Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153936.roa
File:                     AS153936.roa (raw, json)
Hash identifier:          xRaPcq4ik629401o/NcNkij7zwMBtIxbFt65loKtPUc=
Subject key identifier:   4B:0F:42:31:97:37:47:2A:BA:A4:30:99:04:6D:7B:C8:0C:49:92:9B
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       550C52F9FBBD33C9B17FA5444DCC4402EE3C31AB
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153936.roa
Signing time:             Tue 08 Jul 2025 02:33:50 +0000
ROA not before:           Tue 08 Jul 2025 02:28:50 +0000
ROA not after:            Tue 07 Jul 2026 02:33:50 +0000
asID:                     153936
IP address blocks:        165.99.162.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 13:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:0c:52:f9:fb:bd:33:c9:b1:7f:a5:44:4d:cc:44:02:ee:3c:31:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jul  8 02:28:50 2025 GMT
            Not After : Jul  7 02:33:50 2026 GMT
        Subject: CN=4B0F42319737472ABAA43099046D7BC80C49929B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:01:28:36:64:64:1f:fc:1f:c8:3c:ac:ec:91:
                    03:0b:ee:4c:94:61:0b:56:23:d9:69:9f:82:c2:07:
                    4d:12:f8:bd:03:93:22:2b:4e:53:88:ac:31:3f:cb:
                    2d:5d:a5:82:21:5e:39:84:27:f4:77:60:be:f1:8b:
                    e1:e5:bc:59:ea:d7:3e:37:10:52:cf:b0:82:c3:fe:
                    f5:2d:15:0a:d5:cc:f9:e7:b8:af:d7:05:d5:40:16:
                    5d:44:f6:a0:d6:93:37:c3:ab:0a:21:c8:0b:91:ee:
                    1b:49:5b:80:19:ef:5a:44:5f:d2:70:34:ac:56:47:
                    75:05:ed:b0:79:29:e1:5d:35:01:1f:06:59:e4:cf:
                    5f:90:ab:15:ce:1d:b9:cf:5c:04:1e:6a:d1:b7:ea:
                    85:7f:72:45:ea:e1:f1:bf:a7:33:12:d8:a1:73:17:
                    89:a8:f2:5c:39:2c:0f:84:1c:73:21:1b:57:89:1b:
                    93:d8:47:98:5b:eb:b0:56:a7:3f:82:9b:4e:96:78:
                    c6:fa:04:b5:28:ef:ad:1d:a1:07:b3:08:0a:83:ea:
                    f4:33:fe:28:6b:05:9e:f3:d5:d8:43:4a:cc:f8:50:
                    98:cc:da:df:75:b8:d0:bc:5c:b4:12:ee:dc:3e:35:
                    7d:81:a1:67:fc:b1:96:4b:d5:c5:e2:3f:6e:bb:19:
                    53:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:0F:42:31:97:37:47:2A:BA:A4:30:99:04:6D:7B:C8:0C:49:92:9B
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:51:f0:ad:1b:8c:cf:1e:6f:39:ea:0d:6e:5c:d4:bb:81:c6:
         5f:4e:1f:08:fe:87:5c:7c:44:d1:4f:c7:25:98:11:96:d2:82:
         12:9c:b6:77:24:e9:45:89:49:42:01:83:c5:3d:de:3b:c3:0e:
         1b:63:1d:97:bb:bb:25:52:bd:22:a2:ab:a1:09:ef:2e:0a:30:
         5a:62:73:d9:a4:73:0f:c9:f0:1d:93:78:61:1e:62:5b:64:14:
         44:11:12:35:39:f6:24:76:3c:f2:0d:d7:4d:3d:f4:a2:a1:fa:
         bd:a0:1d:35:4c:bb:78:2e:79:a3:7a:2b:73:e7:2f:54:2f:ba:
         3a:14:0a:13:ba:91:fc:9a:56:d2:6f:e2:c5:fb:7e:42:60:3a:
         80:42:11:7f:21:83:b5:db:10:e0:ab:3a:a4:b9:f5:e1:89:78:
         10:50:cf:1b:8e:d0:af:ac:4c:37:c6:6f:da:27:a7:40:6a:c0:
         1d:b9:04:b0:4f:fb:37:8f:32:3c:b4:fd:98:ef:5a:73:81:0e:
         ba:18:c3:70:89:5e:d2:ed:d5:2e:de:1c:5b:db:d3:e0:04:39:
         fd:b1:3a:87:53:2b:1d:b5:dc:2b:17:74:b0:da:78:5f:02:92:
         89:ec:3c:37:cb:18:e1:2f:af:69:d5:e0:5e:eb:be:6b:f6:dd:
         35:27:69:a8
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUVQxS+fu9M8mxf6VETcxEAu48MaswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDcwODAyMjg1MFoX
DTI2MDcwNzAyMzM1MFowMzExMC8GA1UEAxMoNEIwRjQyMzE5NzM3NDcyQUJBQTQz
MDk5MDQ2RDdCQzgwQzQ5OTI5QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkBKDZkZB/8H8g8rOyRAwvuTJRhC1Yj2WmfgsIHTRL4vQOTIitOU4isMT/L
LV2lgiFeOYQn9HdgvvGL4eW8WerXPjcQUs+wgsP+9S0VCtXM+ee4r9cF1UAWXUT2
oNaTN8OrCiHIC5HuG0lbgBnvWkRf0nA0rFZHdQXtsHkp4V01AR8GWeTPX5CrFc4d
uc9cBB5q0bfqhX9yRerh8b+nMxLYoXMXiajyXDksD4QccyEbV4kbk9hHmFvrsFan
P4KbTpZ4xvoEtSjvrR2hB7MICoPq9DP+KGsFnvPV2ENKzPhQmMza33W40LxctBLu
3D41fYGhZ/yxlkvVxeI/brsZU1sCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRLD0Ix
lzdHKrqkMJkEbXvIDEmSmzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzkzNi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaVjojANBgkqhkiG9w0BAQsFAAOCAQEAZFHwrRuMzx5vOeoNblzU
u4HGX04fCP6HXHxE0U/HJZgRltKCEpy2dyTpRYlJQgGDxT3eO8MOG2Mdl7u7JVK9
IqKroQnvLgowWmJz2aRzD8nwHZN4YR5iW2QURBESNTn2JHY88g3XTT30oqH6vaAd
NUy7eC55o3orc+cvVC+6OhQKE7qR/JpW0m/ixft+QmA6gEIRfyGDtdsQ4Ks6pLn1
4Yl4EFDPG47Qr6xMN8Zv2ienQGrAHbkEsE/7N48yPLT9mO9ac4EOuhjDcIle0u3V
Lt4cW9vT4AQ5/bE6h1MrHbXcKxd0sNp4XwKSiew8N8sY4S+vadXgXuu+a/bdNSdp
qA==
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:56:20 2025 by rpki-client