Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153937.roa
File:                     AS153937.roa (raw, json)
Hash identifier:          Xjl4t/EcOPUctgzn6JGR0ciHRfT0I9BNDLRWkxwmr6o=
Subject key identifier:   26:7B:34:EA:A1:57:BA:26:D8:87:98:AE:84:73:DE:39:F0:F2:45:D2
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       237210BF94FAF7A85D06CD96EB943CAE84C68C7D
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153937.roa
Signing time:             Wed 04 Jun 2025 02:11:47 +0000
ROA not before:           Wed 04 Jun 2025 02:06:47 +0000
ROA not after:            Wed 03 Jun 2026 02:11:47 +0000
asID:                     153937
IP address blocks:        165.99.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 06:30:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:72:10:bf:94:fa:f7:a8:5d:06:cd:96:eb:94:3c:ae:84:c6:8c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jun  4 02:06:47 2025 GMT
            Not After : Jun  3 02:11:47 2026 GMT
        Subject: CN=267B34EAA157BA26D88798AE8473DE39F0F245D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b1:f8:3f:16:f9:f1:ef:02:5e:b9:50:a1:95:
                    f8:0e:41:b9:3e:b1:14:f1:06:a4:ae:d6:ad:63:53:
                    86:7a:0e:36:4f:eb:0c:dc:30:0e:9b:2c:5a:59:05:
                    5a:16:c7:56:fa:96:16:1d:bb:ee:0d:17:01:db:7a:
                    f7:3a:3b:3c:f2:1a:23:09:b3:ac:b9:09:20:5a:1d:
                    85:73:3f:71:e5:34:58:ba:28:52:9f:75:f7:af:94:
                    c7:1c:ed:4f:fb:4c:97:9d:fb:32:95:e2:8c:f8:02:
                    21:cf:d6:6f:b9:89:7c:a3:0c:71:5c:96:d1:7e:cd:
                    06:f2:56:16:fd:50:da:65:7b:82:8d:02:f4:43:77:
                    aa:bb:92:df:29:07:73:3f:d2:bf:12:f5:24:32:e8:
                    89:2f:5a:aa:a9:c9:a9:8f:56:63:02:69:d8:d0:a3:
                    a3:a1:1e:64:4b:61:47:30:74:97:df:4c:e2:0a:ec:
                    41:aa:83:91:a3:6e:f4:c9:ae:70:16:bb:04:56:b3:
                    6e:1d:c7:08:84:4f:d9:83:99:e3:7a:79:e2:5a:2d:
                    96:86:84:89:a1:a6:44:d8:8c:7d:3e:7f:94:07:ea:
                    47:9d:8b:b3:98:4a:c6:cb:a9:50:1b:a4:72:62:43:
                    36:21:c8:fe:97:2c:82:c8:ba:72:81:b5:43:c9:a5:
                    a1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7B:34:EA:A1:57:BA:26:D8:87:98:AE:84:73:DE:39:F0:F2:45:D2
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:82:be:38:d7:d2:10:a1:0f:20:01:d1:f7:42:55:d3:e8:
         59:73:0a:96:31:52:2e:8e:26:1e:a7:c5:b6:ff:12:9d:02:3d:
         73:cf:c6:ef:11:e3:c3:d6:7c:b2:b1:00:45:28:0d:e8:7a:03:
         8e:64:9b:c0:4b:cf:0a:43:be:7b:3b:69:75:42:29:f4:74:63:
         d4:c9:18:ea:1e:24:fb:e9:16:c1:4c:88:6f:2e:9b:65:9e:c9:
         64:53:6f:92:4e:75:b9:6c:40:08:c3:5a:19:06:d1:28:4c:f0:
         ec:af:73:0c:38:8a:b6:ea:41:4d:42:6e:b8:cf:0b:90:46:41:
         3a:a7:aa:1f:90:b2:bc:a3:f1:35:23:1e:ee:bd:97:2c:c5:7f:
         0c:c6:c8:fd:01:8c:e9:a8:98:99:bc:c0:bd:40:7e:5f:d0:2c:
         a0:25:a1:0a:71:a5:5b:c6:50:1b:a4:84:e8:34:3e:9c:d6:c4:
         47:1a:d2:29:3c:ac:43:13:03:4a:74:37:be:5b:4e:56:f3:83:
         30:cc:e2:36:09:71:66:75:62:ae:ef:cf:ef:6c:cf:3e:37:1c:
         7c:ba:25:7d:3e:f3:a2:8a:87:0c:7d:dd:20:64:df:62:69:0f:
         db:fa:b7:c5:8a:81:87:f5:99:25:7b:69:7e:f2:d9:3e:cc:e0:
         79:27:2a:59
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUI3IQv5T696hdBs2W65Q8roTGjH0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDYwNDAyMDY0N1oX
DTI2MDYwMzAyMTE0N1owMzExMC8GA1UEAxMoMjY3QjM0RUFBMTU3QkEyNkQ4ODc5
OEFFODQ3M0RFMzlGMEYyNDVEMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCx+D8W+fHvAl65UKGV+A5BuT6xFPEGpK7WrWNThnoONk/rDNwwDpssWlkF
WhbHVvqWFh277g0XAdt69zo7PPIaIwmzrLkJIFodhXM/ceU0WLooUp9196+Uxxzt
T/tMl537MpXijPgCIc/Wb7mJfKMMcVyW0X7NBvJWFv1Q2mV7go0C9EN3qruS3ykH
cz/SvxL1JDLoiS9aqqnJqY9WYwJp2NCjo6EeZEthRzB0l99M4grsQaqDkaNu9Mmu
cBa7BFazbh3HCIRP2YOZ43p54lotloaEiaGmRNiMfT5/lAfqR52Ls5hKxsupUBuk
cmJDNiHI/pcsgsi6coG1Q8mloWcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQmezTq
oVe6JtiHmK6Ec9458PJF0jAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzkzNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKVjRzANBgkqhkiG9w0BAQsFAAOCAQEAUt2CvjjX0hChDyAB0fdC
VdPoWXMKljFSLo4mHqfFtv8SnQI9c8/G7xHjw9Z8srEARSgN6HoDjmSbwEvPCkO+
eztpdUIp9HRj1MkY6h4k++kWwUyIby6bZZ7JZFNvkk51uWxACMNaGQbRKEzw7K9z
DDiKtupBTUJuuM8LkEZBOqeqH5CyvKPxNSMe7r2XLMV/DMbI/QGM6aiYmbzAvUB+
X9AsoCWhCnGlW8ZQG6SE6DQ+nNbERxrSKTysQxMDSnQ3vltOVvODMMziNglxZnVi
ru/P72zPPjccfLolfT7zooqHDH3dIGTfYmkP2/q3xYqBh/WZJXtpfvLZPszgeScq
WQ==
-----END CERTIFICATE-----