Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153140.roa
File:                     AS153140.roa (raw, json)
Hash identifier:          w4e1ujUbi3F7MsKBZ0H3h2tfqYlQKHCQbHv/AnpYEao=
Subject key identifier:   0A:CE:90:D0:0F:62:F3:C8:E6:80:10:6E:0C:32:59:BA:51:E4:4C:6E
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2E5B042B77643D0BC068273D222E5B9F66F4C3A6
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153140.roa
Signing time:             Sat 02 May 2026 09:22:52 +0000
ROA not before:           Sat 02 May 2026 09:17:52 +0000
ROA not after:            Sat 01 May 2027 09:22:52 +0000
asID:                     153140
IP address blocks:        160.187.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:5b:04:2b:77:64:3d:0b:c0:68:27:3d:22:2e:5b:9f:66:f4:c3:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:52 2026 GMT
            Not After : May  1 09:22:52 2027 GMT
        Subject: CN=0ACE90D00F62F3C8E680106E0C3259BA51E44C6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:06:30:40:58:90:eb:f4:7c:90:f8:35:54:87:
                    34:0f:c0:61:96:b7:f8:3c:b5:1c:9b:25:34:e0:3b:
                    79:de:2f:d9:fa:6c:cc:dc:86:5b:ab:90:0c:b8:33:
                    83:b7:4e:7e:b6:43:48:31:a1:a9:06:10:26:cf:d8:
                    73:11:0d:85:e1:dd:dc:0a:fe:9a:56:60:85:78:06:
                    b0:c6:9a:e4:a1:4b:1c:85:fc:1b:b9:b7:db:73:5c:
                    bb:fc:ef:d7:87:67:14:15:22:a4:42:f8:2e:27:c9:
                    8b:07:bc:cc:12:29:3f:dc:25:d6:ba:8d:4a:dd:2d:
                    cd:18:c7:23:8d:64:76:ac:c4:86:d3:ed:27:a8:21:
                    c6:a1:55:9b:90:15:11:ca:c6:da:79:c6:70:df:b3:
                    55:d0:4f:35:ed:0d:d7:16:fa:06:55:3f:41:63:fd:
                    2b:1f:33:94:fb:33:15:09:b8:ff:b4:26:b5:cd:66:
                    11:52:30:ea:2b:91:1e:54:85:8f:eb:2d:fa:d4:0e:
                    77:2c:50:cf:d4:b0:34:0b:c3:da:67:c7:cb:34:a1:
                    2b:bf:4e:2d:a9:c8:c7:c0:9b:58:6a:45:ab:29:e9:
                    56:72:b7:e6:69:87:b4:fd:e5:44:2b:07:b2:be:b8:
                    c6:ac:68:84:eb:f7:33:5a:6e:11:72:00:1e:9d:1f:
                    26:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CE:90:D0:0F:62:F3:C8:E6:80:10:6E:0C:32:59:BA:51:E4:4C:6E
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153140.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.187.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:cb:cb:13:16:50:40:b2:69:0e:3b:2e:31:47:1b:de:40:ad:
         b2:10:5b:42:3b:65:26:3a:bb:09:52:43:51:24:32:4d:c8:cb:
         d4:a4:99:c1:12:da:35:f0:79:3a:f4:37:52:bd:52:fa:fa:48:
         e6:bb:85:36:01:cb:99:44:fc:f5:3f:c6:d9:59:8b:55:f8:74:
         5d:d1:b6:10:00:99:7b:a7:d1:e8:be:55:23:1f:70:a0:ac:bd:
         69:3c:35:98:2a:ba:18:9b:01:2b:92:db:e5:4c:ec:42:e5:82:
         3c:7f:34:18:d7:41:16:1c:b1:f5:1d:8e:ad:b7:cd:70:1a:f7:
         f9:ef:32:d7:8b:c8:63:d0:2e:a1:57:af:9f:50:10:7e:3b:68:
         e6:b7:d0:02:45:51:0a:a5:88:b4:d9:0a:1c:c8:86:98:84:b8:
         54:dd:0c:ef:03:4c:46:00:7a:91:1b:96:fe:09:96:15:59:c8:
         80:98:19:4a:84:de:c7:e8:b7:aa:1f:1f:3b:a8:74:b5:b5:8f:
         12:bc:66:f5:5e:88:0b:13:f9:dd:08:7b:88:17:ab:dc:32:88:
         96:3f:98:f5:d3:53:e9:23:bd:6c:03:2e:d2:df:48:79:ca:b7:
         a3:b9:08:f2:2b:ec:f6:8a:17:9f:27:13:05:2e:0c:6f:72:26:
         c5:85:46:1b
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULlsEK3dkPQvAaCc9Ii5bn2b0w6YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1MloX
DTI3MDUwMTA5MjI1MlowMzExMC8GA1UEAxMoMEFDRTkwRDAwRjYyRjNDOEU2ODAx
MDZFMEMzMjU5QkE1MUU0NEM2RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0GMEBYkOv0fJD4NVSHNA/AYZa3+Dy1HJslNOA7ed4v2fpszNyGW6uQDLgz
g7dOfrZDSDGhqQYQJs/YcxENheHd3Ar+mlZghXgGsMaa5KFLHIX8G7m323Ncu/zv
14dnFBUipEL4LifJiwe8zBIpP9wl1rqNSt0tzRjHI41kdqzEhtPtJ6ghxqFVm5AV
EcrG2nnGcN+zVdBPNe0N1xb6BlU/QWP9Kx8zlPszFQm4/7Qmtc1mEVIw6iuRHlSF
j+st+tQOdyxQz9SwNAvD2mfHyzShK79OLanIx8CbWGpFqynpVnK35mmHtP3lRCsH
sr64xqxohOv3M1puEXIAHp0fJu8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQKzpDQ
D2LzyOaAEG4MMlm6UeRMbjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTQwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoLvnMA0GCSqGSIb3DQEBCwUAA4IBAQB9y8sTFlBAsmkOOy4xRxveQK2y
EFtCO2UmOrsJUkNRJDJNyMvUpJnBEto18Hk69DdSvVL6+kjmu4U2AcuZRPz1P8bZ
WYtV+HRd0bYQAJl7p9HovlUjH3CgrL1pPDWYKroYmwErktvlTOxC5YI8fzQY10EW
HLH1HY6tt81wGvf57zLXi8hj0C6hV6+fUBB+O2jmt9ACRVEKpYi02QocyIaYhLhU
3QzvA0xGAHqRG5b+CZYVWciAmBlKhN7H6LeqHx87qHS1tY8SvGb1XogLE/ndCHuI
F6vcMoiWP5j101PpI71sAy7S30h5yrejuQjyK+z2ihefJxMFLgxvcibFhUYb
-----END CERTIFICATE-----