1:39:99:42:32:f2:
                    9e:93:56:4e:0c:f8:54:e3:6f:ec:34:79:09:3d:e2:
                    5b:8b:19:48:bb:83:a0:9f:36:15:4c:b3:ec:6b:09:
                    ea:45:5f:a4:d6:f6:ae:ce:00:0f:63:64:48:6c:07:
                    9b:f8:76:16:68:fe:b0:14:76:e3:c3:ff:63:4c:b1:
                    49:42:6b:0a:a3:f1:63:a1:61:d1:1a:77:28:75:e7:
                    48:53:4b:0f:3d:3c:30:87:b6:bf:57:bd:8e:39:b1:
                    b6:e4:75:52:39:7f:52:ec:b6:23:95:6d:a3:43:65:
                    90:93:2f:17:5c:5b:68:2d:63:be:87:e6:4a:75:c0:
                    f2:65:8c:7c:00:5d:2b:3d:46:57:ed:85:89:d5:da:
                    a0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:29:3A:F8:C9:EC:6C:42:BB:51:F8:8D:29:A8:26:8A:3E:89:73:65
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:bf:28:26:c0:9a:40:95:e7:83:7a:97:b1:d8:4e:f4:e3:d4:
         af:71:97:02:35:5e:d3:26:3c:e0:20:85:29:63:ef:eb:ad:2d:
         6f:81:cb:df:97:0e:32:c4:78:d1:6f:4c:6c:74:18:c9:92:0a:
         8b:35:0f:0a:35:9c:3f:37:10:28:bd:24:5e:0c:fc:89:a5:77:
         1a:ce:aa:5b:c7:4b:8b:cc:bd:b6:3f:e9:9b:30:a1:70:f0:cb:
         91:1c:ce:1a:8f:cd:46:c8:49:2e:8e:ad:0d:aa:1f:35:fa:38:
         79:c9:7b:0c:aa:91:e3:78:41:cb:43:1a:97:5b:b4:b6:c1:fc:
         32:c0:4e:c9:9f:bd:21:49:e0:cc:d6:e9:4a:40:db:8c:55:43:
         e1:47:3d:8b:6d:04:26:f0:1c:17:95:a2:a4:67:e6:9c:1c:5b:
         c5:b2:18:49:f5:e8:7a:fb:8a:f4:d3:0e:dd:1e:4a:43:39:11:
         88:14:b4:b1:d7:e5:56:e1:c8:c0:9f:d9:5d:eb:7e:5c:b5:55:
         fb:9b:d9:db:d4:fd:ba:bb:ce:dd:f2:ca:fc:fc:e2:27:60:10:
         fd:f2:30:6a:43:ba:1e:5c:0c:75:48:36:30:7e:0f:75:a8:45:
         63:be:64:07:b7:4d:53:1a:74:7c:1d:d7:ab:8b:23:25:e4:9e:
         7a:b6:72:11
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUMeDRVSesPx4IGsxtH1FqVeyb2NowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDcxNzAyMTAzOVoX
DTI2MDcxNjAyMTUzOVowMzExMC8GA1UEAxMoNDUyOTNBRjhDOUVDNkM0MkJCNTFG
ODhEMjlBODI2OEEzRTg5NzM2NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALeIhD0vhVEtIR2C0lO6h3cLGArRT+hafaaTUAsU8NdCPKlBJ7LueNK6HaDl
rhI5xPDLKSbINmO3Dx+cS+m8yu3wblyH1a3XqFlBqrMs3u/SotkrE7nzVwEka+sG
wV9yXaIK3/lp/whNy8odj8ocvsl48TmZQjLynpNWTgz4VONv7DR5CT3iW4sZSLuD
oJ82FUyz7GsJ6kVfpNb2rs4AD2NkSGwHm/h2Fmj+sBR248P/Y0yxSUJrCqPxY6Fh
0Rp3KHXnSFNLDz08MIe2v1e9jjmxtuR1Ujl/Uuy2I5Vto0NlkJMvF1xbaC1jvofm
SnXA8mWMfABdKz1GV+2FidXaoA0CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRFKTr4
yexsQrtR+I0pqCaKPolzZTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzkyNS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKVjXzANBgkqhkiG9w0BAQsFAAOCAQEAVr8oJsCaQJXng3qXsdhO
9OPUr3GXAjVe0yY84CCFKWPv660tb4HL35cOMsR40W9MbHQYyZIKizUPCjWcPzcQ
KL0kXgz8iaV3Gs6qW8dLi8y9tj/pmzChcPDLkRzOGo/NRshJLo6tDaofNfo4ecl7
DKqR43hBy0Mal1u0tsH8MsBOyZ+9IUngzNbpSkDbjFVD4Uc9i20EJvAcF5WipGfm
nBxbxbIYSfXoevuK9NMO3R5KQzkRiBS0sdflVuHIwJ/ZXet+XLVV+5vZ29T9urvO
3fLK/PziJ2AQ/fIwakO6HlwMdUg2MH4PdahFY75kB7dNUxp0fB3Xq4sjJeSeerZy
EQ==
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:56:20 2025 by rpki-client