Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152390.roa
File:                     AS152390.roa (raw, json)
Hash identifier:          NZLHi+d1NSPnGEhd9YfwjYZwPfi1RZEBACY37BhempY=
Subject key identifier:   59:A7:99:6F:9D:12:2F:94:F1:2C:8D:60:2A:41:D4:D7:F5:51:06:C5
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       050A8771D928043B9737F6B0A81074A1A65AE8C4
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152390.roa
Signing time:             Sat 02 May 2026 09:23:56 +0000
ROA not before:           Sat 02 May 2026 09:18:56 +0000
ROA not after:            Sat 01 May 2027 09:23:56 +0000
asID:                     152390
IP address blocks:        157.20.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:0a:87:71:d9:28:04:3b:97:37:f6:b0:a8:10:74:a1:a6:5a:e8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:56 2026 GMT
            Not After : May  1 09:23:56 2027 GMT
        Subject: CN=59A7996F9D122F94F12C8D602A41D4D7F55106C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:43:7a:5d:d0:f6:e5:2e:14:fe:95:15:a5:
                    cb:9c:52:c0:0f:52:34:5c:61:a0:66:a3:13:96:f1:
                    cd:df:cb:7b:23:f0:10:42:33:c4:86:ce:ce:a2:48:
                    6a:39:f2:15:2d:27:46:b9:08:b3:80:c4:53:98:da:
                    e6:78:b1:d2:0e:c4:f7:ec:ea:f7:68:b9:53:ac:5b:
                    32:63:bf:0e:70:62:01:0e:eb:05:d8:73:97:d9:71:
                    ae:d3:12:2e:62:ea:6f:f7:fa:46:0a:be:01:66:86:
                    6c:55:9a:c0:85:dc:00:4c:3a:49:a1:bc:d2:3d:14:
                    8e:69:a5:17:cd:53:68:1d:67:53:83:51:30:6e:38:
                    bc:d1:c2:7a:a7:ed:5a:91:e1:16:38:a1:6c:c3:12:
                    35:9d:3b:84:f3:69:78:3c:ea:18:08:18:e5:fc:0f:
                    56:1f:e6:e5:01:43:39:16:a5:48:d1:34:fa:0a:39:
                    a0:4b:00:2e:29:6f:15:f3:07:1c:a9:34:3e:2a:f1:
                    57:e7:59:63:e6:df:24:20:ef:0f:d2:4b:63:92:3c:
                    b1:1a:3f:11:68:64:88:7b:68:83:7d:ea:ff:e3:7a:
                    f7:ce:81:12:aa:57:b9:93:a1:b1:5b:0b:de:b7:28:
                    3e:95:c9:03:31:e9:fe:43:56:19:32:15:1c:38:f2:
                    97:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A7:99:6F:9D:12:2F:94:F1:2C:8D:60:2A:41:D4:D7:F5:51:06:C5
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:02:99:38:bb:78:b3:ef:5e:01:c5:7b:b0:80:1a:4c:e6:05:
         7d:a5:a8:30:4c:63:59:6a:f4:a2:07:50:9d:ce:4a:62:1e:a1:
         d9:fa:1f:8f:99:bf:cc:5d:16:b5:de:34:c5:cb:e6:6a:42:04:
         23:f1:09:92:7a:b9:c0:85:18:b6:a6:2a:49:3d:36:7c:78:ad:
         eb:04:af:a8:58:0e:ca:5e:71:ab:54:3e:bd:e5:19:ac:7e:17:
         70:e0:70:d0:0a:0d:a2:46:9c:8f:a0:a8:cc:99:40:2a:e2:4f:
         7b:b9:55:f4:33:ae:3b:4b:e2:f9:cd:08:2c:5d:38:04:6f:a4:
         9b:f1:ec:d8:92:62:55:ea:f1:35:95:6d:e2:5f:a1:5f:c9:84:
         9a:cc:fb:f5:f6:6c:62:82:57:f2:f5:15:fb:12:a3:d0:06:e1:
         71:e6:08:e6:c7:ec:3e:88:90:92:28:8d:41:dd:07:7c:d7:f6:
         44:e8:f2:49:06:71:89:56:88:95:bb:02:2d:f6:4a:87:6a:59:
         09:2b:7a:39:a8:d9:da:47:16:52:36:d8:99:40:77:38:65:98:
         de:f4:94:e5:3e:89:59:13:68:6e:68:81:ae:48:b5:be:53:af:
         a5:3d:e2:27:11:0f:c0:50:e5:21:0f:87:7a:43:09:57:77:75:
         0f:70:fb:4e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBQqHcdkoBDuXN/awqBB0oaZa6MQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1NloX
DTI3MDUwMTA5MjM1NlowMzExMC8GA1UEAxMoNTlBNzk5NkY5RDEyMkY5NEYxMkM4
RDYwMkE0MUQ0RDdGNTUxMDZDNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALbwQ3pd0PblLhT+lRWly5xSwA9SNFxhoGajE5bxzd/LeyPwEEIzxIbOzqJI
ajnyFS0nRrkIs4DEU5ja5nix0g7E9+zq92i5U6xbMmO/DnBiAQ7rBdhzl9lxrtMS
LmLqb/f6Rgq+AWaGbFWawIXcAEw6SaG80j0UjmmlF81TaB1nU4NRMG44vNHCeqft
WpHhFjihbMMSNZ07hPNpeDzqGAgY5fwPVh/m5QFDORalSNE0+go5oEsALilvFfMH
HKk0PirxV+dZY+bfJCDvD9JLY5I8sRo/EWhkiHtog33q/+N6986BEqpXuZOhsVsL
3rcoPpXJAzHp/kNWGTIVHDjyl/8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRZp5lv
nRIvlPEsjWAqQdTX9VEGxTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzkwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnRQgMA0GCSqGSIb3DQEBCwUAA4IBAQA0Apk4u3iz714BxXuwgBpM5gV9
pagwTGNZavSiB1CdzkpiHqHZ+h+Pmb/MXRa13jTFy+ZqQgQj8QmSernAhRi2pipJ
PTZ8eK3rBK+oWA7KXnGrVD695Rmsfhdw4HDQCg2iRpyPoKjMmUAq4k97uVX0M647
S+L5zQgsXTgEb6Sb8ezYkmJV6vE1lW3iX6FfyYSazPv19mxiglfy9RX7EqPQBuFx
5gjmx+w+iJCSKI1B3Qd81/ZE6PJJBnGJVoiVuwIt9kqHalkJK3o5qNnaRxZSNtiZ
QHc4ZZje9JTlPolZE2huaIGuSLW+U6+lPeInEQ/AUOUhD4d6QwlXd3UPcPtO
-----END CERTIFICATE-----