Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153093.roa
File:                     AS153093.roa (raw, json)
Hash identifier:          DEJP0/nHJk3kwRY4undefaeIBfnND9NpRRvADssjNLo=
Subject key identifier:   21:F9:0C:E0:98:A9:7D:ED:34:1D:F8:2B:F5:C3:D4:33:04:BF:12:D7
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3B835470FF2A721558161A237947A9B7D63A0232
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153093.roa
Signing time:             Sat 02 May 2026 09:24:11 +0000
ROA not before:           Sat 02 May 2026 09:19:11 +0000
ROA not after:            Sat 01 May 2027 09:24:11 +0000
asID:                     153093
IP address blocks:        160.25.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:83:54:70:ff:2a:72:15:58:16:1a:23:79:47:a9:b7:d6:3a:02:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:11 2026 GMT
            Not After : May  1 09:24:11 2027 GMT
        Subject: CN=21F90CE098A97DED341DF82BF5C3D43304BF12D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:61:d5:88:bb:f8:11:c4:74:db:fd:71:81:c1:
                    a7:d7:39:ca:5e:5e:07:3c:1b:ad:e1:d9:f5:62:c2:
                    a0:e5:d3:36:e8:06:6c:d1:ad:71:f9:3f:82:f4:df:
                    c3:b9:3a:fd:81:78:af:a0:63:67:84:4a:6f:11:16:
                    10:d2:80:7c:0f:bb:10:0e:bc:b8:f9:77:a0:ca:ab:
                    db:97:78:5b:2b:f6:7c:26:11:dd:d1:08:da:f8:0b:
                    d4:97:85:23:d4:cc:10:10:24:1d:1d:da:0f:c4:e4:
                    5c:0e:59:27:82:8a:ec:41:e3:5e:b4:91:ab:e0:45:
                    7c:28:25:2c:3f:34:20:74:34:0c:b8:2c:af:ad:27:
                    2e:fd:32:13:d0:cd:96:0a:ed:98:15:e0:fe:c8:67:
                    e6:65:5c:6c:f2:96:99:78:62:23:14:63:11:f6:1f:
                    76:70:16:6b:1d:6c:8f:bb:b1:d2:e6:d9:ee:ae:33:
                    33:1c:02:1f:e0:b1:e3:54:9d:d9:b5:3b:b1:41:6f:
                    90:2e:34:90:19:03:8c:b5:be:b0:30:83:b2:e2:ef:
                    76:c6:46:8f:b1:3b:f1:13:66:2a:c3:cd:84:f6:1e:
                    ee:0f:99:1b:7f:9a:0b:e8:dd:88:75:cf:da:89:63:
                    a8:cf:cd:06:86:33:d1:5a:8f:ff:ea:a8:30:03:2b:
                    5a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F9:0C:E0:98:A9:7D:ED:34:1D:F8:2B:F5:C3:D4:33:04:BF:12:D7
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:ef:1b:f2:bd:61:04:82:af:78:7c:4e:59:d1:26:65:2d:55:
         22:02:0e:98:7b:1f:13:d0:5d:37:87:e7:84:d9:83:0c:da:e6:
         17:b8:3c:ec:5c:30:f9:fc:2a:97:3c:ef:86:6b:b3:95:83:35:
         9d:1d:f2:5f:0f:b9:66:5d:a8:56:cb:dc:59:37:c7:96:6e:ef:
         c9:bb:a8:89:1d:a4:86:e7:37:c8:46:cf:66:73:81:55:29:0c:
         6c:4a:72:5f:b8:7c:e2:23:a6:47:00:b7:e5:f5:aa:9e:a8:ec:
         c2:4a:67:73:e9:47:d0:b5:83:85:1d:90:ed:10:1c:5f:c5:8b:
         6f:48:00:f1:7d:26:65:1d:ce:9e:9b:df:63:19:25:af:77:19:
         90:58:ab:ba:21:dc:f0:cc:c5:ed:5d:8e:dd:9e:a0:d9:62:7a:
         3d:7d:9f:a4:17:9c:40:c4:2c:94:fa:2b:b2:7a:94:74:92:79:
         ae:15:f1:27:6e:1d:1b:ac:70:24:74:37:c6:58:4e:cd:fb:4b:
         b9:e3:1d:1e:8c:bf:09:3e:87:62:4c:4b:09:2f:21:66:66:17:
         98:c0:88:d8:ed:10:2e:29:f4:0a:39:17:6c:a2:c2:fc:22:bd:
         8c:55:88:78:74:0e:00:f2:3b:22:d4:47:b7:bf:30:b3:8f:2e:
         fd:d8:9d:aa
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUO4NUcP8qchVYFhojeUept9Y6AjIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxMVoX
DTI3MDUwMTA5MjQxMVowMzExMC8GA1UEAxMoMjFGOTBDRTA5OEE5N0RFRDM0MURG
ODJCRjVDM0Q0MzMwNEJGMTJENzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALph1Yi7+BHEdNv9cYHBp9c5yl5eBzwbreHZ9WLCoOXTNugGbNGtcfk/gvTf
w7k6/YF4r6BjZ4RKbxEWENKAfA+7EA68uPl3oMqr25d4Wyv2fCYR3dEI2vgL1JeF
I9TMEBAkHR3aD8TkXA5ZJ4KK7EHjXrSRq+BFfCglLD80IHQ0DLgsr60nLv0yE9DN
lgrtmBXg/shn5mVcbPKWmXhiIxRjEfYfdnAWax1sj7ux0ubZ7q4zMxwCH+Cx41Sd
2bU7sUFvkC40kBkDjLW+sDCDsuLvdsZGj7E78RNmKsPNhPYe7g+ZG3+aC+jdiHXP
2oljqM/NBoYz0VqP/+qoMAMrWpMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQh+Qzg
mKl97TQd+Cv1w9QzBL8S1zAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDkzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBmeMA0GCSqGSIb3DQEBCwUAA4IBAQBH7xvyvWEEgq94fE5Z0SZlLVUi
Ag6Yex8T0F03h+eE2YMM2uYXuDzsXDD5/CqXPO+Ga7OVgzWdHfJfD7lmXahWy9xZ
N8eWbu/Ju6iJHaSG5zfIRs9mc4FVKQxsSnJfuHziI6ZHALfl9aqeqOzCSmdz6UfQ
tYOFHZDtEBxfxYtvSADxfSZlHc6em99jGSWvdxmQWKu6IdzwzMXtXY7dnqDZYno9
fZ+kF5xAxCyU+iuyepR0knmuFfEnbh0brHAkdDfGWE7N+0u54x0ejL8JPodiTEsJ
LyFmZheYwIjY7RAuKfQKORdsosL8Ir2MVYh4dA4A8jsi1Ee3vzCzjy792J2q
-----END CERTIFICATE-----