Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152402.roa
File:                     AS152402.roa (raw, json)
Hash identifier:          gIIy7TralQ2gbgo2Bf/um/ofc0bgWGwAXA0FU+GFuhg=
Subject key identifier:   D4:68:1D:C0:A7:52:30:40:AF:B3:FC:4C:98:DD:9D:95:3F:A7:77:3C
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7F0054BED0BF443AF31360C1509431E42CB54277
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152402.roa
Signing time:             Sat 02 May 2026 09:23:19 +0000
ROA not before:           Sat 02 May 2026 09:18:19 +0000
ROA not after:            Sat 01 May 2027 09:23:19 +0000
asID:                     152402
IP address blocks:        157.20.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:00:54:be:d0:bf:44:3a:f3:13:60:c1:50:94:31:e4:2c:b5:42:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:19 2026 GMT
            Not After : May  1 09:23:19 2027 GMT
        Subject: CN=D4681DC0A7523040AFB3FC4C98DD9D953FA7773C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:77:e1:e0:95:d1:27:83:0a:e9:4f:c1:dc:9a:
                    3d:1b:7c:5b:76:3b:b1:9e:88:16:94:6f:5d:99:99:
                    b7:8b:41:f6:58:c1:ea:69:73:83:fd:d9:95:32:69:
                    d7:bd:3b:23:f2:69:74:b3:19:fc:fe:7d:8e:bb:72:
                    f2:de:5e:2f:23:aa:92:7b:7e:b3:d9:f7:10:2e:d7:
                    3c:b2:cb:4a:8b:a7:8b:f7:3b:80:7c:e4:c2:9b:12:
                    7e:f4:9c:ec:aa:80:df:e4:13:6c:0c:36:ac:97:e2:
                    e6:42:5c:8d:49:d3:08:f0:b9:fe:df:ed:5d:61:49:
                    cc:b6:22:cc:42:30:91:0b:5c:ff:27:ea:71:82:5a:
                    02:3a:01:bb:c3:a8:ff:bc:26:2b:fb:d0:ac:b4:87:
                    cb:b4:98:1b:4e:0d:46:89:ed:e7:95:4a:3c:c1:ad:
                    ae:61:e2:4a:76:07:47:87:58:8a:34:cf:0a:cf:6c:
                    00:25:8b:07:50:96:2c:9c:c9:59:9c:fa:8f:49:c4:
                    05:7f:25:72:37:0b:0f:9b:57:15:31:0e:fd:a2:12:
                    9d:32:bf:e1:f5:b8:8c:97:ce:f2:27:66:46:67:f0:
                    92:81:75:94:dc:7c:ec:6f:a1:ca:e8:60:68:8b:63:
                    96:32:1c:91:28:77:36:10:19:b0:d0:21:c2:ec:a9:
                    e6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:68:1D:C0:A7:52:30:40:AF:B3:FC:4C:98:DD:9D:95:3F:A7:77:3C
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:00:95:a3:10:e4:8d:09:9b:05:b5:16:31:e1:4f:0d:80:ee:
         91:92:10:61:14:48:5c:e8:8f:a1:86:47:41:52:d4:c4:75:9d:
         51:53:bd:c4:24:52:ff:10:0f:7f:55:fe:0f:ed:f4:30:2f:af:
         c2:15:01:42:56:11:31:ae:0b:de:16:71:48:a8:c1:13:c4:02:
         b5:ab:98:57:1b:52:50:b3:8b:ae:b5:1f:ee:1a:45:87:b6:4b:
         3c:2a:73:10:fd:44:67:43:e6:e0:fc:a1:e2:96:05:5e:2f:ef:
         9a:fc:e8:18:86:7c:85:8f:41:58:19:b0:a0:53:b1:50:f2:4c:
         92:eb:58:2b:60:80:49:e6:4c:ed:82:67:9c:f4:f3:18:98:ad:
         57:4c:ec:80:d0:4f:9e:0c:0d:fa:af:33:6f:38:c5:a8:c3:b3:
         66:1b:5f:f0:9f:70:0f:02:b8:4f:d5:b7:a8:f1:b9:ca:6a:35:
         90:8d:71:81:3a:c1:59:89:a4:3a:c8:30:b6:a3:e3:98:cb:e6:
         00:71:e0:03:20:af:de:56:80:ab:97:05:91:ae:4f:4a:a6:55:
         05:3e:be:92:8a:24:19:21:61:94:c6:f3:cd:9b:85:f1:bc:bb:
         ca:5e:44:7c:c9:2c:af:6b:06:29:d0:1e:00:5c:fe:5c:24:3c:
         af:c5:87:ed
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUfwBUvtC/RDrzE2DBUJQx5Cy1QncwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxOVoX
DTI3MDUwMTA5MjMxOVowMzExMC8GA1UEAxMoRDQ2ODFEQzBBNzUyMzA0MEFGQjNG
QzRDOThERDlEOTUzRkE3NzczQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALN34eCV0SeDCulPwdyaPRt8W3Y7sZ6IFpRvXZmZt4tB9ljB6mlzg/3ZlTJp
1707I/JpdLMZ/P59jrty8t5eLyOqknt+s9n3EC7XPLLLSouni/c7gHzkwpsSfvSc
7KqA3+QTbAw2rJfi5kJcjUnTCPC5/t/tXWFJzLYizEIwkQtc/yfqcYJaAjoBu8Oo
/7wmK/vQrLSHy7SYG04NRont55VKPMGtrmHiSnYHR4dYijTPCs9sACWLB1CWLJzJ
WZz6j0nEBX8lcjcLD5tXFTEO/aISnTK/4fW4jJfO8idmRmfwkoF1lNx87G+hyuhg
aItjljIckSh3NhAZsNAhwuyp5v0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTUaB3A
p1IwQK+z/EyY3Z2VP6d3PDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDAyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnRR8MA0GCSqGSIb3DQEBCwUAA4IBAQBKAJWjEOSNCZsFtRYx4U8NgO6R
khBhFEhc6I+hhkdBUtTEdZ1RU73EJFL/EA9/Vf4P7fQwL6/CFQFCVhExrgveFnFI
qMETxAK1q5hXG1JQs4uutR/uGkWHtks8KnMQ/URnQ+bg/KHilgVeL++a/OgYhnyF
j0FYGbCgU7FQ8kyS61grYIBJ5kztgmec9PMYmK1XTOyA0E+eDA36rzNvOMWow7Nm
G1/wn3APArhP1beo8bnKajWQjXGBOsFZiaQ6yDC2o+OYy+YAceADIK/eVoCrlwWR
rk9KplUFPr6SiiQZIWGUxvPNm4XxvLvKXkR8ySyvawYp0B4AXP5cJDyvxYft
-----END CERTIFICATE-----