Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153084.roa
File:                     AS153084.roa (raw, json)
Hash identifier:          lwnFHqq8wGYKs/vecbG7vf1URVIvX2mdaOMT7nv3NGM=
Subject key identifier:   20:26:04:05:FA:ED:58:8A:D7:6D:34:A1:65:BA:17:54:E9:2B:0B:D9
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7047A64B4D1E6CEAE576128338A6763F14EBFDD2
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153084.roa
Signing time:             Sat 02 May 2026 09:24:15 +0000
ROA not before:           Sat 02 May 2026 09:19:15 +0000
ROA not after:            Sat 01 May 2027 09:24:15 +0000
asID:                     153084
IP address blocks:        160.25.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:47:a6:4b:4d:1e:6c:ea:e5:76:12:83:38:a6:76:3f:14:eb:fd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:15 2026 GMT
            Not After : May  1 09:24:15 2027 GMT
        Subject: CN=20260405FAED588AD76D34A165BA1754E92B0BD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:39:9c:09:62:f3:a8:bc:0e:00:1b:d7:c9:cf:
                    35:6e:65:11:eb:da:07:d9:21:b6:0a:9a:18:2c:e4:
                    b2:1b:ec:3d:c2:d1:45:31:f4:e0:21:bb:32:e1:77:
                    86:88:df:eb:54:88:3c:7a:cc:6e:e8:25:92:87:67:
                    17:7f:f0:28:a9:41:86:7d:e2:8c:ec:70:f1:70:dd:
                    7a:b6:7d:c2:48:4e:52:c8:14:7d:dc:c6:b0:13:83:
                    87:f3:3f:55:42:42:56:6b:9d:c5:cd:2c:66:23:97:
                    b1:bf:2c:45:7c:8e:fb:ed:a3:ef:09:e7:39:97:e1:
                    c8:36:ce:9b:e1:cd:4a:f7:5b:69:fd:77:5e:95:5b:
                    3b:88:86:31:91:86:d7:5a:1f:eb:5b:2c:f0:e7:94:
                    07:c8:f2:a8:23:44:7f:9a:a0:de:25:83:98:e5:13:
                    a6:8d:96:19:f3:a5:83:e6:5c:70:07:4e:21:85:81:
                    8d:17:55:01:fd:e7:4c:73:76:cd:2c:04:03:5f:bb:
                    b1:fb:98:64:11:a3:0f:19:e2:84:b7:43:75:e0:9b:
                    0b:61:dd:a2:fd:9d:e8:c5:90:19:35:e8:6d:dd:45:
                    9d:fd:f4:98:f9:cb:70:2f:08:c9:93:53:7a:7c:62:
                    25:ad:34:74:62:e2:7b:eb:d9:72:f3:96:ba:e3:b0:
                    ca:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:26:04:05:FA:ED:58:8A:D7:6D:34:A1:65:BA:17:54:E9:2B:0B:D9
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153084.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:eb:54:c1:d8:ef:bb:40:37:94:10:52:42:23:0b:ab:24:68:
         a3:b2:64:65:54:66:3b:9b:9b:ea:ed:c8:fe:da:18:23:80:12:
         e5:f3:b2:73:f2:16:6c:a6:05:bc:10:3e:4b:a7:c2:9c:93:24:
         21:1b:41:7c:d4:37:da:e3:2a:b4:64:2b:c2:10:cb:82:7a:d1:
         71:58:cd:27:4f:5f:be:7e:74:15:d2:2a:5d:6d:44:82:44:3e:
         95:b7:f0:60:f3:59:3b:fd:9e:75:77:43:75:f5:9f:f5:67:38:
         78:1b:8a:27:f8:26:1b:f2:1f:2a:99:a2:2b:d8:a4:de:fe:40:
         b3:95:b3:0e:25:69:2a:67:08:f5:a8:f5:f1:14:c0:b5:1a:5d:
         5a:cc:ad:56:34:ea:28:dd:99:f5:d7:e3:75:aa:6a:c8:fb:e5:
         c8:9b:f4:83:49:a9:b9:b5:5b:34:b8:4e:b5:71:fb:4d:5e:e8:
         a1:7e:75:ea:d1:53:11:35:16:86:99:a7:b8:24:0f:df:58:e5:
         4b:32:12:50:a0:66:c7:25:4d:c1:07:dc:0a:d6:f0:df:15:c8:
         f7:b5:53:47:c0:65:9d:71:44:8f:b0:91:a6:f1:99:58:f5:49:
         17:be:af:eb:f4:27:ab:1b:d1:ba:80:e0:d0:08:0a:ee:85:8c:
         d3:25:0f:54
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUcEemS00ebOrldhKDOKZ2PxTr/dIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxNVoX
DTI3MDUwMTA5MjQxNVowMzExMC8GA1UEAxMoMjAyNjA0MDVGQUVENTg4QUQ3NkQz
NEExNjVCQTE3NTRFOTJCMEJEOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKg5nAli86i8DgAb18nPNW5lEevaB9khtgqaGCzkshvsPcLRRTH04CG7MuF3
hojf61SIPHrMbuglkodnF3/wKKlBhn3ijOxw8XDderZ9wkhOUsgUfdzGsBODh/M/
VUJCVmudxc0sZiOXsb8sRXyO++2j7wnnOZfhyDbOm+HNSvdbaf13XpVbO4iGMZGG
11of61ss8OeUB8jyqCNEf5qg3iWDmOUTpo2WGfOlg+ZccAdOIYWBjRdVAf3nTHN2
zSwEA1+7sfuYZBGjDxnihLdDdeCbC2Hdov2d6MWQGTXobd1Fnf30mPnLcC8IyZNT
enxiJa00dGLie+vZcvOWuuOwyskCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQgJgQF
+u1YitdtNKFluhdU6SsL2TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDg0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBk4MA0GCSqGSIb3DQEBCwUAA4IBAQBC61TB2O+7QDeUEFJCIwurJGij
smRlVGY7m5vq7cj+2hgjgBLl87Jz8hZspgW8ED5Lp8KckyQhG0F81Dfa4yq0ZCvC
EMuCetFxWM0nT1++fnQV0ipdbUSCRD6Vt/Bg81k7/Z51d0N19Z/1Zzh4G4on+CYb
8h8qmaIr2KTe/kCzlbMOJWkqZwj1qPXxFMC1Gl1azK1WNOoo3Zn11+N1qmrI++XI
m/SDSam5tVs0uE61cftNXuihfnXq0VMRNRaGmae4JA/fWOVLMhJQoGbHJU3BB9wK
1vDfFcj3tVNHwGWdcUSPsJGm8ZlY9UkXvq/r9CerG9G6gODQCAruhYzTJQ9U
-----END CERTIFICATE-----