Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153149.roa
File:                     AS153149.roa (raw, json)
Hash identifier:          EZqvdtV4D6YpJn7uv2jIanfZO5ypJwi7NoyvfpH+qek=
Subject key identifier:   12:E4:07:18:9A:C7:0B:40:FC:A1:A0:8F:4A:2E:88:20:CE:E7:47:21
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1436D6EA7263E40F5090A0D340FBEB5E5E0AEEF1
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153149.roa
Signing time:             Sat 02 May 2026 09:23:57 +0000
ROA not before:           Sat 02 May 2026 09:18:57 +0000
ROA not after:            Sat 01 May 2027 09:23:57 +0000
asID:                     153149
IP address blocks:        160.191.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:36:d6:ea:72:63:e4:0f:50:90:a0:d3:40:fb:eb:5e:5e:0a:ee:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:57 2026 GMT
            Not After : May  1 09:23:57 2027 GMT
        Subject: CN=12E407189AC70B40FCA1A08F4A2E8820CEE74721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:07:3b:5f:4a:1a:4e:30:dc:9c:c4:be:b2:30:
                    b5:51:15:26:57:00:44:14:d1:d4:78:dd:dc:87:f1:
                    e7:ca:7d:84:c7:34:be:79:05:90:c9:85:95:c5:d9:
                    a5:05:18:cd:5c:56:ac:28:03:64:52:a4:23:34:b6:
                    3a:f5:f9:90:77:c6:2d:e7:c8:07:9a:cb:94:dd:83:
                    01:0c:7d:7d:f7:c4:ea:87:87:af:2d:d5:4c:6e:b1:
                    e1:1c:d4:14:37:e3:2e:6e:b9:45:f8:0a:1e:f6:d9:
                    c7:e2:2b:36:ae:c9:3b:b5:4e:3e:8a:8e:76:a0:2e:
                    f0:0b:fe:fd:e6:12:2b:b1:b3:93:ea:6b:c8:e9:6c:
                    56:8f:91:4c:e6:37:1d:f2:7a:4a:8a:cb:ad:74:85:
                    b0:95:e4:14:d7:c2:df:85:48:fd:3f:02:a8:b2:47:
                    2a:33:91:13:13:0d:ce:d9:8d:e2:40:e9:4a:a6:8e:
                    0b:71:6e:68:6e:80:af:c2:18:90:f3:01:ea:e3:fc:
                    0f:cf:f6:28:d1:16:a3:2d:a6:34:c8:62:eb:57:4b:
                    af:94:0f:d7:eb:ca:e7:7b:66:ac:29:71:3e:e1:29:
                    62:7d:00:c3:c7:14:8e:ac:62:21:ad:10:09:8e:50:
                    39:c9:04:6d:3d:7c:05:5e:dc:20:52:03:f9:f0:05:
                    c4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:E4:07:18:9A:C7:0B:40:FC:A1:A0:8F:4A:2E:88:20:CE:E7:47:21
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153149.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:37:8f:8c:34:28:e3:a2:8e:66:c5:7a:d4:81:5e:e0:ed:4f:
         7b:7b:10:c1:0a:17:8c:5d:b1:db:15:29:f8:75:14:07:82:6b:
         b8:e3:08:46:47:79:88:f2:8e:b7:be:59:27:cd:c5:54:fb:5f:
         61:84:bd:b8:92:8a:ab:5b:c5:42:bc:e9:39:b9:61:9e:56:8d:
         ee:83:9d:b5:3d:ee:a2:75:32:b6:ed:5a:26:9a:09:96:e1:a1:
         b1:69:fe:57:b4:16:5d:12:a9:56:99:74:9b:ca:52:b2:ff:ec:
         a3:e1:72:70:0b:7f:65:75:5a:02:9e:99:64:09:c9:ea:a9:48:
         89:ea:fa:a6:aa:e1:df:08:70:b8:50:98:35:b8:4f:74:dc:a7:
         f8:1d:44:30:9c:94:72:fd:7d:0b:8a:16:8f:54:05:ad:80:40:
         8d:22:4a:da:66:ae:18:c2:7c:1f:70:1b:76:08:b9:15:f5:56:
         5c:51:27:b3:94:be:b3:8e:be:60:4f:f5:f1:3c:97:b9:5b:6b:
         1d:d5:3f:ca:61:0e:59:41:2a:94:67:47:1a:78:57:1a:e0:a1:
         3b:04:4e:1b:20:8a:9a:90:09:09:9e:23:52:62:eb:36:73:28:
         8d:4c:5b:a0:12:8d:18:39:b6:5e:0c:10:53:d0:2f:22:4b:aa:
         ab:c0:79:18
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUFDbW6nJj5A9QkKDTQPvrXl4K7vEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1N1oX
DTI3MDUwMTA5MjM1N1owMzExMC8GA1UEAxMoMTJFNDA3MTg5QUM3MEI0MEZDQTFB
MDhGNEEyRTg4MjBDRUU3NDcyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQHO19KGk4w3JzEvrIwtVEVJlcARBTR1Hjd3Ifx58p9hMc0vnkFkMmFlcXZ
pQUYzVxWrCgDZFKkIzS2OvX5kHfGLefIB5rLlN2DAQx9fffE6oeHry3VTG6x4RzU
FDfjLm65RfgKHvbZx+IrNq7JO7VOPoqOdqAu8Av+/eYSK7Gzk+pryOlsVo+RTOY3
HfJ6SorLrXSFsJXkFNfC34VI/T8CqLJHKjORExMNztmN4kDpSqaOC3FuaG6Ar8IY
kPMB6uP8D8/2KNEWoy2mNMhi61dLr5QP1+vK53tmrClxPuEpYn0Aw8cUjqxiIa0Q
CY5QOckEbT18BV7cIFID+fAFxNkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQS5AcY
mscLQPyhoI9KLoggzudHITAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTQ5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoL/rMA0GCSqGSIb3DQEBCwUAA4IBAQB+N4+MNCjjoo5mxXrUgV7g7U97
exDBCheMXbHbFSn4dRQHgmu44whGR3mI8o63vlknzcVU+19hhL24koqrW8VCvOk5
uWGeVo3ug521Pe6idTK27VommgmW4aGxaf5XtBZdEqlWmXSbylKy/+yj4XJwC39l
dVoCnplkCcnqqUiJ6vqmquHfCHC4UJg1uE903Kf4HUQwnJRy/X0LihaPVAWtgECN
IkraZq4YwnwfcBt2CLkV9VZcUSezlL6zjr5gT/XxPJe5W2sd1T/KYQ5ZQSqUZ0ca
eFca4KE7BE4bIIqakAkJniNSYus2cyiNTFugEo0YObZeDBBT0C8iS6qrwHkY
-----END CERTIFICATE-----