Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153135.roa
File:                     AS153135.roa (raw, json)
Hash identifier:          NoDDdm5cc480H1cZOHaGlpGZUkNo+QShd41IOMz6ZS4=
Subject key identifier:   46:50:08:8F:0A:9D:23:D2:91:B0:31:CE:93:32:3B:C9:E2:4D:D0:7F
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       459924DF7B78046E7488B78D3E50265E5BD38722
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153135.roa
Signing time:             Sat 02 May 2026 09:23:07 +0000
ROA not before:           Sat 02 May 2026 09:18:07 +0000
ROA not after:            Sat 01 May 2027 09:23:07 +0000
asID:                     153135
IP address blocks:        144.79.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:99:24:df:7b:78:04:6e:74:88:b7:8d:3e:50:26:5e:5b:d3:87:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:07 2026 GMT
            Not After : May  1 09:23:07 2027 GMT
        Subject: CN=4650088F0A9D23D291B031CE93323BC9E24DD07F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:37:1f:e4:3e:a3:07:c4:f8:d0:60:21:79:7f:
                    18:bb:55:22:98:ba:f8:2f:19:87:04:40:c2:9e:35:
                    72:5e:49:71:89:dc:ca:e8:d1:21:3d:5d:70:17:0f:
                    a0:d9:95:4a:3c:00:a6:65:3d:f1:44:86:67:e4:44:
                    38:d3:15:92:96:2b:86:4c:b9:60:e3:4d:fa:c9:1e:
                    c1:3f:9a:6a:81:8d:bb:de:6f:24:58:7c:17:d2:70:
                    99:3a:0a:c5:3d:f4:67:45:03:7e:3c:3f:f5:2d:ec:
                    30:ad:c3:a3:78:33:d8:43:d6:7a:d8:e9:e8:f4:e7:
                    60:06:69:57:83:05:a6:8b:a3:4f:c1:1e:ae:7a:2a:
                    2b:24:05:b1:d6:b2:f6:c7:2d:eb:ba:3a:77:e4:68:
                    7d:24:de:fe:db:d6:df:69:f4:14:17:c8:fe:72:2f:
                    2c:12:5a:ce:05:86:78:73:5e:8d:42:78:c0:f9:3b:
                    25:96:2b:9d:4a:64:0a:b5:6c:0f:97:50:ab:8c:0e:
                    89:b3:84:a8:59:50:b2:e5:7f:1e:a2:59:7d:0f:ba:
                    87:26:df:ef:5f:60:dc:8a:e3:ba:0c:5b:70:d4:97:
                    71:49:45:73:30:c6:4d:9b:55:92:46:62:2a:ce:3e:
                    76:4e:62:93:0c:b7:5f:51:65:ce:67:70:fd:4f:07:
                    76:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:50:08:8F:0A:9D:23:D2:91:B0:31:CE:93:32:3B:C9:E2:4D:D0:7F
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:e9:ac:b7:1a:42:21:77:9d:c8:12:c5:e3:6c:c2:76:d7:0b:
         bf:02:41:6f:94:81:87:22:99:8a:4c:99:b1:01:d6:8c:9b:84:
         18:34:3e:f5:be:ce:b4:42:66:04:a3:00:8e:f7:8f:e1:0c:48:
         d5:e0:41:9b:81:88:d3:b2:04:0b:2f:72:ec:75:c8:d4:e2:dc:
         55:54:d0:0d:d0:7a:1f:57:b7:ce:e3:b7:e6:9e:85:39:e1:7f:
         c0:c0:29:a3:14:8e:fd:aa:41:52:0c:85:e2:8a:03:1e:07:c7:
         15:43:1d:89:f2:3e:7c:bd:8a:e1:5f:2b:00:d6:da:2e:d1:77:
         ed:24:78:4f:bc:c1:69:c2:67:34:3d:4e:5c:1d:27:53:11:5a:
         df:54:8c:43:d5:16:4f:d7:49:41:91:1b:9c:a9:4c:e6:0b:6c:
         36:4f:b8:1e:08:3f:15:11:62:51:c2:3f:1d:33:df:af:5a:11:
         36:dc:b0:43:59:8a:a9:51:aa:de:c0:87:cf:6f:3e:48:2e:b5:
         97:b2:52:a3:11:3e:0e:36:c5:80:fd:fd:5c:52:3f:bf:bb:cb:
         2a:a6:30:e4:d4:da:af:9c:22:c9:bd:01:6e:10:9e:46:50:96:
         70:47:f3:7c:b1:d8:c4:c7:bb:f0:19:dc:1f:72:09:c2:3e:d6:
         21:a3:34:0a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIURZkk33t4BG50iLeNPlAmXlvThyIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwN1oX
DTI3MDUwMTA5MjMwN1owMzExMC8GA1UEAxMoNDY1MDA4OEYwQTlEMjNEMjkxQjAz
MUNFOTMzMjNCQzlFMjRERDA3RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJo3H+Q+owfE+NBgIXl/GLtVIpi6+C8ZhwRAwp41cl5JcYncyujRIT1dcBcP
oNmVSjwApmU98USGZ+REONMVkpYrhky5YONN+skewT+aaoGNu95vJFh8F9JwmToK
xT30Z0UDfjw/9S3sMK3Do3gz2EPWetjp6PTnYAZpV4MFpoujT8EernoqKyQFsday
9sct67o6d+RofSTe/tvW32n0FBfI/nIvLBJazgWGeHNejUJ4wPk7JZYrnUpkCrVs
D5dQq4wOibOEqFlQsuV/HqJZfQ+6hybf719g3IrjugxbcNSXcUlFczDGTZtVkkZi
Ks4+dk5ikwy3X1Flzmdw/U8HdlECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRGUAiP
Cp0j0pGwMc6TMjvJ4k3QfzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTM1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE8lMA0GCSqGSIb3DQEBCwUAA4IBAQCZ6ay3GkIhd53IEsXjbMJ21wu/
AkFvlIGHIpmKTJmxAdaMm4QYND71vs60QmYEowCO94/hDEjV4EGbgYjTsgQLL3Ls
dcjU4txVVNAN0HofV7fO47fmnoU54X/AwCmjFI79qkFSDIXiigMeB8cVQx2J8j58
vYrhXysA1tou0XftJHhPvMFpwmc0PU5cHSdTEVrfVIxD1RZP10lBkRucqUzmC2w2
T7geCD8VEWJRwj8dM9+vWhE23LBDWYqpUarewIfPbz5ILrWXslKjET4ONsWA/f1c
Uj+/u8sqpjDk1NqvnCLJvQFuEJ5GUJZwR/N8sdjEx7vwGdwfcgnCPtYhozQK
-----END CERTIFICATE-----