Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152424.roa
File:                     AS152424.roa (raw, json)
Hash identifier:          /6KYO9955C4pQk12VQNfrmDOqAElivV/U/aJoCiZejI=
Subject key identifier:   33:DA:10:73:E8:76:F6:B9:AF:29:B3:20:8A:4B:09:05:11:B3:1C:40
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       06C962B6843F482759ADD309858D836D58FDE03C
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152424.roa
Signing time:             Wed 15 Oct 2025 08:20:19 +0000
ROA not before:           Wed 15 Oct 2025 08:15:19 +0000
ROA not after:            Wed 14 Oct 2026 08:20:19 +0000
asID:                     152424
IP address blocks:        157.20.34.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 07 Nov 2025 10:49:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:c9:62:b6:84:3f:48:27:59:ad:d3:09:85:8d:83:6d:58:fd:e0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Oct 15 08:15:19 2025 GMT
            Not After : Oct 14 08:20:19 2026 GMT
        Subject: CN=33DA1073E876F6B9AF29B3208A4B090511B31C40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e3:8c:a2:bd:ff:d8:5d:4a:b6:c7:ef:b4:32:
                    c2:f0:47:2a:7a:07:c5:55:c9:b8:f8:65:eb:ed:38:
                    5a:8a:b7:b4:10:10:8c:2a:d2:ce:c7:15:2d:64:61:
                    4b:b4:db:43:68:f1:86:dd:2d:a0:4b:3d:bb:f7:cd:
                    8b:2e:ca:8e:5d:2b:39:5b:c7:40:d6:e6:51:29:aa:
                    43:5f:9c:fd:a0:f8:9c:4b:47:0c:c7:63:4b:15:1a:
                    74:58:ef:3d:23:b8:6f:75:eb:fb:3f:a2:c6:f0:04:
                    ce:3f:7c:0b:07:01:c3:90:bc:70:99:0f:2f:db:0c:
                    5d:4b:3c:3b:3b:a5:51:d7:f7:77:3c:54:3d:c4:61:
                    43:e6:f0:5e:8d:43:6b:e5:ed:90:e6:23:24:81:8d:
                    85:3c:d0:40:07:52:0b:73:d2:2f:c9:21:33:31:31:
                    a2:2f:32:a9:79:3a:b3:0e:48:3b:a5:7f:6c:05:80:
                    33:c9:80:7f:8f:d5:ce:d2:13:0a:77:9b:08:82:64:
                    45:71:41:80:11:0e:f4:fa:d0:c9:c2:7e:e7:43:5d:
                    37:c0:da:51:2b:a5:9f:43:ab:fb:c2:91:7d:af:5a:
                    89:9a:dd:22:15:47:29:a8:54:8a:f4:e6:e4:5b:4e:
                    d5:4c:9d:3a:2a:1a:5c:68:84:cc:01:b6:24:98:1c:
                    44:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DA:10:73:E8:76:F6:B9:AF:29:B3:20:8A:4B:09:05:11:B3:1C:40
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152424.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:db:05:4c:ee:eb:50:73:2f:c7:fc:27:f9:54:fe:57:6d:33:
         d7:a6:b9:a4:8c:65:5b:9d:4b:cc:bc:20:1d:c9:8b:e9:de:c4:
         0d:c0:8a:9a:ef:b3:fb:84:24:94:55:88:b5:0b:66:f9:67:b4:
         88:ae:39:4b:f4:3f:cf:8d:3d:35:30:06:9c:0f:e0:a7:31:b3:
         d6:ee:45:b1:a7:7c:4a:9f:a4:5f:34:6d:28:0e:ea:41:13:a6:
         df:b6:29:b7:b4:82:6a:5b:ac:a5:d1:e7:66:37:3f:dd:6f:b6:
         30:a1:ae:37:1d:3f:9d:8b:15:64:1b:11:d7:92:4e:ef:4b:9c:
         5e:8b:3e:87:78:b2:d5:3b:80:2c:39:1a:54:18:61:39:c1:21:
         83:e2:0a:81:40:eb:2c:5e:9b:4e:f1:cc:cb:c9:49:37:09:d6:
         e1:d0:ee:25:72:cb:e8:b3:5f:e4:9f:a0:d0:7c:eb:5b:8e:4e:
         11:26:ef:3d:40:ba:3f:c1:e8:0c:c5:fa:6b:13:99:42:08:02:
         a7:b7:61:e8:7e:cb:a0:91:dc:45:60:b1:49:0c:55:8a:96:53:
         b8:d5:f7:ca:62:f4:d2:05:d0:3b:ff:9b:40:fe:c7:17:97:6f:
         cb:6c:8c:30:d7:1f:42:a7:68:60:48:60:30:b2:94:e9:2e:65:
         88:86:31:22
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUBslitoQ/SCdZrdMJhY2DbVj94DwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MTAxNTA4MTUxOVoX
DTI2MTAxNDA4MjAxOVowMzExMC8GA1UEAxMoMzNEQTEwNzNFODc2RjZCOUFGMjlC
MzIwOEE0QjA5MDUxMUIzMUM0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbjjKK9/9hdSrbH77QywvBHKnoHxVXJuPhl6+04Woq3tBAQjCrSzscVLWRh
S7TbQ2jxht0toEs9u/fNiy7Kjl0rOVvHQNbmUSmqQ1+c/aD4nEtHDMdjSxUadFjv
PSO4b3Xr+z+ixvAEzj98CwcBw5C8cJkPL9sMXUs8OzulUdf3dzxUPcRhQ+bwXo1D
a+XtkOYjJIGNhTzQQAdSC3PSL8khMzExoi8yqXk6sw5IO6V/bAWAM8mAf4/VztIT
CnebCIJkRXFBgBEO9PrQycJ+50NdN8DaUSuln0Or+8KRfa9aiZrdIhVHKahUivTm
5FtO1UydOioaXGiEzAG2JJgcRGECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQz2hBz
6Hb2ua8psyCKSwkFEbMcQDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjQyNC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ0UIjANBgkqhkiG9w0BAQsFAAOCAQEABtsFTO7rUHMvx/wn+VT+
V20z16a5pIxlW51LzLwgHcmL6d7EDcCKmu+z+4QklFWItQtm+We0iK45S/Q/z409
NTAGnA/gpzGz1u5Fsad8Sp+kXzRtKA7qQROm37Ypt7SCaluspdHnZjc/3W+2MKGu
Nx0/nYsVZBsR15JO70ucXos+h3iy1TuALDkaVBhhOcEhg+IKgUDrLF6bTvHMy8lJ
NwnW4dDuJXLL6LNf5J+g0HzrW45OESbvPUC6P8HoDMX6axOZQggCp7dh6H7LoJHc
RWCxSQxVipZTuNX3ymL00gXQO/+bQP7HF5dvy2yMMNcfQqdoYEhgMLKU6S5liIYx
Ig==
-----END CERTIFICATE-----