Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153079.roa
File:                     AS153079.roa (raw, json)
Hash identifier:          LAEGnR8F7zNCqScnSC4FN120fejXPGIjPQfQAvWo+wE=
Subject key identifier:   A7:36:71:38:26:79:36:EF:36:EA:A3:49:3F:AA:F5:7F:90:A3:11:7C
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       36443D9BAF2FF556F16BF5E59824E0F3FEE4055A
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153079.roa
Signing time:             Fri 30 Jan 2026 05:45:05 +0000
ROA not before:           Fri 30 Jan 2026 05:40:05 +0000
ROA not after:            Fri 29 Jan 2027 05:45:05 +0000
asID:                     153079
IP address blocks:        192.203.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:44:3d:9b:af:2f:f5:56:f1:6b:f5:e5:98:24:e0:f3:fe:e4:05:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan 30 05:40:05 2026 GMT
            Not After : Jan 29 05:45:05 2027 GMT
        Subject: CN=A7367138267936EF36EAA3493FAAF57F90A3117C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:5b:7c:3a:96:f3:3a:d3:19:0c:92:55:04:
                    0a:4a:4e:27:e5:6f:84:ba:ed:2e:75:18:f0:dc:99:
                    a5:ce:da:0b:df:f6:ee:ca:80:97:94:44:8a:bd:59:
                    af:b3:15:e7:fc:d5:c8:29:e7:8e:30:28:4d:09:4d:
                    d5:2a:b7:89:66:67:cb:0f:41:4a:21:4e:9b:58:7a:
                    fe:43:64:e7:03:13:fa:44:b7:64:fa:67:ee:47:21:
                    ee:63:c1:db:2c:48:79:54:85:f9:98:0c:01:cc:3f:
                    ee:c2:53:40:16:ed:9e:34:62:22:86:2d:71:8d:93:
                    b2:9f:44:a8:4a:66:c8:96:43:e5:30:41:5c:5a:3a:
                    51:4c:bc:9d:15:67:48:e1:14:bf:fb:1a:61:38:3f:
                    44:fa:8b:71:ed:08:4e:8a:9c:18:9b:f8:05:cf:bd:
                    9a:02:46:c7:5f:3a:33:dd:d1:87:0a:aa:b5:d8:84:
                    23:0f:f4:0e:5b:6c:dc:84:a9:c4:f5:69:fc:bf:43:
                    a8:d7:bf:2a:a7:74:f8:7c:aa:db:b5:fd:e8:f5:5f:
                    8e:b2:dc:7a:cc:bf:be:0b:09:e5:2a:67:62:7d:ae:
                    a6:e0:6c:dc:ec:66:b9:75:f6:6d:2b:95:fd:92:da:
                    32:b6:2a:d9:a9:29:5f:89:0f:39:b4:ea:78:ef:67:
                    56:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:36:71:38:26:79:36:EF:36:EA:A3:49:3F:AA:F5:7F:90:A3:11:7C
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153079.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.203.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a2:84:85:e8:d3:92:ff:14:01:67:a5:d2:c1:61:be:8d:20:
         1e:49:a6:9a:d9:7b:4f:17:6a:92:33:0f:35:86:7b:ad:50:8e:
         f6:fc:84:c3:83:83:be:07:b9:0f:3c:54:63:25:37:6a:11:f3:
         8b:b2:69:d5:f6:8d:11:85:b3:ca:14:a4:b6:32:15:d2:41:3c:
         25:f9:1d:52:69:28:84:6c:87:42:16:a2:0c:5f:9c:69:81:c9:
         43:56:4e:92:c1:df:af:a1:17:05:99:9e:f6:e3:55:4b:59:d1:
         00:36:66:9e:0f:ce:e0:94:d4:c1:23:ba:a9:99:78:da:36:fa:
         e2:d0:4e:ae:b1:1b:5d:97:79:c9:4f:7e:35:d9:cd:09:9e:9f:
         83:36:72:13:82:7b:08:79:89:b0:6b:ed:67:46:dc:f0:b2:1c:
         cc:c3:59:0f:5b:a0:94:c6:8b:c5:be:a6:2c:b6:5f:06:11:87:
         c7:b9:82:d7:de:d7:5e:66:58:3c:2e:82:9b:7c:d0:25:5e:aa:
         20:45:b8:f3:da:e3:90:87:76:3f:55:8e:a0:63:5e:14:4d:85:
         ff:52:22:50:31:ed:14:8d:2c:f0:f4:61:2e:e5:d1:2e:64:b7:
         67:09:03:b6:1b:18:db:f3:9d:05:b7:9a:ba:c0:45:53:be:83:
         0f:fc:e1:a2
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUNkQ9m68v9Vbxa/XlmCTg8/7kBVowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDEzMDA1NDAwNVoX
DTI3MDEyOTA1NDUwNVowMzExMC8GA1UEAxMoQTczNjcxMzgyNjc5MzZFRjM2RUFB
MzQ5M0ZBQUY1N0Y5MEEzMTE3QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlxW3w6lvM60xkMklUECkpOJ+VvhLrtLnUY8NyZpc7aC9/27sqAl5REir1Z
r7MV5/zVyCnnjjAoTQlN1Sq3iWZnyw9BSiFOm1h6/kNk5wMT+kS3ZPpn7kch7mPB
2yxIeVSF+ZgMAcw/7sJTQBbtnjRiIoYtcY2Tsp9EqEpmyJZD5TBBXFo6UUy8nRVn
SOEUv/saYTg/RPqLce0IToqcGJv4Bc+9mgJGx186M93RhwqqtdiEIw/0Dlts3ISp
xPVp/L9DqNe/Kqd0+Hyq27X96PVfjrLcesy/vgsJ5SpnYn2upuBs3OxmuXX2bSuV
/ZLaMrYq2akpX4kPObTqeO9nVi8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSnNnE4
Jnk27zbqo0k/qvV/kKMRfDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzA3OS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAMDL0TANBgkqhkiG9w0BAQsFAAOCAQEAgqKEhejTkv8UAWel0sFh
vo0gHkmmmtl7TxdqkjMPNYZ7rVCO9vyEw4ODvge5DzxUYyU3ahHzi7Jp1faNEYWz
yhSktjIV0kE8JfkdUmkohGyHQhaiDF+caYHJQ1ZOksHfr6EXBZme9uNVS1nRADZm
ng/O4JTUwSO6qZl42jb64tBOrrEbXZd5yU9+NdnNCZ6fgzZyE4J7CHmJsGvtZ0bc
8LIczMNZD1uglMaLxb6mLLZfBhGHx7mC197XXmZYPC6Cm3zQJV6qIEW489rjkId2
P1WOoGNeFE2F/1IiUDHtFI0s8PRhLuXRLmS3ZwkDthsY2/OdBbeausBFU76DD/zh
og==
-----END CERTIFICATE-----