Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152419.roa
File:                     AS152419.roa (raw, json)
Hash identifier:          6Zvi6P76LqwCYU17BkrsalMR19+9nXXqN88lYstWauY=
Subject key identifier:   ED:B4:B5:CE:25:4C:1C:44:85:07:2C:BF:9E:C3:BA:B3:68:6E:A6:38
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       50C4F1C22C963ADB569C6A8E3CF8AF76F49566CC
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152419.roa
Signing time:             Sat 02 May 2026 18:09:15 +0000
ROA not before:           Sat 02 May 2026 18:04:15 +0000
ROA not after:            Sat 01 May 2027 18:09:15 +0000
asID:                     152419
IP address blocks:        157.20.204.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:c4:f1:c2:2c:96:3a:db:56:9c:6a:8e:3c:f8:af:76:f4:95:66:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 18:04:15 2026 GMT
            Not After : May  1 18:09:15 2027 GMT
        Subject: CN=EDB4B5CE254C1C4485072CBF9EC3BAB3686EA638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:68:e5:ff:c3:3f:6d:a0:ae:c5:67:dc:d4:42:
                    00:93:2c:ad:77:2a:06:a6:da:4a:66:95:6f:0e:81:
                    45:d6:7b:2a:4c:51:a5:c4:d4:36:06:e3:3d:a2:6f:
                    4f:15:03:59:98:f2:f7:58:05:b8:d9:2f:b3:5e:26:
                    78:62:4a:3c:14:ee:21:0e:d9:70:04:cf:e7:86:42:
                    bb:b1:95:ee:ec:fd:bf:d2:a3:31:b0:8f:c9:33:32:
                    d9:42:c9:9e:c9:5a:0a:f7:d6:de:39:72:34:85:2f:
                    eb:99:d2:b6:25:38:c5:32:eb:df:45:d5:d7:be:b3:
                    38:45:1b:5d:d7:a3:ae:ec:a6:73:b2:93:f2:20:03:
                    50:7e:31:f6:ab:44:43:2d:66:bc:d9:8d:6a:13:2a:
                    d7:7b:1b:48:f6:3d:14:3d:a6:06:26:81:ee:bb:a8:
                    5e:64:b5:12:ba:80:a3:f9:24:0d:bb:af:c0:4c:d2:
                    0e:8d:bc:30:d1:69:14:5a:58:71:cf:4e:a1:aa:65:
                    2d:28:3a:0e:ed:92:a5:d2:af:2e:75:84:e9:1b:97:
                    93:83:dd:e0:35:58:ca:da:9c:f0:4c:79:c3:04:bd:
                    f0:eb:01:d3:23:17:cd:83:27:b5:07:c4:6d:5e:f6:
                    92:36:06:16:e5:c1:44:95:fc:b8:3a:99:74:6d:5b:
                    aa:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B4:B5:CE:25:4C:1C:44:85:07:2C:BF:9E:C3:BA:B3:68:6E:A6:38
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152419.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:9f:81:82:df:6c:2e:7b:36:a1:2e:bd:a5:78:c3:ce:ec:25:
         a1:4f:68:c2:06:df:bb:02:29:c3:38:b1:0a:98:30:b8:6c:c9:
         96:a6:fa:a4:10:7f:3a:be:25:bf:aa:01:81:7e:75:e8:a2:8a:
         66:b4:f8:f3:e9:91:b2:88:bd:1a:eb:70:3a:7c:d4:ef:93:bb:
         22:70:87:1e:9f:39:c5:ff:1f:03:da:e9:29:4f:a8:da:34:77:
         c9:8b:f6:df:dd:9d:98:49:6d:e0:b3:36:a8:8f:8d:a2:52:52:
         03:47:71:ee:03:58:61:89:04:1e:42:80:12:63:0c:91:fe:c8:
         3f:2c:92:cb:42:df:1d:6e:2d:71:56:34:83:85:37:70:27:6b:
         3e:b0:12:6a:8e:86:31:eb:9a:55:91:cf:99:ab:90:40:c8:1c:
         76:44:30:67:b2:a8:14:45:65:93:dc:d0:69:44:64:65:bd:38:
         75:69:97:3a:08:5e:29:88:76:72:82:2f:ad:f2:00:50:f5:eb:
         09:c3:fd:72:3a:b5:e1:5c:57:67:25:1d:eb:ee:5f:3c:f4:ba:
         38:8a:2b:0d:1f:9a:42:b8:61:a2:6c:e4:a4:8f:37:1f:44:41:
         0c:18:0a:bd:d6:ef:7c:71:07:47:fc:72:d6:c1:44:75:48:3b:
         3b:72:a2:01
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUMTxwiyWOttWnGqOPPivdvSVZswwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjE4MDQxNVoX
DTI3MDUwMTE4MDkxNVowMzExMC8GA1UEAxMoRURCNEI1Q0UyNTRDMUM0NDg1MDcy
Q0JGOUVDM0JBQjM2ODZFQTYzODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKlo5f/DP22grsVn3NRCAJMsrXcqBqbaSmaVbw6BRdZ7KkxRpcTUNgbjPaJv
TxUDWZjy91gFuNkvs14meGJKPBTuIQ7ZcATP54ZCu7GV7uz9v9KjMbCPyTMy2ULJ
nslaCvfW3jlyNIUv65nStiU4xTLr30XV176zOEUbXdejruymc7KT8iADUH4x9qtE
Qy1mvNmNahMq13sbSPY9FD2mBiaB7ruoXmS1ErqAo/kkDbuvwEzSDo28MNFpFFpY
cc9OoaplLSg6Du2SpdKvLnWE6RuXk4Pd4DVYytqc8Ex5wwS98OsB0yMXzYMntQfE
bV72kjYGFuXBRJX8uDqZdG1bqrMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTttLXO
JUwcRIUHLL+ew7qzaG6mODAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDE5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnRTMMA0GCSqGSIb3DQEBCwUAA4IBAQCQn4GC32wuezahLr2leMPO7CWh
T2jCBt+7AinDOLEKmDC4bMmWpvqkEH86viW/qgGBfnXooopmtPjz6ZGyiL0a63A6
fNTvk7sicIcenznF/x8D2ukpT6jaNHfJi/bf3Z2YSW3gszaoj42iUlIDR3HuA1hh
iQQeQoASYwyR/sg/LJLLQt8dbi1xVjSDhTdwJ2s+sBJqjoYx65pVkc+Zq5BAyBx2
RDBnsqgURWWT3NBpRGRlvTh1aZc6CF4piHZygi+t8gBQ9esJw/1yOrXhXFdnJR3r
7l889Lo4iisNH5pCuGGibOSkjzcfREEMGAq91u98cQdH/HLWwUR1SDs7cqIB
-----END CERTIFICATE-----