Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152374.roa
File:                     AS152374.roa (raw, json)
Hash identifier:          GLsIeGAefFhjtXPFX77awAb+B9YnKRvZVQBpAprxe+A=
Subject key identifier:   C8:CF:EF:0D:13:DF:36:98:46:02:F2:30:D4:F4:7C:77:DC:3F:BA:4A
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       37105CFF05523FC863F5EB44AED94B516E63FC58
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152374.roa
Signing time:             Sat 02 May 2026 14:50:22 +0000
ROA not before:           Sat 02 May 2026 14:45:22 +0000
ROA not after:            Sat 01 May 2027 14:50:22 +0000
asID:                     152374
IP address blocks:        157.15.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:10:5c:ff:05:52:3f:c8:63:f5:eb:44:ae:d9:4b:51:6e:63:fc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 14:45:22 2026 GMT
            Not After : May  1 14:50:22 2027 GMT
        Subject: CN=C8CFEF0D13DF36984602F230D4F47C77DC3FBA4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:72:c3:68:7e:22:83:09:66:a7:d4:fc:19:f0:
                    7d:8b:ae:75:49:ea:2e:07:1f:6f:5f:d4:f8:b5:15:
                    57:94:0f:3f:5c:f0:43:56:e5:f8:61:80:6b:7e:9d:
                    3b:15:a8:74:ca:64:0f:72:05:b8:d5:72:74:d8:f9:
                    01:b2:02:05:06:49:30:3e:c3:46:53:c3:a4:ff:0f:
                    1b:9d:e1:6e:ae:0e:53:84:3b:ff:b4:62:67:7a:31:
                    ae:fb:ce:f1:c3:ec:6e:3b:4b:a0:18:d2:98:ae:24:
                    4c:e2:74:07:8b:3f:bf:d0:f9:27:2a:81:9a:af:3c:
                    a2:ed:c3:29:1f:f9:57:74:10:29:33:25:d5:c7:bc:
                    e9:94:66:2f:09:4b:70:9c:1b:04:ad:49:01:9f:4a:
                    b0:24:8c:34:fc:7b:18:73:de:26:e1:fe:65:ef:91:
                    55:75:f7:18:cc:cf:ea:2c:88:1b:d3:aa:d5:05:be:
                    62:27:79:68:bb:a8:7d:d8:95:7e:94:69:5f:d5:d8:
                    3c:dc:d3:e4:8f:41:49:83:6b:cb:fc:a5:e1:04:0f:
                    22:7d:74:ca:4f:a0:86:28:93:7a:49:ad:ec:a5:99:
                    37:27:7f:3f:3c:45:b9:e2:c9:3d:51:4a:33:a8:49:
                    12:94:3a:a3:d9:04:83:35:ba:90:77:8a:f8:b7:04:
                    37:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:CF:EF:0D:13:DF:36:98:46:02:F2:30:D4:F4:7C:77:DC:3F:BA:4A
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8e:bd:27:5b:87:75:7f:b0:39:00:6c:9c:1b:41:fe:dc:91:
         5a:ea:93:ea:18:a7:be:27:71:ba:53:d0:67:b0:84:a2:8b:89:
         11:4f:b6:a0:8a:cd:fb:31:65:75:22:67:a3:ce:84:cc:03:10:
         02:53:04:6e:b3:06:08:db:10:5e:dd:b5:cb:3f:cb:75:77:fe:
         87:17:75:a2:86:27:34:82:aa:1a:7c:1e:c4:58:d1:6c:ce:59:
         b2:a5:07:72:a4:30:dd:e6:b6:23:5a:35:5d:d2:b8:76:c3:ae:
         84:98:63:1b:33:20:06:44:16:c1:b0:05:3e:06:a4:a4:c6:75:
         61:83:7f:a7:e1:7a:85:9c:bc:e9:65:1b:1d:88:ea:ee:53:f1:
         33:14:a5:08:46:4c:5e:83:2f:48:f3:7a:53:b0:57:5c:db:6a:
         c3:d3:74:c1:2e:27:95:40:14:69:c9:a8:19:d2:08:31:bf:3e:
         b6:48:88:8d:77:42:5e:0c:92:89:f1:c4:be:62:c2:c6:88:91:
         43:29:5d:23:d5:1c:cd:5d:9f:44:33:cf:9a:32:6f:45:63:85:
         1c:c1:9b:7c:0a:52:ae:20:85:35:ab:ab:b7:d0:95:ff:4c:d5:
         de:9d:cd:11:b8:ce:e9:95:e2:76:ef:40:15:be:7d:c8:95:71:
         07:c3:06:d2
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUNxBc/wVSP8hj9etErtlLUW5j/FgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjE0NDUyMloX
DTI3MDUwMTE0NTAyMlowMzExMC8GA1UEAxMoQzhDRkVGMEQxM0RGMzY5ODQ2MDJG
MjMwRDRGNDdDNzdEQzNGQkE0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALByw2h+IoMJZqfU/BnwfYuudUnqLgcfb1/U+LUVV5QPP1zwQ1bl+GGAa36d
OxWodMpkD3IFuNVydNj5AbICBQZJMD7DRlPDpP8PG53hbq4OU4Q7/7RiZ3oxrvvO
8cPsbjtLoBjSmK4kTOJ0B4s/v9D5JyqBmq88ou3DKR/5V3QQKTMl1ce86ZRmLwlL
cJwbBK1JAZ9KsCSMNPx7GHPeJuH+Ze+RVXX3GMzP6iyIG9Oq1QW+Yid5aLuofdiV
fpRpX9XYPNzT5I9BSYNry/yl4QQPIn10yk+ghiiTekmt7KWZNyd/PzxFueLJPVFK
M6hJEpQ6o9kEgzW6kHeK+LcEN6MCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTIz+8N
E982mEYC8jDU9Hx33D+6SjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzc0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnQ9MMA0GCSqGSIb3DQEBCwUAA4IBAQCGjr0nW4d1f7A5AGycG0H+3JFa
6pPqGKe+J3G6U9BnsISii4kRT7agis37MWV1ImejzoTMAxACUwRuswYI2xBe3bXL
P8t1d/6HF3Wihic0gqoafB7EWNFszlmypQdypDDd5rYjWjVd0rh2w66EmGMbMyAG
RBbBsAU+BqSkxnVhg3+n4XqFnLzpZRsdiOruU/EzFKUIRkxegy9I83pTsFdc22rD
03TBLieVQBRpyagZ0ggxvz62SIiNd0JeDJKJ8cS+YsLGiJFDKV0j1RzNXZ9EM8+a
Mm9FY4UcwZt8ClKuIIU1q6u30JX/TNXenc0RuM7pleJ270AVvn3IlXEHwwbS
-----END CERTIFICATE-----