Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152344.roa
File:                     AS152344.roa (raw, json)
Hash identifier:          nZ6ZGnLIDP6O1qM9xshI9VtDGZ7+Q4YDCvTbOB/tEKo=
Subject key identifier:   03:A4:59:A9:DC:85:B1:70:B8:D6:8C:1D:45:A9:E2:B8:5B:B4:AE:8B
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       1996533C8CC9F00A6C0E6640F69E73683AE4D9D9
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152344.roa
Signing time:             Thu 08 Jan 2026 11:00:09 +0000
ROA not before:           Thu 08 Jan 2026 10:55:09 +0000
ROA not after:            Thu 07 Jan 2027 11:00:09 +0000
asID:                     152344
IP address blocks:        157.10.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:96:53:3c:8c:c9:f0:0a:6c:0e:66:40:f6:9e:73:68:3a:e4:d9:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan  8 10:55:09 2026 GMT
            Not After : Jan  7 11:00:09 2027 GMT
        Subject: CN=03A459A9DC85B170B8D68C1D45A9E2B85BB4AE8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:39:19:2e:58:5c:a8:f2:0e:9c:2d:95:94:b5:
                    32:7c:e0:48:b3:0a:2c:f2:26:b6:ce:d5:8a:66:ba:
                    98:f0:f6:a6:c3:92:6d:de:63:d8:92:0d:f7:50:8f:
                    4b:b3:61:d5:d9:d3:9c:a1:c6:ba:f0:a9:d8:d4:08:
                    12:a8:30:8f:8b:bd:62:0f:2f:56:2a:53:52:82:9f:
                    83:c1:ed:93:20:16:3e:8e:eb:c4:7f:f6:49:9d:ad:
                    19:55:d4:8c:0e:1b:12:a7:40:9c:3c:03:c1:49:69:
                    37:47:38:2a:49:69:e0:51:95:9f:bb:c9:f3:c9:6f:
                    f9:e5:2b:75:ca:42:32:0c:5a:7a:84:9f:a8:f8:e3:
                    68:32:48:c7:e6:79:a7:d5:cb:49:c3:97:c8:74:20:
                    13:01:94:27:64:07:6b:e8:58:23:a2:b0:28:a3:23:
                    3e:98:39:b1:17:5b:9c:0d:93:57:34:eb:38:bd:3d:
                    63:1c:d2:43:e5:a2:bb:cb:fd:8e:4e:0d:77:59:36:
                    2b:63:25:58:6e:a8:0a:35:2c:ce:fe:d9:8f:52:14:
                    00:40:01:42:ca:12:6d:03:7d:c7:b6:e3:7b:11:d9:
                    6e:5e:c7:cd:8d:d6:d1:d9:54:7f:c0:0a:cb:1c:8c:
                    a4:c9:7a:11:dc:32:79:dc:ee:4f:26:6e:16:0e:3b:
                    1c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A4:59:A9:DC:85:B1:70:B8:D6:8C:1D:45:A9:E2:B8:5B:B4:AE:8B
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:8c:7f:ab:8b:31:45:16:f2:8f:cb:d0:5a:d8:4c:a0:9b:03:
         c5:0e:b4:27:5b:f1:84:9c:98:59:cc:df:ac:0e:f3:26:8b:a3:
         8f:db:8b:54:dd:e2:84:92:aa:10:46:7b:29:70:b8:a3:7e:69:
         9e:a7:51:5c:42:50:54:e2:e1:90:c3:c2:b7:95:da:3f:cc:f2:
         ba:65:d0:82:38:bf:0f:45:69:ea:6b:61:da:ae:62:80:17:db:
         56:dc:12:54:ea:17:41:15:4e:ab:7a:14:8f:90:3d:d2:28:35:
         92:0d:d7:4a:6a:09:9b:54:de:69:71:60:97:60:76:38:55:20:
         ae:c7:43:7b:ec:e8:d9:cd:b9:0d:8c:a0:a1:67:f5:a8:75:7d:
         5e:2c:a2:9b:4c:33:52:3e:2b:22:67:75:f1:36:f5:4c:8a:b1:
         d4:99:cb:a9:26:2f:40:30:d8:8a:b9:23:35:c6:0f:c3:a5:67:
         be:6b:5a:19:d9:1a:7a:09:d6:f4:e1:1b:3f:b9:fe:cc:3f:c3:
         b2:75:13:fe:5e:1f:71:94:f3:7a:e2:c1:8f:44:26:06:dd:28:
         7a:a9:d3:1f:f8:70:c5:a8:06:08:00:32:36:27:91:f0:26:0d:
         63:44:18:b0:5c:0b:4a:97:2c:9f:72:d1:f0:35:4a:8b:2d:87:
         c7:8d:2c:11
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUGZZTPIzJ8ApsDmZA9p5zaDrk2dkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEwODEwNTUwOVoX
DTI3MDEwNzExMDAwOVowMzExMC8GA1UEAxMoMDNBNDU5QTlEQzg1QjE3MEI4RDY4
QzFENDVBOUUyQjg1QkI0QUU4QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMg5GS5YXKjyDpwtlZS1MnzgSLMKLPImts7Vima6mPD2psOSbd5j2JIN91CP
S7Nh1dnTnKHGuvCp2NQIEqgwj4u9Yg8vVipTUoKfg8HtkyAWPo7rxH/2SZ2tGVXU
jA4bEqdAnDwDwUlpN0c4Kklp4FGVn7vJ88lv+eUrdcpCMgxaeoSfqPjjaDJIx+Z5
p9XLScOXyHQgEwGUJ2QHa+hYI6KwKKMjPpg5sRdbnA2TVzTrOL09YxzSQ+Wiu8v9
jk4Nd1k2K2MlWG6oCjUszv7Zj1IUAEABQsoSbQN9x7bjexHZbl7HzY3W0dlUf8AK
yxyMpMl6EdwyedzuTyZuFg47HPMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQDpFmp
3IWxcLjWjB1FqeK4W7SuizAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM0NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0KtjANBgkqhkiG9w0BAQsFAAOCAQEACIx/q4sxRRbyj8vQWthM
oJsDxQ60J1vxhJyYWczfrA7zJoujj9uLVN3ihJKqEEZ7KXC4o35pnqdRXEJQVOLh
kMPCt5XaP8zyumXQgji/D0Vp6mth2q5igBfbVtwSVOoXQRVOq3oUj5A90ig1kg3X
SmoJm1TeaXFgl2B2OFUgrsdDe+zo2c25DYygoWf1qHV9Xiyim0wzUj4rImd18Tb1
TIqx1JnLqSYvQDDYirkjNcYPw6VnvmtaGdkaegnW9OEbP7n+zD/DsnUT/l4fcZTz
euLBj0QmBt0oeqnTH/hwxagGCAAyNieR8CYNY0QYsFwLSpcsn3LR8DVKiy2Hx40s
EQ==
-----END CERTIFICATE-----