Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153514.roa
File:                     AS153514.roa (raw, json)
Hash identifier:          fIB+fcKevaD20igbhw7SMpUiyy0ms8s2Fl8KxeCq9xM=
Subject key identifier:   34:B0:83:D1:97:53:70:F5:E7:78:C2:4A:7D:0F:ED:6A:93:FD:78:D3
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       5AABD3C50AB2A51C8CDD339703CC2A7DD0D738BC
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153514.roa
Signing time:             Tue 13 Jan 2026 08:00:00 +0000
ROA not before:           Tue 13 Jan 2026 07:55:00 +0000
ROA not after:            Tue 12 Jan 2027 08:00:00 +0000
asID:                     153514
IP address blocks:        160.250.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ab:d3:c5:0a:b2:a5:1c:8c:dd:33:97:03:cc:2a:7d:d0:d7:38:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan 13 07:55:00 2026 GMT
            Not After : Jan 12 08:00:00 2027 GMT
        Subject: CN=34B083D1975370F5E778C24A7D0FED6A93FD78D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:90:86:0e:57:17:e3:bc:a0:67:ab:7a:59:5e:
                    04:a9:d5:15:09:50:66:ee:eb:45:2f:7a:b4:66:a5:
                    8f:e2:d9:db:67:08:4a:6c:b1:b8:5e:db:37:14:47:
                    50:bc:1a:07:7c:23:ae:1d:26:68:bb:81:57:86:0e:
                    02:a0:0f:a9:1d:9e:89:55:a8:24:ee:0f:1e:27:ca:
                    51:be:04:9b:72:70:6d:21:4b:24:dc:93:58:5c:3f:
                    bd:eb:ee:4e:2b:a7:d1:2d:8b:d8:18:4a:67:91:b0:
                    9f:8a:ac:02:83:11:c5:e1:40:fe:87:e5:f6:f6:b5:
                    f7:39:3a:4e:43:d3:81:02:0d:5e:97:50:6e:96:ec:
                    d7:d9:00:89:d1:b5:cb:2b:76:89:db:f2:e6:af:8d:
                    90:e2:60:e9:b1:54:b8:f7:80:c0:ab:98:d0:e6:3b:
                    f1:f9:a3:ca:2c:e9:96:ea:c3:bf:eb:d9:cb:e0:82:
                    b1:86:32:49:db:22:98:ed:e4:bf:08:22:6d:7b:55:
                    5c:fc:b6:db:13:6f:a0:f8:0f:fc:1c:1e:97:ae:1b:
                    33:bf:a5:f7:67:fc:75:3c:18:11:51:0f:6f:a0:23:
                    39:f1:1a:4b:da:b7:7e:07:70:37:e1:b3:e2:93:c3:
                    c2:f0:81:c8:a2:64:89:80:4c:ef:ec:b0:ce:3c:1d:
                    6f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B0:83:D1:97:53:70:F5:E7:78:C2:4A:7D:0F:ED:6A:93:FD:78:D3
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153514.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:68:07:7c:22:4c:1e:55:0a:b8:66:6d:ad:02:e6:8d:ef:67:
         89:79:1b:f1:3e:2f:86:78:35:43:98:0d:6e:97:39:aa:4e:25:
         9e:64:fb:8c:e6:48:46:5f:7c:f4:7a:48:00:96:50:32:de:dc:
         ef:25:16:8e:fc:f0:6e:a4:ae:58:22:d3:2f:a6:4c:86:13:e6:
         b4:ce:8f:c4:20:84:6f:48:c5:32:fb:17:76:34:9b:c3:b5:a4:
         7c:64:8c:e2:f3:47:cc:b2:c2:f6:3c:2a:37:6f:7b:67:e7:86:
         d5:55:2d:79:e5:5a:61:e8:31:69:49:b1:60:6c:2f:77:25:99:
         97:a1:aa:fe:ec:b6:9c:ef:ff:1d:5a:36:a8:92:1e:d9:33:53:
         58:9d:f1:60:dc:46:6c:c5:3f:f6:5b:22:26:69:06:eb:57:d4:
         bd:9c:26:d6:42:12:f5:eb:8b:9a:92:78:24:86:ad:69:26:52:
         e3:63:c1:26:c8:a3:0b:96:a3:20:9b:01:62:0e:56:ec:ac:2b:
         3a:79:4e:5e:dc:bf:f8:92:ec:bd:27:c3:5b:5f:14:07:d6:a4:
         3b:df:3b:fc:a3:eb:3a:53:eb:0f:c1:20:f0:c1:b2:1c:bb:8e:
         04:c4:5f:37:02:88:be:58:22:6a:bf:00:25:ad:11:96:bd:47:
         6e:7b:16:ca
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUWqvTxQqypRyM3TOXA8wqfdDXOLwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDExMzA3NTUwMFoX
DTI3MDExMjA4MDAwMFowMzExMC8GA1UEAxMoMzRCMDgzRDE5NzUzNzBGNUU3NzhD
MjRBN0QwRkVENkE5M0ZENzhEMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOSQhg5XF+O8oGerelleBKnVFQlQZu7rRS96tGalj+LZ22cISmyxuF7bNxRH
ULwaB3wjrh0maLuBV4YOAqAPqR2eiVWoJO4PHifKUb4Em3JwbSFLJNyTWFw/vevu
Tiun0S2L2BhKZ5Gwn4qsAoMRxeFA/ofl9va19zk6TkPTgQINXpdQbpbs19kAidG1
yyt2idvy5q+NkOJg6bFUuPeAwKuY0OY78fmjyizplurDv+vZy+CCsYYySdsimO3k
vwgibXtVXPy22xNvoPgP/Bwel64bM7+l92f8dTwYEVEPb6AjOfEaS9q3fgdwN+Gz
4pPDwvCByKJkiYBM7+ywzjwdb/MCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQ0sIPR
l1Nw9ed4wkp9D+1qk/140zAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzUxNC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKD6qDANBgkqhkiG9w0BAQsFAAOCAQEAWWgHfCJMHlUKuGZtrQLm
je9niXkb8T4vhng1Q5gNbpc5qk4lnmT7jOZIRl989HpIAJZQMt7c7yUWjvzwbqSu
WCLTL6ZMhhPmtM6PxCCEb0jFMvsXdjSbw7WkfGSM4vNHzLLC9jwqN297Z+eG1VUt
eeVaYegxaUmxYGwvdyWZl6Gq/uy2nO//HVo2qJIe2TNTWJ3xYNxGbMU/9lsiJmkG
61fUvZwm1kIS9euLmpJ4JIataSZS42PBJsijC5ajIJsBYg5W7KwrOnlOXty/+JLs
vSfDW18UB9akO987/KPrOlPrD8Eg8MGyHLuOBMRfNwKIvlgiar8AJa0Rlr1HbnsW
yg==
-----END CERTIFICATE-----