Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153059.roa
File:                     AS153059.roa (raw, json)
Hash identifier:          P28TcU988x9+jokVKTw33Fdhh9GolewvJyCeviydsTE=
Subject key identifier:   7A:07:04:6F:F9:1A:18:AF:18:71:C0:97:60:B7:99:E0:38:E4:75:3F
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       79A5407E37C046EB5FFD7CA8FF4383053F6AD59B
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153059.roa
Signing time:             Thu 08 Jan 2026 11:00:00 +0000
ROA not before:           Thu 08 Jan 2026 10:55:00 +0000
ROA not after:            Thu 07 Jan 2027 11:00:00 +0000
asID:                     153059
IP address blocks:        160.25.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:a5:40:7e:37:c0:46:eb:5f:fd:7c:a8:ff:43:83:05:3f:6a:d5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan  8 10:55:00 2026 GMT
            Not After : Jan  7 11:00:00 2027 GMT
        Subject: CN=7A07046FF91A18AF1871C09760B799E038E4753F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8f:d7:d7:e0:61:99:e3:1f:ca:21:7c:7d:f3:
                    f5:16:86:5a:b4:c4:b7:2b:04:45:fd:62:a1:46:a0:
                    75:6c:50:2c:f5:06:a3:53:22:a8:a5:7d:d1:94:b2:
                    ca:39:c0:1e:40:24:c4:ae:48:01:6d:d3:8d:52:07:
                    3a:f5:6b:c2:91:07:a0:96:c9:12:6b:4f:87:b8:12:
                    42:e7:bc:10:37:a4:25:0b:26:6a:bc:ec:97:26:96:
                    a5:c5:9b:2d:47:88:4c:ad:db:da:6d:a8:c8:01:8e:
                    b7:ab:9e:c3:b8:8c:6a:84:0c:8a:9b:78:71:6f:d0:
                    ab:4c:5b:0a:24:2e:3f:7f:36:f3:3f:4f:30:1c:6e:
                    66:18:49:25:50:41:e4:5b:90:15:33:20:24:cb:6b:
                    7d:ed:bc:7e:cc:20:e1:e6:05:61:9d:e3:9d:48:54:
                    27:00:ed:b6:cd:7f:e6:24:e1:b3:2a:3a:6d:54:06:
                    a1:d0:f7:d0:76:22:85:7c:2d:0d:0d:3e:de:eb:3d:
                    65:7a:3a:e2:b2:f9:be:7e:7b:bc:da:db:cf:f0:e3:
                    ae:9e:09:25:70:e4:18:b7:19:3c:c1:69:b2:db:04:
                    d7:77:e4:b7:d6:f0:ec:21:a3:f6:95:87:df:9a:b3:
                    c5:2e:ff:8b:5e:d6:ff:7e:7c:bb:e3:16:a9:4a:13:
                    6e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:07:04:6F:F9:1A:18:AF:18:71:C0:97:60:B7:99:E0:38:E4:75:3F
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153059.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:ac:4b:49:d7:0b:50:72:9b:be:f5:4b:4c:4f:d6:54:e0:65:
         26:14:50:c6:32:1c:d6:36:e1:0e:fc:2a:29:58:b8:24:27:94:
         99:9e:3a:ea:ea:62:00:82:3d:69:6a:09:0d:c4:07:42:d3:f1:
         a5:71:44:99:82:b3:bb:25:a5:63:e5:8b:a9:fc:41:9d:00:c4:
         6f:5f:41:7c:f6:3a:22:f9:9f:72:58:c7:c7:c1:18:7a:b4:ea:
         19:95:da:01:dd:b7:82:74:12:63:4a:4f:c3:63:06:9f:fa:4a:
         e8:09:68:e5:46:fa:0c:c8:2e:c9:34:24:64:46:ad:7c:91:35:
         4f:b8:b8:53:db:9b:ea:6f:ee:4a:fc:46:22:29:9b:ac:41:c1:
         83:72:c3:e9:bf:ba:4c:be:30:bd:ca:3d:22:56:0f:90:bb:32:
         f0:a0:40:e4:64:f8:92:97:7a:80:9e:e0:bb:e7:f4:e0:5a:e6:
         f8:57:7d:c6:21:b8:bc:24:c7:62:9a:65:99:d8:59:d2:93:bd:
         06:6a:4c:03:74:c6:9a:f1:f8:f4:4c:4a:ad:77:a7:26:69:71:
         be:1d:be:d0:da:d0:83:67:77:88:15:02:8a:88:b6:b5:d6:47:
         a8:5f:e5:10:9f:52:9d:b5:fa:b9:f8:ff:a6:4f:a5:fe:b2:de:
         8a:7e:59:b4
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUeaVAfjfARutf/Xyo/0ODBT9q1ZswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEwODEwNTUwMFoX
DTI3MDEwNzExMDAwMFowMzExMC8GA1UEAxMoN0EwNzA0NkZGOTFBMThBRjE4NzFD
MDk3NjBCNzk5RTAzOEU0NzUzRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSP19fgYZnjH8ohfH3z9RaGWrTEtysERf1ioUagdWxQLPUGo1MiqKV90ZSy
yjnAHkAkxK5IAW3TjVIHOvVrwpEHoJbJEmtPh7gSQue8EDekJQsmarzslyaWpcWb
LUeITK3b2m2oyAGOt6uew7iMaoQMipt4cW/Qq0xbCiQuP3828z9PMBxuZhhJJVBB
5FuQFTMgJMtrfe28fswg4eYFYZ3jnUhUJwDtts1/5iThsyo6bVQGodD30HYihXwt
DQ0+3us9ZXo64rL5vn57vNrbz/Djrp4JJXDkGLcZPMFpstsE13fkt9bw7CGj9pWH
35qzxS7/i17W/358u+MWqUoTbk8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBR6BwRv
+RoYrxhxwJdgt5ngOOR1PzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzA1OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaAZLjANBgkqhkiG9w0BAQsFAAOCAQEAAaxLSdcLUHKbvvVLTE/W
VOBlJhRQxjIc1jbhDvwqKVi4JCeUmZ466upiAII9aWoJDcQHQtPxpXFEmYKzuyWl
Y+WLqfxBnQDEb19BfPY6IvmfcljHx8EYerTqGZXaAd23gnQSY0pPw2MGn/pK6Alo
5Ub6DMguyTQkZEatfJE1T7i4U9ub6m/uSvxGIimbrEHBg3LD6b+6TL4wvco9IlYP
kLsy8KBA5GT4kpd6gJ7gu+f04Frm+Fd9xiG4vCTHYpplmdhZ0pO9BmpMA3TGmvH4
9ExKrXenJmlxvh2+0NrQg2d3iBUCioi2tdZHqF/lEJ9SnbX6ufj/pk+l/rLein5Z
tA==
-----END CERTIFICATE-----