Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152359.roa
File:                     AS152359.roa (raw, json)
Hash identifier:          /k8vVdEVEF1wXbjl6iwd5h4pqnckzEFFogeKY+sjKVM=
Subject key identifier:   18:67:D2:5A:16:C2:92:A2:AD:DF:6A:83:32:2A:57:D4:BA:3B:6D:E2
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       4249A8EE4E040AD87070BC4649734AC8821D1808
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152359.roa
Signing time:             Thu 08 Jan 2026 11:00:00 +0000
ROA not before:           Thu 08 Jan 2026 10:55:00 +0000
ROA not after:            Thu 07 Jan 2027 11:00:00 +0000
asID:                     152359
IP address blocks:        157.10.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:49:a8:ee:4e:04:0a:d8:70:70:bc:46:49:73:4a:c8:82:1d:18:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan  8 10:55:00 2026 GMT
            Not After : Jan  7 11:00:00 2027 GMT
        Subject: CN=1867D25A16C292A2ADDF6A83322A57D4BA3B6DE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9b:d7:cc:82:43:2c:69:e3:0f:77:8e:89:e8:
                    c1:5c:ff:f5:dd:76:43:00:8d:59:2c:82:45:12:68:
                    52:8b:05:93:de:37:c6:ec:8e:bd:17:34:2e:07:b0:
                    02:6a:9d:4a:14:16:8b:f6:45:15:7a:b1:f4:30:60:
                    7f:73:2c:fc:d7:1a:1d:cc:fd:de:ad:72:40:34:dc:
                    7e:fd:71:d7:96:a2:d2:99:24:40:74:e4:12:4a:5b:
                    91:a9:60:7d:6d:ee:57:6a:85:81:f8:0f:03:34:a4:
                    d2:ea:5b:81:a7:d3:05:19:c0:91:e8:d3:2d:ae:4a:
                    1c:d7:f6:82:a3:48:44:08:a8:1a:02:f1:a1:d6:17:
                    ae:84:82:ad:b1:87:53:12:14:94:d2:4e:56:c1:2b:
                    82:ce:9d:79:9a:bb:c8:bd:2a:93:13:df:77:f8:da:
                    2b:96:c9:c4:3b:69:6f:74:56:10:4a:88:58:d4:be:
                    24:2d:b5:da:37:ab:fa:00:db:4d:9f:f4:25:de:bb:
                    ba:fb:be:40:ea:f1:f6:66:fe:e8:a8:70:d3:f6:cc:
                    0f:5b:b9:fb:ba:dc:f8:d6:e8:ec:37:94:97:e2:62:
                    e1:c1:a6:c2:99:06:f0:e9:72:9f:8d:84:75:69:65:
                    10:3e:a8:c6:93:1c:c4:59:50:1a:fd:62:85:d1:e7:
                    94:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:67:D2:5A:16:C2:92:A2:AD:DF:6A:83:32:2A:57:D4:BA:3B:6D:E2
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:87:08:c5:2d:21:83:fc:c2:2b:77:58:c0:30:db:eb:fc:3d:
         a0:30:b7:f8:b5:24:05:52:39:30:8d:14:8d:8f:be:51:d5:e2:
         48:76:e0:4f:89:b8:17:8d:41:a2:ec:38:bf:0e:f6:29:c3:dd:
         3d:41:21:e1:a2:f6:38:3e:ae:cd:91:84:0e:ef:44:ce:cc:32:
         83:03:e7:91:8d:ba:31:bc:5a:2e:56:6b:4a:b7:c0:5c:b7:4b:
         3b:11:9f:36:4b:ee:c4:95:32:81:ab:0d:f3:8b:09:44:b0:06:
         bb:92:38:cf:7a:bc:b9:63:bf:ee:c0:42:4e:b6:5a:64:0a:e1:
         1d:e7:4b:50:a8:fa:b0:72:17:c8:e1:41:4f:e5:ac:39:83:bb:
         cb:8d:d8:32:20:4e:38:7d:cf:1a:b6:94:71:8e:b1:ea:db:6c:
         5a:d6:c9:d0:6b:d5:84:a7:d0:ad:0b:91:78:0a:91:99:2f:e8:
         70:ba:49:14:b1:34:bf:ae:f0:09:b4:92:fd:49:0b:ec:3d:09:
         c5:a4:7e:39:cb:48:ad:05:46:cb:bb:0a:b6:a0:b8:dd:f7:55:
         6f:58:f2:a4:cf:a9:45:68:d0:ac:4d:9a:cf:bd:c8:8f:3a:84:
         e9:41:5f:1c:f1:ce:a9:7c:2c:b9:a5:5f:7e:6c:b5:65:2d:fd:
         b9:41:d5:25
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUQkmo7k4ECthwcLxGSXNKyIIdGAgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEwODEwNTUwMFoX
DTI3MDEwNzExMDAwMFowMzExMC8GA1UEAxMoMTg2N0QyNUExNkMyOTJBMkFEREY2
QTgzMzIyQTU3RDRCQTNCNkRFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKab18yCQyxp4w93jonowVz/9d12QwCNWSyCRRJoUosFk943xuyOvRc0Lgew
AmqdShQWi/ZFFXqx9DBgf3Ms/NcaHcz93q1yQDTcfv1x15ai0pkkQHTkEkpbkalg
fW3uV2qFgfgPAzSk0upbgafTBRnAkejTLa5KHNf2gqNIRAioGgLxodYXroSCrbGH
UxIUlNJOVsErgs6deZq7yL0qkxPfd/jaK5bJxDtpb3RWEEqIWNS+JC212jer+gDb
TZ/0Jd67uvu+QOrx9mb+6Khw0/bMD1u5+7rc+Nbo7DeUl+Ji4cGmwpkG8Olyn42E
dWllED6oxpMcxFlQGv1ihdHnlLcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQYZ9Ja
FsKSoq3faoMyKlfUujtt4jAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM1OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0K/jANBgkqhkiG9w0BAQsFAAOCAQEAO4cIxS0hg/zCK3dYwDDb
6/w9oDC3+LUkBVI5MI0UjY++UdXiSHbgT4m4F41Bouw4vw72KcPdPUEh4aL2OD6u
zZGEDu9EzswygwPnkY26MbxaLlZrSrfAXLdLOxGfNkvuxJUygasN84sJRLAGu5I4
z3q8uWO/7sBCTrZaZArhHedLUKj6sHIXyOFBT+WsOYO7y43YMiBOOH3PGraUcY6x
6ttsWtbJ0GvVhKfQrQuReAqRmS/ocLpJFLE0v67wCbSS/UkL7D0JxaR+OctIrQVG
y7sKtqC43fdVb1jypM+pRWjQrE2az73IjzqE6UFfHPHOqXwsuaVffmy1ZS39uUHV
JQ==
-----END CERTIFICATE-----