Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152380.roa
File:                     AS152380.roa (raw, json)
Hash identifier:          RYR1guSMRwGIA+gAraJ4S21KqIvSGu9dAi++5i50ZKg=
Subject key identifier:   53:EB:80:7B:D1:BC:07:CA:A8:8A:78:6E:67:13:4E:89:E5:31:E3:F4
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       22D359DB27D860399E2D4B601C24E3F58758A6AD
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152380.roa
Signing time:             Sat 02 May 2026 09:23:07 +0000
ROA not before:           Sat 02 May 2026 09:18:07 +0000
ROA not after:            Sat 01 May 2027 09:23:07 +0000
asID:                     152380
IP address blocks:        157.15.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d3:59:db:27:d8:60:39:9e:2d:4b:60:1c:24:e3:f5:87:58:a6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:07 2026 GMT
            Not After : May  1 09:23:07 2027 GMT
        Subject: CN=53EB807BD1BC07CAA88A786E67134E89E531E3F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:57:4d:f9:3f:0d:4c:e9:57:fd:5f:da:8a:61:
                    32:c3:0d:fd:5d:2d:27:ed:d6:74:82:eb:b6:37:6c:
                    9d:65:8e:76:c6:e1:be:40:34:2c:67:b8:a9:8e:cf:
                    b6:90:d4:37:cf:62:98:e4:96:44:f0:b1:3d:90:e0:
                    43:df:9f:50:5c:01:26:84:b7:f1:d6:5d:33:9d:f5:
                    2b:c2:e8:76:19:31:4f:d1:6e:fa:ef:4c:c9:36:b0:
                    c0:36:b9:8a:59:46:07:ef:9c:6b:51:9f:7d:75:82:
                    f6:1c:64:0c:3e:a1:fb:52:9b:c9:19:b4:6e:20:53:
                    60:7b:98:68:44:67:73:71:af:53:7d:c9:5b:3a:f3:
                    99:d4:0f:34:f1:3e:76:31:ef:05:77:38:bf:b1:7f:
                    79:e8:67:da:ea:bb:6d:56:dc:20:76:23:63:cc:02:
                    47:f2:fa:1c:60:a1:22:91:db:7c:4c:17:08:49:0f:
                    a0:cd:6b:4c:72:2c:ab:19:83:52:b7:58:88:6c:7d:
                    8d:c1:a3:d5:6c:ab:f2:ae:f9:5c:80:9e:cb:3d:6e:
                    92:bc:28:0c:7e:09:1e:47:2e:f9:02:43:b5:f3:67:
                    0a:68:a7:1a:24:ea:54:bf:db:fe:c8:20:d1:9f:4f:
                    95:d2:af:fd:21:fc:5e:19:35:07:fa:68:11:87:87:
                    8a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:EB:80:7B:D1:BC:07:CA:A8:8A:78:6E:67:13:4E:89:E5:31:E3:F4
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152380.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:2f:06:67:fc:ec:09:a1:3f:c9:74:32:bf:89:97:3e:36:a2:
         f3:27:1f:4b:ae:99:27:23:99:31:b6:4e:ed:63:6d:5d:3d:0b:
         4a:39:3a:72:8f:25:c6:b3:f7:d8:d6:6c:08:18:73:61:6c:12:
         64:b0:a2:b1:56:2f:16:fd:39:01:1b:81:86:70:9e:fa:af:57:
         56:2b:3f:17:a6:59:e0:a6:7f:bb:86:af:57:1c:d9:c2:e5:10:
         7c:c8:1a:d6:d7:76:5d:6c:c3:e7:f3:38:6e:51:1e:66:c3:c2:
         a4:b9:0a:ff:f0:a7:ad:01:01:ab:da:4d:77:a9:a6:fa:69:f6:
         41:2f:10:06:41:96:83:e4:2a:46:b4:1e:1e:59:a4:60:9e:ae:
         a2:47:7f:75:51:b7:32:b6:0a:23:97:39:19:9c:2f:05:22:fc:
         5a:8c:d2:2a:16:a5:a1:a1:82:27:57:c0:19:bf:0f:cb:06:3c:
         02:5e:27:ba:7d:ac:d1:08:25:4f:3f:b1:7e:76:02:87:f7:1c:
         2f:8a:81:7d:e8:ce:24:00:10:13:6e:d2:b7:8c:0e:b2:f5:15:
         ac:be:ae:87:8e:6c:dc:a5:86:b4:fa:f6:88:c0:9c:db:f2:bb:
         57:a7:3b:6a:b5:0b:7d:13:46:9c:a9:73:8a:ea:d9:54:0f:f6:
         41:5f:95:6d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUItNZ2yfYYDmeLUtgHCTj9YdYpq0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwN1oX
DTI3MDUwMTA5MjMwN1owMzExMC8GA1UEAxMoNTNFQjgwN0JEMUJDMDdDQUE4OEE3
ODZFNjcxMzRFODlFNTMxRTNGNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtXTfk/DUzpV/1f2ophMsMN/V0tJ+3WdILrtjdsnWWOdsbhvkA0LGe4qY7P
tpDUN89imOSWRPCxPZDgQ9+fUFwBJoS38dZdM531K8LodhkxT9Fu+u9MyTawwDa5
illGB++ca1GffXWC9hxkDD6h+1KbyRm0biBTYHuYaERnc3GvU33JWzrzmdQPNPE+
djHvBXc4v7F/eehn2uq7bVbcIHYjY8wCR/L6HGChIpHbfEwXCEkPoM1rTHIsqxmD
UrdYiGx9jcGj1Wyr8q75XICeyz1ukrwoDH4JHkcu+QJDtfNnCminGiTqVL/b/sgg
0Z9PldKv/SH8Xhk1B/poEYeHiqMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRT64B7
0bwHyqiKeG5nE06J5THj9DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzgwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQ+oMA0GCSqGSIb3DQEBCwUAA4IBAQB4LwZn/OwJoT/JdDK/iZc+NqLz
Jx9LrpknI5kxtk7tY21dPQtKOTpyjyXGs/fY1mwIGHNhbBJksKKxVi8W/TkBG4GG
cJ76r1dWKz8Xplngpn+7hq9XHNnC5RB8yBrW13ZdbMPn8zhuUR5mw8KkuQr/8Ket
AQGr2k13qab6afZBLxAGQZaD5CpGtB4eWaRgnq6iR391UbcytgojlzkZnC8FIvxa
jNIqFqWhoYInV8AZvw/LBjwCXie6fazRCCVPP7F+dgKH9xwvioF96M4kABATbtK3
jA6y9RWsvq6HjmzcpYa0+vaIwJzb8rtXpztqtQt9E0acqXOK6tlUD/ZBX5Vt
-----END CERTIFICATE-----