Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153156.roa
File:                     AS153156.roa (raw, json)
Hash identifier:          ll6VFOMlH/cDR3r330wt6S1xxaYDYvbGgZz7BPax8lw=
Subject key identifier:   A1:09:8A:7B:31:CA:FD:30:F4:63:68:F8:80:52:D6:C0:7E:7E:E5:72
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       41AAAEAA997A781FD8FD144398326B1E20CB4D10
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153156.roa
Signing time:             Sat 02 May 2026 09:23:54 +0000
ROA not before:           Sat 02 May 2026 09:18:54 +0000
ROA not after:            Sat 01 May 2027 09:23:54 +0000
asID:                     153156
IP address blocks:        160.191.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:aa:ae:aa:99:7a:78:1f:d8:fd:14:43:98:32:6b:1e:20:cb:4d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:54 2026 GMT
            Not After : May  1 09:23:54 2027 GMT
        Subject: CN=A1098A7B31CAFD30F46368F88052D6C07E7EE572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:63:d9:d8:29:d8:04:ef:63:6a:3a:4a:e0:b7:
                    18:de:3a:6a:ee:b3:81:3b:44:7a:98:fd:e5:2a:97:
                    86:cb:2e:34:c8:ba:05:14:e8:7c:36:46:f7:eb:f1:
                    46:74:aa:c3:77:c5:7c:01:bf:37:47:8b:a5:31:a5:
                    cc:39:38:54:65:ef:73:b5:5d:22:05:5d:80:1d:45:
                    3c:30:54:85:e9:ee:9e:52:55:63:a5:22:f9:61:c4:
                    ba:a1:9d:12:ed:a4:d0:ce:69:0f:ea:da:91:6d:03:
                    a5:c5:1c:d5:8f:d6:a3:68:72:17:1e:a0:7e:b6:1d:
                    c9:3c:92:fb:33:a8:3c:2d:d0:5a:d2:84:bc:d4:03:
                    97:6e:0d:12:e6:aa:13:80:6b:9b:d5:d4:fb:f9:84:
                    63:92:6e:d0:15:f0:d3:30:e1:cd:d8:97:40:37:41:
                    69:0b:ca:29:39:0c:f5:b2:08:5f:d9:bf:6a:62:6d:
                    b4:29:62:b8:e3:e2:10:f3:83:68:dc:aa:a6:a5:83:
                    26:6f:79:0d:8a:12:f4:72:f2:e9:f5:d8:fb:ce:55:
                    ca:05:25:0d:91:6f:73:55:39:7b:ca:fd:57:7d:08:
                    6a:66:2d:d1:bd:59:ad:31:26:43:d1:2e:3b:59:a8:
                    e9:10:1e:2a:67:95:50:62:01:91:8a:91:4a:ce:fc:
                    87:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:09:8A:7B:31:CA:FD:30:F4:63:68:F8:80:52:D6:C0:7E:7E:E5:72
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153156.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:32:29:71:6d:f8:3f:3e:67:26:7e:5c:c4:81:e1:ac:b2:0d:
         66:fe:63:19:27:23:55:0d:cb:a9:86:d3:4c:ec:cd:f7:c3:70:
         70:61:1f:e2:d1:7d:17:31:a3:78:60:c3:62:ec:6f:2e:c8:8b:
         be:4e:56:a9:8e:62:6a:86:74:8c:72:69:5b:96:a7:9b:54:06:
         f2:53:67:f6:ba:36:7e:b7:36:aa:99:14:52:e9:7d:32:73:40:
         78:44:73:0b:bd:4c:e3:09:41:9d:da:4a:98:02:9a:8f:d3:df:
         d0:4e:46:a7:36:44:fe:15:be:33:5f:d1:4c:77:e5:4c:13:cf:
         8b:6f:02:78:74:1c:73:c0:f4:41:e7:88:02:ba:3b:d6:bf:13:
         77:b8:55:0e:58:79:32:81:d5:2e:20:ed:1f:fb:5f:53:00:14:
         62:ed:aa:82:8b:11:e0:9f:86:6a:5e:e3:0b:43:7e:a4:74:93:
         c8:78:4a:80:87:cc:f8:ba:3c:01:00:e8:99:d7:aa:d1:25:b0:
         23:92:d9:5e:49:be:82:13:f5:40:79:74:c4:d5:3d:77:51:61:
         f0:b4:87:44:2b:18:90:90:f6:70:2e:97:51:2b:12:1e:56:e0:
         30:0f:be:20:a7:84:d6:c5:71:10:5a:3f:1e:ca:ab:25:06:fc:
         ef:6c:da:28
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUQaquqpl6eB/Y/RRDmDJrHiDLTRAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1NFoX
DTI3MDUwMTA5MjM1NFowMzExMC8GA1UEAxMoQTEwOThBN0IzMUNBRkQzMEY0NjM2
OEY4ODA1MkQ2QzA3RTdFRTU3MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBj2dgp2ATvY2o6SuC3GN46au6zgTtEepj95SqXhssuNMi6BRTofDZG9+vx
RnSqw3fFfAG/N0eLpTGlzDk4VGXvc7VdIgVdgB1FPDBUhenunlJVY6Ui+WHEuqGd
Eu2k0M5pD+rakW0DpcUc1Y/Wo2hyFx6gfrYdyTyS+zOoPC3QWtKEvNQDl24NEuaq
E4Brm9XU+/mEY5Ju0BXw0zDhzdiXQDdBaQvKKTkM9bIIX9m/amJttCliuOPiEPOD
aNyqpqWDJm95DYoS9HLy6fXY+85VygUlDZFvc1U5e8r9V30IamYt0b1ZrTEmQ9Eu
O1mo6RAeKmeVUGIBkYqRSs78hzcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBShCYp7
Mcr9MPRjaPiAUtbAfn7lcjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMTU2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoL8/MA0GCSqGSIb3DQEBCwUAA4IBAQBzMilxbfg/PmcmflzEgeGssg1m
/mMZJyNVDcuphtNM7M33w3BwYR/i0X0XMaN4YMNi7G8uyIu+TlapjmJqhnSMcmlb
lqebVAbyU2f2ujZ+tzaqmRRS6X0yc0B4RHMLvUzjCUGd2kqYApqP09/QTkanNkT+
Fb4zX9FMd+VME8+LbwJ4dBxzwPRB54gCujvWvxN3uFUOWHkygdUuIO0f+19TABRi
7aqCixHgn4ZqXuMLQ36kdJPIeEqAh8z4ujwBAOiZ16rRJbAjktleSb6CE/VAeXTE
1T13UWHwtIdEKxiQkPZwLpdRKxIeVuAwD74gp4TWxXEQWj8eyqslBvzvbNoo
-----END CERTIFICATE-----