Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153601.roa
File:                     AS153601.roa (raw, json)
Hash identifier:          4qSiu9PczUhgpalXawSXd0UusxFt8NgPtR9tGkZcANo=
Subject key identifier:   B7:23:9C:8A:91:42:D5:42:C9:4B:C9:59:39:D8:84:C8:6B:E3:D4:20
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       42E99F90225FDA6BE92D959B03F61ACDFE45D12E
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153601.roa
Signing time:             Tue 25 Mar 2025 03:08:55 +0000
ROA not before:           Tue 25 Mar 2025 03:03:55 +0000
ROA not after:            Tue 24 Mar 2026 03:08:55 +0000
asID:                     153601
IP address blocks:        2001:df4:f640::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 07 Apr 2025 17:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:e9:9f:90:22:5f:da:6b:e9:2d:95:9b:03:f6:1a:cd:fe:45:d1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000
        Validity
            Not Before: Mar 25 03:03:55 2025 GMT
            Not After : Mar 24 03:08:55 2026 GMT
        Subject: CN=B7239C8A9142D542C94BC95939D884C86BE3D420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:32:ea:47:72:58:93:71:89:e5:3c:33:df:5c:
                    fa:52:53:b6:26:c2:14:56:9a:27:78:1b:5b:88:f3:
                    f3:8a:81:d6:34:16:35:eb:e4:61:a4:8e:5b:4e:46:
                    f8:62:93:75:9e:80:2a:01:a2:20:9a:02:17:9c:40:
                    8d:e5:12:f1:40:78:37:b8:49:f2:47:01:8d:68:97:
                    b1:d4:5b:10:78:9b:87:8a:c4:64:2b:f8:4c:a0:4e:
                    68:25:62:da:da:9c:ef:f8:bc:78:7f:17:41:b8:71:
                    b8:3f:d3:f0:57:55:b9:6f:2c:70:17:ba:2a:ad:79:
                    85:42:df:46:2c:b4:fc:c9:f1:43:d9:dc:66:68:7c:
                    bc:16:95:a4:e3:c8:42:0a:cc:f8:69:45:16:74:fe:
                    cb:81:b5:37:72:25:a0:04:6a:cc:7e:a2:6e:2d:32:
                    2a:79:25:a5:d3:68:78:36:3b:10:66:3a:14:db:0a:
                    7b:81:5e:04:b4:e9:14:e3:09:93:c3:12:04:12:49:
                    d1:79:71:30:61:5c:bc:34:d3:2f:2e:41:fb:98:d5:
                    e0:c1:32:1f:c6:e2:90:38:bb:6e:87:de:c9:a3:36:
                    99:c5:4d:e3:f9:e4:3d:c9:d9:9d:8c:64:18:d9:0e:
                    81:2c:d1:5d:e8:24:5b:d2:59:ff:21:76:1b:5b:1c:
                    a7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:23:9C:8A:91:42:D5:42:C9:4B:C9:59:39:D8:84:C8:6B:E3:D4:20
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153601.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:f640::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:3f:a3:a0:cf:ed:60:13:80:34:70:99:c1:cc:e7:44:db:ee:
         a8:98:18:f6:74:2a:a0:13:7a:0d:e5:b7:24:3d:de:94:bc:74:
         f2:ce:9e:74:87:8b:21:69:c1:fb:da:bc:0f:14:4f:bb:a5:f3:
         08:7c:78:c1:26:61:fd:2c:a2:6d:1b:11:71:d9:99:93:2d:e0:
         d6:5f:23:c8:e4:89:73:6b:6e:58:e5:60:db:1f:94:b6:4b:45:
         92:1d:a5:12:90:aa:72:b4:e5:63:af:58:c3:47:08:e3:61:10:
         e8:79:53:2e:4e:09:fe:79:83:b0:06:18:a5:15:74:92:b3:86:
         6b:06:76:80:c1:38:54:d7:a7:08:10:f6:84:2d:a1:04:4a:07:
         7f:b3:da:18:78:9f:11:41:29:60:1a:8f:8c:f2:e7:d3:a4:08:
         5b:2a:1a:8c:39:98:e8:18:20:ac:4c:b7:fe:fd:2c:05:60:7c:
         83:81:4e:b5:36:c8:28:35:17:4d:42:c3:00:2c:5e:04:45:d4:
         a1:97:f5:38:64:13:b5:31:b2:60:17:f4:01:1d:70:7e:95:b2:
         4e:f7:c8:3a:2f:03:c0:f0:34:29:0f:64:8b:7b:1a:96:9c:2c:
         ef:3b:2e:68:bb:31:ef:38:a7:aa:b9:7b:1a:11:27:cf:55:e4:
         4a:5d:4e:7a
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUQumfkCJf2mvpLZWbA/Yazf5F0S4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDMyNTAzMDM1NVoX
DTI2MDMyNDAzMDg1NVowMzExMC8GA1UEAxMoQjcyMzlDOEE5MTQyRDU0MkM5NEJD
OTU5MzlEODg0Qzg2QkUzRDQyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsy6kdyWJNxieU8M99c+lJTtibCFFaaJ3gbW4jz84qB1jQWNevkYaSOW05G
+GKTdZ6AKgGiIJoCF5xAjeUS8UB4N7hJ8kcBjWiXsdRbEHibh4rEZCv4TKBOaCVi
2tqc7/i8eH8XQbhxuD/T8FdVuW8scBe6Kq15hULfRiy0/MnxQ9ncZmh8vBaVpOPI
QgrM+GlFFnT+y4G1N3IloARqzH6ibi0yKnklpdNoeDY7EGY6FNsKe4FeBLTpFOMJ
k8MSBBJJ0XlxMGFcvDTTLy5B+5jV4MEyH8bikDi7bofeyaM2mcVN4/nkPcnZnYxk
GNkOgSzRXegkW9JZ/yF2G1scp8ECAwEAAaOCAdMwggHPMB0GA1UdDgQWBBS3I5yK
kULVQslLyVk52ITIa+PUIDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MzYwMS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfT2QDANBgkqhkiG9w0BAQsFAAOCAQEAOz+joM/tYBOANHCZ
wcznRNvuqJgY9nQqoBN6DeW3JD3elLx08s6edIeLIWnB+9q8DxRPu6XzCHx4wSZh
/SyibRsRcdmZky3g1l8jyOSJc2tuWOVg2x+UtktFkh2lEpCqcrTlY69Yw0cI42EQ
6HlTLk4J/nmDsAYYpRV0krOGawZ2gME4VNenCBD2hC2hBEoHf7PaGHifEUEpYBqP
jPLn06QIWyoajDmY6BggrEy3/v0sBWB8g4FOtTbIKDUXTULDACxeBEXUoZf1OGQT
tTGyYBf0AR1wfpWyTvfIOi8DwPA0KQ9ki3salpws7zsuaLsx7zinqrl7GhEnz1Xk
Sl1Oeg==
-----END CERTIFICATE-----