Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153059.roa
File:                     AS153059.roa (raw, json)
Hash identifier:          DGp9BMEQ1hvZL3iJP/0oDpVZdLANRB0uKM3hYcAwPPg=
Subject key identifier:   83:9F:9A:9C:B9:E8:57:F5:34:74:85:86:5D:3E:7D:9D:B6:46:90:0A
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0D3AB3BDA6FE0A330CDCDA1AE9B94431090DA68F
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153059.roa
Signing time:             Sat 02 May 2026 09:24:24 +0000
ROA not before:           Sat 02 May 2026 09:19:24 +0000
ROA not after:            Sat 01 May 2027 09:24:24 +0000
asID:                     153059
IP address blocks:        160.25.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:3a:b3:bd:a6:fe:0a:33:0c:dc:da:1a:e9:b9:44:31:09:0d:a6:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:24 2026 GMT
            Not After : May  1 09:24:24 2027 GMT
        Subject: CN=839F9A9CB9E857F5347485865D3E7D9DB646900A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:17:a0:88:af:5a:8c:83:16:6c:cd:93:12:96:
                    19:9e:a2:26:63:8b:14:05:03:ad:36:e6:59:e5:54:
                    6f:2a:4b:d6:40:0c:8e:b9:65:32:29:52:39:87:0e:
                    16:ec:df:bd:11:67:2b:96:11:d7:17:2e:3f:ab:3c:
                    35:1c:0d:32:ec:a4:b5:b7:e2:aa:f2:7d:2a:82:18:
                    ae:ba:4b:de:8d:8e:67:ef:84:43:94:11:eb:df:e6:
                    a7:37:33:37:b8:c4:82:18:00:f4:4a:d9:8e:61:5b:
                    8d:6a:f4:12:65:f9:f5:91:4b:26:3f:ed:37:f4:9f:
                    ce:e6:98:22:59:15:41:7e:b0:25:fb:25:93:a5:03:
                    e9:b8:74:86:72:4a:99:be:5c:0e:82:08:89:99:37:
                    ac:72:a1:95:58:09:6b:ac:20:4e:63:64:6e:47:c2:
                    0e:54:b6:6b:bd:5d:e3:c1:3d:c2:15:9d:dd:52:57:
                    f4:39:ab:e8:c3:e3:72:31:a7:e8:46:9f:b0:3a:e8:
                    ef:6c:32:f0:0a:ce:4d:93:72:b5:e0:94:4c:04:81:
                    48:12:47:6f:45:4b:0a:29:3e:56:f9:46:8e:31:43:
                    d9:f0:68:92:7e:40:0c:6b:98:71:e9:67:86:07:9b:
                    af:40:46:70:88:10:14:41:ff:59:d9:2e:67:38:89:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:9F:9A:9C:B9:E8:57:F5:34:74:85:86:5D:3E:7D:9D:B6:46:90:0A
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153059.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:7b:81:ca:8d:5a:51:64:53:be:06:e1:b1:45:f9:7b:29:60:
         73:f9:8a:87:43:67:c1:b3:d5:21:cd:80:ce:1b:db:87:65:26:
         db:82:9c:18:eb:c7:c5:66:a4:88:77:2a:e1:14:06:74:d9:5a:
         28:79:65:d8:7d:97:91:f4:6f:30:c9:05:82:79:e5:db:02:ee:
         e7:9b:1a:24:5e:4f:dc:86:8b:5b:85:63:26:41:f6:69:e2:e6:
         85:88:7b:52:04:c1:61:e8:6f:16:d6:70:ee:20:6c:88:08:f5:
         3b:f7:b8:ac:e4:29:51:00:38:8f:dc:70:20:5f:fc:9a:27:23:
         49:27:dd:ea:61:85:69:6c:5d:3c:d8:dd:83:25:7e:f8:03:80:
         85:f6:cb:b9:3a:53:28:25:e5:1e:b1:2c:af:7d:d0:f9:45:c2:
         cd:87:4e:40:5b:39:ec:95:3b:87:98:48:d2:38:a6:ea:e9:f4:
         6d:f4:88:ef:22:31:61:5d:48:9c:d7:8a:49:74:57:29:5d:e1:
         52:4d:2a:87:eb:a1:b3:35:8e:9b:c6:1b:ef:d9:4a:0e:6c:a6:
         87:7c:11:39:db:10:4f:81:6b:cf:77:29:85:23:c1:7e:3d:d1:
         8e:6c:c8:df:ca:c4:07:2e:99:ae:db:df:fe:bc:3d:75:4e:3b:
         94:22:82:a7
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDTqzvab+CjMM3Noa6blEMQkNpo8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyNFoX
DTI3MDUwMTA5MjQyNFowMzExMC8GA1UEAxMoODM5RjlBOUNCOUU4NTdGNTM0NzQ4
NTg2NUQzRTdEOURCNjQ2OTAwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOkXoIivWoyDFmzNkxKWGZ6iJmOLFAUDrTbmWeVUbypL1kAMjrllMilSOYcO
FuzfvRFnK5YR1xcuP6s8NRwNMuyktbfiqvJ9KoIYrrpL3o2OZ++EQ5QR69/mpzcz
N7jEghgA9ErZjmFbjWr0EmX59ZFLJj/tN/SfzuaYIlkVQX6wJfslk6UD6bh0hnJK
mb5cDoIIiZk3rHKhlVgJa6wgTmNkbkfCDlS2a71d48E9whWd3VJX9Dmr6MPjcjGn
6EafsDro72wy8ArOTZNyteCUTASBSBJHb0VLCik+VvlGjjFD2fBokn5ADGuYceln
hgebr0BGcIgQFEH/WdkuZziJEk0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSDn5qc
uehX9TR0hYZdPn2dtkaQCjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDU5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBkuMA0GCSqGSIb3DQEBCwUAA4IBAQAae4HKjVpRZFO+BuGxRfl7KWBz
+YqHQ2fBs9UhzYDOG9uHZSbbgpwY68fFZqSIdyrhFAZ02VooeWXYfZeR9G8wyQWC
eeXbAu7nmxokXk/chotbhWMmQfZp4uaFiHtSBMFh6G8W1nDuIGyICPU797is5ClR
ADiP3HAgX/yaJyNJJ93qYYVpbF082N2DJX74A4CF9su5OlMoJeUesSyvfdD5RcLN
h05AWznslTuHmEjSOKbq6fRt9IjvIjFhXUic14pJdFcpXeFSTSqH66GzNY6bxhvv
2UoObKaHfBE52xBPgWvPdymFI8F+PdGObMjfysQHLpmu29/+vD11TjuUIoKn
-----END CERTIFICATE-----