Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153091.roa
File:                     AS153091.roa (raw, json)
Hash identifier:          01/smTUx0DozRm8od6MuP/vmdms4Uj3yNS2r71K4BWM=
Subject key identifier:   D5:2E:D2:7F:B7:D0:D2:51:01:06:23:EA:C7:A8:3C:B3:01:65:B8:44
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2CCDD51D176BE34B89EAF51EEF60FB1312FB42D9
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153091.roa
Signing time:             Sat 02 May 2026 09:24:19 +0000
ROA not before:           Sat 02 May 2026 09:19:19 +0000
ROA not after:            Sat 01 May 2027 09:24:19 +0000
asID:                     153091
IP address blocks:        160.25.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:cd:d5:1d:17:6b:e3:4b:89:ea:f5:1e:ef:60:fb:13:12:fb:42:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:19 2026 GMT
            Not After : May  1 09:24:19 2027 GMT
        Subject: CN=D52ED27FB7D0D251010623EAC7A83CB30165B844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:65:3a:c7:e5:53:c5:d8:44:68:75:5c:d8:6c:
                    76:c6:06:a1:7a:55:ca:61:94:1f:25:c5:6c:60:ce:
                    75:52:d2:e2:9f:74:0c:33:9a:0c:23:52:54:d7:38:
                    5f:17:5c:96:06:df:b8:e7:e8:42:9f:d0:71:48:2e:
                    b5:a3:0e:7f:71:1d:e6:d8:a3:0a:80:66:32:c3:be:
                    31:7b:e8:bb:05:53:af:18:e5:ad:a5:0a:46:4f:a6:
                    35:4e:39:36:53:ac:8d:07:0e:d9:a3:6a:52:a1:98:
                    e2:4f:48:87:d9:9a:2c:cd:cd:a4:d4:a0:67:6d:dd:
                    9f:a3:19:d2:9f:8e:ed:03:c9:65:1a:28:00:bf:4d:
                    cd:ba:91:72:1e:10:52:24:a9:7f:5b:fd:39:b5:34:
                    de:ab:86:95:ae:4a:b9:b0:64:dc:40:83:62:ba:4d:
                    fd:af:e1:b2:fb:00:27:85:5f:01:f0:41:8a:76:e0:
                    b4:cb:4b:65:22:31:94:94:61:16:5c:0c:6d:bc:5a:
                    28:ba:a5:60:da:d8:25:bb:1d:de:b4:af:45:ef:6a:
                    01:c4:2b:bb:e4:50:e0:db:76:52:19:0b:65:59:57:
                    e7:40:17:ed:b5:0a:c8:7c:c8:9e:f1:84:84:b7:a1:
                    0f:c8:bf:0c:3f:fa:1c:33:eb:11:eb:28:aa:a7:4f:
                    3b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2E:D2:7F:B7:D0:D2:51:01:06:23:EA:C7:A8:3C:B3:01:65:B8:44
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:3c:a2:c5:ae:6f:cd:35:5a:0d:b0:ff:90:57:d1:2f:29:9e:
         1b:0f:38:14:4c:bc:d2:5f:25:54:7b:7e:b1:09:5e:e0:7f:6e:
         ae:53:b0:26:ed:2d:c1:4b:2e:44:4d:8a:c0:2c:7d:26:1e:7f:
         8a:d1:8d:da:3a:26:bc:e4:47:fd:52:07:85:aa:fa:59:30:e6:
         12:d7:e1:03:10:9d:86:d0:2b:80:51:8b:2c:6f:e2:15:bb:20:
         42:ed:ef:ec:36:82:69:92:57:18:f7:98:e7:68:99:5f:d9:0f:
         9a:54:1b:70:11:e1:0c:bc:ff:03:7c:70:a1:1a:88:2e:76:61:
         ce:87:09:61:eb:21:7f:c4:fd:d3:5d:f9:88:82:3d:46:fb:5b:
         16:4c:55:68:e8:99:38:c2:0a:ca:a7:10:7e:4c:64:b9:bf:98:
         86:89:cf:3b:14:4e:a5:14:b4:3e:92:18:51:ec:52:02:78:a2:
         7f:d5:ae:aa:af:3c:f9:7d:fe:90:8d:09:c3:16:c0:0f:fa:1c:
         03:10:a5:94:ce:5c:fb:36:6c:06:82:b2:cf:d2:e7:f6:fa:36:
         8a:55:00:58:90:7e:11:52:a3:0c:4f:97:70:29:9b:9d:6c:ae:
         36:ac:66:b1:37:3a:fa:d6:3a:2c:c7:19:47:4a:ce:a0:49:e7:
         e7:c9:b4:91
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULM3VHRdr40uJ6vUe72D7ExL7QtkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxOVoX
DTI3MDUwMTA5MjQxOVowMzExMC8GA1UEAxMoRDUyRUQyN0ZCN0QwRDI1MTAxMDYy
M0VBQzdBODNDQjMwMTY1Qjg0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANhlOsflU8XYRGh1XNhsdsYGoXpVymGUHyXFbGDOdVLS4p90DDOaDCNSVNc4
XxdclgbfuOfoQp/QcUgutaMOf3Ed5tijCoBmMsO+MXvouwVTrxjlraUKRk+mNU45
NlOsjQcO2aNqUqGY4k9Ih9maLM3NpNSgZ23dn6MZ0p+O7QPJZRooAL9NzbqRch4Q
UiSpf1v9ObU03quGla5KubBk3ECDYrpN/a/hsvsAJ4VfAfBBinbgtMtLZSIxlJRh
FlwMbbxaKLqlYNrYJbsd3rSvRe9qAcQru+RQ4Nt2UhkLZVlX50AX7bUKyHzInvGE
hLehD8i/DD/6HDPrEesoqqdPO4kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTVLtJ/
t9DSUQEGI+rHqDyzAWW4RDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDkxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoBn4MA0GCSqGSIb3DQEBCwUAA4IBAQAIPKLFrm/NNVoNsP+QV9EvKZ4b
DzgUTLzSXyVUe36xCV7gf26uU7Am7S3BSy5ETYrALH0mHn+K0Y3aOia85Ef9UgeF
qvpZMOYS1+EDEJ2G0CuAUYssb+IVuyBC7e/sNoJpklcY95jnaJlf2Q+aVBtwEeEM
vP8DfHChGogudmHOhwlh6yF/xP3TXfmIgj1G+1sWTFVo6Jk4wgrKpxB+TGS5v5iG
ic87FE6lFLQ+khhR7FICeKJ/1a6qrzz5ff6QjQnDFsAP+hwDEKWUzlz7NmwGgrLP
0uf2+jaKVQBYkH4RUqMMT5dwKZudbK42rGaxNzr61josxxlHSs6gSefnybSR
-----END CERTIFICATE-----