Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153519.roa
File:                     AS153519.roa (raw, json)
Hash identifier:          sgNguA3+Kl32OkWmNpSCqfPj/p1Wyi1o/PJBS/fsr8o=
Subject key identifier:   8A:BF:0E:80:DB:B7:FA:C1:A7:8D:A3:19:3B:BC:5A:A4:21:28:D8:98
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       56E996A7100761FF0BEBDF73E3B472081B47E033
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153519.roa
Signing time:             Thu 12 Mar 2026 04:19:42 +0000
ROA not before:           Thu 12 Mar 2026 04:14:42 +0000
ROA not after:            Thu 11 Mar 2027 04:19:42 +0000
asID:                     153519
IP address blocks:        160.250.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 29 Mar 2026 22:25:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:e9:96:a7:10:07:61:ff:0b:eb:df:73:e3:b4:72:08:1b:47:e0:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Mar 12 04:14:42 2026 GMT
            Not After : Mar 11 04:19:42 2027 GMT
        Subject: CN=8ABF0E80DBB7FAC1A78DA3193BBC5AA42128D898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:78:d1:c5:4b:91:3a:a1:5f:9d:9b:ce:ae:94:
                    ec:f3:34:81:96:e3:48:01:8e:a9:ab:5d:a4:f5:d7:
                    d6:df:a9:fb:67:19:bb:2f:c1:23:71:5c:22:a0:81:
                    2f:33:95:67:99:43:d4:84:3f:0e:94:34:3f:90:c7:
                    bf:01:01:b3:53:21:5d:42:17:eb:4c:ea:28:89:58:
                    a1:ce:8f:95:9b:52:ee:78:6c:cb:8c:b6:73:74:c8:
                    a7:a4:ca:60:11:b5:ba:ea:92:a5:ac:1d:ea:c7:4a:
                    4a:7f:25:5a:03:26:ff:8e:33:28:a4:13:28:bf:df:
                    21:d5:8e:09:92:d7:d5:e1:ea:72:c0:c8:29:e9:cb:
                    5f:73:9e:b0:87:5d:b4:d4:25:15:cd:e9:c6:52:de:
                    1e:5d:d1:0b:19:e5:15:f8:49:62:5d:4c:24:b4:02:
                    81:00:27:9d:16:f0:76:22:5d:cb:91:74:26:d6:9a:
                    73:22:e7:72:46:90:29:07:db:e9:60:35:c3:db:75:
                    43:d5:a3:5d:26:9f:52:25:b7:da:ed:3b:d5:f1:2d:
                    a3:5a:69:5d:06:3d:49:b4:00:0b:2c:89:31:e7:be:
                    82:fc:cd:25:c5:3e:87:51:7b:42:9e:14:3d:fd:53:
                    3d:a6:d7:0b:b0:65:71:37:90:48:98:dd:03:ba:bc:
                    0e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BF:0E:80:DB:B7:FA:C1:A7:8D:A3:19:3B:BC:5A:A4:21:28:D8:98
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153519.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:61:fa:33:63:93:42:0b:98:45:58:f3:89:64:7c:38:d2:b4:
         47:f8:cd:b3:79:e7:43:b0:77:c2:cc:3e:b9:ab:ad:22:d1:69:
         3f:a1:bc:ce:9c:61:d1:4c:22:18:72:77:ee:91:86:3f:11:ae:
         01:5d:b1:15:e8:cb:34:a6:72:8e:0d:12:44:46:88:87:9a:35:
         2d:a2:11:f6:4a:8c:0c:f5:08:dc:f1:1e:7b:38:e9:b1:b0:6c:
         84:ec:81:de:77:c2:19:ff:aa:72:5c:0f:50:11:17:e7:80:23:
         c8:09:92:d6:f7:46:c7:6f:35:32:7f:0f:9b:a7:19:89:db:7c:
         a2:2f:b7:6c:91:ba:5a:34:f5:de:e4:a8:79:f1:91:95:bd:f4:
         5d:be:de:6d:06:36:78:38:77:2a:d9:74:01:f0:e8:0c:20:d8:
         e4:6f:1c:3d:c1:32:be:b3:b0:95:3e:25:88:8a:db:71:61:c9:
         7e:96:76:b5:7a:11:5c:35:b3:cd:b9:05:cd:c1:26:23:bc:cb:
         c4:0d:0d:25:f6:7a:a8:80:80:db:4a:e4:e4:2a:5a:d3:5d:d6:
         2d:b2:3a:af:fa:fa:fb:a8:4a:70:c0:6e:c5:ca:ee:c7:da:60:
         e1:87:3e:26:87:9d:20:6a:ae:36:af:35:fd:45:90:18:50:4c:
         cb:64:db:be
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUVumWpxAHYf8L699z47RyCBtH4DMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDMxMjA0MTQ0MloX
DTI3MDMxMTA0MTk0MlowMzExMC8GA1UEAxMoOEFCRjBFODBEQkI3RkFDMUE3OERB
MzE5M0JCQzVBQTQyMTI4RDg5ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMh40cVLkTqhX52bzq6U7PM0gZbjSAGOqatdpPXX1t+p+2cZuy/BI3FcIqCB
LzOVZ5lD1IQ/DpQ0P5DHvwEBs1MhXUIX60zqKIlYoc6PlZtS7nhsy4y2c3TIp6TK
YBG1uuqSpawd6sdKSn8lWgMm/44zKKQTKL/fIdWOCZLX1eHqcsDIKenLX3OesIdd
tNQlFc3pxlLeHl3RCxnlFfhJYl1MJLQCgQAnnRbwdiJdy5F0JtaacyLnckaQKQfb
6WA1w9t1Q9WjXSafUiW32u071fEto1ppXQY9SbQACyyJMee+gvzNJcU+h1F7Qp4U
Pf1TPabXC7BlcTeQSJjdA7q8Du0CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSKvw6A
27f6waeNoxk7vFqkISjYmDAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzUxOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaD6FjANBgkqhkiG9w0BAQsFAAOCAQEAKWH6M2OTQguYRVjziWR8
ONK0R/jNs3nnQ7B3wsw+uautItFpP6G8zpxh0UwiGHJ37pGGPxGuAV2xFejLNKZy
jg0SREaIh5o1LaIR9kqMDPUI3PEeezjpsbBshOyB3nfCGf+qclwPUBEX54AjyAmS
1vdGx281Mn8Pm6cZidt8oi+3bJG6WjT13uSoefGRlb30Xb7ebQY2eDh3Ktl0AfDo
DCDY5G8cPcEyvrOwlT4liIrbcWHJfpZ2tXoRXDWzzbkFzcEmI7zLxA0NJfZ6qICA
20rk5Cpa013WLbI6r/r6+6hKcMBuxcrux9pg4Yc+JoedIGquNq81/UWQGFBMy2Tb
vg==
-----END CERTIFICATE-----