Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152390.roa
File:                     AS152390.roa (raw, json)
Hash identifier:          a56c9j5kAkq5+wJFKUU29u5ZZtMA7ZkRTf3H/bHWisM=
Subject key identifier:   4B:04:D5:2C:D2:4C:4C:F8:9F:D5:B3:A2:EA:40:E1:49:95:40:2C:0A
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       523C49D0036C49FC90E64832DB5D198A8692487F
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152390.roa
Signing time:             Thu 06 Feb 2025 10:44:47 +0000
ROA not before:           Thu 06 Feb 2025 10:39:47 +0000
ROA not after:            Thu 05 Feb 2026 10:44:47 +0000
asID:                     152390
IP address blocks:        157.20.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 07 Nov 2025 10:49:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:3c:49:d0:03:6c:49:fc:90:e6:48:32:db:5d:19:8a:86:92:48:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:47 2025 GMT
            Not After : Feb  5 10:44:47 2026 GMT
        Subject: CN=4B04D52CD24C4CF89FD5B3A2EA40E14995402C0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f6:12:88:91:bf:c1:da:fa:d7:67:65:e8:66:
                    72:df:52:b6:79:c8:07:55:b9:ac:7a:22:30:32:1c:
                    2f:dc:c0:2e:8c:32:6b:a3:1d:70:b5:d0:57:d4:a3:
                    2d:0e:ed:f8:33:db:fc:e1:45:99:1b:37:de:b9:f9:
                    03:41:df:ec:dc:5f:ed:2e:47:31:34:21:4f:49:11:
                    27:b0:26:af:1a:81:d6:e8:4b:15:54:bc:d2:56:d7:
                    14:2c:ff:5c:c3:4d:a1:11:0f:a4:3e:3a:b6:a5:2b:
                    b6:b3:31:e5:77:0f:58:b9:2c:42:95:eb:ac:b5:2e:
                    af:67:7e:a4:c1:a6:35:5f:c7:c7:57:49:33:8d:25:
                    63:75:07:31:34:64:95:80:d4:c5:7a:2c:03:8d:7b:
                    f1:9a:c6:d5:f5:1b:4b:1f:0c:36:d1:81:13:f9:16:
                    5f:42:a0:2d:91:16:4e:6d:be:2f:73:20:62:80:46:
                    ea:f9:79:d0:10:59:09:a6:48:0e:55:ce:cc:e5:c5:
                    5d:14:e2:1f:86:a4:8d:18:d9:01:1f:61:50:a5:3a:
                    20:a4:9a:59:1c:e1:94:e5:fa:84:df:02:e9:6e:24:
                    8b:05:3d:b6:1c:51:27:0b:8e:e6:46:d0:57:d2:75:
                    9a:57:60:11:52:c1:5a:eb:b9:35:83:40:a2:db:83:
                    68:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:04:D5:2C:D2:4C:4C:F8:9F:D5:B3:A2:EA:40:E1:49:95:40:2C:0A
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:fc:d9:e5:66:46:c4:d3:51:5f:01:ab:52:4a:50:bd:c6:6a:
         ad:41:c0:27:5c:7f:c2:94:b2:16:9f:e1:b1:be:f2:a0:f8:3e:
         b9:da:71:1b:4e:fe:cf:f9:f3:1e:82:9f:df:a6:da:64:97:82:
         39:eb:a1:91:73:ce:72:83:ba:33:58:1b:f4:4a:35:60:77:ac:
         97:bd:70:a1:15:91:21:8e:d6:a8:91:e0:fe:48:a1:05:f8:7b:
         7b:e8:47:ab:9b:b4:43:30:7a:82:21:aa:33:bb:c6:3c:92:6c:
         9b:dc:3d:a9:1f:69:2d:61:ee:24:ee:0b:02:c8:f1:43:fd:6f:
         77:f7:07:4f:4f:e4:d3:6f:d6:31:2b:07:f6:a4:f0:30:0d:f7:
         98:23:ed:0f:8a:15:76:1b:43:b4:68:69:21:ce:72:00:30:98:
         37:0f:85:30:f8:f6:e2:a0:0f:cc:8f:d9:bb:eb:67:90:15:25:
         18:0c:75:82:4e:53:51:8a:1c:42:79:57:4b:d0:37:ba:29:da:
         e3:8d:be:26:0c:29:7c:24:29:02:30:3f:3d:08:9f:e1:5b:84:
         f1:ba:e5:f6:8f:3d:53:db:49:6e:1c:7b:77:9d:1a:eb:45:a0:
         55:31:df:c3:44:f0:b1:0a:7c:e1:06:f8:32:51:c5:38:1f:00:
         d2:43:c8:c0
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUUjxJ0ANsSfyQ5kgy210ZioaSSH8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk0N1oX
DTI2MDIwNTEwNDQ0N1owMzExMC8GA1UEAxMoNEIwNEQ1MkNEMjRDNENGODlGRDVC
M0EyRUE0MEUxNDk5NTQwMkMwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMP2EoiRv8Ha+tdnZehmct9StnnIB1W5rHoiMDIcL9zALowya6MdcLXQV9Sj
LQ7t+DPb/OFFmRs33rn5A0Hf7Nxf7S5HMTQhT0kRJ7AmrxqB1uhLFVS80lbXFCz/
XMNNoREPpD46tqUrtrMx5XcPWLksQpXrrLUur2d+pMGmNV/Hx1dJM40lY3UHMTRk
lYDUxXosA4178ZrG1fUbSx8MNtGBE/kWX0KgLZEWTm2+L3MgYoBG6vl50BBZCaZI
DlXOzOXFXRTiH4akjRjZAR9hUKU6IKSaWRzhlOX6hN8C6W4kiwU9thxRJwuO5kbQ
V9J1mldgEVLBWuu5NYNAotuDaOMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRLBNUs
0kxM+J/Vs6LqQOFJlUAsCjAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM5MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAJ0UIDANBgkqhkiG9w0BAQsFAAOCAQEAHfzZ5WZGxNNRXwGrUkpQ
vcZqrUHAJ1x/wpSyFp/hsb7yoPg+udpxG07+z/nzHoKf36baZJeCOeuhkXPOcoO6
M1gb9Eo1YHesl71woRWRIY7WqJHg/kihBfh7e+hHq5u0QzB6giGqM7vGPJJsm9w9
qR9pLWHuJO4LAsjxQ/1vd/cHT0/k02/WMSsH9qTwMA33mCPtD4oVdhtDtGhpIc5y
ADCYNw+FMPj24qAPzI/Zu+tnkBUlGAx1gk5TUYocQnlXS9A3uina442+JgwpfCQp
AjA/PQif4VuE8brl9o89U9tJbhx7d50a60WgVTHfw0TwsQp84Qb4MlHFOB8A0kPI
wA==
-----END CERTIFICATE-----