Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153524.roa
File:                     AS153524.roa (raw, json)
Hash identifier:          sXZHHKR9MBvbYniMwpElSYeJNU8qzk/ibXEw/0ZC8jw=
Subject key identifier:   4F:EB:BD:58:05:D6:54:D7:8C:69:74:4C:92:F7:43:52:E3:BC:92:66
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1B8093C65451E295002BB30D0CCDF001065E4674
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153524.roa
Signing time:             Sat 02 May 2026 09:24:22 +0000
ROA not before:           Sat 02 May 2026 09:19:22 +0000
ROA not after:            Sat 01 May 2027 09:24:22 +0000
asID:                     153524
IP address blocks:        160.250.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:80:93:c6:54:51:e2:95:00:2b:b3:0d:0c:cd:f0:01:06:5e:46:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:22 2026 GMT
            Not After : May  1 09:24:22 2027 GMT
        Subject: CN=4FEBBD5805D654D78C69744C92F74352E3BC9266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1b:ad:76:e8:b7:64:f1:69:cb:76:dd:2d:3b:
                    2b:f4:6b:68:d4:66:22:89:49:54:a8:fe:8f:84:60:
                    db:af:90:3c:e9:e3:16:e4:d9:34:37:90:88:50:ca:
                    25:09:e7:ca:5c:62:b0:b3:13:7e:98:66:4d:09:01:
                    d8:e6:39:1c:f1:0e:20:be:3d:39:e0:89:9c:3d:db:
                    cd:9e:3c:4f:47:43:87:14:78:be:9e:32:1c:37:56:
                    67:5a:42:69:82:4c:81:e6:5e:3b:83:96:23:d3:b6:
                    e7:0b:b4:f1:47:f7:35:79:72:be:31:f2:f0:80:e8:
                    54:c6:6f:79:04:9a:6c:fb:a5:f3:95:1d:f4:03:34:
                    10:79:af:96:25:9f:2f:0c:39:5a:1f:b4:8c:98:89:
                    6f:b4:93:3a:de:42:17:be:6a:77:1b:36:74:de:f6:
                    d3:15:c5:21:6a:6a:a1:fa:db:14:a5:41:8d:07:b8:
                    c8:a5:a4:9b:55:55:61:ab:80:57:14:b5:e6:47:a4:
                    a4:ca:2c:17:25:a9:e9:a2:d2:ee:83:c1:8d:e5:3d:
                    67:d9:ba:36:5c:e0:77:6d:6f:cb:f4:9e:b0:33:97:
                    d0:1c:07:fe:5a:db:b5:28:48:9b:dc:c3:0a:34:61:
                    19:92:4e:c7:d9:09:72:dd:ec:3e:3c:5d:2b:ba:ab:
                    d3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:EB:BD:58:05:D6:54:D7:8C:69:74:4C:92:F7:43:52:E3:BC:92:66
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153524.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:86:66:cd:56:73:74:df:88:6b:9d:67:53:1f:c5:53:0e:c3:
         82:ec:c2:20:54:0e:1b:3f:12:20:52:d3:35:08:47:dc:cd:4d:
         46:52:58:fc:d6:b4:e9:55:18:be:ae:b3:57:0f:3a:58:25:8c:
         88:5f:89:96:44:55:64:86:ee:ba:5d:4b:09:ec:a3:8e:55:73:
         e5:59:1d:71:df:4e:6e:84:ad:7a:3b:ec:d2:e4:de:d8:d1:ba:
         86:fa:3b:48:68:cb:fa:ca:30:75:25:f3:db:4d:c9:a3:ee:d0:
         8a:57:5e:d6:74:e8:f9:b2:cc:76:ba:b6:00:0c:03:82:95:e6:
         e2:44:9a:0f:5f:01:ab:80:a6:0f:b8:b2:8e:fc:e8:77:54:71:
         e9:59:1d:ff:f4:97:f4:ec:93:5e:df:09:4b:40:27:88:7e:3d:
         b9:9d:84:a3:b5:7f:4e:a1:74:34:8d:8a:95:80:b0:13:9b:ad:
         49:c0:8c:7b:a7:ad:fb:6c:33:20:7f:43:ae:87:ed:a5:bb:2c:
         2b:9e:3a:8a:42:28:af:dd:c3:b5:3a:df:d9:17:f4:34:77:3a:
         75:ef:2f:b9:42:5d:73:2b:72:73:b9:c2:93:8f:67:21:f2:4e:
         18:af:bf:12:cf:c2:d6:78:84:7e:23:4a:34:34:41:14:aa:55:
         71:e3:39:8b
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUG4CTxlRR4pUAK7MNDM3wAQZeRnQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyMloX
DTI3MDUwMTA5MjQyMlowMzExMC8GA1UEAxMoNEZFQkJENTgwNUQ2NTRENzhDNjk3
NDRDOTJGNzQzNTJFM0JDOTI2NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIwbrXbot2Txact23S07K/RraNRmIolJVKj+j4Rg26+QPOnjFuTZNDeQiFDK
JQnnylxisLMTfphmTQkB2OY5HPEOIL49OeCJnD3bzZ48T0dDhxR4vp4yHDdWZ1pC
aYJMgeZeO4OWI9O25wu08Uf3NXlyvjHy8IDoVMZveQSabPul85Ud9AM0EHmvliWf
Lww5Wh+0jJiJb7STOt5CF75qdxs2dN720xXFIWpqofrbFKVBjQe4yKWkm1VVYauA
VxS15kekpMosFyWp6aLS7oPBjeU9Z9m6Nlzgd21vy/SesDOX0BwH/lrbtShIm9zD
CjRhGZJOx9kJct3sPjxdK7qr0/kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRP671Y
BdZU14xpdEyS90NS47ySZjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNTI0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoPojMA0GCSqGSIb3DQEBCwUAA4IBAQCxhmbNVnN034hrnWdTH8VTDsOC
7MIgVA4bPxIgUtM1CEfczU1GUlj81rTpVRi+rrNXDzpYJYyIX4mWRFVkhu66XUsJ
7KOOVXPlWR1x305uhK16O+zS5N7Y0bqG+jtIaMv6yjB1JfPbTcmj7tCKV17WdOj5
ssx2urYADAOClebiRJoPXwGrgKYPuLKO/Oh3VHHpWR3/9Jf07JNe3wlLQCeIfj25
nYSjtX9OoXQ0jYqVgLATm61JwIx7p637bDMgf0Ouh+2luywrnjqKQiiv3cO1Ot/Z
F/Q0dzp17y+5Ql1zK3JzucKTj2ch8k4Yr78Sz8LWeIR+I0o0NEEUqlVx4zmL
-----END CERTIFICATE-----