Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152389.roa
File:                     AS152389.roa (raw, json)
Hash identifier:          FnnKTtO64O8rBMOZtPB8j2WubxK8JxUoUns3k0lwK9g=
Subject key identifier:   4D:A7:F1:E8:C8:86:C2:6C:A8:07:93:42:36:6F:CA:AE:3A:8D:4B:11
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       5D5F807305D6E998340C87E87D8F092275889E29
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152389.roa
Signing time:             Sat 02 May 2026 09:23:12 +0000
ROA not before:           Sat 02 May 2026 09:18:12 +0000
ROA not after:            Sat 01 May 2027 09:23:12 +0000
asID:                     152389
IP address blocks:        157.15.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:5f:80:73:05:d6:e9:98:34:0c:87:e8:7d:8f:09:22:75:88:9e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:12 2026 GMT
            Not After : May  1 09:23:12 2027 GMT
        Subject: CN=4DA7F1E8C886C26CA8079342366FCAAE3A8D4B11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:24:0a:8e:81:27:07:3c:ad:06:1f:7b:47:bb:
                    c2:d8:40:51:c3:c7:00:d0:d3:1e:12:36:02:fc:54:
                    55:f8:78:46:e8:3e:6f:cc:f2:30:a2:50:ee:d7:33:
                    5d:98:4c:e6:10:23:f6:13:30:f8:c6:b7:67:bd:52:
                    62:9f:40:5f:d9:1a:31:a9:3f:92:c5:f8:eb:2a:14:
                    de:8b:2c:0c:da:d9:65:1f:4e:a8:2d:7c:d9:c7:63:
                    ca:25:4f:87:6c:19:73:02:26:73:27:db:30:93:d5:
                    5e:05:88:a2:87:d8:d2:d7:96:6c:d7:f3:06:6a:6d:
                    ca:60:48:df:8d:da:06:3a:a5:0d:20:d0:ac:19:60:
                    76:e9:c0:bf:e3:2d:71:be:d0:85:4f:56:c3:a1:c4:
                    5b:fd:ad:0d:bd:f8:27:5d:71:b9:20:a7:91:e0:53:
                    df:71:59:e3:d6:11:e6:85:04:4e:ea:0a:db:54:7a:
                    3c:ca:73:c5:25:ef:6a:4b:57:68:9a:47:de:2f:74:
                    fb:9f:76:ca:c1:6b:0d:21:96:76:76:dc:af:7d:57:
                    fd:3c:f2:82:29:94:c1:70:b6:8a:35:1a:c2:d0:9d:
                    57:2e:55:f9:c6:23:08:d9:33:08:32:20:6c:89:ff:
                    4d:27:ce:97:7b:e6:9e:62:05:36:d0:5c:29:b5:32:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A7:F1:E8:C8:86:C2:6C:A8:07:93:42:36:6F:CA:AE:3A:8D:4B:11
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152389.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:7a:f0:a3:ca:02:8f:e3:44:fd:8d:ed:2d:ba:72:ad:d1:67:
         8f:3e:1a:ae:b4:9d:43:a0:32:00:5e:e0:7c:99:84:3f:bb:0b:
         7c:e2:c9:f0:cd:e9:2b:ea:f6:d3:1b:0c:b5:ff:c6:f1:ee:60:
         e3:db:4f:be:0d:fc:2e:78:2b:02:b2:fa:22:b5:2e:7b:6b:fb:
         dc:1a:d9:3e:f3:6c:b1:a6:94:e4:3d:62:7f:7e:97:33:f2:87:
         60:c2:38:a2:69:bc:1c:46:32:d6:b6:3c:b3:1d:76:77:92:54:
         c1:27:c2:33:7d:89:cf:a2:d0:88:fb:45:14:06:75:cc:6d:1d:
         fe:64:7c:be:42:ed:c8:d5:df:f6:2b:16:c0:58:73:2e:44:db:
         6f:b2:c4:25:3e:01:70:fa:77:54:b5:7e:e0:f2:5c:88:27:94:
         d1:cd:ed:45:71:cb:d2:c0:ce:09:89:21:39:cb:6b:fc:fb:7e:
         bd:db:bc:1a:1b:5d:c6:bf:21:2a:91:c1:af:df:a1:02:3d:93:
         42:f7:9f:88:18:75:da:4c:40:3b:3f:06:90:e7:51:25:c2:8d:
         0d:e2:b7:da:25:78:a6:bd:44:ce:27:ab:aa:d0:d0:3f:71:b7:
         27:56:53:39:b6:a6:a0:a5:57:6b:82:d9:9d:dc:0e:68:e0:ba:
         68:f9:7e:a7
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUXV+AcwXW6Zg0DIfofY8JInWInikwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxMloX
DTI3MDUwMTA5MjMxMlowMzExMC8GA1UEAxMoNERBN0YxRThDODg2QzI2Q0E4MDc5
MzQyMzY2RkNBQUUzQThENEIxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0kCo6BJwc8rQYfe0e7wthAUcPHANDTHhI2AvxUVfh4Rug+b8zyMKJQ7tcz
XZhM5hAj9hMw+Ma3Z71SYp9AX9kaMak/ksX46yoU3ossDNrZZR9OqC182cdjyiVP
h2wZcwImcyfbMJPVXgWIoofY0teWbNfzBmptymBI343aBjqlDSDQrBlgdunAv+Mt
cb7QhU9Ww6HEW/2tDb34J11xuSCnkeBT33FZ49YR5oUETuoK21R6PMpzxSXvaktX
aJpH3i90+592ysFrDSGWdnbcr31X/TzygimUwXC2ijUawtCdVy5V+cYjCNkzCDIg
bIn/TSfOl3vmnmIFNtBcKbUyrh0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRNp/Ho
yIbCbKgHk0I2b8quOo1LETAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzg5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQ/YMA0GCSqGSIb3DQEBCwUAA4IBAQB8evCjygKP40T9je0tunKt0WeP
PhqutJ1DoDIAXuB8mYQ/uwt84snwzekr6vbTGwy1/8bx7mDj20++DfwueCsCsvoi
tS57a/vcGtk+82yxppTkPWJ/fpcz8odgwjiiabwcRjLWtjyzHXZ3klTBJ8IzfYnP
otCI+0UUBnXMbR3+ZHy+Qu3I1d/2KxbAWHMuRNtvssQlPgFw+ndUtX7g8lyIJ5TR
ze1FccvSwM4JiSE5y2v8+36927waG13GvyEqkcGv36ECPZNC95+IGHXaTEA7PwaQ
51Elwo0N4rfaJXimvUTOJ6uq0NA/cbcnVlM5tqagpVdrgtmd3A5o4Lpo+X6n
-----END CERTIFICATE-----