Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153127.roa
File:                     AS153127.roa (raw, json)
Hash identifier:          2Sf+SxzHBhNyMnFJEdma4QrG1AtZjQulajk8D0FlyF8=
Subject key identifier:   71:9A:EA:08:0E:91:95:D8:5E:10:6A:CE:B7:FD:D7:5A:E8:04:49:1C
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       450A659F869B5DB936857A946857876C1C9FD4DD
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153127.roa
Signing time:             Mon 15 Sep 2025 03:00:00 +0000
ROA not before:           Mon 15 Sep 2025 02:55:00 +0000
ROA not after:            Mon 14 Sep 2026 03:00:00 +0000
asID:                     153127
IP address blocks:        2001:df4:58c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 14:07:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0a:65:9f:86:9b:5d:b9:36:85:7a:94:68:57:87:6c:1c:9f:d4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Sep 15 02:55:00 2025 GMT
            Not After : Sep 14 03:00:00 2026 GMT
        Subject: CN=719AEA080E9195D85E106ACEB7FDD75AE804491C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a0:94:3b:44:73:d4:dd:3a:9a:8b:4c:51:7b:
                    4e:37:4f:76:46:b1:a4:4f:57:c7:3a:ac:91:dc:5e:
                    60:eb:69:9f:31:39:89:4f:c5:65:a1:5e:57:dd:0d:
                    87:60:f9:43:32:8e:7c:1f:50:df:d5:8b:87:43:7d:
                    17:94:e1:49:da:62:0e:50:f9:53:45:f6:d1:f4:68:
                    19:7e:35:56:54:35:fa:44:76:2d:7e:c2:6e:81:78:
                    84:ce:03:a3:51:34:aa:67:c9:fe:f3:00:a7:bf:f2:
                    63:72:d5:3d:5a:bf:e2:c0:de:bd:1e:4c:aa:6e:e6:
                    3c:dc:8e:86:38:fb:ec:7c:28:be:ba:db:62:e7:c1:
                    0c:28:0d:e9:73:ae:c3:41:c9:9b:ff:b9:0e:de:13:
                    68:71:3d:5e:8d:bf:24:73:e5:1d:b5:98:e3:f0:eb:
                    fc:88:b5:ea:6b:76:de:11:49:5d:df:01:86:b1:f7:
                    82:20:f7:d0:db:01:a7:a1:2a:12:9f:62:b5:09:a7:
                    b5:0f:87:7f:d7:ba:e8:8d:cb:5f:53:d5:a7:3e:1a:
                    6f:b9:6e:53:91:e2:fb:48:d1:3d:a5:69:9d:79:59:
                    4d:9f:8b:72:52:a8:92:b8:5e:3b:bb:51:80:d4:34:
                    75:6e:ea:9e:75:8b:71:12:a8:d4:83:04:a7:1e:d5:
                    08:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9A:EA:08:0E:91:95:D8:5E:10:6A:CE:B7:FD:D7:5A:E8:04:49:1C
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS153127.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:58c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:ed:7b:2f:fd:b6:dd:ee:a6:e3:8c:6a:45:64:0d:54:79:1b:
         ac:df:81:da:ba:fb:b3:8c:90:ef:f9:3f:a2:ef:15:2e:36:31:
         b0:fd:73:45:73:fc:f8:84:e9:55:70:b3:32:bf:8a:cf:08:ed:
         e6:29:2f:3d:15:58:f2:69:26:16:56:36:d8:fd:79:b8:1b:27:
         cc:10:67:ee:e4:36:8a:a7:88:c0:a2:ed:a0:49:29:fe:82:a8:
         38:66:92:25:3d:e0:28:47:5a:52:cb:9b:3e:8e:f6:71:ee:e5:
         f5:3a:91:a2:44:70:63:15:bf:45:31:77:0e:7b:49:af:f6:82:
         c4:91:62:2f:4e:e7:9e:91:8e:f7:2f:d7:22:e7:37:20:05:67:
         a3:77:44:6f:e6:38:68:bd:24:c1:46:15:e2:02:af:d0:a2:a9:
         9f:40:17:72:23:00:79:f5:9f:bd:dd:dc:11:40:bb:88:e5:3f:
         4e:3e:63:33:bc:67:03:d5:69:7c:1d:b9:1a:f0:8c:f7:04:97:
         d5:bc:53:a8:0d:05:fa:49:a1:7a:f0:d0:97:b7:cd:79:a3:e3:
         70:c6:b8:86:c2:10:a1:86:48:66:cf:84:11:0a:a3:7d:47:b6:
         a0:ab:64:3f:21:b4:1b:40:7d:cb:2b:94:8d:5b:b7:e0:95:30:
         9a:ec:64:ba
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIURQpln4abXbk2hXqUaFeHbByf1N0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDkxNTAyNTUwMFoX
DTI2MDkxNDAzMDAwMFowMzExMC8GA1UEAxMoNzE5QUVBMDgwRTkxOTVEODVFMTA2
QUNFQjdGREQ3NUFFODA0NDkxQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyglDtEc9TdOpqLTFF7TjdPdkaxpE9XxzqskdxeYOtpnzE5iU/FZaFeV90N
h2D5QzKOfB9Q39WLh0N9F5ThSdpiDlD5U0X20fRoGX41VlQ1+kR2LX7CboF4hM4D
o1E0qmfJ/vMAp7/yY3LVPVq/4sDevR5Mqm7mPNyOhjj77HwovrrbYufBDCgN6XOu
w0HJm/+5Dt4TaHE9Xo2/JHPlHbWY4/Dr/Ii16mt23hFJXd8BhrH3giD30NsBp6Eq
Ep9itQmntQ+Hf9e66I3LX1PVpz4ab7luU5Hi+0jRPaVpnXlZTZ+LclKokrheO7tR
gNQ0dW7qnnWLcRKo1IMEpx7VCH0CAwEAAaOCAdMwggHPMB0GA1UdDgQWBBRxmuoI
DpGV2F4Qas63/dda6ARJHDAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MzEyNy5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfRYwDANBgkqhkiG9w0BAQsFAAOCAQEAK+17L/223e6m44xq
RWQNVHkbrN+B2rr7s4yQ7/k/ou8VLjYxsP1zRXP8+ITpVXCzMr+Kzwjt5ikvPRVY
8mkmFlY22P15uBsnzBBn7uQ2iqeIwKLtoEkp/oKoOGaSJT3gKEdaUsubPo72ce7l
9TqRokRwYxW/RTF3DntJr/aCxJFiL07nnpGO9y/XIuc3IAVno3dEb+Y4aL0kwUYV
4gKv0KKpn0AXciMAefWfvd3cEUC7iOU/Tj5jM7xnA9VpfB25GvCM9wSX1bxTqA0F
+kmhevDQl7fNeaPjcMa4hsIQoYZIZs+EEQqjfUe2oKtkPyG0G0B9yyuUjVu34JUw
muxkug==
-----END CERTIFICATE-----