Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152353.roa
File:                     AS152353.roa (raw, json)
Hash identifier:          jk3J1cmFOx+WVhAHI4WAPpVmJebSIfR4TC6LBsHWrFQ=
Subject key identifier:   48:07:FB:20:10:55:6A:BD:2F:A6:2C:C0:FC:1B:FF:A8:97:54:81:2F
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       035FFF3B19805BC27E7BFFC8E8E8088120E6444A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152353.roa
Signing time:             Sat 02 May 2026 09:22:40 +0000
ROA not before:           Sat 02 May 2026 09:17:40 +0000
ROA not after:            Sat 01 May 2027 09:22:40 +0000
asID:                     152353
IP address blocks:        157.10.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:5f:ff:3b:19:80:5b:c2:7e:7b:ff:c8:e8:e8:08:81:20:e6:44:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:40 2026 GMT
            Not After : May  1 09:22:40 2027 GMT
        Subject: CN=4807FB2010556ABD2FA62CC0FC1BFFA89754812F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:47:b1:a5:84:24:2f:76:39:04:f3:1d:36:ed:
                    9f:2d:ef:53:87:9b:3b:83:d2:5a:6c:1c:fd:12:ff:
                    eb:cf:30:c3:0a:2d:c9:a1:7b:b4:70:d9:ab:50:e0:
                    54:30:24:f7:54:70:60:51:dc:9c:be:19:b7:84:50:
                    22:3b:bd:9a:59:1f:dc:8b:e5:8b:b8:b4:70:d6:b6:
                    64:5a:d5:59:76:df:dc:ad:1c:e4:66:d2:51:11:06:
                    c7:64:2d:dd:43:75:60:80:c8:bb:93:fd:a0:e8:95:
                    2f:e8:67:e1:67:cf:d7:dd:5b:64:a8:25:c9:5b:8e:
                    c4:97:e7:ff:95:f2:7b:99:09:69:3d:ab:33:d2:60:
                    2d:d6:13:bb:a6:1f:b3:f7:4c:bf:15:d7:4c:22:08:
                    43:22:fe:79:c8:4a:dc:cd:cc:bf:76:03:ba:df:9c:
                    3d:3b:89:fb:f4:68:6e:dc:a0:0e:43:e3:cc:8d:e0:
                    19:1e:34:74:39:d6:7c:5e:1d:01:ed:dd:85:28:36:
                    99:0e:28:8f:0a:b5:cc:bd:25:7b:1a:8e:6b:8f:c8:
                    86:83:34:8e:90:a3:8b:0e:f3:e7:c5:74:c0:0d:3b:
                    7d:72:94:18:89:fc:fd:b7:a6:f7:d2:47:58:47:aa:
                    31:9d:7b:a1:9e:26:8a:96:bd:b3:80:16:7a:33:11:
                    ad:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:07:FB:20:10:55:6A:BD:2F:A6:2C:C0:FC:1B:FF:A8:97:54:81:2F
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:a5:17:7a:e5:21:76:4b:78:92:d9:8a:34:a6:fd:be:ec:04:
         e0:e9:68:0f:39:c4:e2:b5:28:4a:55:b5:02:43:99:ae:3f:12:
         3f:aa:01:0b:5d:e3:6c:7f:6d:b6:33:39:b7:96:94:11:50:b8:
         e3:64:10:8d:d7:6e:51:24:75:d6:fd:70:e7:b9:c4:3d:09:7a:
         32:aa:1d:cc:08:04:99:20:f9:b6:b0:90:e3:66:12:f3:8c:2f:
         5e:70:46:bf:d9:23:83:22:f4:b2:07:6c:10:80:31:31:60:15:
         9a:9b:f6:34:00:6a:bb:d9:56:f9:05:b7:18:03:af:7c:37:c0:
         86:8d:6c:1a:f3:80:5c:51:c4:51:37:98:c3:4a:6a:c9:71:16:
         a9:d4:9e:25:8d:dc:d8:46:81:bc:97:8c:ae:e7:86:a7:f9:ba:
         a0:8d:68:cb:5c:f3:5b:9f:83:e8:02:ec:06:6f:3b:82:f8:ac:
         27:a0:e9:64:2c:b5:a9:dd:64:01:14:e6:47:f6:c9:26:00:53:
         65:cb:32:71:df:77:08:a6:e1:d8:93:54:33:c0:e3:7e:7a:eb:
         36:5e:97:33:b2:2a:a7:11:53:c1:6b:7c:94:94:b2:5f:fd:78:
         36:a6:b2:de:90:34:9e:1e:ad:69:53:f2:5f:9e:9d:f1:7c:0f:
         ab:bc:a1:b0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUA1//OxmAW8J+e//I6OgIgSDmREowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0MFoX
DTI3MDUwMTA5MjI0MFowMzExMC8GA1UEAxMoNDgwN0ZCMjAxMDU1NkFCRDJGQTYy
Q0MwRkMxQkZGQTg5NzU0ODEyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFHsaWEJC92OQTzHTbtny3vU4ebO4PSWmwc/RL/688wwwotyaF7tHDZq1Dg
VDAk91RwYFHcnL4Zt4RQIju9mlkf3Ivli7i0cNa2ZFrVWXbf3K0c5GbSUREGx2Qt
3UN1YIDIu5P9oOiVL+hn4WfP191bZKglyVuOxJfn/5Xye5kJaT2rM9JgLdYTu6Yf
s/dMvxXXTCIIQyL+echK3M3Mv3YDut+cPTuJ+/RobtygDkPjzI3gGR40dDnWfF4d
Ae3dhSg2mQ4ojwq1zL0lexqOa4/IhoM0jpCjiw7z58V0wA07fXKUGIn8/bem99JH
WEeqMZ17oZ4mipa9s4AWejMRrQkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRIB/sg
EFVqvS+mLMD8G/+ol1SBLzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzUzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnQq0MA0GCSqGSIb3DQEBCwUAA4IBAQCQpRd65SF2S3iS2Yo0pv2+7ATg
6WgPOcTitShKVbUCQ5muPxI/qgELXeNsf222Mzm3lpQRULjjZBCN125RJHXW/XDn
ucQ9CXoyqh3MCASZIPm2sJDjZhLzjC9ecEa/2SODIvSyB2wQgDExYBWam/Y0AGq7
2Vb5BbcYA698N8CGjWwa84BcUcRRN5jDSmrJcRap1J4ljdzYRoG8l4yu54an+bqg
jWjLXPNbn4PoAuwGbzuC+KwnoOlkLLWp3WQBFOZH9skmAFNlyzJx33cIpuHYk1Qz
wON+eus2XpczsiqnEVPBa3yUlLJf/Xg2prLekDSeHq1pU/Jfnp3xfA+rvKGw
-----END CERTIFICATE-----