Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152401.roa
File:                     AS152401.roa (raw, json)
Hash identifier:          q9zYNI1e8EYTkm210lnCfZZ5UGGtUr6GnODMf2huO8Q=
Subject key identifier:   71:84:2E:D1:91:96:BC:AE:85:6C:8B:3A:CC:CD:30:80:3E:15:E1:EC
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4FAE521EFF5505EF7780B1D23D1257F5A735C60D
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152401.roa
Signing time:             Sat 02 May 2026 09:23:13 +0000
ROA not before:           Sat 02 May 2026 09:18:13 +0000
ROA not after:            Sat 01 May 2027 09:23:13 +0000
asID:                     152401
IP address blocks:        157.15.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:ae:52:1e:ff:55:05:ef:77:80:b1:d2:3d:12:57:f5:a7:35:c6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:13 2026 GMT
            Not After : May  1 09:23:13 2027 GMT
        Subject: CN=71842ED19196BCAE856C8B3ACCCD30803E15E1EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c2:40:5d:c8:96:8c:d0:f0:5b:7f:54:a4:b9:
                    21:55:d8:04:41:73:47:d0:84:9f:7a:e3:a6:f1:01:
                    00:09:15:20:47:49:87:fa:91:8f:29:4f:91:2a:59:
                    8c:32:6f:32:7d:7a:5c:e4:26:b4:d0:f0:5c:d1:74:
                    13:c4:5e:c4:6d:7d:ce:4f:a0:e8:d9:d7:ab:cd:dc:
                    62:c2:2e:97:d5:bc:3b:16:7f:d8:ce:d1:bf:d9:f7:
                    ae:9b:11:bd:61:10:0f:19:c5:1f:9b:40:03:9c:cb:
                    e0:11:85:e5:7c:ae:d4:de:6e:34:c2:5e:5c:35:89:
                    b9:58:26:0c:50:39:0f:18:b3:87:d9:a1:2a:c8:4f:
                    c6:3a:36:49:a3:ac:38:8d:de:37:f2:6e:6c:a7:77:
                    ca:70:70:1c:d3:56:58:e3:89:1b:86:08:95:1d:f6:
                    56:d5:4c:5c:4b:e7:4f:8a:fe:1e:b3:a5:ec:17:a2:
                    f5:75:06:68:05:2a:35:96:80:06:3c:bc:66:5c:77:
                    3a:17:b8:f8:99:50:df:2f:7e:c6:a0:73:52:ba:f7:
                    f7:f2:f8:f3:95:7a:53:26:e2:5a:dd:5e:1f:ef:88:
                    2e:0d:22:8d:bd:12:2d:b6:35:92:98:a5:6e:8f:91:
                    3e:60:6e:2e:3f:4d:24:01:ad:17:ed:d9:93:2c:11:
                    05:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:84:2E:D1:91:96:BC:AE:85:6C:8B:3A:CC:CD:30:80:3E:15:E1:EC
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152401.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:bb:4e:ea:ab:42:5b:c4:ae:bc:8e:c3:88:f9:d0:1b:08:26:
         0b:43:a9:ed:35:ab:3b:d4:50:fc:bd:05:75:02:0d:87:1b:2c:
         83:a7:3e:c6:29:e6:8b:d3:c3:b8:c0:4a:0f:9e:0b:72:d5:1e:
         b1:5b:eb:87:d2:d0:60:68:d5:6c:cb:70:27:e2:30:46:30:3d:
         52:7c:6c:3c:c6:89:3e:1d:0a:29:e9:61:f5:fb:86:a3:c6:45:
         3e:62:76:cc:f7:1f:29:00:63:90:a9:f1:10:ed:fa:52:64:a0:
         67:91:9f:67:df:29:fe:f6:6c:66:38:8a:a4:7f:f5:c9:8c:e6:
         76:ec:47:27:36:61:7b:b8:09:03:57:64:d7:43:ea:aa:16:72:
         78:85:69:94:ff:14:5f:44:06:50:cb:bc:aa:5d:d2:b8:e7:2e:
         37:95:06:af:01:88:51:e9:c0:9a:a0:7b:38:40:c8:2d:1c:61:
         76:e6:65:03:0c:4d:bd:7f:25:ec:20:89:f4:90:0f:0a:c4:e6:
         16:61:c0:be:1c:03:41:9c:80:7e:e6:32:9d:91:af:7c:49:0a:
         72:59:da:75:20:5c:08:86:e6:34:6f:82:0b:6e:34:c2:e4:67:
         32:e3:88:df:34:c5:f4:7c:72:85:60:75:91:23:0f:df:ed:43:
         ae:c1:06:06
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUT65SHv9VBe93gLHSPRJX9ac1xg0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxM1oX
DTI3MDUwMTA5MjMxM1owMzExMC8GA1UEAxMoNzE4NDJFRDE5MTk2QkNBRTg1NkM4
QjNBQ0NDRDMwODAzRTE1RTFFQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANPCQF3IlozQ8Ft/VKS5IVXYBEFzR9CEn3rjpvEBAAkVIEdJh/qRjylPkSpZ
jDJvMn16XOQmtNDwXNF0E8RexG19zk+g6NnXq83cYsIul9W8OxZ/2M7Rv9n3rpsR
vWEQDxnFH5tAA5zL4BGF5Xyu1N5uNMJeXDWJuVgmDFA5Dxizh9mhKshPxjo2SaOs
OI3eN/JubKd3ynBwHNNWWOOJG4YIlR32VtVMXEvnT4r+HrOl7Bei9XUGaAUqNZaA
Bjy8Zlx3Ohe4+JlQ3y9+xqBzUrr39/L485V6UybiWt1eH++ILg0ijb0SLbY1kpil
bo+RPmBuLj9NJAGtF+3ZkywRBV0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRxhC7R
kZa8roVsizrMzTCAPhXh7DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDAxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnQ92MA0GCSqGSIb3DQEBCwUAA4IBAQAcu07qq0JbxK68jsOI+dAbCCYL
Q6ntNas71FD8vQV1Ag2HGyyDpz7GKeaL08O4wEoPngty1R6xW+uH0tBgaNVsy3An
4jBGMD1SfGw8xok+HQop6WH1+4ajxkU+YnbM9x8pAGOQqfEQ7fpSZKBnkZ9n3yn+
9mxmOIqkf/XJjOZ27EcnNmF7uAkDV2TXQ+qqFnJ4hWmU/xRfRAZQy7yqXdK45y43
lQavAYhR6cCaoHs4QMgtHGF25mUDDE29fyXsIIn0kA8KxOYWYcC+HANBnIB+5jKd
ka98SQpyWdp1IFwIhuY0b4ILbjTC5Gcy44jfNMX0fHKFYHWRIw/f7UOuwQYG
-----END CERTIFICATE-----