Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152806.roa
File:                     AS152806.roa (raw, json)
Hash identifier:          690QNR6pehM6S2wHbU2aIMAS+BOZTviKW9JG4s2z2nU=
Subject key identifier:   F1:A4:A1:97:E4:BB:52:86:74:5F:2C:D9:0C:CC:9F:47:E3:5C:E2:EB
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7F7D8C4E706106C622CD7174E4C4D9E336E0DE9A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152806.roa
Signing time:             Sat 02 May 2026 16:11:49 +0000
ROA not before:           Sat 02 May 2026 16:06:49 +0000
ROA not after:            Sat 01 May 2027 16:11:49 +0000
asID:                     152806
IP address blocks:        160.22.26.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:7d:8c:4e:70:61:06:c6:22:cd:71:74:e4:c4:d9:e3:36:e0:de:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 16:06:49 2026 GMT
            Not After : May  1 16:11:49 2027 GMT
        Subject: CN=F1A4A197E4BB5286745F2CD90CCC9F47E35CE2EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1c:dd:8d:2a:77:a4:d3:7e:54:06:c6:e5:6c:
                    86:4b:a1:83:e3:ba:13:8e:64:89:3e:09:05:95:53:
                    7c:f0:23:ea:7e:aa:74:5f:df:e0:91:4c:81:25:7f:
                    aa:90:c5:bd:0a:6d:87:db:c5:f3:39:d6:fb:d8:5c:
                    5a:65:89:d2:ef:6e:31:70:96:fc:95:24:b5:1f:bf:
                    d3:a2:15:2c:10:04:7c:e0:1c:6f:03:f8:da:c9:06:
                    22:6d:17:73:51:f6:f1:57:4a:9f:d2:e2:60:b7:b6:
                    2c:61:ce:4f:3d:c9:18:06:82:8e:6f:df:8e:69:9d:
                    c2:95:dd:13:ec:97:fc:11:f7:eb:0d:5d:75:4d:75:
                    a0:d1:76:d7:97:cd:09:1f:06:ce:33:43:ea:aa:a1:
                    ae:ec:fa:eb:96:c1:bf:b1:d4:06:00:d8:c5:c0:07:
                    fe:31:67:a7:12:cb:ea:78:bb:07:33:59:bb:ea:ca:
                    58:c5:4b:c5:7d:ca:fc:ef:a0:79:72:00:ff:73:15:
                    50:c6:fc:a5:f5:97:31:58:90:b9:8e:bc:cd:95:f5:
                    97:01:05:8b:81:28:da:3c:aa:99:11:7b:4d:0a:03:
                    5b:b8:d7:76:25:2b:ac:72:75:f0:71:23:9a:7e:68:
                    f1:0a:cc:8e:f1:7c:11:37:f6:d6:74:e0:3b:9c:ac:
                    ab:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A4:A1:97:E4:BB:52:86:74:5F:2C:D9:0C:CC:9F:47:E3:5C:E2:EB
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152806.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:8f:9e:07:44:75:f7:73:d0:53:65:bc:ec:08:fc:b0:e5:80:
         a4:3f:c0:12:80:64:7f:74:7c:72:f3:d3:84:7b:1b:22:c6:39:
         d4:09:46:0a:54:23:cd:4a:be:71:c2:2d:cd:e9:da:56:67:fc:
         76:0b:31:3f:60:0d:51:d3:2b:a8:1d:8e:58:d9:a9:83:9f:ec:
         66:54:30:71:0e:eb:1e:3a:82:d9:ce:5c:70:3d:01:5c:9e:87:
         ad:73:b2:2f:d2:70:bb:96:b5:a4:32:ea:45:f8:a1:aa:a0:55:
         42:b1:ea:8c:11:df:ae:2f:21:b2:e1:bc:bd:c3:cc:b0:64:31:
         21:0a:6e:1f:4c:62:f7:2c:3c:1d:df:60:4e:b1:c0:e4:87:29:
         b8:d9:5d:96:51:55:ad:14:33:6e:8f:6c:bf:db:77:2e:0d:e9:
         6f:89:fb:84:40:d4:cb:3d:1f:17:96:24:0b:7d:67:59:8f:14:
         92:f3:30:e6:5c:fd:4c:e2:80:39:3a:ba:44:8f:96:85:e7:0f:
         e0:48:b2:17:f4:4e:33:99:6c:42:de:59:30:04:07:4b:74:63:
         af:df:c7:81:c7:84:2e:1a:b1:e8:32:0f:01:39:e3:3d:24:9b:
         dd:f2:1f:4f:c8:d6:6d:5e:d4:e7:41:89:03:25:e5:8b:45:91:
         1d:f3:e1:af
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUf32MTnBhBsYizXF05MTZ4zbg3powDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjE2MDY0OVoX
DTI3MDUwMTE2MTE0OVowMzExMC8GA1UEAxMoRjFBNEExOTdFNEJCNTI4Njc0NUYy
Q0Q5MENDQzlGNDdFMzVDRTJFQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoc3Y0qd6TTflQGxuVshkuhg+O6E45kiT4JBZVTfPAj6n6qdF/f4JFMgSV/
qpDFvQpth9vF8znW+9hcWmWJ0u9uMXCW/JUktR+/06IVLBAEfOAcbwP42skGIm0X
c1H28VdKn9LiYLe2LGHOTz3JGAaCjm/fjmmdwpXdE+yX/BH36w1ddU11oNF215fN
CR8GzjND6qqhruz665bBv7HUBgDYxcAH/jFnpxLL6ni7BzNZu+rKWMVLxX3K/O+g
eXIA/3MVUMb8pfWXMViQuY68zZX1lwEFi4Eo2jyqmRF7TQoDW7jXdiUrrHJ18HEj
mn5o8QrMjvF8ETf21nTgO5ysqxUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTxpKGX
5LtShnRfLNkMzJ9H41zi6zAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyODA2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBYaMA0GCSqGSIb3DQEBCwUAA4IBAQAEj54HRHX3c9BTZbzsCPyw5YCk
P8ASgGR/dHxy89OEexsixjnUCUYKVCPNSr5xwi3N6dpWZ/x2CzE/YA1R0yuoHY5Y
2amDn+xmVDBxDuseOoLZzlxwPQFcnoetc7Iv0nC7lrWkMupF+KGqoFVCseqMEd+u
LyGy4by9w8ywZDEhCm4fTGL3LDwd32BOscDkhym42V2WUVWtFDNuj2y/23cuDelv
ifuEQNTLPR8XliQLfWdZjxSS8zDmXP1M4oA5OrpEj5aF5w/gSLIX9E4zmWxC3lkw
BAdLdGOv38eBx4QuGrHoMg8BOeM9JJvd8h9PyNZtXtTnQYkDJeWLRZEd8+Gv
-----END CERTIFICATE-----