Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153796.roa
File:                     AS153796.roa (raw, json)
Hash identifier:          CEJMTtHGmE/VxsxMg1CTuPJcFRmziDoxRrICdb9YGkE=
Subject key identifier:   23:0E:BB:F8:67:25:6E:5A:AA:AF:49:9C:CE:AC:AC:35:30:72:4F:E3
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       30EBD4B52A8CF5211BEF2F97516154450FAA0851
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153796.roa
Signing time:             Sat 02 May 2026 09:24:18 +0000
ROA not before:           Sat 02 May 2026 09:19:18 +0000
ROA not after:            Sat 01 May 2027 09:24:18 +0000
asID:                     153796
IP address blocks:        161.248.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:eb:d4:b5:2a:8c:f5:21:1b:ef:2f:97:51:61:54:45:0f:aa:08:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:18 2026 GMT
            Not After : May  1 09:24:18 2027 GMT
        Subject: CN=230EBBF867256E5AAAAF499CCEACAC3530724FE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5a:6e:06:68:3c:03:42:e3:68:9b:6f:40:6c:
                    80:b3:bd:bd:92:9b:5d:58:0c:ff:9c:8c:d9:52:85:
                    1b:b8:cf:93:01:be:90:2b:87:4c:8d:ec:e8:68:45:
                    3e:ca:2d:d4:67:b1:0b:b6:88:82:cc:79:ca:a8:bd:
                    12:9c:8a:84:9f:25:3a:9f:fe:8b:a5:cb:16:c7:d6:
                    e3:43:0e:d0:02:30:ed:4f:bc:aa:1d:04:74:37:f3:
                    2f:b6:00:ba:47:15:98:f7:61:8c:3a:e0:2f:e4:55:
                    c0:e4:25:b5:06:9a:4d:32:1a:37:96:91:72:99:0f:
                    db:3a:35:85:3f:de:08:89:ed:ea:77:0f:52:63:99:
                    b4:cb:06:b2:19:82:ff:87:ee:d3:04:bd:60:b3:ac:
                    fd:9a:84:5f:02:aa:97:f6:ae:e7:70:8a:b4:f8:13:
                    af:95:11:9d:67:76:f5:07:5b:91:60:02:a1:ba:f6:
                    85:7a:50:fa:be:b5:3e:30:02:e4:f1:01:73:7f:8b:
                    d3:8a:ba:43:dd:6d:0d:57:a1:32:5a:17:fc:f5:42:
                    99:4c:7e:30:1e:74:47:d2:f4:e4:0d:5a:42:0a:bb:
                    a8:b0:4d:21:23:8a:e1:43:eb:49:f0:53:06:f0:a3:
                    73:34:de:0a:ea:28:d5:47:7f:21:9b:b3:86:fc:ee:
                    7e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0E:BB:F8:67:25:6E:5A:AA:AF:49:9C:CE:AC:AC:35:30:72:4F:E3
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3e:0a:2e:65:fa:ac:0b:f4:2e:da:1b:2b:a4:21:26:3f:a5:
         b3:5b:05:c3:7c:3f:99:2c:07:4f:a0:a9:d2:d6:5b:1e:a2:cf:
         78:4c:15:cb:29:55:b6:44:c1:45:b0:30:f9:4f:d6:81:21:d6:
         c2:ed:b2:da:b5:64:2a:6f:a1:01:82:11:d0:e3:b9:50:c1:b4:
         11:04:cc:89:00:b6:62:2f:75:c9:9e:e2:fe:4e:98:9a:a1:4d:
         26:4d:d7:3f:53:73:6a:42:39:37:46:29:89:73:d1:90:27:b1:
         5a:cb:32:c6:9a:76:d0:c5:46:17:fb:d1:21:ec:9b:fe:f8:52:
         79:8e:fb:b9:72:05:a6:04:b2:d4:63:4f:70:21:07:cd:21:0f:
         42:90:fa:c9:08:0e:d2:db:15:2e:84:a0:f3:e6:65:e2:38:34:
         f0:32:36:e9:2d:88:bd:b6:15:af:49:2b:c3:6d:b7:75:03:28:
         75:ba:2f:13:2d:5a:1e:40:57:0c:2b:6d:ba:58:78:62:97:93:
         d2:31:6f:e5:60:44:30:0a:d5:bf:11:2d:35:8e:c0:74:34:93:
         77:d1:f3:86:36:f8:1d:48:19:12:b3:51:fe:ab:9b:5b:2d:8e:
         f0:a4:3c:94:9c:07:36:b1:ad:4e:54:35:86:51:a8:d2:96:7b:
         9f:dc:ff:d2
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUMOvUtSqM9SEb7y+XUWFURQ+qCFEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxOFoX
DTI3MDUwMTA5MjQxOFowMzExMC8GA1UEAxMoMjMwRUJCRjg2NzI1NkU1QUFBQUY0
OTlDQ0VBQ0FDMzUzMDcyNEZFMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRabgZoPANC42ibb0BsgLO9vZKbXVgM/5yM2VKFG7jPkwG+kCuHTI3s6GhF
Psot1GexC7aIgsx5yqi9EpyKhJ8lOp/+i6XLFsfW40MO0AIw7U+8qh0EdDfzL7YA
ukcVmPdhjDrgL+RVwOQltQaaTTIaN5aRcpkP2zo1hT/eCInt6ncPUmOZtMsGshmC
/4fu0wS9YLOs/ZqEXwKql/au53CKtPgTr5URnWd29QdbkWACobr2hXpQ+r61PjAC
5PEBc3+L04q6Q91tDVehMloX/PVCmUx+MB50R9L05A1aQgq7qLBNISOK4UPrSfBT
BvCjczTeCuoo1Ud/IZuzhvzufnECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQjDrv4
ZyVuWqqvSZzOrKw1MHJP4zAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzNzk2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAofjwMA0GCSqGSIb3DQEBCwUAA4IBAQCKPgouZfqsC/Qu2hsrpCEmP6Wz
WwXDfD+ZLAdPoKnS1lseos94TBXLKVW2RMFFsDD5T9aBIdbC7bLatWQqb6EBghHQ
47lQwbQRBMyJALZiL3XJnuL+TpiaoU0mTdc/U3NqQjk3RimJc9GQJ7FayzLGmnbQ
xUYX+9Eh7Jv++FJ5jvu5cgWmBLLUY09wIQfNIQ9CkPrJCA7S2xUuhKDz5mXiODTw
MjbpLYi9thWvSSvDbbd1Ayh1ui8TLVoeQFcMK226WHhil5PSMW/lYEQwCtW/ES01
jsB0NJN30fOGNvgdSBkSs1H+q5tbLY7wpDyUnAc2sa1OVDWGUajSlnuf3P/S
-----END CERTIFICATE-----