Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS152086.roa
File:                     AS152086.roa (raw, json)
Hash identifier:          Mrx/0gBM4NK6wQ0NP3Gaq4A+Skozoy0n8H5XCLEoEcY=
Subject key identifier:   C4:8F:08:D6:59:72:A3:F8:6C:84:6F:7D:43:E7:A4:00:78:BF:14:45
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       67F9089E9DD1ECD8A7669C728AA68460F6FB9CFA
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS152086.roa
Signing time:             Tue 21 Jan 2025 03:00:00 +0000
ROA not before:           Tue 21 Jan 2025 02:55:00 +0000
ROA not after:            Tue 20 Jan 2026 03:00:00 +0000
asID:                     152086
IP address blocks:        2001:df3:5dc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f9:08:9e:9d:d1:ec:d8:a7:66:9c:72:8a:a6:84:60:f6:fb:9c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Jan 21 02:55:00 2025 GMT
            Not After : Jan 20 03:00:00 2026 GMT
        Subject: CN=C48F08D65972A3F86C846F7D43E7A40078BF1445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:dd:5e:a9:76:f9:04:22:e2:15:5d:7f:d8:58:
                    0a:7a:26:66:f3:6b:93:76:6f:cf:80:12:93:fc:57:
                    ae:f3:6e:99:cd:58:f9:65:ad:c3:bf:8d:90:c4:85:
                    b2:ca:aa:f3:72:d4:ef:b5:fd:e1:84:92:8f:bd:a9:
                    68:de:c1:9f:f8:11:bc:80:9f:0d:00:90:14:e8:63:
                    d7:47:f2:9f:33:a9:ed:e3:f4:98:d8:71:fe:f4:64:
                    13:27:5f:a1:e5:aa:b2:2f:28:4b:43:5f:43:1f:1c:
                    85:be:07:cf:23:b2:d1:79:61:c3:4c:a1:b6:7d:1a:
                    95:d5:54:04:8e:b6:60:84:4f:6c:7a:09:eb:ba:f4:
                    ef:ec:7b:d3:ca:9a:39:7f:52:d8:2a:3e:52:a7:a3:
                    56:07:d3:7c:84:97:70:33:f0:38:b6:4c:77:d5:2c:
                    f0:da:bc:d6:fd:58:cc:f0:96:3a:46:67:83:25:c4:
                    a2:77:36:50:94:a3:2f:af:36:e1:6b:cf:8c:ef:96:
                    13:ec:74:c2:9b:75:e8:90:38:b9:0f:f6:91:64:c4:
                    f8:31:af:0d:9a:e4:92:ef:aa:b1:56:0d:5b:f8:dc:
                    54:96:70:9b:01:61:b5:fc:78:75:f4:57:5b:c1:e8:
                    7d:ce:ef:2b:b3:78:58:6b:86:54:29:f1:14:08:b7:
                    66:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8F:08:D6:59:72:A3:F8:6C:84:6F:7D:43:E7:A4:00:78:BF:14:45
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS152086.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:5dc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:b8:ee:64:7b:3b:cd:78:c0:52:3c:38:35:b7:a8:d8:82:b7:
         b8:d8:91:31:d9:f1:72:8d:8f:da:29:b4:e2:ce:1a:44:7b:9a:
         d2:13:84:fc:3f:48:f3:9f:0c:39:41:8f:e0:d5:ef:a5:e6:e8:
         2b:de:e8:97:75:88:38:a2:fb:ad:5b:da:5b:4c:7b:10:9a:ae:
         b4:b9:52:7f:36:3c:5e:43:3f:c1:f8:ba:1e:91:fa:ab:7d:59:
         b1:6c:c3:76:41:87:63:ae:19:ba:8f:f7:a5:2b:51:36:0f:0b:
         7f:62:5f:03:93:11:1e:4e:4f:7c:fc:32:1d:7d:dd:6b:8e:c0:
         a9:ef:29:5d:59:50:09:dc:6f:d8:0d:7e:58:7e:cd:4d:29:fd:
         e0:da:cb:c8:e8:14:f6:21:e0:61:fc:20:9e:31:41:73:04:50:
         f6:d3:df:4c:3c:5f:44:c1:fa:45:6f:7f:5f:ed:27:a1:07:b4:
         62:0a:59:70:fa:20:41:1f:c2:ad:25:6e:89:6e:b9:6f:87:58:
         09:7e:a2:f7:48:1b:cc:50:84:28:55:b6:ff:b0:62:4c:dd:d5:
         56:c4:e3:a3:f2:ec:f8:32:01:b8:34:db:1f:9a:79:3c:a3:bc:
         70:a3:40:44:f1:32:24:3a:0c:6a:05:31:78:1e:0c:75:63:b4:
         78:78:cd:3b
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUZ/kInp3R7NinZpxyiqaEYPb7nPowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDEyMTAyNTUwMFoX
DTI2MDEyMDAzMDAwMFowMzExMC8GA1UEAxMoQzQ4RjA4RDY1OTcyQTNGODZDODQ2
RjdENDNFN0E0MDA3OEJGMTQ0NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPXdXql2+QQi4hVdf9hYCnomZvNrk3Zvz4ASk/xXrvNumc1Y+WWtw7+NkMSF
ssqq83LU77X94YSSj72paN7Bn/gRvICfDQCQFOhj10fynzOp7eP0mNhx/vRkEydf
oeWqsi8oS0NfQx8chb4HzyOy0Xlhw0yhtn0aldVUBI62YIRPbHoJ67r07+x708qa
OX9S2Co+UqejVgfTfISXcDPwOLZMd9Us8Nq81v1YzPCWOkZngyXEonc2UJSjL682
4WvPjO+WE+x0wpt16JA4uQ/2kWTE+DGvDZrkku+qsVYNW/jcVJZwmwFhtfx4dfRX
W8Hofc7vK7N4WGuGVCnxFAi3Zt0CAwEAAaOCAdMwggHPMB0GA1UdDgQWBBTEjwjW
WXKj+GyEb31D56QAeL8URTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MjA4Ni5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfNdwDANBgkqhkiG9w0BAQsFAAOCAQEAXrjuZHs7zXjAUjw4
Nbeo2IK3uNiRMdnxco2P2im04s4aRHua0hOE/D9I858MOUGP4NXvpeboK97ol3WI
OKL7rVvaW0x7EJqutLlSfzY8XkM/wfi6HpH6q31ZsWzDdkGHY64Zuo/3pStRNg8L
f2JfA5MRHk5PfPwyHX3da47Aqe8pXVlQCdxv2A1+WH7NTSn94NrLyOgU9iHgYfwg
njFBcwRQ9tPfTDxfRMH6RW9/X+0noQe0YgpZcPogQR/CrSVuiW65b4dYCX6i90gb
zFCEKFW2/7BiTN3VVsTjo/Ls+DIBuDTbH5p5PKO8cKNARPEyJDoMagUxeB4MdWO0
eHjNOw==
-----END CERTIFICATE-----