Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152358.roa
File:                     AS152358.roa (raw, json)
Hash identifier:          /DARgpuzN1kNiE8xLUYA1MZjBe3M6+1aYjalkFu2424=
Subject key identifier:   74:65:47:90:2F:61:25:D5:20:35:6A:6E:DC:2B:21:36:72:97:DE:AA
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       03A62680E9364E96269CD47C49155A4274DF64B2
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152358.roa
Signing time:             Sat 02 May 2026 09:22:44 +0000
ROA not before:           Sat 02 May 2026 09:17:44 +0000
ROA not after:            Sat 01 May 2027 09:22:44 +0000
asID:                     152358
IP address blocks:        157.15.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:a6:26:80:e9:36:4e:96:26:9c:d4:7c:49:15:5a:42:74:df:64:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:44 2026 GMT
            Not After : May  1 09:22:44 2027 GMT
        Subject: CN=746547902F6125D520356A6EDC2B21367297DEAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e4:73:5a:51:45:bd:03:28:23:91:4c:b7:9f:
                    d9:d5:ff:1f:5d:be:4e:3b:d1:a1:f6:33:fd:9b:37:
                    09:6f:15:a7:54:2d:2c:1a:27:cb:c2:99:e2:98:c5:
                    db:94:96:b3:e7:94:d1:65:e9:46:5e:e1:af:93:64:
                    36:fa:23:41:63:c3:da:af:40:49:d0:0e:e2:92:67:
                    b3:5a:da:28:de:20:47:74:69:d1:4c:73:b6:d5:b1:
                    44:6e:bc:7f:e8:68:dd:df:29:49:73:d1:61:07:9b:
                    db:2b:0e:2b:33:aa:a6:ce:1d:1d:fe:d4:d7:b7:89:
                    82:fa:53:be:bc:0c:3c:a0:1f:6c:ea:79:e8:3e:06:
                    15:c3:1c:d5:49:d9:83:cd:c7:7f:8f:1d:a0:f8:77:
                    da:a3:e9:f8:26:55:6a:f3:c9:1d:2a:63:66:d5:36:
                    72:ba:b2:3a:7f:84:aa:5e:41:a9:9e:5e:61:4e:01:
                    c2:e6:83:0f:57:23:85:da:77:e2:0e:60:1a:42:32:
                    a2:c8:d5:48:1d:69:9e:c7:43:d0:d3:07:df:59:f4:
                    b2:69:61:e2:b9:a8:64:3a:4b:0f:65:b9:0d:49:6e:
                    c0:92:4d:a3:17:04:cf:1c:c5:97:ce:70:49:5f:a0:
                    a6:0f:a1:63:28:bf:60:20:92:c1:1d:63:99:8f:d1:
                    97:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:65:47:90:2F:61:25:D5:20:35:6A:6E:DC:2B:21:36:72:97:DE:AA
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152358.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a1:73:23:86:72:27:91:b6:c6:38:25:66:1f:45:fb:92:4f:
         0f:ba:7e:f5:c8:38:6e:cd:c0:ad:d2:23:6b:89:67:97:c3:91:
         e1:4e:76:3b:d4:d1:12:a0:89:ab:f5:36:69:8a:f9:fc:8a:b8:
         f4:7a:9e:22:8a:a2:7f:da:a2:d5:46:75:de:77:58:ba:e8:35:
         a9:33:ad:34:12:06:3f:aa:39:79:d1:60:13:82:79:0e:9b:c5:
         62:86:f7:57:5f:bc:ab:35:cd:cb:43:0e:2c:09:3e:f7:91:66:
         94:5b:ca:d0:a8:b9:d9:1b:e6:aa:21:8b:e0:54:44:ac:f7:74:
         4b:bb:fe:59:26:b8:a9:ae:d3:a2:c3:77:ba:d2:f2:ca:a7:6a:
         70:30:39:be:7b:5f:31:2c:ea:48:7a:c1:12:79:bd:9d:1a:4e:
         06:89:ed:44:01:f1:35:7c:12:cd:54:92:03:e9:67:4b:5f:b4:
         95:db:52:fc:fb:55:f7:27:03:d9:4a:22:15:c5:5b:ce:6a:6d:
         f3:be:9c:5b:9f:4e:83:f8:cf:bf:bd:20:90:82:09:45:54:d7:
         b0:87:27:61:71:ed:06:9f:c2:4d:98:37:1c:99:b0:d9:d5:0f:
         68:c5:bf:b5:4f:75:08:01:a3:6e:25:d6:b3:9c:5a:c9:7d:aa:
         5f:c3:2b:ce
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUA6YmgOk2TpYmnNR8SRVaQnTfZLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0NFoX
DTI3MDUwMTA5MjI0NFowMzExMC8GA1UEAxMoNzQ2NTQ3OTAyRjYxMjVENTIwMzU2
QTZFREMyQjIxMzY3Mjk3REVBQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKfkc1pRRb0DKCORTLef2dX/H12+TjvRofYz/Zs3CW8Vp1QtLBony8KZ4pjF
25SWs+eU0WXpRl7hr5NkNvojQWPD2q9ASdAO4pJns1raKN4gR3Rp0UxzttWxRG68
f+ho3d8pSXPRYQeb2ysOKzOqps4dHf7U17eJgvpTvrwMPKAfbOp56D4GFcMc1UnZ
g83Hf48doPh32qPp+CZVavPJHSpjZtU2crqyOn+Eql5BqZ5eYU4BwuaDD1cjhdp3
4g5gGkIyosjVSB1pnsdD0NMH31n0smlh4rmoZDpLD2W5DUluwJJNoxcEzxzFl85w
SV+gpg+hYyi/YCCSwR1jmY/Rly8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR0ZUeQ
L2El1SA1am7cKyE2cpfeqjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzU4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnQ8EMA0GCSqGSIb3DQEBCwUAA4IBAQBzoXMjhnInkbbGOCVmH0X7kk8P
un71yDhuzcCt0iNriWeXw5HhTnY71NESoImr9TZpivn8irj0ep4iiqJ/2qLVRnXe
d1i66DWpM600EgY/qjl50WATgnkOm8VihvdXX7yrNc3LQw4sCT73kWaUW8rQqLnZ
G+aqIYvgVESs93RLu/5ZJriprtOiw3e60vLKp2pwMDm+e18xLOpIesESeb2dGk4G
ie1EAfE1fBLNVJID6WdLX7SV21L8+1X3JwPZSiIVxVvOam3zvpxbn06D+M+/vSCQ
gglFVNewhydhce0Gn8JNmDccmbDZ1Q9oxb+1T3UIAaNuJdaznFrJfapfwyvO
-----END CERTIFICATE-----