Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153514.roa
File:                     AS153514.roa (raw, json)
Hash identifier:          uo0G4NX6AwNPBTJwJhMikQKkHgT/W/dbdJDWK17rsO0=
Subject key identifier:   9E:76:75:B8:83:A1:D5:37:44:DB:C3:CF:DA:63:DD:08:22:D7:96:63
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       788F95270F08B8C03871322401D44A11E7BB4666
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153514.roa
Signing time:             Sat 02 May 2026 09:24:27 +0000
ROA not before:           Sat 02 May 2026 09:19:27 +0000
ROA not after:            Sat 01 May 2027 09:24:27 +0000
asID:                     153514
IP address blocks:        160.250.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:8f:95:27:0f:08:b8:c0:38:71:32:24:01:d4:4a:11:e7:bb:46:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:27 2026 GMT
            Not After : May  1 09:24:27 2027 GMT
        Subject: CN=9E7675B883A1D53744DBC3CFDA63DD0822D79663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:63:43:2e:27:08:9a:3f:02:91:0b:b0:93:
                    88:6d:c2:5f:49:fd:84:e9:60:48:42:12:fd:7b:32:
                    ab:3a:15:8f:00:2e:8d:c5:0e:12:ae:a4:13:b5:86:
                    e0:10:ac:4c:71:e7:91:cb:5a:15:1b:ba:8a:bf:5e:
                    b5:f9:ed:28:24:db:e0:07:48:c6:cd:67:fe:fd:13:
                    89:9d:6b:c9:fb:51:63:ff:ff:b5:8a:da:62:77:dd:
                    6b:14:ed:9b:d2:51:0f:ce:5e:a2:bf:52:fe:2d:23:
                    a5:34:a2:4c:15:91:25:f3:ad:e1:cc:b4:dd:85:2a:
                    bf:6c:a2:2a:13:14:2e:1c:cf:94:38:91:6b:d9:a1:
                    a6:59:5b:10:04:c7:15:16:37:b5:3d:ed:21:b4:d0:
                    b2:bc:88:72:08:76:7a:6a:38:ec:bb:fc:bc:69:9f:
                    93:27:e6:6f:54:d4:4c:25:a4:36:c7:3b:34:be:59:
                    0d:3b:35:1b:e3:87:17:7b:5b:64:5c:1d:72:5c:42:
                    ae:47:86:07:df:f1:26:bc:4c:b7:e9:6c:22:9c:ca:
                    03:73:6a:bd:ff:6a:1c:b4:5a:da:3f:bc:ea:38:43:
                    22:2b:16:86:ab:7c:0f:51:54:88:f0:41:65:6d:f1:
                    4e:69:52:79:71:50:0b:4e:2b:59:23:0f:f7:70:54:
                    50:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:76:75:B8:83:A1:D5:37:44:DB:C3:CF:DA:63:DD:08:22:D7:96:63
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153514.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f2:de:8d:dd:a2:81:d1:bc:34:05:4e:70:0f:1e:72:69:91:
         c7:e3:e3:76:63:f0:3f:20:30:a6:2c:bf:bc:13:cc:fa:52:12:
         55:a1:df:2c:51:3e:2f:0c:68:ac:d1:07:25:c0:dc:fd:db:ea:
         0e:f9:fd:65:14:70:88:00:b5:b2:a7:5e:e5:c7:5e:35:24:e5:
         cd:16:14:12:f6:38:bc:a3:cd:e5:a4:2c:91:99:27:b7:22:44:
         44:5a:fd:2f:7b:47:45:a8:f5:61:6d:4b:93:5b:5b:9f:88:2b:
         93:d8:14:e8:7c:55:b0:59:b0:6c:21:88:ac:14:e3:38:54:33:
         44:42:e7:22:b8:5e:4c:fc:32:77:cc:41:f4:ec:19:9c:13:d1:
         00:2c:fc:b5:94:8d:99:3d:44:12:29:bc:ec:e6:8c:c7:ac:9c:
         ef:06:b5:3e:a5:dc:1e:56:ec:8e:16:d5:7f:2e:77:d6:fc:6a:
         1b:24:73:d7:db:94:b4:28:6f:34:29:92:34:fc:f7:69:9d:b7:
         49:97:5d:a5:70:25:d8:c3:5a:d8:ef:14:e0:12:6a:6f:90:d6:
         e3:82:b0:f4:f3:f2:e1:50:91:23:1c:17:1f:1d:ba:1f:71:3b:
         ff:81:7e:78:ee:dc:8a:0d:1e:5b:3d:ca:f8:30:bb:4d:69:69:
         bc:de:17:09
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeI+VJw8IuMA4cTIkAdRKEee7RmYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyN1oX
DTI3MDUwMTA5MjQyN1owMzExMC8GA1UEAxMoOUU3Njc1Qjg4M0ExRDUzNzQ0REJD
M0NGREE2M0REMDgyMkQ3OTY2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALe6Y0MuJwiaPwKRC7CTiG3CX0n9hOlgSEIS/XsyqzoVjwAujcUOEq6kE7WG
4BCsTHHnkctaFRu6ir9etfntKCTb4AdIxs1n/v0TiZ1ryftRY///tYraYnfdaxTt
m9JRD85eor9S/i0jpTSiTBWRJfOt4cy03YUqv2yiKhMULhzPlDiRa9mhpllbEATH
FRY3tT3tIbTQsryIcgh2emo47Lv8vGmfkyfmb1TUTCWkNsc7NL5ZDTs1G+OHF3tb
ZFwdclxCrkeGB9/xJrxMt+lsIpzKA3Nqvf9qHLRa2j+86jhDIisWhqt8D1FUiPBB
ZW3xTmlSeXFQC04rWSMP93BUUAkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSednW4
g6HVN0Tbw8/aY90IIteWYzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNTE0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoPqoMA0GCSqGSIb3DQEBCwUAA4IBAQBk8t6N3aKB0bw0BU5wDx5yaZHH
4+N2Y/A/IDCmLL+8E8z6UhJVod8sUT4vDGis0QclwNz92+oO+f1lFHCIALWyp17l
x141JOXNFhQS9ji8o83lpCyRmSe3IkREWv0ve0dFqPVhbUuTW1ufiCuT2BTofFWw
WbBsIYisFOM4VDNEQuciuF5M/DJ3zEH07BmcE9EALPy1lI2ZPUQSKbzs5ozHrJzv
BrU+pdweVuyOFtV/LnfW/GobJHPX25S0KG80KZI0/PdpnbdJl12lcCXYw1rY7xTg
EmpvkNbjgrD08/LhUJEjHBcfHbofcTv/gX547tyKDR5bPcr4MLtNaWm83hcJ
-----END CERTIFICATE-----