Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152395.roa
File:                     AS152395.roa (raw, json)
Hash identifier:          ItlNWeoHATmUuR7E4QGHgaA8hfvLbt4IKikO77Uy8rY=
Subject key identifier:   DA:46:E9:C4:C1:03:9F:38:94:89:32:56:B8:33:DB:B3:F3:4D:8B:74
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       04C14D459DCF7844FBE5B8133AE93E25A4D8AC63
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152395.roa
Signing time:             Sat 02 May 2026 09:22:55 +0000
ROA not before:           Sat 02 May 2026 09:17:55 +0000
ROA not after:            Sat 01 May 2027 09:22:55 +0000
asID:                     152395
IP address blocks:        157.20.90.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c1:4d:45:9d:cf:78:44:fb:e5:b8:13:3a:e9:3e:25:a4:d8:ac:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:55 2026 GMT
            Not After : May  1 09:22:55 2027 GMT
        Subject: CN=DA46E9C4C1039F3894893256B833DBB3F34D8B74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a0:9e:40:8c:a4:28:d9:fd:76:71:4a:87:90:
                    77:3e:e4:f3:c5:9f:16:de:9d:bf:95:1d:84:30:2a:
                    40:71:e9:e5:8a:c7:bb:c6:85:6f:22:36:71:6e:f3:
                    c9:1b:b3:23:2a:34:3d:f1:81:f5:39:da:ad:8b:ea:
                    f2:dd:9a:ce:6a:29:bb:98:58:0c:9f:d6:3f:90:c5:
                    3a:5b:5b:84:d2:e5:a6:fe:71:a9:d0:73:3f:0d:8b:
                    71:3e:e9:8f:3b:91:a3:c8:49:71:de:2e:5f:b4:d1:
                    00:36:32:dd:36:b3:36:8e:40:9e:0f:6a:e2:14:22:
                    5d:28:fd:ea:a9:ab:05:0d:64:3a:82:9f:25:25:dd:
                    fd:13:22:fc:3c:94:46:41:e0:00:20:4d:69:9a:08:
                    f1:f5:c4:2f:fb:68:f0:7a:81:ec:2c:12:ad:52:d4:
                    f4:43:23:8b:c1:ad:2a:ec:4b:22:25:00:00:2c:56:
                    c9:2b:4e:3f:6a:59:8b:cb:43:98:ee:87:b1:78:ea:
                    4e:b9:2a:b8:04:fc:0b:69:61:b5:fd:61:cd:a6:19:
                    bc:89:f4:58:a7:c4:7e:fa:79:24:02:a3:c6:10:5e:
                    d5:be:6a:a1:b6:03:9a:80:aa:d8:cf:9a:2b:15:50:
                    e6:fa:52:a5:0f:60:79:dd:9a:1f:2c:8e:b3:4e:ec:
                    7e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:46:E9:C4:C1:03:9F:38:94:89:32:56:B8:33:DB:B3:F3:4D:8B:74
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152395.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:32:8f:d1:3f:2c:54:0f:4f:55:b6:ce:e2:53:44:d1:b0:5f:
         60:81:ec:9a:68:d9:16:20:6b:5a:c2:8a:97:9c:f3:4c:ce:2a:
         aa:65:b8:09:32:76:d1:6a:1b:d0:af:cc:86:86:04:1a:73:61:
         b3:ad:c9:a7:14:d0:32:1a:d3:c7:30:24:84:7b:0d:6d:ac:34:
         32:b5:2e:b5:17:ca:a4:e2:76:63:b9:7f:d2:0f:66:31:8c:41:
         dc:70:91:2a:49:2b:92:33:e8:98:9e:50:49:57:99:36:04:fe:
         c3:0d:0e:3d:74:ac:1d:d2:ef:a7:60:d8:b2:55:f1:90:04:48:
         9a:90:b9:0c:3a:2f:16:eb:b8:0b:c3:05:ec:d8:64:b7:cf:82:
         bc:f0:0b:ee:0a:cf:17:63:e7:fa:f0:61:41:c3:9d:ca:85:ab:
         f4:bc:3c:4b:fa:6d:4e:97:9d:44:19:17:d4:fb:d5:37:c7:d7:
         89:58:21:8c:bf:fd:69:f3:55:59:ab:bb:a0:e8:2b:4d:83:00:
         14:4e:e9:bf:6a:05:5c:0c:87:ee:19:c7:71:d6:c8:33:0e:b9:
         bf:9c:d6:21:b5:73:cd:0e:cc:b1:7f:7d:83:b5:f9:d0:b2:ba:
         67:fc:dd:29:ec:18:49:f3:08:f6:af:5e:fd:a6:2b:be:c9:9c:
         b8:91:22:78
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBMFNRZ3PeET75bgTOuk+JaTYrGMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1NVoX
DTI3MDUwMTA5MjI1NVowMzExMC8GA1UEAxMoREE0NkU5QzRDMTAzOUYzODk0ODkz
MjU2QjgzM0RCQjNGMzREOEI3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWgnkCMpCjZ/XZxSoeQdz7k88WfFt6dv5UdhDAqQHHp5YrHu8aFbyI2cW7z
yRuzIyo0PfGB9TnarYvq8t2azmopu5hYDJ/WP5DFOltbhNLlpv5xqdBzPw2LcT7p
jzuRo8hJcd4uX7TRADYy3TazNo5Ang9q4hQiXSj96qmrBQ1kOoKfJSXd/RMi/DyU
RkHgACBNaZoI8fXEL/to8HqB7CwSrVLU9EMji8GtKuxLIiUAACxWyStOP2pZi8tD
mO6HsXjqTrkquAT8C2lhtf1hzaYZvIn0WKfEfvp5JAKjxhBe1b5qobYDmoCq2M+a
KxVQ5vpSpQ9ged2aHyyOs07sfisCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTaRunE
wQOfOJSJMla4M9uz802LdDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMzk1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnRRaMA0GCSqGSIb3DQEBCwUAA4IBAQCqMo/RPyxUD09Vts7iU0TRsF9g
geyaaNkWIGtawoqXnPNMziqqZbgJMnbRahvQr8yGhgQac2GzrcmnFNAyGtPHMCSE
ew1trDQytS61F8qk4nZjuX/SD2YxjEHccJEqSSuSM+iYnlBJV5k2BP7DDQ49dKwd
0u+nYNiyVfGQBEiakLkMOi8W67gLwwXs2GS3z4K88AvuCs8XY+f68GFBw53Khav0
vDxL+m1Ol51EGRfU+9U3x9eJWCGMv/1p81VZq7ug6CtNgwAUTum/agVcDIfuGcdx
1sgzDrm/nNYhtXPNDsyxf32DtfnQsrpn/N0p7BhJ8wj2r179piu+yZy4kSJ4
-----END CERTIFICATE-----