Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153152.roa
File:                     AS153152.roa (raw, json)
Hash identifier:          iT0+o4UdPj3ZqdBF2FubL1/YO6Z56YWGrPQhdhvFK60=
Subject key identifier:   5E:56:C8:D1:B2:54:D8:29:A3:FA:FE:9B:F6:A5:79:0F:44:62:B4:DA
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7EB2650F57F12AC6BD845F7025EC03F29FB3498A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153152.roa
Signing time:             Sat 02 May 2026 09:24:03 +0000
ROA not before:           Sat 02 May 2026 09:19:03 +0000
ROA not after:            Sat 01 May 2027 09:24:03 +0000
asID:                     153152
IP address blocks:        160.191.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:b2:65:0f:57:f1:2a:c6:bd:84:5f:70:25:ec:03:f2:9f:b3:49:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:03 2026 GMT
            Not After : May  1 09:24:03 2027 GMT
        Subject: CN=5E56C8D1B254D829A3FAFE9BF6A5790F4462B4DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d1:97:ff:77:c5:18:12:40:93:3e:e7:67:b7:
                    47:a1:15:3f:e3:2a:d2:96:89:8f:d8:5e:0c:1a:f0:
                    11:1d:47:ef:bb:83:a7:79:97:6e:93:62:73:5b:c4:
                    3e:4d:10:a5:11:ca:c6:a7:0b:29:31:71:27:13:cb:
                    6a:84:55:a3:c3:df:41:8a:64:0f:04:03:ec:fb:a7:
                    c1:49:14:6d:e6:c1:93:63:08:95:2f:55:98:0c:90:
                    45:b5:b9:4c:70:09:4d:65:ca:3d:db:3c:0b:59:1d:
                    0c:25:3e:49:e8:8c:0a:4f:75:8d:71:cd:7f:04:2e:
                    e2:94:ad:8d:58:03:4e:84:b0:31:f6:c1:29:d9:7f:
                    b9:79:4d:d0:d9:98:8f:5b:63:fa:dc:44:4c:86:de:
                    14:07:75:8b:b7:14:61:58:fe:5e:25:ee:29:aa:15:
                    0e:0a:db:8c:e2:09:b0:c7:0f:4c:90:e0:d3:ae:c9:
                    f0:cc:e3:66:13:c6:5a:fc:bb:2e:ae:09:78:cf:63:
                    41:5c:e2:73:ac:85:4c:7b:bd:da:77:64:27:bd:5f:
                    1e:32:4b:3c:e4:de:43:b3:98:21:5d:50:4e:aa:5d:
                    b3:82:79:d6:4e:95:b8:69:34:16:06:3f:d9:db:71:
                    11:5e:64:c6:94:21:26:67:07:6b:38:a6:51:78:e8:
                    a6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:56:C8:D1:B2:54:D8:29:A3:FA:FE:9B:F6:A5:79:0F:44:62:B4:DA
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:f8:4b:84:6d:ad:91:aa:a3:46:85:e2:b7:a1:30:d9:3d:02:
         c9:35:2b:a0:b2:6c:46:c6:86:4b:ea:82:b4:4b:a4:68:eb:38:
         f8:31:dc:8b:f3:df:17:4b:67:19:9b:ba:fe:b8:a2:42:8c:18:
         69:e9:32:c3:56:7c:77:ef:c7:b1:d3:ca:c8:b2:e1:6e:53:c4:
         09:3b:38:51:cd:40:95:3e:38:5f:6e:d5:ea:d4:7a:3b:33:b8:
         ea:88:5f:84:5a:36:46:6f:1b:15:38:61:60:8a:4d:ec:5d:c3:
         6e:47:2d:74:3f:2b:b6:14:6d:a0:cc:72:dd:f5:d5:ef:7f:79:
         1c:a1:75:d8:45:76:cb:f0:70:f5:cb:e5:cc:c0:f5:11:4b:02:
         21:1c:f4:85:25:94:64:95:75:9b:d1:e2:2f:53:b8:eb:60:11:
         fe:e2:b2:28:de:7d:0c:ce:69:56:3e:b6:ee:0d:21:bf:d5:c3:
         a7:43:ca:2b:cf:cb:37:d3:0c:e8:02:25:64:f9:16:41:1d:df:
         fb:c6:7e:c0:f8:8a:98:a9:08:ad:25:e5:50:7f:00:d3:3f:08:
         92:a1:e0:42:9c:f8:de:b1:65:ee:a9:00:7a:52:fe:80:b4:a8:
         12:6f:25:ad:a0:14:ed:49:11:18:28:d2:75:9b:d2:11:73:49:
         0e:1b:4a:48
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUfrJlD1fxKsa9hF9wJewD8p+zSYowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkwM1oX
DTI3MDUwMTA5MjQwM1owMzExMC8GA1UEAxMoNUU1NkM4RDFCMjU0RDgyOUEzRkFG
RTlCRjZBNTc5MEY0NDYyQjREQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrRl/93xRgSQJM+52e3R6EVP+Mq0paJj9heDBrwER1H77uDp3mXbpNic1vE
Pk0QpRHKxqcLKTFxJxPLaoRVo8PfQYpkDwQD7PunwUkUbebBk2MIlS9VmAyQRbW5
THAJTWXKPds8C1kdDCU+SeiMCk91jXHNfwQu4pStjVgDToSwMfbBKdl/uXlN0NmY
j1tj+txETIbeFAd1i7cUYVj+XiXuKaoVDgrbjOIJsMcPTJDg067J8MzjZhPGWvy7
Lq4JeM9jQVzic6yFTHu92ndkJ71fHjJLPOTeQ7OYIV1QTqpds4J51k6VuGk0FgY/
2dtxEV5kxpQhJmcHazimUXjopk0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBReVsjR
slTYKaP6/pv2pXkPRGK02jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTUyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoL+6MA0GCSqGSIb3DQEBCwUAA4IBAQAu+EuEba2RqqNGheK3oTDZPQLJ
NSugsmxGxoZL6oK0S6Ro6zj4MdyL898XS2cZm7r+uKJCjBhp6TLDVnx378ex08rI
suFuU8QJOzhRzUCVPjhfbtXq1Ho7M7jqiF+EWjZGbxsVOGFgik3sXcNuRy10Pyu2
FG2gzHLd9dXvf3kcoXXYRXbL8HD1y+XMwPURSwIhHPSFJZRklXWb0eIvU7jrYBH+
4rIo3n0MzmlWPrbuDSG/1cOnQ8orz8s30wzoAiVk+RZBHd/7xn7A+IqYqQitJeVQ
fwDTPwiSoeBCnPjesWXuqQB6Uv6AtKgSbyWtoBTtSREYKNJ1m9IRc0kOG0pI
-----END CERTIFICATE-----