Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153520.roa
File:                     AS153520.roa (raw, json)
Hash identifier:          HD0iRve8DVDXR/uNHvbv3/BVdL/gMXeNpzBGTcIwvG4=
Subject key identifier:   1C:37:6F:4B:A1:ED:BC:67:CA:8B:BF:52:9E:85:9F:04:BD:18:04:B1
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       16E9A5737FB24B30C0FDC9B79066BC467E340E29
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153520.roa
Signing time:             Sat 02 May 2026 09:24:24 +0000
ROA not before:           Sat 02 May 2026 09:19:24 +0000
ROA not after:            Sat 01 May 2027 09:24:24 +0000
asID:                     153520
IP address blocks:        160.250.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:e9:a5:73:7f:b2:4b:30:c0:fd:c9:b7:90:66:bc:46:7e:34:0e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:24 2026 GMT
            Not After : May  1 09:24:24 2027 GMT
        Subject: CN=1C376F4BA1EDBC67CA8BBF529E859F04BD1804B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3b:79:94:77:66:64:d9:6d:f5:c8:83:52:56:
                    c3:d9:ba:b5:0e:2d:06:ef:97:75:43:4c:32:b7:d9:
                    e0:f3:7e:64:98:b8:f7:1c:86:e4:33:00:07:3e:c4:
                    d0:12:55:b4:86:bd:32:e5:c4:18:10:72:5b:68:64:
                    4b:00:38:96:e9:a2:e8:3e:8b:f6:d9:31:24:72:2c:
                    86:04:c1:ca:ef:08:09:d9:72:46:9c:a2:01:94:1e:
                    f8:a8:c3:40:fb:f6:09:02:f1:28:58:02:60:93:4f:
                    ab:2a:4a:14:ce:84:99:33:ac:52:45:57:da:60:5f:
                    42:f6:db:51:a1:81:93:a5:4c:b5:12:85:ec:6b:fa:
                    f4:03:96:3d:4c:54:4e:4f:30:3b:ed:22:d7:4d:74:
                    97:80:43:a5:dc:8b:fb:ed:a9:26:01:26:b6:11:fe:
                    ae:da:b0:cc:f2:41:e3:65:03:93:dc:ca:03:6d:c4:
                    05:23:6b:a4:7e:b3:7d:48:45:13:c6:80:24:1e:12:
                    23:10:69:1e:07:48:17:b8:39:ba:50:a9:cc:0d:08:
                    58:92:04:ae:ed:38:ed:ce:ca:3e:5b:0b:04:6b:e8:
                    73:8c:0d:68:38:48:ff:cd:61:0f:cc:8c:52:03:da:
                    cd:1c:71:1c:e0:d8:76:c2:86:7a:27:d3:31:07:06:
                    e0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:37:6F:4B:A1:ED:BC:67:CA:8B:BF:52:9E:85:9F:04:BD:18:04:B1
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153520.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:31:46:d6:a1:30:bc:10:1a:74:9c:2b:d4:e9:17:13:eb:64:
         66:bf:4c:ef:be:db:a5:66:e6:2b:45:4a:e7:7b:5e:4e:26:6d:
         2f:66:d2:cf:81:32:3f:1f:75:4b:21:9f:4b:b6:29:89:d1:05:
         bd:25:81:b0:cf:21:1d:5e:ee:0c:d1:be:fe:16:32:cc:0d:9a:
         58:60:2f:ab:05:78:1e:82:52:46:83:f4:26:4c:ff:50:76:32:
         3e:f4:0f:45:50:09:e4:73:03:02:42:c6:6e:da:50:9e:a8:a0:
         7f:99:21:2b:27:e2:cf:3c:d1:f9:d3:3f:1a:42:13:06:b7:99:
         17:70:9e:aa:46:9e:c3:d2:46:11:1c:03:7a:46:1c:71:4d:a7:
         6c:d1:e7:26:0a:12:a3:25:9d:a1:fb:4c:0a:0a:7b:1a:43:da:
         65:45:c2:75:7a:fd:2d:66:9b:79:c0:e4:74:2a:96:e5:4d:a8:
         67:97:fa:c8:ba:5b:00:58:9a:a2:e7:d8:0e:43:a0:87:24:5b:
         05:c1:9b:01:60:93:a1:d0:bc:15:78:eb:51:4b:fe:88:61:b7:
         34:a3:3f:a1:c1:d6:7a:b5:5f:20:9b:ac:6e:78:85:53:8f:4a:
         ee:1e:51:dc:ca:dd:b9:71:b3:4c:15:5d:aa:31:81:a4:2a:21:
         64:3e:56:d8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUFumlc3+ySzDA/cm3kGa8Rn40DikwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyNFoX
DTI3MDUwMTA5MjQyNFowMzExMC8GA1UEAxMoMUMzNzZGNEJBMUVEQkM2N0NBOEJC
RjUyOUU4NTlGMDRCRDE4MDRCMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOE7eZR3ZmTZbfXIg1JWw9m6tQ4tBu+XdUNMMrfZ4PN+ZJi49xyG5DMABz7E
0BJVtIa9MuXEGBByW2hkSwA4lumi6D6L9tkxJHIshgTByu8ICdlyRpyiAZQe+KjD
QPv2CQLxKFgCYJNPqypKFM6EmTOsUkVX2mBfQvbbUaGBk6VMtRKF7Gv69AOWPUxU
Tk8wO+0i1010l4BDpdyL++2pJgEmthH+rtqwzPJB42UDk9zKA23EBSNrpH6zfUhF
E8aAJB4SIxBpHgdIF7g5ulCpzA0IWJIEru047c7KPlsLBGvoc4wNaDhI/81hD8yM
UgPazRxxHODYdsKGeifTMQcG4OUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQcN29L
oe28Z8qLv1KehZ8EvRgEsTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNTIwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoPrvMA0GCSqGSIb3DQEBCwUAA4IBAQAsMUbWoTC8EBp0nCvU6RcT62Rm
v0zvvtulZuYrRUrne15OJm0vZtLPgTI/H3VLIZ9LtimJ0QW9JYGwzyEdXu4M0b7+
FjLMDZpYYC+rBXgeglJGg/QmTP9QdjI+9A9FUAnkcwMCQsZu2lCeqKB/mSErJ+LP
PNH50z8aQhMGt5kXcJ6qRp7D0kYRHAN6RhxxTads0ecmChKjJZ2h+0wKCnsaQ9pl
RcJ1ev0tZpt5wOR0KpblTahnl/rIulsAWJqi59gOQ6CHJFsFwZsBYJOh0LwVeOtR
S/6IYbc0oz+hwdZ6tV8gm6xueIVTj0ruHlHcyt25cbNMFV2qMYGkKiFkPlbY
-----END CERTIFICATE-----