Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153511.roa
File:                     AS153511.roa (raw, json)
Hash identifier:          sVlmKeyNjZjKNIQ3nuq75qafQcLiRTIIDKF9iIeHIk0=
Subject key identifier:   7A:E0:B7:86:2E:E6:2C:60:FF:CB:BB:2B:54:F6:57:BC:D5:B8:48:E2
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1F4ADCC0D321227F68D83ECDC64C03E4B273B2E6
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153511.roa
Signing time:             Sat 02 May 2026 09:24:25 +0000
ROA not before:           Sat 02 May 2026 09:19:25 +0000
ROA not after:            Sat 01 May 2027 09:24:25 +0000
asID:                     153511
IP address blocks:        160.25.154.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:4a:dc:c0:d3:21:22:7f:68:d8:3e:cd:c6:4c:03:e4:b2:73:b2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:25 2026 GMT
            Not After : May  1 09:24:25 2027 GMT
        Subject: CN=7AE0B7862EE62C60FFCBBB2B54F657BCD5B848E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:85:42:10:3e:5b:8b:32:39:fc:ab:e0:60:75:
                    64:8a:77:b4:e0:2e:0f:a0:5e:18:e8:79:18:89:85:
                    73:31:b3:55:4a:89:ee:8f:a9:e5:41:ac:cf:38:0d:
                    36:51:88:e0:2e:90:f1:3c:1f:ee:df:42:0a:38:39:
                    ad:fa:43:5b:b8:af:1a:a4:5c:fe:39:f6:b1:60:68:
                    d2:33:9f:52:92:b6:1a:7c:fb:e6:55:a2:8d:1a:c8:
                    f7:b8:f1:af:42:a6:79:c2:c3:f2:44:f9:99:43:3c:
                    64:8e:e8:52:2c:b8:cd:d6:53:e7:3e:30:a5:fc:6b:
                    61:25:e2:76:ba:07:7f:9b:19:ed:c2:16:9a:a8:6d:
                    a7:c4:1a:32:95:a0:b1:20:40:ac:2c:1f:7b:40:e7:
                    0c:8f:0c:20:c9:f5:04:e2:cc:a2:81:6e:04:7f:69:
                    a9:5a:fa:af:a1:87:dd:46:d5:05:38:7e:f6:3a:c0:
                    55:d8:7d:6e:5c:f4:dc:21:50:d0:08:4b:10:ae:17:
                    08:2f:1e:40:15:68:23:8d:90:10:2b:0d:94:2e:8c:
                    f0:62:33:5e:1f:1c:2f:ff:38:29:cb:12:4e:b0:71:
                    a5:08:31:de:8d:d6:a1:15:f8:af:59:30:61:e3:97:
                    ab:9b:3b:25:61:51:c8:16:69:1f:2d:f8:6f:61:a9:
                    53:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:E0:B7:86:2E:E6:2C:60:FF:CB:BB:2B:54:F6:57:BC:D5:B8:48:E2
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:d2:71:20:46:1d:e3:b2:ed:2a:4d:96:c5:72:3b:da:89:5e:
         46:cd:c8:12:47:3b:6e:2a:82:cd:09:2e:06:ad:f1:98:cf:8e:
         b5:33:9a:79:76:e8:18:bd:0f:a0:eb:0b:60:54:d4:68:29:fa:
         3a:b0:93:84:c2:79:d5:3f:27:fb:46:8f:df:3c:fa:bf:4b:02:
         68:fe:00:c1:57:05:f9:9c:15:16:42:71:9d:2b:74:7b:3a:21:
         c1:ec:7c:e4:5d:df:66:54:5f:65:e3:9c:8e:90:a2:64:13:6b:
         68:8b:e1:9a:18:67:a9:6d:ab:c5:d6:15:28:f2:0a:12:91:54:
         ed:67:0e:86:86:cc:ca:f4:55:8a:fa:5a:f7:c9:53:d3:7f:da:
         2b:5d:81:9d:aa:d9:b6:bf:fe:7f:f2:54:92:0d:5b:5c:ba:e1:
         71:96:0c:74:80:e7:2e:60:cb:72:db:69:d0:ed:9b:39:58:ed:
         64:53:9e:58:c4:a9:7a:44:f0:a3:52:7d:2d:d8:26:39:1f:71:
         b2:56:77:5e:79:d7:61:57:2f:f2:86:a3:74:1a:32:63:d6:b9:
         6d:e3:78:a4:f0:ba:1d:33:ee:34:52:46:1e:c8:e6:07:d1:d8:
         cf:18:6d:b6:df:26:bf:cc:a1:dd:cb:52:d1:0d:41:02:1a:2b:
         d1:90:bf:3a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUH0rcwNMhIn9o2D7NxkwD5LJzsuYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyNVoX
DTI3MDUwMTA5MjQyNVowMzExMC8GA1UEAxMoN0FFMEI3ODYyRUU2MkM2MEZGQ0JC
QjJCNTRGNjU3QkNENUI4NDhFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+FQhA+W4syOfyr4GB1ZIp3tOAuD6BeGOh5GImFczGzVUqJ7o+p5UGszzgN
NlGI4C6Q8Twf7t9CCjg5rfpDW7ivGqRc/jn2sWBo0jOfUpK2Gnz75lWijRrI97jx
r0KmecLD8kT5mUM8ZI7oUiy4zdZT5z4wpfxrYSXidroHf5sZ7cIWmqhtp8QaMpWg
sSBArCwfe0DnDI8MIMn1BOLMooFuBH9pqVr6r6GH3UbVBTh+9jrAVdh9blz03CFQ
0AhLEK4XCC8eQBVoI42QECsNlC6M8GIzXh8cL/84KcsSTrBxpQgx3o3WoRX4r1kw
YeOXq5s7JWFRyBZpHy34b2GpU70CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR64LeG
LuYsYP/LuytU9le81bhI4jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNTExLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBmaMA0GCSqGSIb3DQEBCwUAA4IBAQA00nEgRh3jsu0qTZbFcjvaiV5G
zcgSRztuKoLNCS4GrfGYz461M5p5dugYvQ+g6wtgVNRoKfo6sJOEwnnVPyf7Ro/f
PPq/SwJo/gDBVwX5nBUWQnGdK3R7OiHB7HzkXd9mVF9l45yOkKJkE2toi+GaGGep
bavF1hUo8goSkVTtZw6GhszK9FWK+lr3yVPTf9orXYGdqtm2v/5/8lSSDVtcuuFx
lgx0gOcuYMty22nQ7Zs5WO1kU55YxKl6RPCjUn0t2CY5H3GyVndeeddhVy/yhqN0
GjJj1rlt43ik8LodM+40UkYeyOYH0djPGG223ya/zKHdy1LRDUECGivRkL86
-----END CERTIFICATE-----