Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153903.roa
File:                     AS153903.roa (raw, json)
Hash identifier:          PNgOOqyH/tPZ4GwsS1OUOI963NpCfVJSdlSNV2rpnx4=
Subject key identifier:   D5:16:A7:9C:ED:D9:85:67:CB:98:F5:83:31:12:CD:12:BB:9B:E2:02
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       51AE826B4EE3B8E5674D425CAAFD47743C7C1C5A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153903.roa
Signing time:             Sat 02 May 2026 09:22:34 +0000
ROA not before:           Sat 02 May 2026 09:17:34 +0000
ROA not after:            Sat 01 May 2027 09:22:34 +0000
asID:                     153903
IP address blocks:        165.99.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ae:82:6b:4e:e3:b8:e5:67:4d:42:5c:aa:fd:47:74:3c:7c:1c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:34 2026 GMT
            Not After : May  1 09:22:34 2027 GMT
        Subject: CN=D516A79CEDD98567CB98F5833112CD12BB9BE202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:00:ea:12:a7:62:31:7e:de:bf:25:dd:c9:2d:
                    4a:32:46:fa:8d:4f:bb:82:76:f7:99:0b:ff:c1:55:
                    e4:1b:e7:2e:5a:f0:6b:d5:3d:f3:4d:14:78:15:8e:
                    bc:96:36:34:3d:f9:36:61:49:35:69:35:3d:44:3c:
                    45:39:72:9e:e3:57:30:88:d0:d1:4c:de:c2:06:7e:
                    6e:26:a6:a9:b4:5c:59:0d:89:10:0f:3c:42:7c:f9:
                    ca:3d:6a:a9:b4:46:65:c5:8f:30:76:ff:21:45:7e:
                    5f:81:2d:fd:25:cc:e9:30:0a:b4:98:18:e3:a7:7b:
                    9a:88:e0:a7:c9:21:10:c2:8b:26:0f:ff:76:ea:a5:
                    9d:57:75:59:3d:ce:b1:6d:11:1e:5c:5e:9a:7f:52:
                    99:ed:92:f0:75:e9:0a:80:9b:8b:a2:33:9c:0b:6b:
                    d8:9f:7d:e3:a2:21:1c:a2:a1:3d:59:4c:9a:b8:54:
                    2a:74:b1:64:18:ee:df:6f:50:58:17:4b:94:39:39:
                    4b:11:2d:84:53:ef:00:e1:ed:05:cc:ed:44:96:b6:
                    fd:ba:89:2f:ed:2a:b3:5d:9a:ab:99:7c:6c:2d:74:
                    c0:3e:88:c6:77:02:df:e0:4f:19:26:bd:9e:91:3d:
                    65:00:60:c3:b8:4e:4d:d1:b5:57:bb:2e:05:c5:12:
                    7a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:16:A7:9C:ED:D9:85:67:CB:98:F5:83:31:12:CD:12:BB:9B:E2:02
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153903.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:40:e8:4b:c7:48:3e:cf:cf:9b:cb:a6:24:d3:03:bd:fc:78:
         21:07:08:2e:6d:7c:94:04:b6:6f:2c:9b:f2:24:93:15:e1:13:
         33:b4:6d:f5:c8:49:a5:ff:98:5a:59:e3:58:c9:cd:ab:92:af:
         cb:c9:e0:cb:96:c2:82:fe:54:22:20:49:7c:37:e1:3a:cd:00:
         3c:e7:57:b9:8d:f6:f7:9f:4d:3d:1c:5f:5f:0f:71:b4:7d:20:
         1b:3a:19:d1:a8:ad:8d:2d:b7:af:e3:56:fb:06:dd:1c:cf:27:
         b7:69:fe:63:f0:7d:40:06:9c:7f:31:c4:6c:28:bb:a2:7b:e2:
         d0:79:fb:30:21:02:59:37:d7:25:9c:de:a0:4f:e7:86:91:6c:
         ec:ed:c8:44:0e:15:a5:3c:4f:8b:1b:7a:c4:c1:c7:21:66:ef:
         9b:ab:86:67:b4:be:97:b0:be:bc:7e:0e:ed:22:19:f1:95:76:
         67:f4:11:d5:63:df:12:27:e0:a0:00:49:3e:4c:b7:91:cd:a3:
         a2:54:4b:20:91:6d:f1:cc:f1:33:ec:f7:0c:1e:98:5b:86:37:
         c2:ef:9e:85:f0:9b:03:8a:22:49:cd:ea:f5:3f:2f:1f:f6:37:
         6e:a7:02:6a:03:75:1d:e7:87:b7:7d:0b:99:e5:56:dd:a6:1b:
         dd:45:2a:c5
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUa6Ca07juOVnTUJcqv1HdDx8HFowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczNFoX
DTI3MDUwMTA5MjIzNFowMzExMC8GA1UEAxMoRDUxNkE3OUNFREQ5ODU2N0NCOThG
NTgzMzExMkNEMTJCQjlCRTIwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANgA6hKnYjF+3r8l3cktSjJG+o1Pu4J295kL/8FV5BvnLlrwa9U9800UeBWO
vJY2ND35NmFJNWk1PUQ8RTlynuNXMIjQ0UzewgZ+biamqbRcWQ2JEA88Qnz5yj1q
qbRGZcWPMHb/IUV+X4Et/SXM6TAKtJgY46d7mojgp8khEMKLJg//duqlnVd1WT3O
sW0RHlxemn9Sme2S8HXpCoCbi6IznAtr2J9946IhHKKhPVlMmrhUKnSxZBju329Q
WBdLlDk5SxEthFPvAOHtBcztRJa2/bqJL+0qs12aq5l8bC10wD6IxncC3+BPGSa9
npE9ZQBgw7hOTdG1V7suBcUSev8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTVFqec
7dmFZ8uY9YMxEs0Su5viAjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTAzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWMgMA0GCSqGSIb3DQEBCwUAA4IBAQCOQOhLx0g+z8+by6Yk0wO9/Hgh
BwgubXyUBLZvLJvyJJMV4RMztG31yEml/5haWeNYyc2rkq/LyeDLlsKC/lQiIEl8
N+E6zQA851e5jfb3n009HF9fD3G0fSAbOhnRqK2NLbev41b7Bt0czye3af5j8H1A
Bpx/McRsKLuie+LQefswIQJZN9clnN6gT+eGkWzs7chEDhWlPE+LG3rEwcchZu+b
q4ZntL6XsL68fg7tIhnxlXZn9BHVY98SJ+CgAEk+TLeRzaOiVEsgkW3xzPEz7PcM
HphbhjfC756F8JsDiiJJzer1Py8f9jdupwJqA3Ud54e3fQuZ5VbdphvdRSrF
-----END CERTIFICATE-----