Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153570.roa
File:                     AS153570.roa (raw, json)
Hash identifier:          wJw/WXPbp8NarUFNJiTD8Sw8itW+eAgHeSIyhxvUQkI=
Subject key identifier:   DD:44:53:A0:BF:D3:2D:2E:93:85:7F:9E:E8:D2:6F:41:3A:C6:7A:F5
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4045CCDB7DAE2F8B99FFC724D74D5159C8DCB119
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153570.roa
Signing time:             Sat 02 May 2026 09:24:25 +0000
ROA not before:           Sat 02 May 2026 09:19:25 +0000
ROA not after:            Sat 01 May 2027 09:24:25 +0000
asID:                     153570
IP address blocks:        161.248.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:45:cc:db:7d:ae:2f:8b:99:ff:c7:24:d7:4d:51:59:c8:dc:b1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:25 2026 GMT
            Not After : May  1 09:24:25 2027 GMT
        Subject: CN=DD4453A0BFD32D2E93857F9EE8D26F413AC67AF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:33:ee:70:4e:a0:ba:db:65:81:27:31:8d:9e:
                    85:49:56:1b:4b:95:f9:71:bf:53:33:e5:4c:ed:61:
                    fa:54:39:ce:3c:1c:f3:ae:11:41:a2:54:87:1a:11:
                    a3:36:8c:f5:5f:6a:42:ae:5f:1f:d6:86:4f:19:6e:
                    c9:58:23:0b:fa:66:bc:1d:4f:41:dd:54:79:39:b9:
                    e8:86:76:c8:de:68:c0:33:7d:4b:1f:b7:e3:6e:f9:
                    2c:34:d1:b2:3b:a8:8e:16:85:33:88:a2:2e:6b:6b:
                    88:c1:97:d3:ab:92:e5:cd:e8:b4:48:80:a7:81:5a:
                    89:81:18:a9:c0:8f:75:03:ef:a5:c5:40:56:ff:e0:
                    44:2e:51:a9:00:6f:64:58:12:cd:fa:cf:93:bb:ff:
                    02:85:10:49:98:84:e5:8f:f5:dc:71:4a:6e:81:9d:
                    73:36:8d:d3:7a:45:31:8e:ef:29:9a:09:c9:7e:15:
                    cf:87:b3:63:04:16:54:53:e2:c8:7d:f8:57:d7:4d:
                    5e:28:81:51:17:21:67:ea:42:8b:42:81:7e:39:c2:
                    40:7c:9b:8a:a0:bf:3b:4f:7b:76:fc:6e:90:dd:69:
                    59:11:a7:8f:21:ff:df:31:82:9b:ea:e4:e7:ad:c6:
                    1b:c2:d9:d4:fe:bf:9d:6a:f2:9c:6f:3c:34:4f:91:
                    d2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:44:53:A0:BF:D3:2D:2E:93:85:7F:9E:E8:D2:6F:41:3A:C6:7A:F5
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153570.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:86:67:0c:26:be:73:51:98:b8:71:dd:13:11:09:3a:e7:ca:
         c7:a9:13:25:f9:45:a5:19:33:93:ae:0f:c2:0f:2c:30:a4:43:
         e2:0d:19:49:c9:36:d8:5a:76:73:32:fc:5c:e6:7c:cc:ec:ad:
         77:56:a6:0e:b7:23:cf:77:5e:ae:a2:18:d9:7d:67:c4:c3:a9:
         b1:c2:c0:5f:c6:96:40:99:5d:cc:b6:e3:bc:21:36:ca:bf:54:
         30:71:42:67:02:25:67:71:b7:9d:90:83:2a:8b:ec:00:7a:25:
         23:af:6f:c3:76:c8:21:4d:49:6f:2b:b9:44:c2:55:33:8d:08:
         75:e8:57:eb:41:cd:7c:2f:4c:eb:01:c7:b8:93:ef:a2:44:70:
         d3:03:7a:8f:35:0d:4f:16:8e:30:25:a8:0e:32:ae:d6:bf:1a:
         26:74:20:fe:82:f0:6d:c4:fe:37:61:3e:a6:28:32:6f:8d:0d:
         4f:2a:83:f4:98:ab:db:ff:1f:d8:3c:f7:4f:94:a5:7f:1d:ba:
         7a:6b:9b:cd:80:64:12:49:d8:9a:8f:cf:d0:03:94:91:05:50:
         d7:70:20:34:f8:dc:4e:97:e4:b3:2d:8d:cc:31:69:4d:10:b9:
         9e:dd:64:d8:77:43:62:f0:b0:8c:40:e4:e0:bd:5c:f3:66:15:
         99:db:8b:ec
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUQEXM232uL4uZ/8ck101RWcjcsRkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyNVoX
DTI3MDUwMTA5MjQyNVowMzExMC8GA1UEAxMoREQ0NDUzQTBCRkQzMkQyRTkzODU3
RjlFRThEMjZGNDEzQUM2N0FGNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoz7nBOoLrbZYEnMY2ehUlWG0uV+XG/UzPlTO1h+lQ5zjwc864RQaJUhxoR
ozaM9V9qQq5fH9aGTxluyVgjC/pmvB1PQd1UeTm56IZ2yN5owDN9Sx+34275LDTR
sjuojhaFM4iiLmtriMGX06uS5c3otEiAp4FaiYEYqcCPdQPvpcVAVv/gRC5RqQBv
ZFgSzfrPk7v/AoUQSZiE5Y/13HFKboGdczaN03pFMY7vKZoJyX4Vz4ezYwQWVFPi
yH34V9dNXiiBURchZ+pCi0KBfjnCQHybiqC/O097dvxukN1pWRGnjyH/3zGCm+rk
563GG8LZ1P6/nWrynG88NE+R0rECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTdRFOg
v9MtLpOFf57o0m9BOsZ69TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNTcwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAofj7MA0GCSqGSIb3DQEBCwUAA4IBAQAIhmcMJr5zUZi4cd0TEQk658rH
qRMl+UWlGTOTrg/CDywwpEPiDRlJyTbYWnZzMvxc5nzM7K13VqYOtyPPd16uohjZ
fWfEw6mxwsBfxpZAmV3MtuO8ITbKv1QwcUJnAiVncbedkIMqi+wAeiUjr2/Ddsgh
TUlvK7lEwlUzjQh16FfrQc18L0zrAce4k++iRHDTA3qPNQ1PFo4wJagOMq7Wvxom
dCD+gvBtxP43YT6mKDJvjQ1PKoP0mKvb/x/YPPdPlKV/Hbp6a5vNgGQSSdiaj8/Q
A5SRBVDXcCA0+NxOl+SzLY3MMWlNELme3WTYd0Ni8LCMQOTgvVzzZhWZ24vs
-----END CERTIFICATE-----