Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152393.roa
File:                     AS152393.roa (raw, json)
Hash identifier:          EWZ/vcA79zyS+kYd8bT3ltLbyr56GjXRIIo8gTKlTcA=
Subject key identifier:   44:4E:DB:F1:AD:01:71:AB:17:C9:26:3D:F3:F8:FF:28:83:35:19:18
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       61F8D3B3AFB34969DD3BF2FE4E5A23F43E55B335
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152393.roa
Signing time:             Thu 08 Jan 2026 11:00:00 +0000
ROA not before:           Thu 08 Jan 2026 10:55:00 +0000
ROA not after:            Thu 07 Jan 2027 11:00:00 +0000
asID:                     152393
IP address blocks:        157.15.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f8:d3:b3:af:b3:49:69:dd:3b:f2:fe:4e:5a:23:f4:3e:55:b3:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan  8 10:55:00 2026 GMT
            Not After : Jan  7 11:00:00 2027 GMT
        Subject: CN=444EDBF1AD0171AB17C9263DF3F8FF2883351918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8f:b4:0c:08:ee:6c:27:ec:9d:d5:7a:78:a1:
                    ac:31:76:fa:90:c5:18:ed:1e:b0:f3:f4:e0:16:82:
                    9f:77:fe:b3:9e:da:c7:02:65:2b:da:ba:be:7a:35:
                    49:69:4b:55:b7:e1:d7:3a:c1:3b:54:ae:cb:b2:bb:
                    e3:cc:ee:29:c9:f7:4a:38:e7:de:50:04:10:b5:3e:
                    d7:26:a5:22:60:f4:85:ab:cf:8d:3f:b6:95:16:81:
                    b7:cf:ad:b9:e2:9e:d4:ce:1f:73:c4:26:a5:65:47:
                    f0:36:40:eb:b3:52:ce:b8:a1:ea:67:34:10:57:11:
                    cf:66:e0:7d:34:60:98:e3:77:b0:cb:83:40:a5:cb:
                    9c:aa:ca:dc:e5:81:f7:bc:c7:13:22:b4:fe:1d:9b:
                    ea:62:0c:cb:83:5e:7d:18:35:28:f7:c3:86:d4:01:
                    f2:f7:c4:cd:a3:4c:a9:1e:c9:08:cc:53:99:ed:1f:
                    f7:aa:6c:7f:8b:af:ec:b0:fd:2d:f4:a8:5f:78:a2:
                    f2:7e:3b:ae:62:da:99:90:da:9c:48:50:88:e1:ab:
                    13:70:b9:6c:ef:1f:b3:6f:18:41:80:7a:26:17:8b:
                    ee:43:3b:23:06:55:57:84:2a:6e:b0:4a:49:c1:98:
                    52:5b:24:cf:86:6d:72:57:9b:fa:21:68:ff:53:3f:
                    c8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4E:DB:F1:AD:01:71:AB:17:C9:26:3D:F3:F8:FF:28:83:35:19:18
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152393.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:8c:22:86:8a:b9:16:33:94:56:d4:23:ca:b1:e2:aa:a0:79:
         04:2f:92:a8:41:2a:37:c5:ac:32:23:3b:74:a2:60:e2:2e:f7:
         a7:81:6c:dd:a4:a8:bd:d4:78:50:e2:85:af:74:31:26:d2:9a:
         51:9d:ba:cf:84:16:cd:cc:cc:0a:05:a9:5e:48:fb:52:72:ec:
         89:86:d2:d7:10:f1:83:71:05:1f:b7:de:aa:0e:e0:40:50:f0:
         da:7f:70:29:9c:35:15:e0:32:92:83:9c:c9:b7:fb:a8:d7:ad:
         d4:33:d2:3e:63:96:30:f5:39:c7:03:d9:45:c4:af:b7:47:0e:
         c3:4c:8c:73:22:dd:eb:2f:18:9d:66:ed:93:d5:c2:72:d2:1c:
         06:8f:66:ef:5b:65:5a:bf:47:16:32:97:60:c3:9b:5f:90:2e:
         62:8f:4d:68:90:6e:82:2d:44:76:b0:19:40:15:36:2a:04:11:
         33:d7:17:00:08:ae:00:6b:7c:46:fd:14:f0:df:c4:5b:ef:67:
         85:23:1d:aa:2d:b1:84:74:4a:54:29:26:b0:6a:c0:0b:ab:98:
         82:7d:16:00:81:16:08:3f:3e:44:44:71:a5:a7:76:8c:83:c1:
         c3:49:c7:92:12:33:f1:15:4f:7b:1f:1b:68:88:4c:de:60:90:
         5c:7f:f1:b9
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUYfjTs6+zSWndO/L+Tloj9D5VszUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEwODEwNTUwMFoX
DTI3MDEwNzExMDAwMFowMzExMC8GA1UEAxMoNDQ0RURCRjFBRDAxNzFBQjE3Qzky
NjNERjNGOEZGMjg4MzM1MTkxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuPtAwI7mwn7J3VenihrDF2+pDFGO0esPP04BaCn3f+s57axwJlK9q6vno1
SWlLVbfh1zrBO1Suy7K748zuKcn3Sjjn3lAEELU+1yalImD0havPjT+2lRaBt8+t
ueKe1M4fc8QmpWVH8DZA67NSzrih6mc0EFcRz2bgfTRgmON3sMuDQKXLnKrK3OWB
97zHEyK0/h2b6mIMy4NefRg1KPfDhtQB8vfEzaNMqR7JCMxTme0f96psf4uv7LD9
LfSoX3ii8n47rmLamZDanEhQiOGrE3C5bO8fs28YQYB6JheL7kM7IwZVV4QqbrBK
ScGYUlskz4Ztcleb+iFo/1M/yCMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRETtvx
rQFxqxfJJj3z+P8ogzUZGDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjM5My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0P0jANBgkqhkiG9w0BAQsFAAOCAQEAC4wihoq5FjOUVtQjyrHi
qqB5BC+SqEEqN8WsMiM7dKJg4i73p4Fs3aSovdR4UOKFr3QxJtKaUZ26z4QWzczM
CgWpXkj7UnLsiYbS1xDxg3EFH7feqg7gQFDw2n9wKZw1FeAykoOcybf7qNet1DPS
PmOWMPU5xwPZRcSvt0cOw0yMcyLd6y8YnWbtk9XCctIcBo9m71tlWr9HFjKXYMOb
X5AuYo9NaJBugi1EdrAZQBU2KgQRM9cXAAiuAGt8Rv0U8N/EW+9nhSMdqi2xhHRK
VCkmsGrAC6uYgn0WAIEWCD8+RERxpad2jIPBw0nHkhIz8RVPex8baIhM3mCQXH/x
uQ==
-----END CERTIFICATE-----