Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153479.roa
File:                     AS153479.roa (raw, json)
Hash identifier:          jMtedrPkK/40nfks7thyM+KzBzAOD8ehBzQd+XzcRW8=
Subject key identifier:   18:A8:C1:CA:52:40:5E:AB:95:D2:EF:86:0C:BC:E2:A8:23:D7:12:F9
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       54502C8CAA004BE9A7D54353CA4B71475C37DF5A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153479.roa
Signing time:             Sat 02 May 2026 09:25:18 +0000
ROA not before:           Sat 02 May 2026 09:20:18 +0000
ROA not after:            Sat 01 May 2027 09:25:18 +0000
asID:                     153479
IP address blocks:        160.191.201.0/24 maxlen: 24
                          192.203.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:50:2c:8c:aa:00:4b:e9:a7:d5:43:53:ca:4b:71:47:5c:37:df:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:18 2026 GMT
            Not After : May  1 09:25:18 2027 GMT
        Subject: CN=18A8C1CA52405EAB95D2EF860CBCE2A823D712F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:56:db:c2:4f:8f:45:74:57:a5:38:c9:88:14:
                    3f:63:b4:5e:82:ac:dc:70:a0:e2:c5:59:23:10:d5:
                    92:65:ae:38:62:14:08:85:d4:97:dc:ce:6d:c4:17:
                    01:92:67:bd:29:72:54:f5:68:cc:10:47:d1:b0:5e:
                    bc:31:64:f1:bf:76:ae:63:95:4d:7d:6e:30:3c:9f:
                    d2:c8:d3:63:cf:45:23:19:5f:98:7b:56:58:7c:99:
                    7b:f2:2d:57:20:17:4f:f0:d2:7a:c2:31:17:59:d3:
                    8a:55:dd:22:2d:9b:1d:86:49:93:56:41:ce:d5:5e:
                    ec:05:eb:9d:73:f2:15:a1:ea:6b:d7:fd:fc:6d:72:
                    c9:42:23:13:fb:54:9e:f1:fd:34:a3:1c:1e:d9:cb:
                    6e:67:54:e9:1b:be:57:c7:db:ff:d0:db:a9:24:71:
                    2b:75:c7:61:0f:7b:a3:41:19:43:1a:10:30:6b:e1:
                    54:0f:d3:c1:e6:51:bd:fc:f4:21:3f:51:a6:6f:83:
                    16:fb:6d:23:46:5d:c9:dd:b6:fa:10:25:ec:9e:9c:
                    a5:9a:60:d6:f7:70:97:75:e9:2d:32:7d:41:12:b7:
                    5b:71:7d:78:ca:b1:87:6f:48:71:19:d7:c8:94:d1:
                    2e:23:ce:ef:73:2d:c3:93:9c:cf:02:39:c4:a9:99:
                    f6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A8:C1:CA:52:40:5E:AB:95:D2:EF:86:0C:BC:E2:A8:23:D7:12:F9
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153479.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.191.201.0/24
                  192.203.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:eb:32:37:28:f9:87:d2:94:57:5c:6b:2a:ca:25:fa:e4:63:
         ab:78:f8:d9:5a:c2:a9:20:20:d2:aa:2c:65:4b:9f:92:ff:c4:
         83:87:de:95:28:5b:de:57:c8:9d:c4:27:df:6b:4d:34:ca:a5:
         b4:7e:2c:6b:68:db:f1:49:ad:3e:68:e5:d9:4a:f8:a4:1e:dc:
         13:56:fd:7f:48:14:8e:df:c2:49:f0:da:66:0a:39:0f:b3:cf:
         1a:d4:c4:ec:16:51:72:db:cf:c0:31:2e:9e:28:1e:e6:12:6d:
         d1:39:4a:25:1f:93:fd:10:c1:d9:49:2e:5f:4e:c2:db:0b:6f:
         a8:07:74:6f:6c:f5:18:9e:6d:5f:a2:d2:47:be:78:9f:ef:19:
         94:2a:89:ac:50:27:a3:81:cd:20:b1:42:14:b7:c7:73:56:a2:
         aa:50:07:d4:87:f7:e6:d9:84:76:9f:71:b9:07:d5:34:56:00:
         fb:5d:a0:98:2a:ea:ab:3b:49:c3:10:67:34:4a:70:f0:7a:b4:
         7d:1b:1c:97:36:01:c3:04:82:35:59:89:b0:97:dc:e0:c0:6e:
         c1:ae:7a:cd:de:25:6b:f0:97:6b:a5:90:68:b1:1a:23:28:ec:
         ca:1e:1f:a4:09:ad:cd:47:80:53:80:e3:01:a1:5d:bc:e2:49:
         aa:c5:92:e7
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUVFAsjKoAS+mn1UNTyktxR1w331owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxOFoX
DTI3MDUwMTA5MjUxOFowMzExMC8GA1UEAxMoMThBOEMxQ0E1MjQwNUVBQjk1RDJF
Rjg2MENCQ0UyQTgyM0Q3MTJGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1W28JPj0V0V6U4yYgUP2O0XoKs3HCg4sVZIxDVkmWuOGIUCIXUl9zObcQX
AZJnvSlyVPVozBBH0bBevDFk8b92rmOVTX1uMDyf0sjTY89FIxlfmHtWWHyZe/It
VyAXT/DSesIxF1nTilXdIi2bHYZJk1ZBztVe7AXrnXPyFaHqa9f9/G1yyUIjE/tU
nvH9NKMcHtnLbmdU6Ru+V8fb/9DbqSRxK3XHYQ97o0EZQxoQMGvhVA/TweZRvfz0
IT9Rpm+DFvttI0Zdyd22+hAl7J6cpZpg1vdwl3XpLTJ9QRK3W3F9eMqxh29IcRnX
yJTRLiPO73Mtw5OczwI5xKmZ9hMCAwEAAaOCAdIwggHOMB0GA1UdDgQWBBQYqMHK
UkBeq5XS74YMvOKoI9cS+TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNDc5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIA
ATAMAwQAoL/JAwQAwMsnMA0GCSqGSIb3DQEBCwUAA4IBAQBW6zI3KPmH0pRXXGsq
yiX65GOrePjZWsKpICDSqixlS5+S/8SDh96VKFveV8idxCffa000yqW0fixraNvx
Sa0+aOXZSvikHtwTVv1/SBSO38JJ8NpmCjkPs88a1MTsFlFy28/AMS6eKB7mEm3R
OUolH5P9EMHZSS5fTsLbC2+oB3RvbPUYnm1fotJHvnif7xmUKomsUCejgc0gsUIU
t8dzVqKqUAfUh/fm2YR2n3G5B9U0VgD7XaCYKuqrO0nDEGc0SnDwerR9GxyXNgHD
BII1WYmwl9zgwG7BrnrN3iVr8JdrpZBosRojKOzKHh+kCa3NR4BTgOMBoV284kmq
xZLn
-----END CERTIFICATE-----