Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152375.roa
File:                     AS152375.roa (raw, json)
Hash identifier:          M4XC/OIy5rXb2CvJh2WE1kUkVE+j3+PeCvzmWiTKH/0=
Subject key identifier:   18:87:4B:2F:0A:57:22:8D:93:C1:95:D3:8C:81:EA:F7:C5:3B:DC:78
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       5DB09F30ED1A6FA636446E28FB53FDBA1FCADE50
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152375.roa
Signing time:             Sat 02 May 2026 09:23:20 +0000
ROA not before:           Sat 02 May 2026 09:18:20 +0000
ROA not after:            Sat 01 May 2027 09:23:20 +0000
asID:                     152375
IP address blocks:        157.15.64.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:b0:9f:30:ed:1a:6f:a6:36:44:6e:28:fb:53:fd:ba:1f:ca:de:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:20 2026 GMT
            Not After : May  1 09:23:20 2027 GMT
        Subject: CN=18874B2F0A57228D93C195D38C81EAF7C53BDC78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d6:ca:b4:16:9d:45:64:92:06:2a:c5:6f:aa:
                    9e:35:a9:f0:26:22:08:68:3c:de:4b:be:c2:50:e0:
                    d9:14:bb:9b:b7:55:a3:a3:57:1d:9d:7b:60:ca:7c:
                    4b:5b:81:df:8c:23:9b:be:74:5f:6c:f0:6c:c6:3a:
                    39:02:b2:3b:f0:f0:ee:d7:29:e2:58:c7:c8:16:da:
                    58:fd:09:d4:d8:f3:41:e2:e0:4b:d0:99:f7:25:b9:
                    ba:1f:3f:81:a7:43:a8:d0:0e:d6:6e:46:b6:49:c9:
                    45:b4:63:56:2f:b8:f4:34:31:93:96:35:38:1d:55:
                    b7:f1:c7:0e:81:66:99:87:45:36:c9:31:63:3c:6e:
                    4c:b5:81:ea:80:33:f6:dc:9c:f4:1d:ff:18:b6:3a:
                    32:60:62:6d:48:90:ce:89:6c:fa:8a:a6:3d:5b:1e:
                    27:41:64:86:86:14:2b:6e:7c:2a:bc:db:09:d3:b5:
                    c2:2a:30:b2:5a:d4:b3:db:a9:29:e8:60:20:85:ab:
                    12:50:67:fb:dc:fc:10:b4:0e:93:8d:b3:a2:9a:3a:
                    77:5b:08:3c:74:75:0b:b7:b3:af:27:01:ff:8c:df:
                    b8:32:02:f8:9f:13:87:e1:82:37:27:a4:b2:77:35:
                    72:83:14:ca:a0:71:18:f2:85:06:66:db:2f:f0:67:
                    9e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:87:4B:2F:0A:57:22:8D:93:C1:95:D3:8C:81:EA:F7:C5:3B:DC:78
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152375.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:90:ed:b6:16:d5:09:34:93:b7:1f:49:23:08:0f:e7:3b:eb:
         0e:58:50:8c:5d:4f:5d:9d:70:fc:5a:15:87:56:8d:08:f5:48:
         1c:d3:99:f3:a6:a6:6d:62:db:24:61:fe:60:06:e7:f2:48:05:
         92:a6:0f:43:e4:da:bf:aa:4c:95:ab:66:f3:2f:69:9c:5d:b6:
         a1:49:9c:ec:ca:e4:ee:63:ba:4f:49:d2:48:69:0a:08:ac:c5:
         fa:35:d9:d2:8d:39:ab:b4:fb:eb:7f:2c:98:b7:d1:92:d8:4e:
         16:6f:65:b0:8b:93:61:01:08:08:6d:ca:4a:f0:c4:68:ae:a8:
         5d:db:01:59:c7:73:be:8e:dd:79:60:f2:29:42:66:38:f3:0b:
         6e:75:66:f3:75:f8:ee:ca:a1:bb:67:bd:bc:44:3c:47:1b:0f:
         d3:53:a1:ce:3d:87:55:1d:f7:03:86:e2:d4:07:99:ac:3f:02:
         e5:22:11:2c:27:3a:10:0c:10:70:ea:80:7f:c4:fc:6c:43:72:
         2f:20:6c:7f:3a:03:a4:ac:1e:c1:42:29:f4:e2:8e:e3:de:3a:
         e6:d5:b7:43:e5:3f:3d:0b:9c:0b:1d:37:cb:82:16:9d:96:e4:
         eb:3d:51:ba:67:24:93:7a:7d:99:98:6f:52:2b:ee:72:b7:c5:
         df:b8:39:5e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUXbCfMO0ab6Y2RG4o+1P9uh/K3lAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgyMFoX
DTI3MDUwMTA5MjMyMFowMzExMC8GA1UEAxMoMTg4NzRCMkYwQTU3MjI4RDkzQzE5
NUQzOEM4MUVBRjdDNTNCREM3ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANvWyrQWnUVkkgYqxW+qnjWp8CYiCGg83ku+wlDg2RS7m7dVo6NXHZ17YMp8
S1uB34wjm750X2zwbMY6OQKyO/Dw7tcp4ljHyBbaWP0J1NjzQeLgS9CZ9yW5uh8/
gadDqNAO1m5GtknJRbRjVi+49DQxk5Y1OB1Vt/HHDoFmmYdFNskxYzxuTLWB6oAz
9tyc9B3/GLY6MmBibUiQzols+oqmPVseJ0FkhoYUK258KrzbCdO1wiowslrUs9up
KehgIIWrElBn+9z8ELQOk42zopo6d1sIPHR1C7ezrycB/4zfuDIC+J8Th+GCNyek
snc1coMUyqBxGPKFBmbbL/BnntkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQYh0sv
ClcijZPBldOMger3xTvceDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQ9AMA0GCSqGSIb3DQEBCwUAA4IBAQBukO22FtUJNJO3H0kjCA/nO+sO
WFCMXU9dnXD8WhWHVo0I9Ugc05nzpqZtYtskYf5gBufySAWSpg9D5Nq/qkyVq2bz
L2mcXbahSZzsyuTuY7pPSdJIaQoIrMX6NdnSjTmrtPvrfyyYt9GS2E4Wb2Wwi5Nh
AQgIbcpK8MRorqhd2wFZx3O+jt15YPIpQmY48wtudWbzdfjuyqG7Z728RDxHGw/T
U6HOPYdVHfcDhuLUB5msPwLlIhEsJzoQDBBw6oB/xPxsQ3IvIGx/OgOkrB7BQin0
4o7j3jrm1bdD5T89C5wLHTfLghadluTrPVG6ZySTen2ZmG9SK+5yt8XfuDle
-----END CERTIFICATE-----