Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153079.roa
File:                     AS153079.roa (raw, json)
Hash identifier:          ILFgYsU4Cn/iuC2V4cMhzvUyMOpt/sUnlr6VYqHG/pI=
Subject key identifier:   6B:BB:59:5B:86:8B:F2:DE:B0:BA:AF:F2:F2:E6:9B:6E:AE:20:69:9A
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4882B3EE279E498C7B6BEAA31D92B433B52CAD6B
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153079.roa
Signing time:             Sat 02 May 2026 09:23:09 +0000
ROA not before:           Sat 02 May 2026 09:18:09 +0000
ROA not after:            Sat 01 May 2027 09:23:09 +0000
asID:                     153079
IP address blocks:        192.203.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:82:b3:ee:27:9e:49:8c:7b:6b:ea:a3:1d:92:b4:33:b5:2c:ad:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:09 2026 GMT
            Not After : May  1 09:23:09 2027 GMT
        Subject: CN=6BBB595B868BF2DEB0BAAFF2F2E69B6EAE20699A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d5:22:d7:2c:26:5c:4d:a2:8e:22:fb:d8:6b:
                    3e:a7:12:13:5e:76:6a:5d:4d:00:94:a6:9d:a1:0c:
                    9d:fd:f9:44:d5:71:d7:10:03:e0:cd:de:f1:de:a9:
                    cb:dc:8f:33:e5:76:a8:63:04:25:cc:2b:25:8c:b7:
                    68:a0:60:aa:2f:d9:4e:b9:66:c6:60:8e:52:55:4f:
                    43:1b:bc:31:a3:02:b2:61:53:72:e1:44:1b:b8:52:
                    f1:de:8d:6b:9a:69:55:5f:82:1a:d0:55:93:98:c7:
                    e0:23:92:a7:3d:c4:84:8e:a1:38:ae:bd:5a:76:8a:
                    aa:75:5e:b9:6f:f4:3a:16:25:ca:58:e4:1f:8b:08:
                    3d:c1:98:0c:36:cd:1d:7e:f8:96:68:83:8a:74:27:
                    be:1d:ae:49:b3:7b:63:45:e7:f1:5e:01:09:1c:24:
                    d8:4b:29:11:3f:ab:0e:fb:ae:92:ea:d3:ce:e8:fa:
                    0d:12:ab:74:a6:9b:bb:d1:f2:c9:b8:a4:3e:9d:50:
                    49:42:0f:5c:5c:f0:d1:04:4d:e7:c1:bd:c0:05:c4:
                    5e:8c:bd:53:89:a8:49:4d:44:aa:f8:bd:ec:7c:b2:
                    c1:76:30:3b:c6:fb:b0:1f:ea:44:39:c3:8e:a2:74:
                    c7:89:d4:39:a8:af:6d:8d:c3:55:de:41:ac:e4:ce:
                    b9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:BB:59:5B:86:8B:F2:DE:B0:BA:AF:F2:F2:E6:9B:6E:AE:20:69:9A
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153079.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.203.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:53:17:7f:54:2e:02:8f:37:70:72:02:7b:2c:db:8c:78:f3:
         ea:6a:3f:1b:6b:b6:a9:33:7d:1e:18:c0:3f:0f:24:4a:d6:17:
         9b:ca:a2:52:6a:11:ae:f3:cf:d4:76:a6:f6:3a:a3:2a:cc:d1:
         94:e7:8e:4e:90:48:56:7e:0e:0c:0e:68:07:6a:81:2a:b8:17:
         af:71:8d:d2:fd:6e:55:a9:5d:29:d7:28:f6:bb:d9:ab:82:92:
         d1:b3:80:97:61:d3:9a:68:75:f1:27:db:51:0a:75:29:24:bb:
         bb:5c:54:9b:1f:c7:f0:18:ff:af:30:28:bd:0e:88:2d:70:32:
         04:07:b4:9e:1e:2e:d3:64:e9:f5:0f:f3:2c:d3:1d:7a:7e:6c:
         b9:4b:e6:c8:ab:9d:48:c6:33:36:87:40:f6:05:24:42:54:0c:
         3e:d7:73:99:f1:f8:e4:aa:39:fc:52:53:19:bc:d8:1a:df:c4:
         3f:80:1d:99:6b:88:05:16:a3:60:c1:7c:b7:a0:e7:a8:6a:6c:
         74:9a:bb:02:f4:1c:03:a1:b9:51:ef:33:d7:ea:d0:7f:a0:b3:
         ad:ef:ab:97:78:8f:92:4d:69:d4:84:94:a5:14:ad:67:23:2a:
         af:e0:4e:c3:62:21:72:a0:51:4d:8f:29:dc:14:e4:8b:54:28:
         b2:9d:ab:32
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUSIKz7ieeSYx7a+qjHZK0M7UsrWswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwOVoX
DTI3MDUwMTA5MjMwOVowMzExMC8GA1UEAxMoNkJCQjU5NUI4NjhCRjJERUIwQkFB
RkYyRjJFNjlCNkVBRTIwNjk5QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLVItcsJlxNoo4i+9hrPqcSE152al1NAJSmnaEMnf35RNVx1xAD4M3e8d6p
y9yPM+V2qGMEJcwrJYy3aKBgqi/ZTrlmxmCOUlVPQxu8MaMCsmFTcuFEG7hS8d6N
a5ppVV+CGtBVk5jH4COSpz3EhI6hOK69WnaKqnVeuW/0OhYlyljkH4sIPcGYDDbN
HX74lmiDinQnvh2uSbN7Y0Xn8V4BCRwk2EspET+rDvuukurTzuj6DRKrdKabu9Hy
ybikPp1QSUIPXFzw0QRN58G9wAXEXoy9U4moSU1Eqvi97HyywXYwO8b7sB/qRDnD
jqJ0x4nUOaivbY3DVd5BrOTOuQsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRru1lb
hovy3rC6r/Ly5pturiBpmjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDc5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAwMvRMA0GCSqGSIb3DQEBCwUAA4IBAQAZUxd/VC4CjzdwcgJ7LNuMePPq
aj8ba7apM30eGMA/DyRK1hebyqJSahGu88/Udqb2OqMqzNGU545OkEhWfg4MDmgH
aoEquBevcY3S/W5VqV0p1yj2u9mrgpLRs4CXYdOaaHXxJ9tRCnUpJLu7XFSbH8fw
GP+vMCi9DogtcDIEB7SeHi7TZOn1D/Ms0x16fmy5S+bIq51IxjM2h0D2BSRCVAw+
13OZ8fjkqjn8UlMZvNga38Q/gB2Za4gFFqNgwXy3oOeoamx0mrsC9BwDoblR7zPX
6tB/oLOt76uXeI+STWnUhJSlFK1nIyqv4E7DYiFyoFFNjyncFOSLVCiynasy
-----END CERTIFICATE-----