Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154483.roa
File:                     AS154483.roa (raw, json)
Hash identifier:          Xjrtgbske+eK9VJddrDzba84V3TSP4RIBpecPSPzj8Y=
Subject key identifier:   97:24:51:5E:4A:06:AF:53:1F:B8:28:D2:A3:96:17:71:40:64:FA:EC
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       584EB86B7DE7D952AC1E6AE3524ACE5BA3FD94E0
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154483.roa
Signing time:             Thu 16 Apr 2026 01:36:11 +0000
ROA not before:           Thu 16 Apr 2026 01:31:11 +0000
ROA not after:            Thu 15 Apr 2027 01:36:11 +0000
asID:                     154483
IP address blocks:        192.245.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 20 Apr 2026 18:51:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:4e:b8:6b:7d:e7:d9:52:ac:1e:6a:e3:52:4a:ce:5b:a3:fd:94:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Apr 16 01:31:11 2026 GMT
            Not After : Apr 15 01:36:11 2027 GMT
        Subject: CN=9724515E4A06AF531FB828D2A39617714064FAEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a5:41:6d:77:2d:8b:1d:8c:f9:85:5c:11:bc:
                    51:22:ea:6a:da:bf:66:63:89:7e:b2:d8:50:49:eb:
                    c0:81:93:d3:81:fa:38:ac:0d:dd:ec:c8:c6:b9:8e:
                    0a:04:ad:ab:8a:f6:1c:cc:35:d4:40:8b:05:0e:81:
                    83:4c:9b:78:fd:7d:34:fb:28:75:02:dc:26:50:56:
                    a6:65:5a:e3:e2:c2:72:93:8c:4c:b1:88:9b:11:d0:
                    74:ff:70:1f:dd:9e:85:8d:7a:9c:db:72:88:c7:c3:
                    6e:e6:6c:ce:e4:b8:9b:67:3d:60:2e:cd:e2:63:ad:
                    19:07:ac:e4:db:e1:30:e5:b7:d1:4d:d4:b8:ef:d5:
                    b6:bc:8c:aa:29:dd:89:88:81:ec:2d:76:de:98:c2:
                    17:f1:9c:fc:b5:4f:24:75:42:ae:5b:d7:4d:6d:1d:
                    e4:2e:7d:1c:2b:83:54:ed:65:6e:65:13:0d:04:07:
                    63:bb:f4:a6:b6:5c:e0:cf:1b:c1:dc:14:f8:2a:ca:
                    b6:af:46:e6:81:84:f9:71:1d:3b:70:2b:1b:05:12:
                    f7:4b:05:9a:8f:4d:2e:cc:df:8f:97:f8:31:63:29:
                    dc:62:81:af:37:5e:b9:eb:b4:d4:4f:12:44:c5:f1:
                    28:4e:0d:c2:20:0f:93:2a:91:7a:9a:0d:35:5b:22:
                    cf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:24:51:5E:4A:06:AF:53:1F:B8:28:D2:A3:96:17:71:40:64:FA:EC
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS154483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.245.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ee:1f:e9:16:e8:38:57:9b:1e:5c:75:a7:a9:91:2a:5f:fd:
         5c:00:db:8e:d4:a6:ad:db:3d:c9:28:f2:22:ee:13:b1:35:3e:
         c0:2f:fd:d2:f8:e6:f7:d4:2c:62:38:5c:e8:5d:c4:16:5d:bc:
         e7:1b:ab:2b:a6:1d:fe:29:7e:7d:5f:fa:7f:ec:24:98:20:d6:
         1a:53:67:bc:4b:61:81:c0:0d:3b:d4:40:c6:ec:91:d9:d1:56:
         7a:df:60:f1:bd:1b:af:f8:f1:58:25:e9:4b:74:56:48:5d:be:
         de:5e:fb:d2:a2:d4:85:12:11:55:e5:4d:96:99:51:8e:ef:bf:
         0b:35:fc:23:5d:b0:56:b2:8f:9f:dc:8c:37:97:22:91:5d:8d:
         cf:a3:9e:54:5f:9d:4f:20:42:4f:5a:8d:b3:a8:f6:25:96:c9:
         59:7d:c8:c1:ac:57:52:fa:c9:70:f2:7b:1d:fb:b5:bb:2f:b1:
         26:f5:30:cf:42:7c:26:f0:2d:74:84:6c:73:bb:d5:e9:b6:c6:
         b6:07:20:4b:2c:20:fc:be:6b:bb:cd:27:3f:09:2a:bf:d2:01:
         23:dc:79:5a:2d:5b:2b:68:16:e4:d0:e8:f5:b1:82:3d:92:a3:
         e3:03:b8:3f:80:bd:4d:dc:78:bf:16:e0:07:36:43:d1:df:92:
         c0:20:bc:9a
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUWE64a33n2VKsHmrjUkrOW6P9lOAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDQxNjAxMzExMVoX
DTI3MDQxNTAxMzYxMVowMzExMC8GA1UEAxMoOTcyNDUxNUU0QTA2QUY1MzFGQjgy
OEQyQTM5NjE3NzE0MDY0RkFFQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSlQW13LYsdjPmFXBG8USLqatq/ZmOJfrLYUEnrwIGT04H6OKwN3ezIxrmO
CgStq4r2HMw11ECLBQ6Bg0ybeP19NPsodQLcJlBWpmVa4+LCcpOMTLGImxHQdP9w
H92ehY16nNtyiMfDbuZszuS4m2c9YC7N4mOtGQes5NvhMOW30U3UuO/VtryMqind
iYiB7C123pjCF/Gc/LVPJHVCrlvXTW0d5C59HCuDVO1lbmUTDQQHY7v0prZc4M8b
wdwU+CrKtq9G5oGE+XEdO3ArGwUS90sFmo9NLszfj5f4MWMp3GKBrzdeueu01E8S
RMXxKE4NwiAPkyqRepoNNVsiz08CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSXJFFe
SgavUx+4KNKjlhdxQGT67DAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1NDQ4My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAMD1CzANBgkqhkiG9w0BAQsFAAOCAQEAS+4f6RboOFebHlx1p6mR
Kl/9XADbjtSmrds9ySjyIu4TsTU+wC/90vjm99QsYjhc6F3EFl285xurK6Yd/il+
fV/6f+wkmCDWGlNnvEthgcANO9RAxuyR2dFWet9g8b0br/jxWCXpS3RWSF2+3l77
0qLUhRIRVeVNlplRju+/CzX8I12wVrKPn9yMN5cikV2Nz6OeVF+dTyBCT1qNs6j2
JZbJWX3IwaxXUvrJcPJ7Hfu1uy+xJvUwz0J8JvAtdIRsc7vV6bbGtgcgSywg/L5r
u80nPwkqv9IBI9x5Wi1bK2gW5NDo9bGCPZKj4wO4P4C9Tdx4vxbgBzZD0d+SwCC8
mg==
-----END CERTIFICATE-----