Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152359.roa
File:                     AS152359.roa (raw, json)
Hash identifier:          THUGh/bVfvOVvN5D4PjUt6+8Kv4Y9gnhRbwgZIB4TEs=
Subject key identifier:   DA:53:68:7D:DD:A7:90:98:4C:1A:15:2A:EC:7D:63:D1:39:EB:EC:96
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       23F8FB5205DA5C4E701D20B1FB3930D1471FDD8A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152359.roa
Signing time:             Sat 02 May 2026 09:23:03 +0000
ROA not before:           Sat 02 May 2026 09:18:03 +0000
ROA not after:            Sat 01 May 2027 09:23:03 +0000
asID:                     152359
IP address blocks:        157.10.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:f8:fb:52:05:da:5c:4e:70:1d:20:b1:fb:39:30:d1:47:1f:dd:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:03 2026 GMT
            Not After : May  1 09:23:03 2027 GMT
        Subject: CN=DA53687DDDA790984C1A152AEC7D63D139EBEC96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3d:5d:ee:e0:32:a2:0c:c6:2f:cf:ac:f5:1b:
                    fb:db:67:84:8e:8a:d6:1b:4b:77:99:19:ee:f9:7f:
                    86:7b:cc:5c:2e:25:e1:e6:2b:7a:98:42:b6:04:9a:
                    a1:a4:24:fb:21:b4:9c:bc:51:38:ce:24:e9:4d:89:
                    dc:4c:b9:79:22:af:92:6d:e0:88:1f:7c:98:1d:20:
                    ae:1e:4e:1b:1c:d8:a6:6c:c7:24:44:4d:8a:f5:dd:
                    bf:52:06:64:10:73:b2:71:0d:7d:09:9f:a1:39:53:
                    6a:a0:5c:5f:e6:9e:01:de:c2:ce:5a:b1:46:1f:2b:
                    bd:3e:39:71:21:da:65:0a:41:2d:d5:b1:dc:be:4e:
                    73:a6:fa:3c:00:6e:4b:62:d2:fd:c6:9e:0b:40:27:
                    9b:84:c5:6b:c4:b0:eb:ce:22:dc:28:c5:85:c9:57:
                    88:97:2c:67:6a:3e:52:ba:64:54:4f:47:81:15:2b:
                    8b:38:71:89:76:ec:bf:f5:fa:90:c5:4f:2c:f6:78:
                    3d:29:75:76:c3:b3:35:dd:08:1d:1b:e7:fc:00:85:
                    d9:a6:98:fa:5b:20:6f:55:8f:f3:99:ad:f9:56:79:
                    5a:32:92:78:20:7e:92:8b:91:42:4f:7a:bc:be:d1:
                    0d:32:31:5e:94:aa:e3:12:9d:27:80:1f:1d:dd:30:
                    82:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:53:68:7D:DD:A7:90:98:4C:1A:15:2A:EC:7D:63:D1:39:EB:EC:96
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ce:af:74:c2:2d:1b:f3:71:24:04:b2:c3:20:33:91:41:88:
         7b:be:93:72:55:4c:9f:bf:75:04:a8:3e:ca:33:0d:08:50:8f:
         e2:1a:ff:7d:f7:5c:84:59:93:14:55:d2:7f:3b:85:c3:a3:f0:
         be:e1:80:52:8a:51:87:32:e0:64:af:34:0f:52:96:2b:2a:0f:
         2d:37:15:ac:86:f3:c3:50:b7:52:87:53:0c:b4:23:f4:cc:31:
         77:f7:67:6b:e4:e5:63:fe:ff:6b:5d:78:54:5e:86:a4:2a:df:
         74:53:d3:fa:43:79:ee:b7:d3:81:ae:b4:d1:ea:5d:f3:dd:50:
         5f:38:c7:81:d5:92:fc:a9:23:2d:4d:36:a9:3e:b4:58:41:1f:
         10:80:3c:79:5f:57:f6:84:56:88:fb:0f:f8:16:02:2e:32:ab:
         b0:43:7c:68:c6:68:ec:35:05:78:c2:38:f9:30:a3:a4:23:9a:
         dc:79:14:7b:eb:8f:90:66:7a:9f:28:e6:bf:55:3d:fd:e4:35:
         d5:b9:ff:80:a0:9c:21:87:06:89:64:c8:96:9b:7f:33:41:cd:
         22:96:81:75:92:5a:92:9d:4a:37:fa:26:e6:ee:68:68:4e:0b:
         04:dc:b9:cd:c1:d7:73:af:70:c5:30:66:26:27:25:27:83:df:
         86:b3:8d:b6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUI/j7UgXaXE5wHSCx+zkw0Ucf3YowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwM1oX
DTI3MDUwMTA5MjMwM1owMzExMC8GA1UEAxMoREE1MzY4N0REREE3OTA5ODRDMUEx
NTJBRUM3RDYzRDEzOUVCRUM5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOI9Xe7gMqIMxi/PrPUb+9tnhI6K1htLd5kZ7vl/hnvMXC4l4eYrephCtgSa
oaQk+yG0nLxROM4k6U2J3Ey5eSKvkm3giB98mB0grh5OGxzYpmzHJERNivXdv1IG
ZBBzsnENfQmfoTlTaqBcX+aeAd7CzlqxRh8rvT45cSHaZQpBLdWx3L5Oc6b6PABu
S2LS/caeC0Anm4TFa8Sw684i3CjFhclXiJcsZ2o+UrpkVE9HgRUrizhxiXbsv/X6
kMVPLPZ4PSl1dsOzNd0IHRvn/ACF2aaY+lsgb1WP85mt+VZ5WjKSeCB+kouRQk96
vL7RDTIxXpSq4xKdJ4AfHd0wgukCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTaU2h9
3aeQmEwaFSrsfWPROevsljAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzU5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQr+MA0GCSqGSIb3DQEBCwUAA4IBAQATzq90wi0b83EkBLLDIDORQYh7
vpNyVUyfv3UEqD7KMw0IUI/iGv9991yEWZMUVdJ/O4XDo/C+4YBSilGHMuBkrzQP
UpYrKg8tNxWshvPDULdSh1MMtCP0zDF392dr5OVj/v9rXXhUXoakKt90U9P6Q3nu
t9OBrrTR6l3z3VBfOMeB1ZL8qSMtTTapPrRYQR8QgDx5X1f2hFaI+w/4FgIuMquw
Q3xoxmjsNQV4wjj5MKOkI5rceRR764+QZnqfKOa/VT395DXVuf+AoJwhhwaJZMiW
m38zQc0iloF1klqSnUo3+ibm7mhoTgsE3LnNwddzr3DFMGYmJyUng9+Gs422
-----END CERTIFICATE-----