Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154128.roa
File:                     AS154128.roa (raw, json)
Hash identifier:          YvNyelQG9R6OfdM7bNoFa3F2EbNxk7Sl94ljlkWRnew=
Subject key identifier:   66:99:91:BA:B2:AE:EB:87:9F:8C:A7:F9:E8:66:DF:50:80:95:5F:2E
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       6A7E53FC2DEECBFD33E91712E615958954A428E7
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154128.roa
Signing time:             Mon 25 Aug 2025 07:38:56 +0000
ROA not before:           Mon 25 Aug 2025 07:33:56 +0000
ROA not after:            Mon 24 Aug 2026 07:38:56 +0000
asID:                     154128
IP address blocks:        192.188.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 10 Sep 2025 14:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7e:53:fc:2d:ee:cb:fd:33:e9:17:12:e6:15:95:89:54:a4:28:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Aug 25 07:33:56 2025 GMT
            Not After : Aug 24 07:38:56 2026 GMT
        Subject: CN=669991BAB2AEEB879F8CA7F9E866DF5080955F2E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:eb:bc:22:7c:36:3b:5b:04:37:54:bd:d3:d2:
                    8a:4f:04:3a:ca:0e:8b:7a:e5:57:23:60:fc:6b:c1:
                    88:ee:5f:ab:e5:0f:d3:e0:d9:9d:98:12:4b:2b:26:
                    d6:e9:68:b7:99:65:4e:28:b8:19:a3:af:47:8a:ad:
                    2b:22:af:35:47:59:30:65:1b:5f:95:a3:b3:97:86:
                    af:99:ee:f8:90:d7:76:74:3a:55:df:02:7d:00:ae:
                    6e:9a:d8:ec:db:48:f1:a9:23:ce:df:2d:c4:7e:cf:
                    69:58:6b:a8:df:16:00:1b:b2:a3:10:e4:08:eb:0a:
                    28:87:9c:95:81:6f:2b:5b:aa:e3:28:50:86:a6:b5:
                    2f:05:e6:0e:ca:03:37:24:77:5e:01:0e:d6:c8:79:
                    ff:14:f0:85:17:8b:51:07:1a:83:fa:ef:ea:b4:d9:
                    5c:d2:ab:72:5a:a4:89:db:d1:99:ac:c4:c3:57:5e:
                    24:bb:bc:ca:b4:4e:31:ab:e2:e1:d2:b4:68:e5:25:
                    13:f7:37:9f:ba:82:21:aa:2d:b2:f2:8d:23:75:9f:
                    70:c1:a7:6c:07:60:f1:93:a3:cb:15:55:1d:8f:51:
                    7a:f0:9e:c2:46:8e:9d:5c:64:f3:cf:63:6d:e6:a6:
                    6f:00:38:4f:c5:40:85:ab:e9:16:3c:29:7b:2c:2f:
                    24:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:99:91:BA:B2:AE:EB:87:9F:8C:A7:F9:E8:66:DF:50:80:95:5F:2E
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.188.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:cd:ec:ff:de:d7:50:5a:62:b1:e9:9a:ea:50:95:b6:96:f3:
         78:cf:9b:77:88:fb:c7:7f:0b:07:d5:2c:ba:f5:eb:01:2e:e4:
         dd:a4:7b:8c:3d:5b:52:0e:c6:7b:cb:68:d9:d0:b7:7a:10:80:
         48:28:3d:d0:84:f4:e9:4e:53:84:28:84:70:bd:e3:00:74:52:
         c4:29:bb:95:f7:8e:b6:16:ee:1d:40:89:ff:89:a6:dd:13:da:
         e1:b0:9b:a6:29:df:2c:96:cf:a1:a6:e1:75:3d:04:97:95:8d:
         aa:ef:47:82:36:db:e7:4b:3d:61:9b:f7:91:37:17:93:ab:dc:
         28:d7:1d:e1:21:ea:ea:6e:c7:0c:89:bb:15:2e:0c:77:98:cd:
         ed:fe:27:70:6a:e3:3b:f9:63:a8:ad:a9:7c:12:5d:b6:49:0d:
         0a:20:b8:b7:87:3a:71:9c:c2:ef:26:4a:7d:68:d6:2a:22:9e:
         66:5b:57:89:eb:73:ac:7b:ed:1e:40:6f:da:fb:83:b8:a5:57:
         d3:26:af:5e:90:9f:21:88:ac:07:cb:2b:5c:1b:58:60:bc:ce:
         1b:38:67:7b:da:1a:ce:cb:a9:5a:3c:4a:56:fb:b1:f1:5a:a5:
         4b:c9:1b:b4:7e:f7:e1:62:81:e4:4a:bb:b1:2a:6e:c9:81:82:
         2e:a7:bd:a7
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUan5T/C3uy/0z6RcS5hWViVSkKOcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDgyNTA3MzM1NloX
DTI2MDgyNDA3Mzg1NlowMzExMC8GA1UEAxMoNjY5OTkxQkFCMkFFRUI4NzlGOENB
N0Y5RTg2NkRGNTA4MDk1NUYyRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLrvCJ8NjtbBDdUvdPSik8EOsoOi3rlVyNg/GvBiO5fq+UP0+DZnZgSSysm
1ulot5llTii4GaOvR4qtKyKvNUdZMGUbX5Wjs5eGr5nu+JDXdnQ6Vd8CfQCubprY
7NtI8akjzt8txH7PaVhrqN8WABuyoxDkCOsKKIeclYFvK1uq4yhQhqa1LwXmDsoD
NyR3XgEO1sh5/xTwhReLUQcag/rv6rTZXNKrclqkidvRmazEw1deJLu8yrROMavi
4dK0aOUlE/c3n7qCIaotsvKNI3WfcMGnbAdg8ZOjyxVVHY9RevCewkaOnVxk889j
beambwA4T8VAhavpFjwpeywvJO8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRmmZG6
sq7rh5+Mp/noZt9QgJVfLjAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1NDEyOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAMC8VTANBgkqhkiG9w0BAQsFAAOCAQEAUs3s/97XUFpisema6lCV
tpbzeM+bd4j7x38LB9UsuvXrAS7k3aR7jD1bUg7Ge8to2dC3ehCASCg90IT06U5T
hCiEcL3jAHRSxCm7lfeOthbuHUCJ/4mm3RPa4bCbpinfLJbPoabhdT0El5WNqu9H
gjbb50s9YZv3kTcXk6vcKNcd4SHq6m7HDIm7FS4Md5jN7f4ncGrjO/ljqK2pfBJd
tkkNCiC4t4c6cZzC7yZKfWjWKiKeZltXietzrHvtHkBv2vuDuKVX0yavXpCfIYis
B8srXBtYYLzOGzhne9oazsupWjxKVvux8VqlS8kbtH734WKB5Eq7sSpuyYGCLqe9
pw==
-----END CERTIFICATE-----