Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS151000.roa
File:                     AS151000.roa (raw, json)
Hash identifier:          tgrp/99nKxOapDQrFPRmZXxzbMY/GSTzlVNb6b1l1MU=
Subject key identifier:   A8:6B:DD:91:FC:6A:A0:12:06:42:4E:E3:B2:C6:16:A2:00:06:B1:BE
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3F1476F035933F169CF054DE48A753694966AEC0
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS151000.roa
Signing time:             Sat 02 May 2026 09:24:02 +0000
ROA not before:           Sat 02 May 2026 09:19:02 +0000
ROA not after:            Sat 01 May 2027 09:24:02 +0000
asID:                     151000
IP address blocks:        157.20.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:14:76:f0:35:93:3f:16:9c:f0:54:de:48:a7:53:69:49:66:ae:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:02 2026 GMT
            Not After : May  1 09:24:02 2027 GMT
        Subject: CN=A86BDD91FC6AA01206424EE3B2C616A20006B1BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b8:07:c1:b3:89:8d:e9:3b:a3:b7:81:eb:03:
                    59:82:87:b7:4e:f1:b9:ad:29:53:0c:e5:97:bf:40:
                    8b:93:18:6f:bf:3d:bb:ee:2b:3d:ce:91:50:92:6c:
                    aa:38:3d:85:58:fe:19:40:9f:c8:26:14:4f:08:4a:
                    38:24:85:7a:59:75:34:ac:ad:1d:96:fc:c0:6d:d9:
                    83:a1:05:03:7b:8f:ae:ee:b0:c5:31:48:6f:30:bb:
                    37:61:7b:19:b5:fc:a9:5e:ff:64:2a:06:de:b5:b0:
                    d6:9e:42:51:26:30:40:54:16:1d:12:d6:5e:a6:58:
                    9c:3e:8b:5b:e0:d7:a4:e8:b9:1c:a7:36:74:17:bc:
                    f5:8d:7a:d7:a3:6b:41:e3:a0:3a:5b:78:34:14:09:
                    41:a1:5e:41:46:c0:7e:7f:0e:10:ee:ec:ec:0c:d1:
                    f1:eb:fb:79:06:f6:ea:6b:d6:f1:8e:0f:c1:7d:a8:
                    8d:3f:f4:1c:c4:a3:12:b2:3b:39:67:90:44:dc:18:
                    8d:da:73:dc:a6:e4:45:60:90:cb:53:c9:a2:e2:05:
                    0a:a6:08:b2:01:29:60:30:87:4b:8a:83:02:97:95:
                    48:9d:75:82:40:fa:a1:74:20:a2:94:11:1a:f5:09:
                    c2:77:9a:f3:bc:57:40:49:47:e4:25:b6:21:55:0d:
                    9d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:6B:DD:91:FC:6A:A0:12:06:42:4E:E3:B2:C6:16:A2:00:06:B1:BE
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS151000.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:21:d2:10:13:8d:cc:fa:ad:f6:98:f8:52:cd:56:65:87:54:
         a0:7b:fa:25:06:95:da:b6:ae:60:45:50:f1:47:0c:5a:97:cd:
         30:43:d9:12:8d:55:88:7b:82:9e:57:97:e2:b2:cd:da:b9:8c:
         5f:ea:df:cf:19:99:99:e6:33:c7:3f:38:6e:9a:d6:3b:b1:b1:
         09:7b:db:ab:7c:7b:14:fa:b7:ff:dc:49:8c:af:88:7f:a6:f9:
         e2:aa:ef:f9:fe:0a:72:c5:f2:35:cd:a9:b8:ca:3e:6f:0a:03:
         1a:dd:3a:14:4d:44:b3:40:e2:09:bb:cc:52:31:f9:c5:ef:6c:
         ae:7a:51:0f:4c:7b:c3:cb:6f:36:1b:5c:be:85:2a:0f:ca:68:
         fe:35:ba:09:d3:0e:77:0e:28:ff:d7:e5:f4:79:b8:29:10:08:
         11:f6:62:f2:91:fe:f6:45:50:d9:9c:21:b2:bc:ca:69:46:4c:
         86:7e:6b:36:e8:82:77:0f:d4:36:be:c4:b1:20:93:69:e6:2f:
         84:50:38:0d:72:a4:1b:97:3e:72:2c:8d:e0:76:a6:86:0c:21:
         5f:53:55:59:61:c4:d7:d6:75:e5:9f:35:26:7d:63:e4:9b:bf:
         0d:25:b2:d0:ac:79:aa:53:43:7b:6f:fb:ed:f6:33:78:a5:52:
         30:42:82:ba
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPxR28DWTPxac8FTeSKdTaUlmrsAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkwMloX
DTI3MDUwMTA5MjQwMlowMzExMC8GA1UEAxMoQTg2QkREOTFGQzZBQTAxMjA2NDI0
RUUzQjJDNjE2QTIwMDA2QjFCRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK64B8GziY3pO6O3gesDWYKHt07xua0pUwzll79Ai5MYb789u+4rPc6RUJJs
qjg9hVj+GUCfyCYUTwhKOCSFell1NKytHZb8wG3Zg6EFA3uPru6wxTFIbzC7N2F7
GbX8qV7/ZCoG3rWw1p5CUSYwQFQWHRLWXqZYnD6LW+DXpOi5HKc2dBe89Y1616Nr
QeOgOlt4NBQJQaFeQUbAfn8OEO7s7AzR8ev7eQb26mvW8Y4PwX2ojT/0HMSjErI7
OWeQRNwYjdpz3KbkRWCQy1PJouIFCqYIsgEpYDCHS4qDApeVSJ11gkD6oXQgopQR
GvUJwnea87xXQElH5CW2IVUNnd8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSoa92R
/GqgEgZCTuOyxhaiAAaxvjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUxMDAwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnRT+MA0GCSqGSIb3DQEBCwUAA4IBAQB4IdIQE43M+q32mPhSzVZlh1Sg
e/olBpXatq5gRVDxRwxal80wQ9kSjVWIe4KeV5fiss3auYxf6t/PGZmZ5jPHPzhu
mtY7sbEJe9urfHsU+rf/3EmMr4h/pvniqu/5/gpyxfI1zam4yj5vCgMa3ToUTUSz
QOIJu8xSMfnF72yuelEPTHvDy282G1y+hSoPymj+NboJ0w53Dij/1+X0ebgpEAgR
9mLykf72RVDZnCGyvMppRkyGfms26IJ3D9Q2vsSxIJNp5i+EUDgNcqQblz5yLI3g
dqaGDCFfU1VZYcTX1nXlnzUmfWPkm78NJbLQrHmqU0N7b/vt9jN4pVIwQoK6
-----END CERTIFICATE-----