Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152799.roa
File:                     AS152799.roa (raw, json)
Hash identifier:          z//UtpX3xqPejaogMnQOrVsvBhqwe/Ao2JHV+1ZCQAM=
Subject key identifier:   F3:EF:48:3C:35:FF:97:99:14:2A:59:B9:EC:F0:3A:2B:D6:09:CB:E9
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       5BA704842A09CF23381DCAE1749AF9E3A77CB984
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152799.roa
Signing time:             Sat 02 May 2026 09:22:58 +0000
ROA not before:           Sat 02 May 2026 09:17:58 +0000
ROA not after:            Sat 01 May 2027 09:22:58 +0000
asID:                     152799
IP address blocks:        138.252.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:a7:04:84:2a:09:cf:23:38:1d:ca:e1:74:9a:f9:e3:a7:7c:b9:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:58 2026 GMT
            Not After : May  1 09:22:58 2027 GMT
        Subject: CN=F3EF483C35FF9799142A59B9ECF03A2BD609CBE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9b:84:92:27:7d:53:81:b1:9b:48:8e:74:a1:
                    f7:47:f2:94:d9:ce:e7:ef:5e:ee:f1:08:ea:18:2c:
                    1e:d1:44:39:e6:77:ab:59:44:3f:ac:11:84:bd:be:
                    ce:83:4a:f4:5c:28:74:ea:96:b0:6a:02:af:8a:b3:
                    87:e2:a6:04:6b:d0:5a:4f:42:53:61:17:ac:ef:cd:
                    77:fa:57:40:cf:07:b1:ab:5d:7c:a2:73:06:ca:e6:
                    a5:b4:bd:fb:71:6c:d3:c7:b1:1c:70:b5:a9:65:c5:
                    2a:24:a1:48:4f:db:c4:d1:c3:99:31:b1:ad:5e:6b:
                    8b:91:4b:a9:9b:e5:87:7b:89:e1:d0:7e:e2:8d:7d:
                    6d:03:16:07:95:44:96:f4:c0:43:c9:93:f5:d4:58:
                    d2:af:08:d7:e4:84:cb:8f:92:c8:55:19:07:6d:a1:
                    67:4e:30:cc:c5:f8:f1:6b:db:bc:1e:85:2e:cc:da:
                    5f:d7:4c:5a:d1:7c:30:ac:29:ce:5b:41:22:ac:06:
                    4a:01:e1:c4:ad:7a:f1:e7:30:44:b3:9b:10:8e:17:
                    95:a1:39:af:01:59:ea:61:4f:ed:82:15:c6:7f:22:
                    bc:36:f4:86:b9:fe:87:6c:e6:63:d1:06:7d:7e:a2:
                    22:78:7b:43:fa:24:07:05:fe:81:5f:5c:5f:9b:99:
                    e3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EF:48:3C:35:FF:97:99:14:2A:59:B9:EC:F0:3A:2B:D6:09:CB:E9
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152799.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:d1:3f:cc:f7:52:45:d2:2c:6e:77:eb:9a:69:82:bd:2e:b0:
         23:80:ff:71:08:ee:61:e5:f5:78:ee:2c:53:14:62:cb:ba:b3:
         23:25:89:c6:9d:2c:d1:60:77:29:ab:c3:fc:e1:91:fa:33:92:
         26:e9:c3:45:17:50:22:69:51:73:ea:3b:87:08:e6:4e:67:4b:
         44:4e:e6:ef:e7:93:85:c1:f3:2b:c7:e0:89:04:90:7f:85:98:
         0a:66:d3:84:18:7f:0e:de:6e:d3:b3:76:3c:fa:95:79:18:13:
         b6:ed:81:b3:aa:22:71:b0:85:11:cf:ea:aa:c4:b5:86:bf:d9:
         1a:9a:97:4a:8f:8d:04:0f:4d:40:1d:10:ed:b8:d6:d3:81:17:
         c8:98:04:62:e7:92:31:e3:a7:de:a0:d9:bf:13:bd:8e:c6:5f:
         c2:c3:43:24:af:ad:9a:28:10:8f:cd:72:a5:db:07:8e:30:59:
         ed:7e:6d:71:7a:2c:1a:2c:9f:38:33:df:7e:3e:b7:9d:58:c5:
         3f:99:6b:d7:2d:e8:cc:b2:29:7c:60:7a:29:a8:b1:df:4f:2b:
         a0:55:b0:dc:85:b1:0f:bf:88:5f:a4:37:68:f4:cb:b0:e1:99:
         bd:ae:e9:88:7a:6d:f9:f5:47:de:d3:3f:2a:da:86:f0:aa:72:
         ac:f7:4d:5a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUW6cEhCoJzyM4HcrhdJr546d8uYQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1OFoX
DTI3MDUwMTA5MjI1OFowMzExMC8GA1UEAxMoRjNFRjQ4M0MzNUZGOTc5OTE0MkE1
OUI5RUNGMDNBMkJENjA5Q0JFOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJybhJInfVOBsZtIjnSh90fylNnO5+9e7vEI6hgsHtFEOeZ3q1lEP6wRhL2+
zoNK9FwodOqWsGoCr4qzh+KmBGvQWk9CU2EXrO/Nd/pXQM8HsatdfKJzBsrmpbS9
+3Fs08exHHC1qWXFKiShSE/bxNHDmTGxrV5ri5FLqZvlh3uJ4dB+4o19bQMWB5VE
lvTAQ8mT9dRY0q8I1+SEy4+SyFUZB22hZ04wzMX48WvbvB6FLszaX9dMWtF8MKwp
zltBIqwGSgHhxK168ecwRLObEI4XlaE5rwFZ6mFP7YIVxn8ivDb0hrn+h2zmY9EG
fX6iInh7Q/okBwX+gV9cX5uZ4y8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTz70g8
Nf+XmRQqWbns8Dor1gnL6TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNzk5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivywMA0GCSqGSIb3DQEBCwUAA4IBAQAp0T/M91JF0ixud+uaaYK9LrAj
gP9xCO5h5fV47ixTFGLLurMjJYnGnSzRYHcpq8P84ZH6M5Im6cNFF1AiaVFz6juH
COZOZ0tETubv55OFwfMrx+CJBJB/hZgKZtOEGH8O3m7Ts3Y8+pV5GBO27YGzqiJx
sIURz+qqxLWGv9kampdKj40ED01AHRDtuNbTgRfImARi55Ix46feoNm/E72Oxl/C
w0Mkr62aKBCPzXKl2weOMFntfm1xeiwaLJ84M99+PredWMU/mWvXLejMsil8YHop
qLHfTyugVbDchbEPv4hfpDdo9Muw4Zm9rumIem359Ufe0z8q2obwqnKs901a
-----END CERTIFICATE-----