Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152440.roa
File:                     AS152440.roa (raw, json)
Hash identifier:          xLroR6P+Ngx9UN2SPhy2TL71LPrTXDjCcTsbjNATaB0=
Subject key identifier:   92:0E:55:B6:61:91:12:6E:C7:DD:EE:9F:1C:4D:77:9F:70:25:B2:29
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       57F978E93894AFD376B455790BF705996DD1FD3C
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152440.roa
Signing time:             Sat 02 May 2026 18:18:01 +0000
ROA not before:           Sat 02 May 2026 18:13:01 +0000
ROA not after:            Sat 01 May 2027 18:18:01 +0000
asID:                     152440
IP address blocks:        157.66.2.0/23 maxlen: 24
                          157.66.2.0/24 maxlen: 24
                          157.66.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f9:78:e9:38:94:af:d3:76:b4:55:79:0b:f7:05:99:6d:d1:fd:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 18:13:01 2026 GMT
            Not After : May  1 18:18:01 2027 GMT
        Subject: CN=920E55B66191126EC7DDEE9F1C4D779F7025B229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ab:23:8e:93:7b:d1:46:f9:8d:72:f5:f2:9a:
                    df:f9:e9:a2:3c:d8:53:f1:11:ab:78:49:80:c7:13:
                    a4:88:aa:a4:41:d6:0f:0a:de:92:82:04:d1:7c:55:
                    de:5f:f0:0f:95:82:cf:b7:38:fd:31:ba:f2:e1:cf:
                    97:41:91:f9:62:2c:d0:71:68:a1:25:ca:02:aa:fc:
                    b8:35:f3:61:dd:c2:f9:53:2a:38:12:e2:89:eb:71:
                    c1:38:73:8c:fe:a8:e4:01:13:3a:13:71:f1:58:6f:
                    4d:04:1d:9d:90:7b:16:95:ff:f8:04:77:53:e8:4a:
                    03:4d:a4:1c:29:5c:3d:4b:7d:66:26:7d:5d:df:5d:
                    ab:41:b1:1c:43:39:39:c1:68:63:43:12:af:ae:f9:
                    09:26:44:0a:91:cc:99:ed:ee:24:55:a0:78:55:fc:
                    1b:1d:17:4c:17:ab:97:9a:61:3d:d5:25:38:9a:5c:
                    a3:7c:f4:d7:56:e6:6d:ca:b5:da:c6:6b:a3:17:a9:
                    09:58:c8:1d:19:73:ff:4a:4b:fb:02:16:76:35:cc:
                    af:4c:3b:01:a8:96:49:47:6a:e4:8b:78:5b:1f:82:
                    d7:c2:09:cb:d0:03:a2:2d:0e:0f:ad:ad:09:71:10:
                    14:8e:dd:80:b2:ae:3b:30:ca:3f:c3:97:d3:a9:cd:
                    46:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:0E:55:B6:61:91:12:6E:C7:DD:EE:9F:1C:4D:77:9F:70:25:B2:29
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:4c:5e:7c:13:9a:66:24:66:fb:56:3f:b9:79:d4:f7:8d:b9:
         3f:43:cd:75:45:b7:2a:89:8e:be:db:5d:39:ea:4d:1f:e2:28:
         67:8a:91:66:68:99:86:24:bd:f7:a3:0a:7c:57:45:0f:e1:58:
         f5:92:2b:7e:d8:b4:8a:da:d9:b8:71:1a:24:7a:d0:68:23:35:
         2e:35:a8:04:a4:15:2c:17:b0:51:0b:e8:36:9a:dc:22:11:66:
         39:dc:04:1d:af:9e:8d:46:04:a1:a9:4f:b3:0e:d4:86:07:f0:
         ce:e2:b0:44:6d:6c:49:3f:34:ed:92:ae:e0:5c:3c:b1:64:d9:
         56:01:d3:54:a3:54:3b:a7:2a:29:5c:9d:0a:44:b3:bb:ad:21:
         d1:47:9a:53:1b:7e:89:46:54:5e:d1:e7:f9:6f:ba:02:d4:2b:
         86:89:ac:76:c6:7f:4a:8d:6e:6e:8c:10:3f:2a:45:ad:d2:13:
         ee:15:8f:91:bd:72:52:39:13:2f:a0:53:88:ad:52:9e:59:b6:
         6b:47:da:24:25:a3:ab:6a:50:05:e7:7f:f3:a6:2f:e7:ec:2b:
         42:db:18:17:a8:b5:15:be:75:72:99:4f:e1:c2:7d:f9:51:7c:
         58:69:ae:a6:9a:93:52:59:92:0e:65:2f:ef:7d:a1:7f:3a:1d:
         f5:ce:45:fc
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUV/l46TiUr9N2tFV5C/cFmW3R/TwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjE4MTMwMVoX
DTI3MDUwMTE4MTgwMVowMzExMC8GA1UEAxMoOTIwRTU1QjY2MTkxMTI2RUM3RERF
RTlGMUM0RDc3OUY3MDI1QjIyOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2rI46Te9FG+Y1y9fKa3/npojzYU/ERq3hJgMcTpIiqpEHWDwrekoIE0XxV
3l/wD5WCz7c4/TG68uHPl0GR+WIs0HFooSXKAqr8uDXzYd3C+VMqOBLiietxwThz
jP6o5AETOhNx8VhvTQQdnZB7FpX/+AR3U+hKA02kHClcPUt9ZiZ9Xd9dq0GxHEM5
OcFoY0MSr675CSZECpHMme3uJFWgeFX8Gx0XTBerl5phPdUlOJpco3z011bmbcq1
2sZroxepCVjIHRlz/0pL+wIWdjXMr0w7AaiWSUdq5It4Wx+C18IJy9ADoi0OD62t
CXEQFI7dgLKuOzDKP8OX06nNRocCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSSDlW2
YZESbsfd7p8cTXefcCWyKTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDQwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnUICMA0GCSqGSIb3DQEBCwUAA4IBAQBeTF58E5pmJGb7Vj+5edT3jbk/
Q811RbcqiY6+21056k0f4ihnipFmaJmGJL33owp8V0UP4Vj1kit+2LSK2tm4cRok
etBoIzUuNagEpBUsF7BRC+g2mtwiEWY53AQdr56NRgShqU+zDtSGB/DO4rBEbWxJ
PzTtkq7gXDyxZNlWAdNUo1Q7pyopXJ0KRLO7rSHRR5pTG36JRlRe0ef5b7oC1CuG
iax2xn9KjW5ujBA/KkWt0hPuFY+RvXJSORMvoFOIrVKeWbZrR9okJaOralAF53/z
pi/n7CtC2xgXqLUVvnVymU/hwn35UXxYaa6mmpNSWZIOZS/vfaF/Oh31zkX8
-----END CERTIFICATE-----