Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153100.roa
File:                     AS153100.roa (raw, json)
Hash identifier:          5M2uBOIPI6sMyqnhWs4YIVOS4D+i1A9gyM8SU1ECrHE=
Subject key identifier:   5E:23:99:E4:E2:94:42:41:AB:EE:A2:BF:80:6F:F3:D1:F9:F0:CD:4E
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       5DC154316E419985A6396119A3C3E514FD6EBC7C
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153100.roa
Signing time:             Sat 02 May 2026 09:24:09 +0000
ROA not before:           Sat 02 May 2026 09:19:09 +0000
ROA not after:            Sat 01 May 2027 09:24:09 +0000
asID:                     153100
IP address blocks:        160.25.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:c1:54:31:6e:41:99:85:a6:39:61:19:a3:c3:e5:14:fd:6e:bc:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:09 2026 GMT
            Not After : May  1 09:24:09 2027 GMT
        Subject: CN=5E2399E4E2944241ABEEA2BF806FF3D1F9F0CD4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fe:84:47:f3:bc:54:e8:20:ed:82:93:82:b9:
                    4c:f5:0e:55:e0:79:52:26:75:6b:13:81:12:2c:1e:
                    e9:21:08:42:ed:2d:03:fa:ec:07:47:5f:d0:fb:7a:
                    e9:54:a5:f0:7f:b5:0f:3c:62:97:57:3f:a8:a3:06:
                    80:60:91:81:ae:14:af:cc:49:d1:d0:79:e3:6c:9a:
                    f3:72:7f:a6:79:0a:85:b9:71:68:3d:06:60:ba:4d:
                    ae:53:0c:76:6a:51:19:6a:78:92:e6:54:87:b0:6a:
                    13:6b:b8:35:61:f8:0c:e0:51:c7:c2:3a:61:7b:81:
                    7f:b4:8a:18:c2:fb:9e:05:28:71:bf:3d:0d:e2:47:
                    c9:12:83:7c:96:84:23:cd:7f:b9:47:98:38:ab:82:
                    8c:3d:64:2e:70:00:e3:e1:65:70:a6:a0:75:4d:a3:
                    30:51:51:de:eb:2a:6c:a4:34:96:30:c4:34:eb:dd:
                    8f:08:f1:2c:1a:53:b9:e4:83:fc:03:cb:74:62:90:
                    96:2b:8e:9a:cc:0c:17:a2:2a:dd:58:6e:da:f1:39:
                    ba:e2:6a:b2:62:b4:dd:09:dc:f6:ef:44:c3:9f:69:
                    67:4f:17:d7:ed:16:51:70:9f:f5:14:96:df:7b:b9:
                    2d:ef:3f:87:14:5a:c0:21:07:bb:be:4c:ee:95:6b:
                    c1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:23:99:E4:E2:94:42:41:AB:EE:A2:BF:80:6F:F3:D1:F9:F0:CD:4E
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a8:e4:91:ce:70:bf:ca:35:89:9a:34:81:9e:8e:6d:bf:64:
         30:e0:8c:81:62:db:ee:41:ee:ca:f6:35:0c:60:7d:ab:8f:3b:
         2f:eb:99:9d:4c:75:ce:68:e4:44:b5:03:aa:a2:ee:6f:41:e2:
         78:e8:12:7f:06:30:1e:47:9d:fa:44:ab:b0:91:d9:62:cb:e9:
         1d:b8:e4:2a:ae:df:36:73:a4:c4:b9:f6:b8:8c:ef:d8:0b:68:
         98:e7:06:b5:dd:cc:d0:b0:35:da:90:52:ff:5a:00:bd:c2:8d:
         19:60:04:38:ec:97:cc:84:62:7b:2a:cd:a4:0b:02:05:aa:63:
         03:59:bc:73:6b:f9:f2:91:81:a4:e0:15:64:9f:98:9f:9f:ab:
         90:32:df:69:35:b0:e3:d7:fd:ee:0e:86:9f:c6:d9:fe:ff:88:
         57:6f:f8:62:68:e2:b5:3f:3f:7b:eb:58:39:a9:dc:68:e4:92:
         01:e1:fc:a5:c9:cd:3f:a3:ef:64:16:16:6a:00:6d:5d:14:f9:
         5f:19:b9:6f:88:6f:74:b3:8d:66:28:b7:38:7c:e4:b7:94:3d:
         82:4a:95:e0:be:4d:da:bd:99:e9:2a:c7:44:51:9e:09:ae:ab:
         19:6d:23:fb:f2:5a:7c:13:bf:aa:4d:53:97:66:56:dc:05:34:
         64:cd:93:27
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUXcFUMW5BmYWmOWEZo8PlFP1uvHwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkwOVoX
DTI3MDUwMTA5MjQwOVowMzExMC8GA1UEAxMoNUUyMzk5RTRFMjk0NDI0MUFCRUVB
MkJGODA2RkYzRDFGOUYwQ0Q0RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALf+hEfzvFToIO2Ck4K5TPUOVeB5UiZ1axOBEiwe6SEIQu0tA/rsB0df0Pt6
6VSl8H+1Dzxil1c/qKMGgGCRga4Ur8xJ0dB542ya83J/pnkKhblxaD0GYLpNrlMM
dmpRGWp4kuZUh7BqE2u4NWH4DOBRx8I6YXuBf7SKGML7ngUocb89DeJHyRKDfJaE
I81/uUeYOKuCjD1kLnAA4+FlcKagdU2jMFFR3usqbKQ0ljDENOvdjwjxLBpTueSD
/APLdGKQliuOmswMF6Iq3Vhu2vE5uuJqsmK03Qnc9u9Ew59pZ08X1+0WUXCf9RSW
33u5Le8/hxRawCEHu75M7pVrwTcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBReI5nk
4pRCQavuor+Ab/PR+fDNTjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTAwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoBnJMA0GCSqGSIb3DQEBCwUAA4IBAQBFqOSRznC/yjWJmjSBno5tv2Qw
4IyBYtvuQe7K9jUMYH2rjzsv65mdTHXOaOREtQOqou5vQeJ46BJ/BjAeR536RKuw
kdliy+kduOQqrt82c6TEufa4jO/YC2iY5wa13czQsDXakFL/WgC9wo0ZYAQ47JfM
hGJ7Ks2kCwIFqmMDWbxza/nykYGk4BVkn5ifn6uQMt9pNbDj1/3uDoafxtn+/4hX
b/hiaOK1Pz9761g5qdxo5JIB4fylyc0/o+9kFhZqAG1dFPlfGblviG90s41mKLc4
fOS3lD2CSpXgvk3avZnpKsdEUZ4JrqsZbSP78lp8E7+qTVOXZlbcBTRkzZMn
-----END CERTIFICATE-----