Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152386.roa
File:                     AS152386.roa (raw, json)
Hash identifier:          py9UkGtofNXRQjJ1oLzlF+PqJfOyFXs3CayOPC8ZyAk=
Subject key identifier:   F6:5B:D6:A1:B9:55:FC:CD:C4:77:4F:A2:A1:B9:50:18:A4:8C:99:EE
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2BC693FEC5152844BEF5D1B2D15C2AF9328E0D68
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152386.roa
Signing time:             Sat 02 May 2026 09:23:43 +0000
ROA not before:           Sat 02 May 2026 09:18:43 +0000
ROA not after:            Sat 01 May 2027 09:23:43 +0000
asID:                     152386
IP address blocks:        157.20.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:c6:93:fe:c5:15:28:44:be:f5:d1:b2:d1:5c:2a:f9:32:8e:0d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:43 2026 GMT
            Not After : May  1 09:23:43 2027 GMT
        Subject: CN=F65BD6A1B955FCCDC4774FA2A1B95018A48C99EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:af:ed:22:75:17:85:14:f3:e2:bb:e3:54:2c:
                    51:32:13:29:08:b3:22:18:ab:39:c5:50:83:e2:95:
                    18:6d:e7:8c:3c:d9:f1:a2:cb:d5:8b:b4:cf:23:42:
                    a9:b6:c8:6d:df:30:f9:ea:16:30:d9:a8:ce:61:6c:
                    43:c1:03:94:25:a0:dd:cb:22:77:a2:1a:b9:ab:d7:
                    f3:d7:38:da:5c:db:fb:95:6f:fe:03:1e:3e:fd:65:
                    50:90:cc:68:be:70:df:31:96:48:13:35:b2:31:1c:
                    24:c8:5b:e4:6d:a5:0b:fa:49:57:7b:7a:31:13:3a:
                    3a:49:1d:b6:22:7e:3f:a4:9b:2b:d5:c3:3f:b8:dd:
                    50:81:2a:9e:d8:fb:4e:d4:3e:09:57:ef:61:29:94:
                    6b:42:5d:22:1d:25:96:7f:c8:88:67:78:f0:d7:c1:
                    33:e8:c9:85:9c:92:8a:43:b3:a4:a7:17:62:d5:48:
                    bb:7c:b0:22:74:b5:57:4d:5e:44:df:fe:3f:bb:76:
                    c9:c3:30:0d:16:0b:1b:93:29:56:87:de:03:0d:96:
                    5c:f7:ba:62:cd:dc:29:f3:c4:e2:8c:40:36:3f:47:
                    07:9a:39:f3:05:42:8c:25:ec:bf:8b:32:17:51:25:
                    e9:34:56:80:0e:c1:e5:21:0d:52:ae:05:44:32:f4:
                    02:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5B:D6:A1:B9:55:FC:CD:C4:77:4F:A2:A1:B9:50:18:A4:8C:99:EE
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:db:88:6d:2d:12:af:d9:9d:24:f6:23:6e:e9:2d:99:2c:20:
         ab:e5:df:a9:3a:77:a9:0f:db:15:87:e0:1b:3f:ff:ec:f4:ef:
         e6:df:78:3c:5f:1e:00:3a:9b:98:0b:c2:9f:ef:b2:f8:36:e9:
         6b:bf:f8:5a:66:0c:c2:94:fe:e7:d8:6a:7e:26:f7:a9:7b:5f:
         36:80:43:af:4b:e5:2a:b9:08:72:38:04:87:ce:d7:46:4f:f5:
         a7:03:e1:62:b3:7f:39:42:01:f1:d6:2e:1a:a6:38:36:88:dc:
         b0:28:86:a8:78:cf:29:bc:96:cb:c9:64:53:26:be:4f:19:4b:
         0e:f9:8d:cc:78:d4:eb:36:68:7e:cd:bf:c4:bc:4d:43:4b:5d:
         df:16:2d:97:7c:d5:97:cd:03:bc:47:83:81:08:e6:00:84:2c:
         cf:e2:3b:1d:84:c2:b4:1c:8a:ac:1c:4a:f9:e1:68:2f:51:91:
         0c:af:9c:03:4c:b3:a3:e9:29:ec:29:09:d3:96:d8:ef:ea:c1:
         90:cb:cf:ec:af:20:79:82:66:c9:e4:dc:ec:cd:17:5d:64:b4:
         03:f2:57:f6:5c:74:24:47:57:08:17:22:d7:9f:33:62:73:e3:
         9b:be:7a:a4:8b:2c:0c:1a:c9:89:3f:55:c2:16:42:a8:3c:9b:
         10:f7:5d:c3
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUK8aT/sUVKES+9dGy0Vwq+TKODWgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg0M1oX
DTI3MDUwMTA5MjM0M1owMzExMC8GA1UEAxMoRjY1QkQ2QTFCOTU1RkNDREM0Nzc0
RkEyQTFCOTUwMThBNDhDOTlFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyv7SJ1F4UU8+K741QsUTITKQizIhirOcVQg+KVGG3njDzZ8aLL1Yu0zyNC
qbbIbd8w+eoWMNmozmFsQ8EDlCWg3csid6IauavX89c42lzb+5Vv/gMePv1lUJDM
aL5w3zGWSBM1sjEcJMhb5G2lC/pJV3t6MRM6OkkdtiJ+P6SbK9XDP7jdUIEqntj7
TtQ+CVfvYSmUa0JdIh0lln/IiGd48NfBM+jJhZySikOzpKcXYtVIu3ywInS1V01e
RN/+P7t2ycMwDRYLG5MpVofeAw2WXPe6Ys3cKfPE4oxANj9HB5o58wVCjCXsv4sy
F1El6TRWgA7B5SENUq4FRDL0Ap0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT2W9ah
uVX8zcR3T6KhuVAYpIyZ7jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzg2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnRQeMA0GCSqGSIb3DQEBCwUAA4IBAQBG24htLRKv2Z0k9iNu6S2ZLCCr
5d+pOnepD9sVh+AbP//s9O/m33g8Xx4AOpuYC8Kf77L4Nulrv/haZgzClP7n2Gp+
Jvepe182gEOvS+UquQhyOASHztdGT/WnA+Fis385QgHx1i4apjg2iNywKIaoeM8p
vJbLyWRTJr5PGUsO+Y3MeNTrNmh+zb/EvE1DS13fFi2XfNWXzQO8R4OBCOYAhCzP
4jsdhMK0HIqsHEr54WgvUZEMr5wDTLOj6SnsKQnTltjv6sGQy8/sryB5gmbJ5Nzs
zRddZLQD8lf2XHQkR1cIFyLXnzNic+ObvnqkiywMGsmJP1XCFkKoPJsQ913D
-----END CERTIFICATE-----