Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152829.roa
File:                     AS152829.roa (raw, json)
Hash identifier:          w2UJiJMGTG0o7oQWBqXJAz+wofD848o5BaYrtylUTNs=
Subject key identifier:   47:63:3F:7C:CA:60:05:86:F4:59:FF:C0:E3:6F:A2:83:8F:98:A6:A1
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       6C812B4575511B349E3B1F49834134A6EC234489
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152829.roa
Signing time:             Thu 06 Feb 2025 10:44:55 +0000
ROA not before:           Thu 06 Feb 2025 10:39:55 +0000
ROA not after:            Thu 05 Feb 2026 10:44:55 +0000
asID:                     152829
IP address blocks:        160.22.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 07 Nov 2025 10:49:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:81:2b:45:75:51:1b:34:9e:3b:1f:49:83:41:34:a6:ec:23:44:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb  6 10:39:55 2025 GMT
            Not After : Feb  5 10:44:55 2026 GMT
        Subject: CN=47633F7CCA600586F459FFC0E36FA2838F98A6A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1d:84:4c:4c:67:5a:5a:dd:09:69:76:c3:1e:
                    f6:c4:db:7a:3a:d6:98:34:81:f6:02:19:ce:3d:e4:
                    eb:f0:b9:88:b5:ff:7a:5c:23:5c:42:c3:87:a8:2b:
                    32:20:8e:26:a5:a1:48:2a:35:02:1f:ba:cb:e9:10:
                    6c:05:6f:50:40:1e:96:45:e0:8f:12:5b:ff:2a:eb:
                    a6:70:bf:48:6c:45:3d:98:17:02:09:45:f9:09:af:
                    b7:a8:d9:0c:ca:f8:6d:d4:3e:c9:a0:26:52:7d:3b:
                    84:df:e7:4a:70:42:18:00:05:83:be:38:59:01:18:
                    d6:c6:25:8b:21:1b:12:96:45:d3:f3:3f:40:08:a9:
                    86:e1:39:e7:5e:b6:2e:9f:3d:d7:7f:ab:04:a1:81:
                    59:1e:27:e8:63:6f:0b:af:2a:9d:6c:56:ca:9b:b6:
                    35:fe:ed:81:ac:6f:ea:5c:fb:e1:3b:2d:e4:2b:24:
                    69:af:56:0d:ee:84:62:b2:77:1c:43:c3:16:ed:60:
                    ac:8b:66:1b:86:f4:46:0a:31:89:f1:c8:22:3b:66:
                    e2:99:76:66:f9:9c:78:20:00:c7:62:91:e5:ab:1d:
                    92:ed:e1:5d:6c:a5:ae:69:f7:98:8d:86:70:c2:4d:
                    af:a1:c1:f1:c7:5a:b0:a0:a1:40:36:de:c7:6d:54:
                    1e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:63:3F:7C:CA:60:05:86:F4:59:FF:C0:E3:6F:A2:83:8F:98:A6:A1
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS152829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:ff:7b:81:05:75:99:59:43:e8:90:0d:a4:5f:ba:64:c6:5a:
         fe:b5:e9:07:e1:5c:0f:26:8e:96:1f:9a:3c:7c:f0:3d:86:b4:
         f4:62:e4:cc:00:53:de:7e:4e:56:44:cc:69:c0:29:6c:02:14:
         05:b2:45:26:29:f0:e4:3b:97:b5:50:8c:a1:cd:1a:7b:d9:f6:
         bb:c6:72:70:c5:76:a1:c0:d2:6d:8f:b4:ff:2a:3d:d2:34:6c:
         69:f6:4d:57:eb:61:2a:c7:84:0c:33:83:ee:24:c7:e8:34:e9:
         a8:8c:3d:5d:68:13:89:ff:38:49:3b:68:05:b8:da:4f:f9:6a:
         f4:63:95:ae:52:49:37:87:77:f9:30:98:d2:fc:45:7b:38:e2:
         d6:70:13:b8:e6:0e:d4:75:bd:57:07:24:21:10:8c:89:61:fa:
         df:e8:ec:16:d6:7b:2f:2b:31:fe:b7:ed:3a:f6:72:01:6f:a8:
         53:38:33:e2:d1:27:b1:ee:ec:8a:1b:b1:c3:51:2e:1b:de:52:
         3d:71:e1:9b:8a:b1:0a:31:c9:54:b9:72:07:06:5b:0b:ff:17:
         6f:b3:a8:54:96:8c:63:23:ee:cb:6b:19:6d:5b:89:06:bd:e7:
         1e:e6:d4:81:cf:e4:33:27:24:38:4e:b4:31:9f:38:c8:3b:5f:
         f6:a5:e4:3e
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUbIErRXVRGzSeOx9Jg0E0puwjRIkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDIwNjEwMzk1NVoX
DTI2MDIwNTEwNDQ1NVowMzExMC8GA1UEAxMoNDc2MzNGN0NDQTYwMDU4NkY0NTlG
RkMwRTM2RkEyODM4Rjk4QTZBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsdhExMZ1pa3QlpdsMe9sTbejrWmDSB9gIZzj3k6/C5iLX/elwjXELDh6gr
MiCOJqWhSCo1Ah+6y+kQbAVvUEAelkXgjxJb/yrrpnC/SGxFPZgXAglF+Qmvt6jZ
DMr4bdQ+yaAmUn07hN/nSnBCGAAFg744WQEY1sYliyEbEpZF0/M/QAiphuE55162
Lp8913+rBKGBWR4n6GNvC68qnWxWypu2Nf7tgaxv6lz74Tst5Cskaa9WDe6EYrJ3
HEPDFu1grItmG4b0RgoxifHIIjtm4pl2ZvmceCAAx2KR5asdku3hXWylrmn3mI2G
cMJNr6HB8cdasKChQDbex21UHtMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRHYz98
ymAFhvRZ/8Djb6KDj5imoTAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MjgyOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAW0DANBgkqhkiG9w0BAQsFAAOCAQEAb/97gQV1mVlD6JANpF+6
ZMZa/rXpB+FcDyaOlh+aPHzwPYa09GLkzABT3n5OVkTMacApbAIUBbJFJinw5DuX
tVCMoc0ae9n2u8ZycMV2ocDSbY+0/yo90jRsafZNV+thKseEDDOD7iTH6DTpqIw9
XWgTif84STtoBbjaT/lq9GOVrlJJN4d3+TCY0vxFezji1nATuOYO1HW9VwckIRCM
iWH63+jsFtZ7Lysx/rftOvZyAW+oUzgz4tEnse7sihuxw1EuG95SPXHhm4qxCjHJ
VLlyBwZbC/8Xb7OoVJaMYyPuy2sZbVuJBr3nHubUgc/kMyckOE60MZ84yDtf9qXk
Pg==
-----END CERTIFICATE-----