Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa
File:                     AS152406.roa (raw, json)
Hash identifier:          aROQ3dHznmt3LxhiavgcWQdMZUMX9FV4LFMt9YPwRCU=
Subject key identifier:   A5:E0:54:5A:74:4B:3E:21:47:D4:FB:5E:A3:73:85:AE:0F:F7:B9:D0
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       01F271E29FB7F386824F35055B6C0852FBC973E5
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa
Signing time:             Sat 02 May 2026 09:23:23 +0000
ROA not before:           Sat 02 May 2026 09:18:23 +0000
ROA not after:            Sat 01 May 2027 09:23:23 +0000
asID:                     152406
IP address blocks:        138.252.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:f2:71:e2:9f:b7:f3:86:82:4f:35:05:5b:6c:08:52:fb:c9:73:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:23 2026 GMT
            Not After : May  1 09:23:23 2027 GMT
        Subject: CN=A5E0545A744B3E2147D4FB5EA37385AE0FF7B9D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e2:06:50:38:ba:86:e9:b6:bc:cc:33:0e:ce:
                    e1:42:b1:59:17:f6:69:d3:45:59:b8:b7:e2:b1:ed:
                    ac:c0:44:82:76:15:09:f2:a5:d7:19:68:c0:ad:0e:
                    48:97:33:7c:72:0e:0b:c2:94:16:8e:10:4c:ac:f7:
                    20:37:b4:7c:cc:d6:4e:39:de:f9:12:a6:97:cf:d0:
                    c0:bb:2d:f8:2d:07:98:9c:6c:db:74:79:60:64:8f:
                    00:22:3d:66:bc:18:d7:a0:8f:43:78:8f:f1:d9:c7:
                    3c:ea:ab:e2:7f:31:bb:19:20:fb:ec:12:0a:c5:9a:
                    06:71:3a:50:35:35:66:ce:81:5c:2b:ca:17:15:14:
                    c6:8b:ea:eb:04:22:8b:c0:18:8c:d6:2b:84:4b:a7:
                    98:7e:07:4b:7f:86:f6:b5:58:74:57:b5:c1:c7:68:
                    17:5c:c4:26:b3:f8:fe:ed:74:51:99:a0:b1:cd:de:
                    71:19:f8:1a:55:64:92:1a:87:85:0a:37:44:ef:e1:
                    87:85:04:5b:bb:78:e2:6c:b9:39:c9:5f:7d:5e:d7:
                    e4:e2:f6:e8:ed:ac:91:9e:ae:a2:f6:f5:93:9d:8f:
                    ce:60:8c:00:8c:3e:77:83:40:c3:ad:49:99:51:6e:
                    61:6b:37:61:77:3f:fb:17:49:a4:47:85:51:b6:7e:
                    36:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E0:54:5A:74:4B:3E:21:47:D4:FB:5E:A3:73:85:AE:0F:F7:B9:D0
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ea:b8:bd:3e:33:21:6d:1e:dc:ed:ab:03:b0:49:a3:04:3a:
         1e:a9:08:8a:8a:1c:3b:37:79:be:98:6e:8f:23:05:ad:bd:ac:
         aa:81:71:f6:55:56:82:e2:cb:60:b8:bf:c2:d6:3f:63:7b:4f:
         8e:59:89:d4:6f:e8:82:15:db:0b:b2:81:e0:3c:7e:ae:31:4d:
         ed:d4:8f:34:77:bb:1a:65:07:bb:9e:7e:ae:c3:dd:27:09:ff:
         b8:b5:73:6c:a9:28:0c:01:3e:24:81:e1:f0:62:15:76:49:72:
         fc:7e:79:1c:59:5c:7b:08:b4:52:2d:53:5c:89:ae:84:bf:41:
         83:35:e9:56:36:a9:bf:87:30:a0:bc:b1:8a:9c:08:57:c7:a0:
         e9:9c:e6:00:c8:10:e0:3f:f7:df:64:ed:1d:8d:f2:c1:11:64:
         c3:6a:9e:43:f5:ea:26:42:18:70:e8:e7:4c:93:68:b5:70:2a:
         52:08:fa:3d:17:a1:f8:30:86:de:b6:27:00:92:89:cf:ad:f4:
         aa:c5:e2:59:e2:0f:ce:73:5e:7d:ca:33:4e:b5:35:85:6c:99:
         6b:df:11:43:d2:a7:37:91:ca:3f:d9:38:d1:11:b8:ce:d9:ec:
         a7:11:a7:77:92:c0:32:70:7b:db:1b:b2:ea:8f:a6:df:f4:15:
         08:e8:7a:5e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUAfJx4p+384aCTzUFW2wIUvvJc+UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgyM1oX
DTI3MDUwMTA5MjMyM1owMzExMC8GA1UEAxMoQTVFMDU0NUE3NDRCM0UyMTQ3RDRG
QjVFQTM3Mzg1QUUwRkY3QjlEMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3iBlA4uobptrzMMw7O4UKxWRf2adNFWbi34rHtrMBEgnYVCfKl1xlowK0O
SJczfHIOC8KUFo4QTKz3IDe0fMzWTjne+RKml8/QwLst+C0HmJxs23R5YGSPACI9
ZrwY16CPQ3iP8dnHPOqr4n8xuxkg++wSCsWaBnE6UDU1Zs6BXCvKFxUUxovq6wQi
i8AYjNYrhEunmH4HS3+G9rVYdFe1wcdoF1zEJrP4/u10UZmgsc3ecRn4GlVkkhqH
hQo3RO/hh4UEW7t44my5OclffV7X5OL26O2skZ6uovb1k52PzmCMAIw+d4NAw61J
mVFuYWs3YXc/+xdJpEeFUbZ+NvECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSl4FRa
dEs+IUfU+16jc4WuD/e50DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDA2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivzRMA0GCSqGSIb3DQEBCwUAA4IBAQAL6ri9PjMhbR7c7asDsEmjBDoe
qQiKihw7N3m+mG6PIwWtvayqgXH2VVaC4stguL/C1j9je0+OWYnUb+iCFdsLsoHg
PH6uMU3t1I80d7saZQe7nn6uw90nCf+4tXNsqSgMAT4kgeHwYhV2SXL8fnkcWVx7
CLRSLVNcia6Ev0GDNelWNqm/hzCgvLGKnAhXx6DpnOYAyBDgP/ffZO0djfLBEWTD
ap5D9eomQhhw6OdMk2i1cCpSCPo9F6H4MIbeticAkonPrfSqxeJZ4g/Oc159yjNO
tTWFbJlr3xFD0qc3kco/2TjREbjO2eynEad3ksAycHvbG7Lqj6bf9BUI6Hpe
-----END CERTIFICATE-----