Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153106.roa
File:                     AS153106.roa (raw, json)
Hash identifier:          RKcJJr1+T1wW3HNNzN2I5vmjo98h5tGIum+O6SeabaQ=
Subject key identifier:   00:9E:4B:0B:3D:21:FC:50:FF:99:06:D0:8F:E5:DD:9D:84:49:04:7D
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0EAD609FB3DD600AF0DA9B8019D20AB59344F368
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153106.roa
Signing time:             Sat 02 May 2026 09:24:19 +0000
ROA not before:           Sat 02 May 2026 09:19:19 +0000
ROA not after:            Sat 01 May 2027 09:24:19 +0000
asID:                     153106
IP address blocks:        160.25.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ad:60:9f:b3:dd:60:0a:f0:da:9b:80:19:d2:0a:b5:93:44:f3:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:19 2026 GMT
            Not After : May  1 09:24:19 2027 GMT
        Subject: CN=009E4B0B3D21FC50FF9906D08FE5DD9D8449047D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f1:a0:95:a3:75:03:15:ad:1d:7d:6e:be:f4:
                    bc:23:35:7a:f4:1d:6d:20:e0:4b:a3:bc:a3:e7:73:
                    0d:26:b8:39:89:0e:e1:36:b3:f6:4d:32:5f:7c:4a:
                    c6:14:2b:ee:d0:20:28:48:8c:30:b5:b2:70:f3:34:
                    9f:4e:fa:d7:ec:61:e6:c8:9b:5a:3a:ed:9a:8c:e8:
                    8c:92:c8:d2:b4:dd:95:66:e3:fc:09:c0:ac:c0:6a:
                    b8:96:6d:3e:ff:37:15:87:7f:e8:88:fc:e9:33:11:
                    d9:1c:21:2a:92:a1:8b:d7:cb:26:8f:3f:8d:16:c3:
                    04:16:7c:73:d8:59:11:92:90:b5:b3:4a:a6:88:d4:
                    2e:83:0c:54:25:ab:0f:72:b4:7e:70:8a:71:ed:5c:
                    f7:09:a9:ce:c5:37:77:31:b5:3e:b8:b4:9e:27:92:
                    91:ee:79:33:58:a9:51:81:54:80:52:c4:a6:5a:d1:
                    f8:7b:5a:02:39:a6:ff:42:70:3e:af:3c:e4:00:13:
                    83:33:0b:ae:4b:e3:64:ab:47:a6:d7:ce:94:85:38:
                    9c:01:dc:f8:d3:1a:9f:59:2d:90:32:52:87:dd:7c:
                    e9:97:8e:84:5f:1f:80:4c:f6:14:5c:8b:0e:63:9a:
                    41:09:c3:38:26:ab:05:f7:c0:11:1e:71:f0:54:58:
                    b5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:9E:4B:0B:3D:21:FC:50:FF:99:06:D0:8F:E5:DD:9D:84:49:04:7D
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153106.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:32:e4:22:dd:87:46:83:05:c5:95:35:1d:e4:15:91:91:21:
         32:43:74:96:6c:52:30:28:6f:de:89:66:f2:e2:2a:2c:17:4c:
         b4:ba:f1:66:23:54:83:f9:c1:69:18:1e:40:28:78:a6:a8:58:
         e5:d5:9d:01:80:e7:e5:13:dd:ef:3b:52:4c:c1:e7:32:f4:b4:
         cc:58:cf:64:b0:09:f6:43:d7:bd:af:c0:bf:bc:43:a3:37:c8:
         72:1e:87:70:bf:f8:c8:b7:e2:0a:5e:6c:cb:98:60:ce:d8:c5:
         1a:f0:c1:e0:e1:76:29:34:8f:f2:ff:1a:50:44:d0:7b:fd:57:
         31:53:a8:82:13:ea:07:ae:ca:e2:d8:6c:e5:a3:e5:49:eb:a1:
         45:ec:83:a6:90:be:2b:a5:d2:a8:52:8b:a5:b6:9b:37:07:31:
         29:f6:0f:7e:7e:87:f0:cf:77:2f:c6:b3:19:3d:27:23:8f:dc:
         73:b8:c1:76:f3:fc:bd:5d:e3:30:ae:43:81:61:d2:ce:bb:a8:
         85:20:9d:1b:87:77:8c:1e:1c:15:10:b7:57:02:91:0d:03:50:
         f4:e6:f7:5f:b7:36:a2:ed:46:59:99:35:fd:75:e0:84:2a:bf:
         d9:85:ef:ee:e2:1d:99:f4:34:ee:bb:bb:63:f4:fa:15:c3:3f:
         33:4c:ca:1b
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDq1gn7PdYArw2puAGdIKtZNE82gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxOVoX
DTI3MDUwMTA5MjQxOVowMzExMC8GA1UEAxMoMDA5RTRCMEIzRDIxRkM1MEZGOTkw
NkQwOEZFNUREOUQ4NDQ5MDQ3RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLxoJWjdQMVrR19br70vCM1evQdbSDgS6O8o+dzDSa4OYkO4Taz9k0yX3xK
xhQr7tAgKEiMMLWycPM0n0761+xh5sibWjrtmozojJLI0rTdlWbj/AnArMBquJZt
Pv83FYd/6Ij86TMR2RwhKpKhi9fLJo8/jRbDBBZ8c9hZEZKQtbNKpojULoMMVCWr
D3K0fnCKce1c9wmpzsU3dzG1Pri0nieSke55M1ipUYFUgFLEplrR+HtaAjmm/0Jw
Pq885AATgzMLrkvjZKtHptfOlIU4nAHc+NMan1ktkDJSh9186ZeOhF8fgEz2FFyL
DmOaQQnDOCarBffAER5x8FRYta0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQAnksL
PSH8UP+ZBtCP5d2dhEkEfTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTA2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoBnlMA0GCSqGSIb3DQEBCwUAA4IBAQAnMuQi3YdGgwXFlTUd5BWRkSEy
Q3SWbFIwKG/eiWby4iosF0y0uvFmI1SD+cFpGB5AKHimqFjl1Z0BgOflE93vO1JM
wecy9LTMWM9ksAn2Q9e9r8C/vEOjN8hyHodwv/jIt+IKXmzLmGDO2MUa8MHg4XYp
NI/y/xpQRNB7/VcxU6iCE+oHrsri2Gzlo+VJ66FF7IOmkL4rpdKoUoultps3BzEp
9g9+fofwz3cvxrMZPScjj9xzuMF28/y9XeMwrkOBYdLOu6iFIJ0bh3eMHhwVELdX
ApENA1D05vdftzai7UZZmTX9deCEKr/Zhe/u4h2Z9DTuu7tj9PoVwz8zTMob
-----END CERTIFICATE-----