Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154007.roa
File:                     AS154007.roa (raw, json)
Hash identifier:          RuYIZEOooxJL7Ph99kpg/BWG7fPscwZXnRPt+CP4k68=
Subject key identifier:   76:ED:B6:DA:05:12:20:9B:CF:C7:84:86:2A:34:DC:43:31:C1:D5:C4
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       163E7B1AD746B7857357413FDEA4B55A952DC6C3
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154007.roa
Signing time:             Thu 17 Jul 2025 02:10:59 +0000
ROA not before:           Thu 17 Jul 2025 02:05:59 +0000
ROA not after:            Thu 16 Jul 2026 02:10:59 +0000
asID:                     154007
IP address blocks:        165.99.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 13:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:3e:7b:1a:d7:46:b7:85:73:57:41:3f:de:a4:b5:5a:95:2d:c6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jul 17 02:05:59 2025 GMT
            Not After : Jul 16 02:10:59 2026 GMT
        Subject: CN=76EDB6DA0512209BCFC784862A34DC4331C1D5C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0c:78:6a:35:84:0c:82:3b:15:c9:89:44:74:
                    00:86:70:95:36:27:81:a4:d1:49:29:b1:58:1f:a5:
                    2b:65:df:2e:5f:c3:86:c3:ab:3a:4f:81:6d:bb:92:
                    67:2e:cd:a3:6c:2a:64:65:cf:4d:50:5f:f3:90:46:
                    f7:0b:fa:c0:ad:5e:35:8c:c5:c8:a2:74:79:4e:57:
                    51:1a:4c:84:a3:42:64:ce:38:3e:ca:ed:20:ae:36:
                    5e:a0:f4:ac:cc:2b:6d:c3:a8:a8:27:f6:37:b9:df:
                    de:f5:b3:c3:d9:1e:6b:cc:50:0a:1e:39:4e:14:99:
                    ab:a5:d8:74:27:2d:53:1b:3a:c1:12:c5:6d:cb:0a:
                    b8:14:b0:54:8b:e4:df:30:6e:86:99:c9:14:b0:e1:
                    66:81:98:a8:a3:fb:dc:7a:b4:ac:bb:ca:94:cf:43:
                    15:d3:ab:98:a7:fa:b8:f4:72:bf:b9:c7:5f:fe:c3:
                    2f:dc:71:f8:1a:a1:ec:17:e2:68:65:ad:ec:e1:8d:
                    76:77:15:94:b9:71:49:20:fe:87:73:7d:76:96:a4:
                    dc:65:33:ee:31:b0:37:8d:31:36:79:6a:a5:b1:b1:
                    50:56:59:bc:ee:58:f7:04:88:02:94:69:8a:80:59:
                    33:c9:90:e6:ab:29:5d:41:49:2b:71:c3:1b:00:22:
                    1e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:ED:B6:DA:05:12:20:9B:CF:C7:84:86:2A:34:DC:43:31:C1:D5:C4
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:37:93:95:bf:0a:f7:0b:15:b3:d8:0b:f2:d3:ca:e1:94:9f:
         d2:fc:4d:01:e3:3e:ed:e6:ba:7d:f0:a5:ae:7f:00:ed:28:4a:
         36:df:70:60:31:11:5b:19:ca:60:93:e9:a7:84:24:c4:fa:16:
         a0:da:0e:71:62:5c:ed:7f:e6:72:83:2d:2c:fc:24:31:33:3c:
         46:1e:92:96:5f:48:90:fd:b7:f2:9d:e8:c6:44:06:9c:11:df:
         25:80:be:4b:82:5b:43:86:a6:0e:a2:2f:06:d6:5a:cf:32:df:
         a2:45:7e:5a:2a:44:88:10:eb:56:c3:cf:4c:db:1a:39:09:36:
         95:64:26:71:de:05:52:f9:6c:ad:d7:62:19:b3:de:5b:93:38:
         fe:e9:c7:f0:9b:f4:80:5d:7b:f5:f7:e2:ec:22:a7:4c:5d:19:
         bd:88:7c:5d:a0:2d:bc:b1:e4:3b:94:0b:ca:42:95:3f:19:d8:
         dc:ea:c8:0e:47:87:c1:f7:70:11:ce:1b:ca:7c:23:10:69:60:
         b3:b0:0e:0b:f8:6a:65:90:7a:af:08:3e:fe:08:d0:5d:e8:0c:
         12:e8:d2:7f:b3:04:cf:5e:66:d1:5b:97:c6:33:56:44:b8:74:
         86:3e:5c:7e:6f:cc:52:fa:fe:e2:f0:19:1e:e2:86:0f:dc:06:
         3e:94:11:a1
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUFj57GtdGt4VzV0E/3qS1WpUtxsMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDcxNzAyMDU1OVoX
DTI2MDcxNjAyMTA1OVowMzExMC8GA1UEAxMoNzZFREI2REEwNTEyMjA5QkNGQzc4
NDg2MkEzNERDNDMzMUMxRDVDNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkMeGo1hAyCOxXJiUR0AIZwlTYngaTRSSmxWB+lK2XfLl/DhsOrOk+BbbuS
Zy7No2wqZGXPTVBf85BG9wv6wK1eNYzFyKJ0eU5XURpMhKNCZM44PsrtIK42XqD0
rMwrbcOoqCf2N7nf3vWzw9kea8xQCh45ThSZq6XYdCctUxs6wRLFbcsKuBSwVIvk
3zBuhpnJFLDhZoGYqKP73Hq0rLvKlM9DFdOrmKf6uPRyv7nHX/7DL9xx+Bqh7Bfi
aGWt7OGNdncVlLlxSSD+h3N9dpak3GUz7jGwN40xNnlqpbGxUFZZvO5Y9wSIApRp
ioBZM8mQ5qspXUFJK3HDGwAiHukCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBR27bba
BRIgm8/HhIYqNNxDMcHVxDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1NDAwNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKVjeDANBgkqhkiG9w0BAQsFAAOCAQEAHzeTlb8K9wsVs9gL8tPK
4ZSf0vxNAeM+7ea6ffClrn8A7ShKNt9wYDERWxnKYJPpp4QkxPoWoNoOcWJc7X/m
coMtLPwkMTM8Rh6Sll9IkP238p3oxkQGnBHfJYC+S4JbQ4amDqIvBtZazzLfokV+
WipEiBDrVsPPTNsaOQk2lWQmcd4FUvlsrddiGbPeW5M4/unH8Jv0gF179ffi7CKn
TF0ZvYh8XaAtvLHkO5QLykKVPxnY3OrIDkeHwfdwEc4bynwjEGlgs7AOC/hqZZB6
rwg+/gjQXegMEujSf7MEz15m0VuXxjNWRLh0hj5cfm/MUvr+4vAZHuKGD9wGPpQR
oQ==
-----END CERTIFICATE-----