Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152386.roa
File:                     AS152386.roa (raw, json)
Hash identifier:          miCMyu5mArRRYU23MaIJzRABaWX8MKjQD4ObGLZ+iLQ=
Subject key identifier:   C3:76:CB:A8:FA:23:24:EF:5C:74:2F:AD:4E:9D:CB:2B:86:7F:6C:0C
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       17DC43F1F743AFCDD4D7FEA2A36D36FF6F979DE9
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152386.roa
Signing time:             Thu 08 Jan 2026 11:00:07 +0000
ROA not before:           Thu 08 Jan 2026 10:55:07 +0000
ROA not after:            Thu 07 Jan 2027 11:00:07 +0000
asID:                     152386
IP address blocks:        157.20.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:dc:43:f1:f7:43:af:cd:d4:d7:fe:a2:a3:6d:36:ff:6f:97:9d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan  8 10:55:07 2026 GMT
            Not After : Jan  7 11:00:07 2027 GMT
        Subject: CN=C376CBA8FA2324EF5C742FAD4E9DCB2B867F6C0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b7:c5:56:37:c6:37:bf:a7:38:a0:bf:35:c5:
                    4d:a3:bc:5e:2b:eb:45:50:db:53:30:d8:bd:d2:c6:
                    64:2b:b8:b0:5f:9f:78:0a:0f:c3:63:a7:14:14:a0:
                    74:fa:64:19:cd:0e:20:05:3f:fd:0b:23:7f:06:71:
                    1e:2b:9b:b1:6f:3c:ad:a3:9c:d5:80:6c:1d:cf:c5:
                    84:23:d7:91:43:7b:ca:f2:2d:80:c2:49:8b:9c:28:
                    ee:70:3d:02:39:70:3b:75:dc:d5:8a:af:f6:91:4f:
                    34:75:94:69:7f:c4:77:e3:4d:4d:c9:ae:cb:a1:5e:
                    28:93:e7:d0:7c:2e:fc:09:c4:5c:3d:41:f9:c0:8e:
                    89:63:b1:65:12:5f:3b:89:5b:b2:ea:04:13:9f:bf:
                    35:aa:d3:81:55:cc:aa:51:36:77:16:23:35:04:1f:
                    7a:75:31:a1:e8:14:b6:e2:5f:d2:d4:c8:67:6d:aa:
                    c5:09:83:5c:f3:d8:c6:8f:b9:93:cb:d1:69:ba:bd:
                    37:d3:34:e7:76:a1:07:76:69:da:5e:0b:cd:ff:2f:
                    ca:12:60:33:38:d2:45:0e:13:7c:d5:0c:58:f2:65:
                    14:f1:16:76:c7:1d:a5:4e:e9:26:33:8a:1e:9e:b5:
                    73:02:b8:d8:0b:3e:18:72:78:31:a1:51:b7:fc:33:
                    b2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:76:CB:A8:FA:23:24:EF:5C:74:2F:AD:4E:9D:CB:2B:86:7F:6C:0C
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:5a:53:1b:c3:70:6c:71:f3:e0:e7:b8:22:54:1b:4f:01:86:
         27:ee:b4:e8:ae:16:52:57:e6:58:a0:be:41:91:19:8b:18:08:
         1e:af:34:c8:71:92:03:f8:d8:95:4a:73:14:ac:2e:f0:c2:44:
         73:00:32:12:40:a9:86:c5:42:c9:c4:c3:99:08:4d:42:ff:2c:
         68:fa:29:a6:31:5f:ec:4a:b8:dc:a3:f0:bd:7d:34:93:e9:6f:
         45:aa:1e:bf:05:bf:9c:72:83:8b:af:75:ca:86:6c:a7:0e:2f:
         f3:2d:ae:c1:6a:e2:a7:71:7e:49:ad:8c:ed:cd:07:bb:3a:57:
         fa:a3:9d:2f:0b:36:cb:0e:22:e2:cd:1c:65:0a:2b:45:01:e7:
         07:3f:2c:b8:d4:af:d1:0a:88:2e:6a:26:c7:ac:6c:88:58:33:
         b2:0a:04:9a:ce:20:af:2b:c7:68:62:d9:e9:52:e5:6d:75:93:
         42:60:68:c6:4c:15:f9:5c:6d:27:df:55:28:aa:3c:87:13:2a:
         c2:a6:c9:92:ce:31:a6:e9:88:9c:61:99:0d:85:e7:ad:fb:41:
         14:af:07:a3:1c:b9:c5:be:a3:fc:0d:b8:ca:e9:7d:02:52:50:
         33:06:37:e9:af:be:d1:34:cd:49:15:22:97:86:64:50:a7:7c:
         4c:d7:17:cf
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUF9xD8fdDr83U1/6io202/2+XnekwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEwODEwNTUwN1oX
DTI3MDEwNzExMDAwN1owMzExMC8GA1UEAxMoQzM3NkNCQThGQTIzMjRFRjVDNzQy
RkFENEU5RENCMkI4NjdGNkMwQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMe3xVY3xje/pzigvzXFTaO8XivrRVDbUzDYvdLGZCu4sF+feAoPw2OnFBSg
dPpkGc0OIAU//QsjfwZxHiubsW88raOc1YBsHc/FhCPXkUN7yvItgMJJi5wo7nA9
AjlwO3Xc1Yqv9pFPNHWUaX/Ed+NNTcmuy6FeKJPn0Hwu/AnEXD1B+cCOiWOxZRJf
O4lbsuoEE5+/NarTgVXMqlE2dxYjNQQfenUxoegUtuJf0tTIZ22qxQmDXPPYxo+5
k8vRabq9N9M053ahB3Zp2l4Lzf8vyhJgMzjSRQ4TfNUMWPJlFPEWdscdpU7pJjOK
Hp61cwK42As+GHJ4MaFRt/wzsmcCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBTDdsuo
+iMk71x0L61Oncsrhn9sDDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM4Ni5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0UHjANBgkqhkiG9w0BAQsFAAOCAQEAeVpTG8NwbHHz4Oe4IlQb
TwGGJ+606K4WUlfmWKC+QZEZixgIHq80yHGSA/jYlUpzFKwu8MJEcwAyEkCphsVC
ycTDmQhNQv8saPoppjFf7Eq43KPwvX00k+lvRaoevwW/nHKDi691yoZspw4v8y2u
wWrip3F+Sa2M7c0HuzpX+qOdLws2yw4i4s0cZQorRQHnBz8suNSv0QqILmomx6xs
iFgzsgoEms4gryvHaGLZ6VLlbXWTQmBoxkwV+VxtJ99VKKo8hxMqwqbJks4xpumI
nGGZDYXnrftBFK8Hoxy5xb6j/A24yul9AlJQMwY36a++0TTNSRUil4ZkUKd8TNcX
zw==
-----END CERTIFICATE-----