Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS38496.roa
File:                     AS38496.roa (raw, json)
Hash identifier:          8Rp+SJII8xDEJNDxVQq0cvrJDFb6Tl9SzWvBeL3yoCw=
Subject key identifier:   4E:2A:30:B2:46:B4:56:4C:02:C2:5F:12:7F:AE:7E:3A:15:7A:94:6C
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       67EB11B4F69FDBC43F951A51F9A7702EB1699F8F
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS38496.roa
Signing time:             Mon 15 Sep 2025 04:26:57 +0000
ROA not before:           Mon 15 Sep 2025 04:21:57 +0000
ROA not after:            Mon 14 Sep 2026 04:26:57 +0000
asID:                     38496
IP address blocks:        144.48.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 17:51:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:eb:11:b4:f6:9f:db:c4:3f:95:1a:51:f9:a7:70:2e:b1:69:9f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Sep 15 04:21:57 2025 GMT
            Not After : Sep 14 04:26:57 2026 GMT
        Subject: CN=4E2A30B246B4564C02C25F127FAE7E3A157A946C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:05:8a:ab:de:c6:53:30:86:84:c0:a1:78:3b:
                    b4:db:68:68:e1:ac:e6:df:01:eb:41:77:43:62:64:
                    a4:70:55:d8:27:a7:7c:01:bb:92:d2:fe:16:83:62:
                    75:b9:dc:02:7d:cf:1c:53:a1:75:7a:96:a0:81:51:
                    aa:76:db:e3:ac:50:9d:78:33:33:9a:98:e9:9b:f5:
                    60:9e:9b:18:48:c6:34:4b:63:e2:d3:7d:2a:61:09:
                    d3:f3:a9:df:7f:65:ba:54:5b:f9:53:69:39:e9:f1:
                    e9:85:34:38:4e:14:1f:12:8a:bb:65:5b:32:c9:68:
                    80:2e:f1:b0:24:56:77:34:18:ed:b9:4c:21:ba:71:
                    0f:b7:5b:c9:c4:cb:55:3c:7d:da:0c:db:ea:1c:f6:
                    48:6e:be:ac:7a:e1:f7:3d:f5:2b:38:25:8a:50:e4:
                    01:46:d5:27:c7:44:03:5b:29:72:da:82:f7:aa:a0:
                    98:9c:48:65:55:91:c1:4b:f4:bc:09:5a:c6:fb:64:
                    47:8f:dd:61:3e:f9:2c:69:69:dd:c5:f1:5f:8f:2c:
                    e2:e9:f6:2e:62:e4:19:5a:e3:74:13:d8:f0:47:91:
                    00:99:b0:17:d7:99:8a:8e:0e:cd:7b:2a:a2:80:ce:
                    ad:37:d9:23:d4:b4:1a:b6:dc:48:a8:7f:ef:92:77:
                    df:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:2A:30:B2:46:B4:56:4C:02:C2:5F:12:7F:AE:7E:3A:15:7A:94:6C
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS38496.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ef:c1:9b:a1:08:44:b4:f0:2c:a6:3a:0e:00:96:ce:7c:6a:
         08:bd:21:3a:7c:11:ac:86:94:66:bf:59:37:52:a8:94:d6:da:
         59:3a:b4:21:e3:2a:8f:df:f6:68:ae:ec:4a:78:19:45:9b:c2:
         ed:80:51:8f:c0:86:a2:8c:55:dc:d5:67:1b:44:12:2a:1c:88:
         4a:ef:71:84:04:7c:05:52:c3:3e:c5:5e:d9:d4:fe:07:21:79:
         61:0e:ba:35:66:10:82:20:bc:4b:8a:f9:ee:d2:db:1e:c3:3d:
         f6:44:70:a5:01:16:11:15:56:ef:7d:f9:72:f2:b7:61:13:a0:
         30:bb:2a:f9:e2:87:29:1e:e9:f6:e1:ee:37:eb:de:3b:49:70:
         aa:e4:6a:6c:5f:e0:c4:0b:8a:4d:9c:93:c0:70:15:05:4c:f6:
         1b:43:7c:b7:bc:bf:8e:2e:af:05:ad:fe:fa:6e:75:d2:8c:b3:
         93:4f:31:4b:c0:89:d7:ef:41:44:5c:8d:00:e6:c8:62:3c:19:
         20:39:19:7a:84:c9:dd:c7:e5:a1:0b:7f:2a:b9:d2:48:a7:06:
         82:8a:eb:a9:4c:56:c3:f9:04:ba:2f:3c:dd:70:2a:23:d1:2e:
         76:c8:1e:6d:08:fd:6b:5f:72:00:7e:1d:a6:9f:db:87:b6:9f:
         14:5c:5a:de
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUZ+sRtPaf28Q/lRpR+adwLrFpn48wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDkxNTA0MjE1N1oX
DTI2MDkxNDA0MjY1N1owMzExMC8GA1UEAxMoNEUyQTMwQjI0NkI0NTY0QzAyQzI1
RjEyN0ZBRTdFM0ExNTdBOTQ2QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALEFiqvexlMwhoTAoXg7tNtoaOGs5t8B60F3Q2JkpHBV2CenfAG7ktL+FoNi
dbncAn3PHFOhdXqWoIFRqnbb46xQnXgzM5qY6Zv1YJ6bGEjGNEtj4tN9KmEJ0/Op
339lulRb+VNpOenx6YU0OE4UHxKKu2VbMslogC7xsCRWdzQY7blMIbpxD7dbycTL
VTx92gzb6hz2SG6+rHrh9z31KzglilDkAUbVJ8dEA1spctqC96qgmJxIZVWRwUv0
vAlaxvtkR4/dYT75LGlp3cXxX48s4un2LmLkGVrjdBPY8EeRAJmwF9eZio4OzXsq
ooDOrTfZI9S0GrbcSKh/75J3348CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBROKjCy
RrRWTALCXxJ/rn46FXqUbDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwC4Y3cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzM4NDk2LnJv
YTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAkDAPMA0GCSqGSIb3DQEBCwUAA4IBAQCZ78GboQhEtPAspjoOAJbO
fGoIvSE6fBGshpRmv1k3UqiU1tpZOrQh4yqP3/ZoruxKeBlFm8LtgFGPwIaijFXc
1WcbRBIqHIhK73GEBHwFUsM+xV7Z1P4HIXlhDro1ZhCCILxLivnu0tsewz32RHCl
ARYRFVbvffly8rdhE6Awuyr54ocpHun24e436947SXCq5GpsX+DEC4pNnJPAcBUF
TPYbQ3y3vL+OLq8Frf76bnXSjLOTTzFLwInX70FEXI0A5shiPBkgORl6hMndx+Wh
C38qudJIpwaCiuupTFbD+QS6LzzdcCoj0S52yB5tCP1rX3IAfh2mn9uHtp8UXFre
-----END CERTIFICATE-----