Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152003.roa
File:                     AS152003.roa (raw, json)
Hash identifier:          E4iL++gTmJ4e+DiFSBglWh5Wc0D+K6x09ns0pDmLuDI=
Subject key identifier:   AA:C6:42:46:00:E4:71:C6:31:1A:A7:62:E3:89:C1:DB:73:A3:14:D7
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       343E3BD2DC26803E10AC1133B72B51A29086E7DA
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152003.roa
Signing time:             Sat 02 May 2026 09:23:52 +0000
ROA not before:           Sat 02 May 2026 09:18:52 +0000
ROA not after:            Sat 01 May 2027 09:23:52 +0000
asID:                     152003
IP address blocks:        160.191.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:3e:3b:d2:dc:26:80:3e:10:ac:11:33:b7:2b:51:a2:90:86:e7:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:52 2026 GMT
            Not After : May  1 09:23:52 2027 GMT
        Subject: CN=AAC6424600E471C6311AA762E389C1DB73A314D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:81:81:c9:0f:e0:4e:15:d9:24:09:84:75:ec:
                    55:32:77:55:e7:0e:2c:c3:3b:09:f1:c3:51:8f:d7:
                    1c:6e:fa:2d:9a:10:1f:ed:43:fa:2b:21:06:8d:52:
                    ae:b9:7e:94:79:03:42:7b:40:08:d8:60:0d:1b:a1:
                    c4:5f:5c:d0:03:42:c5:1c:5e:d4:76:95:df:68:e4:
                    d6:91:88:15:f3:22:af:a0:ff:24:24:79:75:47:8e:
                    ae:c6:a0:a6:54:f9:dc:14:3b:23:4f:70:63:18:35:
                    07:c7:0f:ca:1b:67:4d:12:4f:2f:5a:91:a6:c9:33:
                    bd:de:6b:8b:aa:cc:23:65:eb:50:59:f4:d3:1c:66:
                    85:44:1e:84:d9:c5:3c:cf:6e:d3:e3:e2:ca:11:6e:
                    05:b3:4b:6e:95:e5:db:9d:28:2b:b7:a1:f9:71:31:
                    6d:0f:f7:17:e8:0e:6c:98:d6:99:7e:57:f0:94:1d:
                    7e:15:40:17:f9:88:3f:68:4f:05:e6:25:6d:cf:37:
                    91:36:d6:89:20:3a:e2:24:c7:34:3f:69:c1:e4:b4:
                    51:cb:0a:c7:f4:07:c6:8b:65:b3:e9:7c:6d:fc:c8:
                    fa:1a:bc:c6:5a:6b:cb:18:3e:10:0c:27:86:68:a8:
                    6c:0c:10:9b:f8:80:0e:ec:76:02:a6:11:5f:6c:7f:
                    9f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C6:42:46:00:E4:71:C6:31:1A:A7:62:E3:89:C1:DB:73:A3:14:D7
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b9:5b:14:97:91:70:94:3f:ee:a9:ef:d7:74:e7:01:1d:83:
         48:ca:d0:c3:75:d8:e0:d6:6d:ce:82:70:35:e5:c5:45:ce:08:
         21:0a:da:80:08:db:8c:6a:e0:8a:2f:f8:1c:a6:49:21:3c:26:
         17:c3:1d:91:4b:da:07:3a:22:f8:0a:d2:ec:c1:3c:d7:2d:0c:
         c2:f8:0b:03:3b:ae:ab:a8:5f:c4:d1:ca:bb:3e:31:2d:a3:f9:
         ab:c3:22:16:b8:92:8c:df:7f:fc:9b:e6:04:36:28:99:4b:bc:
         43:cd:4f:e3:64:9d:89:42:e5:c7:dc:5c:14:d6:6e:d2:84:aa:
         d3:36:1f:09:67:22:32:83:a1:93:5d:67:47:46:2f:dc:8c:71:
         82:7b:7f:2f:31:7a:fd:a8:07:31:e4:32:ff:db:2e:7a:d1:05:
         d0:9e:1d:3c:a3:30:a3:28:f9:1b:27:4c:71:cb:33:90:b3:8b:
         a1:db:ed:01:d5:bf:38:24:9e:9d:ef:51:42:73:39:90:c0:b6:
         de:75:18:eb:99:98:d5:10:fc:91:6f:c8:27:0c:d1:3e:25:d3:
         03:67:36:41:84:42:20:69:a3:cd:97:56:d9:8c:df:3b:d8:1f:
         88:c4:e9:cc:6b:7a:86:82:04:26:a4:94:00:81:6b:16:e5:6e:
         b2:99:22:63
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUND470twmgD4QrBEztytRopCG59owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1MloX
DTI3MDUwMTA5MjM1MlowMzExMC8GA1UEAxMoQUFDNjQyNDYwMEU0NzFDNjMxMUFB
NzYyRTM4OUMxREI3M0EzMTRENzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANmBgckP4E4V2SQJhHXsVTJ3VecOLMM7CfHDUY/XHG76LZoQH+1D+ishBo1S
rrl+lHkDQntACNhgDRuhxF9c0ANCxRxe1HaV32jk1pGIFfMir6D/JCR5dUeOrsag
plT53BQ7I09wYxg1B8cPyhtnTRJPL1qRpskzvd5ri6rMI2XrUFn00xxmhUQehNnF
PM9u0+PiyhFuBbNLbpXl250oK7eh+XExbQ/3F+gObJjWmX5X8JQdfhVAF/mIP2hP
BeYlbc83kTbWiSA64iTHND9pweS0UcsKx/QHxotls+l8bfzI+hq8xlpryxg+EAwn
hmiobAwQm/iADux2AqYRX2x/n2cCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSqxkJG
AORxxjEap2LjicHbc6MU1zAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMDAzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoL+tMA0GCSqGSIb3DQEBCwUAA4IBAQBOuVsUl5FwlD/uqe/XdOcBHYNI
ytDDddjg1m3OgnA15cVFzgghCtqACNuMauCKL/gcpkkhPCYXwx2RS9oHOiL4CtLs
wTzXLQzC+AsDO66rqF/E0cq7PjEto/mrwyIWuJKM33/8m+YENiiZS7xDzU/jZJ2J
QuXH3FwU1m7ShKrTNh8JZyIyg6GTXWdHRi/cjHGCe38vMXr9qAcx5DL/2y560QXQ
nh08ozCjKPkbJ0xxyzOQs4uh2+0B1b84JJ6d71FCczmQwLbedRjrmZjVEPyRb8gn
DNE+JdMDZzZBhEIgaaPNl1bZjN872B+IxOnMa3qGggQmpJQAgWsW5W6ymSJj
-----END CERTIFICATE-----