Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153154.roa
File:                     AS153154.roa (raw, json)
Hash identifier:          qzBCNt5y+te/gYZ15LO1yAcoAlbl5wrKf0G0te5aBhk=
Subject key identifier:   8A:DF:12:E6:7A:65:60:36:D0:53:00:9E:03:43:0F:BB:B2:B0:2F:15
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1CF27759234C798395C6EC8E3E819A274D376F4C
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153154.roa
Signing time:             Sat 02 May 2026 09:23:49 +0000
ROA not before:           Sat 02 May 2026 09:18:49 +0000
ROA not after:            Sat 01 May 2027 09:23:49 +0000
asID:                     153154
IP address blocks:        160.191.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:f2:77:59:23:4c:79:83:95:c6:ec:8e:3e:81:9a:27:4d:37:6f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:49 2026 GMT
            Not After : May  1 09:23:49 2027 GMT
        Subject: CN=8ADF12E67A656036D053009E03430FBBB2B02F15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ba:52:ca:fb:09:7f:e9:66:ca:54:32:43:82:
                    e4:7b:8d:34:cc:c9:85:6a:82:a0:93:06:cb:2c:97:
                    2a:22:6f:1e:64:f9:d2:08:47:56:27:0a:61:ac:5d:
                    cf:7b:20:e4:d0:27:3d:67:63:65:56:4c:73:02:cb:
                    4a:80:f6:11:2c:6a:6f:06:d2:d6:55:97:c3:3f:ad:
                    71:86:05:d2:91:7e:dd:fa:db:ff:fb:75:94:03:54:
                    2d:a1:2d:f7:90:1c:8f:77:65:d8:fe:ab:d9:1e:8e:
                    6e:d3:b7:e6:01:8c:a0:09:96:7b:08:fd:b4:31:6f:
                    46:79:7c:79:25:af:6e:2a:53:49:e3:c6:5d:5e:40:
                    17:e8:db:3a:05:dd:6d:a2:bf:37:7b:bb:e5:2f:0c:
                    39:81:6c:a9:c1:6b:8a:b9:69:68:e3:b4:b3:bf:ab:
                    ce:f0:9c:74:81:32:37:1a:03:47:44:cb:af:cf:fd:
                    37:8c:f5:3e:7f:5b:90:72:b2:e4:37:0e:aa:cd:95:
                    59:e1:8d:8f:9b:d3:03:dd:b1:57:52:6c:0b:8c:22:
                    b3:78:f4:e0:3b:90:59:95:ff:63:cc:16:5f:35:a2:
                    4c:cf:d5:0c:30:ff:01:a0:6e:ff:93:ed:a8:fe:93:
                    28:7d:46:66:cd:4c:5c:da:32:53:0d:5d:9c:55:c2:
                    e5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:DF:12:E6:7A:65:60:36:D0:53:00:9E:03:43:0F:BB:B2:B0:2F:15
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:a4:4a:e8:8f:3a:94:51:34:4f:63:f2:2c:f2:c9:08:51:11:
         1e:69:91:ec:70:f4:6e:06:03:f0:ad:e7:21:66:72:3b:7a:e4:
         00:a7:be:1e:d0:2a:03:9c:5d:a6:7c:e2:5f:2d:fe:68:4c:db:
         8b:58:51:59:6f:08:88:ec:cf:af:63:86:e1:22:0d:dd:d9:d9:
         3e:2d:69:e3:52:1a:55:26:7c:06:de:3a:50:ab:1f:4b:f6:2a:
         21:14:05:c8:3b:6d:07:87:e7:35:49:8d:66:51:c8:94:42:a9:
         4c:82:d4:ad:1f:d4:4b:97:d2:ac:2a:20:2e:04:8c:d2:56:b0:
         03:95:c1:cb:de:d1:50:b9:1d:42:8b:4d:b4:9f:91:bb:b1:e7:
         b1:ad:94:93:8e:c7:73:37:1d:b1:80:81:e0:d0:4d:66:22:c0:
         9b:c0:0e:bb:ce:57:97:bd:65:b1:27:b6:b2:fe:68:0e:06:0f:
         a5:8f:6e:b8:27:a3:0e:08:fd:7d:d4:44:a1:5c:35:be:17:11:
         95:66:08:f7:0c:22:38:b3:ac:e6:d6:db:a5:11:ee:03:52:1c:
         88:77:06:9e:05:ca:cb:9b:fe:a6:d8:a2:52:eb:65:2b:e8:f5:
         2d:d5:80:fc:9c:c7:72:5f:5f:08:52:0b:ab:69:4e:e8:1e:e1:
         1b:46:09:15
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUHPJ3WSNMeYOVxuyOPoGaJ003b0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg0OVoX
DTI3MDUwMTA5MjM0OVowMzExMC8GA1UEAxMoOEFERjEyRTY3QTY1NjAzNkQwNTMw
MDlFMDM0MzBGQkJCMkIwMkYxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALK6Usr7CX/pZspUMkOC5HuNNMzJhWqCoJMGyyyXKiJvHmT50ghHVicKYaxd
z3sg5NAnPWdjZVZMcwLLSoD2ESxqbwbS1lWXwz+tcYYF0pF+3frb//t1lANULaEt
95Acj3dl2P6r2R6ObtO35gGMoAmWewj9tDFvRnl8eSWvbipTSePGXV5AF+jbOgXd
baK/N3u75S8MOYFsqcFrirlpaOO0s7+rzvCcdIEyNxoDR0TLr8/9N4z1Pn9bkHKy
5DcOqs2VWeGNj5vTA92xV1JsC4wis3j04DuQWZX/Y8wWXzWiTM/VDDD/AaBu/5Pt
qP6TKH1GZs1MXNoyUw1dnFXC5XECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSK3xLm
emVgNtBTAJ4DQw+7srAvFTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTU0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoL+rMA0GCSqGSIb3DQEBCwUAA4IBAQBnpErojzqUUTRPY/Is8skIUREe
aZHscPRuBgPwrechZnI7euQAp74e0CoDnF2mfOJfLf5oTNuLWFFZbwiI7M+vY4bh
Ig3d2dk+LWnjUhpVJnwG3jpQqx9L9iohFAXIO20Hh+c1SY1mUciUQqlMgtStH9RL
l9KsKiAuBIzSVrADlcHL3tFQuR1Ci020n5G7seexrZSTjsdzNx2xgIHg0E1mIsCb
wA67zleXvWWxJ7ay/mgOBg+lj264J6MOCP191EShXDW+FxGVZgj3DCI4s6zm1tul
Ee4DUhyIdwaeBcrLm/6m2KJS62Ur6PUt1YD8nMdyX18IUguraU7oHuEbRgkV
-----END CERTIFICATE-----