Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153570.roa
File:                     AS153570.roa (raw, json)
Hash identifier:          Pk5B9rvKR3YAO2CkMWHeDHHWzkGuqmVEu4hIwkn67OA=
Subject key identifier:   17:49:6C:AA:1E:13:7C:FD:95:BC:25:D9:1E:92:2F:46:A2:44:B6:B3
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       656D958DD9C855AC802304A0566488539D2A5CFD
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153570.roa
Signing time:             Tue 13 Jan 2026 09:00:00 +0000
ROA not before:           Tue 13 Jan 2026 08:55:00 +0000
ROA not after:            Tue 12 Jan 2027 09:00:00 +0000
asID:                     153570
IP address blocks:        161.248.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:6d:95:8d:d9:c8:55:ac:80:23:04:a0:56:64:88:53:9d:2a:5c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Jan 13 08:55:00 2026 GMT
            Not After : Jan 12 09:00:00 2027 GMT
        Subject: CN=17496CAA1E137CFD95BC25D91E922F46A244B6B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:75:ee:36:2b:1b:84:a5:99:f5:dd:83:66:4c:
                    51:41:aa:f3:92:3b:b5:2a:d9:0c:96:bd:94:c6:d2:
                    e0:fa:60:b9:fa:0a:0b:94:6c:90:f8:84:37:79:75:
                    88:0b:35:c8:9c:4b:0b:94:20:02:48:dc:b8:51:80:
                    e1:51:97:de:e1:07:f7:3a:65:bc:5b:d7:04:8b:44:
                    83:12:97:99:e0:a1:f4:4f:62:93:54:c4:00:44:75:
                    76:be:0c:37:97:8b:e2:13:02:24:49:9d:45:c7:6f:
                    98:c3:88:31:5a:55:80:96:4e:ab:89:f6:54:51:12:
                    97:10:c9:0f:ed:9f:91:9d:c7:8c:a3:56:1a:62:86:
                    39:d1:0d:db:9d:4f:cd:67:8b:e1:78:eb:38:57:9a:
                    82:b6:e2:ab:5a:2d:86:2b:91:09:8b:03:d5:64:17:
                    47:9f:62:75:83:05:ab:e6:36:7c:a4:61:28:c1:37:
                    64:31:5a:f8:a7:73:a2:3b:fe:21:b0:87:8c:ab:82:
                    4c:0e:c7:6f:1b:be:1c:08:0f:8a:6e:ad:42:91:bf:
                    d1:d3:5f:93:71:69:a6:54:3c:40:bc:0e:4f:f2:82:
                    c8:e7:44:28:54:b5:c1:46:24:e3:a0:27:fb:a4:0a:
                    69:d6:56:26:a0:ed:c9:ab:e0:ad:2f:77:b0:53:30:
                    9b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:49:6C:AA:1E:13:7C:FD:95:BC:25:D9:1E:92:2F:46:A2:44:B6:B3
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153570.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:04:4d:f8:0a:d4:fc:46:05:4a:50:62:16:3c:f5:fd:3d:46:
         78:eb:e7:83:0a:d7:86:6b:e5:64:81:d6:88:24:a2:4c:ef:93:
         89:a1:81:06:5f:c7:f8:22:0c:a6:9f:a2:63:f0:80:41:4b:d9:
         91:58:5b:9f:f4:be:78:b5:4e:c2:a2:27:a7:d7:51:32:0c:26:
         de:10:c0:ee:c7:c1:99:eb:3c:7f:e8:1a:cb:e4:ba:ef:19:75:
         0b:8a:44:41:c8:29:fa:c0:4d:77:74:75:91:da:36:94:c9:54:
         9a:e8:22:54:f4:5f:56:d6:06:f6:3e:68:ee:bb:eb:58:2b:a7:
         07:7d:7d:ca:10:67:a4:ad:12:8d:56:1e:90:b2:97:f4:34:5e:
         91:00:4b:98:5c:dd:45:10:0c:9f:7c:2c:1d:54:37:df:ca:b1:
         22:58:6f:1c:63:ae:85:ce:6e:da:4f:87:b1:06:a2:ca:b3:10:
         89:fb:f8:d0:06:f0:92:74:e0:8f:3b:38:1a:4b:3b:2e:ce:c2:
         10:00:bd:28:b9:6e:09:4f:26:26:d7:b9:b0:9b:32:f0:9e:10:
         73:36:32:bd:5c:59:a9:6a:7f:f2:78:92:e1:4e:84:f6:a0:56:
         be:60:05:16:a2:73:bd:bf:9a:bb:b2:77:4f:05:c8:29:45:6e:
         a6:7a:75:46
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUZW2VjdnIVayAIwSgVmSIU50qXP0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDExMzA4NTUwMFoX
DTI3MDExMjA5MDAwMFowMzExMC8GA1UEAxMoMTc0OTZDQUExRTEzN0NGRDk1QkMy
NUQ5MUU5MjJGNDZBMjQ0QjZCMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZ17jYrG4SlmfXdg2ZMUUGq85I7tSrZDJa9lMbS4PpgufoKC5RskPiEN3l1
iAs1yJxLC5QgAkjcuFGA4VGX3uEH9zplvFvXBItEgxKXmeCh9E9ik1TEAER1dr4M
N5eL4hMCJEmdRcdvmMOIMVpVgJZOq4n2VFESlxDJD+2fkZ3HjKNWGmKGOdEN251P
zWeL4XjrOFeagrbiq1othiuRCYsD1WQXR59idYMFq+Y2fKRhKME3ZDFa+Kdzojv+
IbCHjKuCTA7Hbxu+HAgPim6tQpG/0dNfk3FpplQ8QLwOT/KCyOdEKFS1wUYk46An
+6QKadZWJqDtyavgrS93sFMwm6ECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQXSWyq
HhN8/ZW8Jdkeki9GokS2szAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzU3MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAKH4+zANBgkqhkiG9w0BAQsFAAOCAQEAbQRN+ArU/EYFSlBiFjz1
/T1GeOvngwrXhmvlZIHWiCSiTO+TiaGBBl/H+CIMpp+iY/CAQUvZkVhbn/S+eLVO
wqInp9dRMgwm3hDA7sfBmes8f+gay+S67xl1C4pEQcgp+sBNd3R1kdo2lMlUmugi
VPRfVtYG9j5o7rvrWCunB319yhBnpK0SjVYekLKX9DRekQBLmFzdRRAMn3wsHVQ3
38qxIlhvHGOuhc5u2k+HsQaiyrMQifv40AbwknTgjzs4Gks7Ls7CEAC9KLluCU8m
Jte5sJsy8J4QczYyvVxZqWp/8niS4U6E9qBWvmAFFqJzvb+au7J3TwXIKUVupnp1
Rg==
-----END CERTIFICATE-----