Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153986.roa
File:                     AS153986.roa (raw, json)
Hash identifier:          Yb4KmTKhqszV3M6KB8mnv7buse86uR3yJV55A7PiWe8=
Subject key identifier:   02:61:52:76:E9:77:CD:F2:DD:67:06:9C:A8:AA:48:F0:86:F5:7A:BF
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       22055A75323002CCA803196AF34AE4B9005610D7
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153986.roa
Signing time:             Mon 30 Jun 2025 02:40:20 +0000
ROA not before:           Mon 30 Jun 2025 02:35:20 +0000
ROA not after:            Mon 29 Jun 2026 02:40:20 +0000
asID:                     153986
IP address blocks:        165.99.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 13:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:05:5a:75:32:30:02:cc:a8:03:19:6a:f3:4a:e4:b9:00:56:10:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jun 30 02:35:20 2025 GMT
            Not After : Jun 29 02:40:20 2026 GMT
        Subject: CN=02615276E977CDF2DD67069CA8AA48F086F57ABF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b5:9e:d7:99:10:c6:11:5d:9c:8a:63:15:ec:
                    e9:db:bf:80:2d:ab:a5:79:fb:bb:37:20:ad:fc:e7:
                    9b:43:30:c7:9e:f2:6e:b4:03:3b:7f:4e:fe:f1:09:
                    b6:c3:80:c3:78:9f:0b:54:f1:09:d7:45:7c:a2:24:
                    e6:3e:82:d3:47:3c:f8:2f:53:c1:1c:54:9e:fb:d9:
                    97:d6:67:0e:a4:84:8b:7f:36:56:dd:a4:c8:33:40:
                    21:5e:31:4a:3e:0a:7f:25:78:b3:61:e2:44:83:cb:
                    03:ab:0f:f0:12:08:43:b8:6b:e9:9c:e9:0e:e8:79:
                    03:e7:d2:b0:3f:8a:45:8f:48:13:1f:8a:87:70:fc:
                    51:f0:c4:b7:f5:62:92:f0:aa:e6:74:72:31:16:50:
                    72:2d:3d:a2:19:ee:17:81:7b:25:40:e8:96:c1:3f:
                    a8:6b:59:ef:3e:9d:35:13:22:09:5c:14:87:4c:ba:
                    75:21:50:09:51:e7:81:56:3e:38:09:57:9b:29:01:
                    7b:ed:ef:f1:5b:05:12:04:50:9f:91:58:8c:d1:88:
                    3e:cc:30:97:20:f0:91:cd:2a:28:dc:e1:6f:a4:38:
                    bd:bb:4a:2f:44:b7:35:e1:7a:be:75:66:5c:0f:15:
                    bb:54:1f:86:4b:c1:a3:4f:c8:64:69:43:e6:68:2f:
                    7f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:61:52:76:E9:77:CD:F2:DD:67:06:9C:A8:AA:48:F0:86:F5:7A:BF
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153986.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:9e:1d:a6:e8:38:e4:b0:64:d1:d8:86:7b:10:23:99:6d:46:
         c4:e2:67:fa:37:e5:75:ca:ad:2f:7e:7a:2e:11:52:61:31:fa:
         1f:d0:dd:67:fc:5c:3a:52:5e:41:78:16:12:f1:ca:25:95:91:
         a6:48:01:ef:59:9f:6b:60:0b:84:65:1e:44:e4:c6:3d:e7:74:
         15:22:c1:1f:44:fd:ff:a2:cf:01:5b:39:80:d2:58:4d:89:db:
         ce:2c:c8:7a:2f:7a:63:e8:20:7e:ab:73:92:10:cf:d9:f1:59:
         9f:83:78:2b:f3:e6:cf:98:6f:cb:24:a8:7e:cf:5d:3e:7f:58:
         35:f8:86:6a:ab:8b:22:3d:d9:95:9e:0e:d2:16:06:8d:71:ed:
         c3:65:e9:28:65:c0:38:da:1a:8b:44:48:43:ff:08:59:f3:86:
         70:8c:bc:51:af:5d:84:e4:a6:73:54:6b:db:36:f0:4c:f0:5d:
         51:ad:4e:94:38:25:57:d5:0c:ca:64:f3:93:7e:77:8e:67:51:
         95:28:99:30:1f:92:a3:e9:af:3f:60:55:dc:eb:c1:9d:8d:5e:
         86:4f:09:75:f1:1f:21:fb:04:6a:16:7a:96:bb:26:e0:bc:ae:
         40:3c:53:ad:b2:c8:7b:9e:ca:cc:de:64:ff:0c:ae:59:89:24:
         62:5e:51:8c
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUIgVadTIwAsyoAxlq80rkuQBWENcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDYzMDAyMzUyMFoX
DTI2MDYyOTAyNDAyMFowMzExMC8GA1UEAxMoMDI2MTUyNzZFOTc3Q0RGMkRENjcw
NjlDQThBQTQ4RjA4NkY1N0FCRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPK1nteZEMYRXZyKYxXs6du/gC2rpXn7uzcgrfznm0Mwx57ybrQDO39O/vEJ
tsOAw3ifC1TxCddFfKIk5j6C00c8+C9TwRxUnvvZl9ZnDqSEi382Vt2kyDNAIV4x
Sj4KfyV4s2HiRIPLA6sP8BIIQ7hr6ZzpDuh5A+fSsD+KRY9IEx+Kh3D8UfDEt/Vi
kvCq5nRyMRZQci09ohnuF4F7JUDolsE/qGtZ7z6dNRMiCVwUh0y6dSFQCVHngVY+
OAlXmykBe+3v8VsFEgRQn5FYjNGIPswwlyDwkc0qKNzhb6Q4vbtKL0S3NeF6vnVm
XA8Vu1QfhkvBo0/IZGlD5mgvf2kCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQCYVJ2
6XfN8t1nBpyoqkjwhvV6vzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1Mzk4Ni5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaVjwjANBgkqhkiG9w0BAQsFAAOCAQEAF54dpug45LBk0diGexAj
mW1GxOJn+jfldcqtL356LhFSYTH6H9DdZ/xcOlJeQXgWEvHKJZWRpkgB71mfa2AL
hGUeROTGPed0FSLBH0T9/6LPAVs5gNJYTYnbzizIei96Y+ggfqtzkhDP2fFZn4N4
K/Pmz5hvyySofs9dPn9YNfiGaquLIj3ZlZ4O0hYGjXHtw2XpKGXAONoai0RIQ/8I
WfOGcIy8Ua9dhOSmc1Rr2zbwTPBdUa1OlDglV9UMymTzk353jmdRlSiZMB+So+mv
P2BV3OvBnY1ehk8JdfEfIfsEahZ6lrsm4LyuQDxTrbLIe57KzN5k/wyuWYkkYl5R
jA==
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:56:20 2025 by rpki-client