Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153923.roa
File:                     AS153923.roa (raw, json)
Hash identifier:          YemWH3XPXWDhMPzOGqbU5WTQyRzZQbKEtM7ubUXa8+s=
Subject key identifier:   91:D8:2F:3C:24:25:55:19:D1:58:FD:86:10:80:C4:2D:04:5D:0C:B5
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3ACEEA41B37BC86FB5320BC516308B25A58071F7
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153923.roa
Signing time:             Sat 02 May 2026 09:25:01 +0000
ROA not before:           Sat 02 May 2026 09:20:01 +0000
ROA not after:            Sat 01 May 2027 09:25:01 +0000
asID:                     153923
IP address blocks:        165.99.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ce:ea:41:b3:7b:c8:6f:b5:32:0b:c5:16:30:8b:25:a5:80:71:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:01 2026 GMT
            Not After : May  1 09:25:01 2027 GMT
        Subject: CN=91D82F3C24255519D158FD861080C42D045D0CB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fd:7d:02:77:35:98:45:c1:14:95:3c:70:ff:
                    8e:bc:6c:97:94:74:61:24:a0:37:f1:8d:f8:f4:cc:
                    98:ec:6e:80:a6:97:43:76:63:47:34:f9:07:b9:07:
                    06:88:17:73:2b:88:bc:5c:7e:47:46:1c:7b:04:5e:
                    fc:b1:df:da:c0:41:68:8e:9d:f8:07:ce:6d:46:67:
                    c9:49:ec:db:1e:94:11:cf:69:d7:ae:c6:66:5d:7f:
                    b0:65:4a:e2:98:c0:6d:d9:3c:42:10:f9:3d:1e:26:
                    da:3d:58:c1:c3:a2:de:2d:29:4f:b3:bd:1e:95:72:
                    9c:d8:94:5c:78:ed:d0:7d:f9:8e:8c:fb:35:a5:df:
                    85:08:81:76:ea:b7:1e:64:e2:c9:0e:ed:15:9c:cb:
                    96:a5:33:2f:7b:70:e9:f8:ac:1a:c5:f8:a2:7a:ad:
                    69:4e:c7:b5:5b:64:5f:67:db:44:a2:bc:b6:13:a8:
                    60:d2:81:59:2b:f2:cc:2a:c2:12:f3:e6:22:a2:24:
                    6d:03:1b:f0:42:21:22:08:0b:45:ed:1b:cb:9b:05:
                    ef:e3:89:b7:c4:b0:31:b9:a5:cc:14:22:46:3e:71:
                    9c:fb:bd:b5:29:94:61:f9:57:af:ae:b2:df:34:3d:
                    00:8f:2f:3b:8b:c1:6e:27:a7:f3:64:b2:ee:e8:0d:
                    2f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D8:2F:3C:24:25:55:19:D1:58:FD:86:10:80:C4:2D:04:5D:0C:B5
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153923.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:4a:d1:3e:d1:9f:26:4b:f0:0c:3f:7b:6f:79:0f:d1:53:9b:
         a7:0c:3b:15:25:76:a5:84:1a:9e:2c:28:11:0b:b3:9c:03:f4:
         2f:33:5c:66:eb:22:96:9d:59:dc:1e:7d:94:4b:5e:4e:e0:21:
         03:db:b8:cb:0d:7f:1b:ed:b4:28:fe:95:38:f3:f7:e9:67:5e:
         6f:01:06:ae:7c:17:d6:78:4e:74:98:73:d6:f7:1c:c6:23:fb:
         91:aa:23:4d:6d:4b:f5:7d:bc:37:7c:10:ac:bd:95:fa:da:e8:
         ee:78:f5:08:d2:d3:53:e2:6f:ff:26:03:2f:5e:78:b2:b4:ed:
         44:16:c1:13:65:eb:54:69:24:9d:ce:6c:85:72:39:65:af:78:
         16:ae:14:d9:ce:63:21:d6:a0:49:cf:dd:1b:de:1a:21:2c:a2:
         d6:d3:d1:7e:53:76:3b:6a:f3:28:54:51:3f:ef:da:02:c2:9c:
         7e:51:13:9e:30:30:45:04:1b:8e:69:7a:68:f7:0c:83:8b:6e:
         12:f1:b7:9b:4c:51:db:8c:3a:19:cb:08:d5:e0:9c:ce:aa:18:
         47:55:61:6d:1f:8d:a3:5c:bf:d0:8d:8d:a6:bf:ac:c2:b2:7c:
         6b:55:38:67:bb:09:cf:e3:38:2b:5d:98:84:05:88:86:d8:12:
         3d:6e:80:b6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOs7qQbN7yG+1MgvFFjCLJaWAcfcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAwMVoX
DTI3MDUwMTA5MjUwMVowMzExMC8GA1UEAxMoOTFEODJGM0MyNDI1NTUxOUQxNThG
RDg2MTA4MEM0MkQwNDVEMENCNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ39fQJ3NZhFwRSVPHD/jrxsl5R0YSSgN/GN+PTMmOxugKaXQ3ZjRzT5B7kH
BogXcyuIvFx+R0YcewRe/LHf2sBBaI6d+AfObUZnyUns2x6UEc9p167GZl1/sGVK
4pjAbdk8QhD5PR4m2j1YwcOi3i0pT7O9HpVynNiUXHjt0H35joz7NaXfhQiBduq3
HmTiyQ7tFZzLlqUzL3tw6fisGsX4onqtaU7HtVtkX2fbRKK8thOoYNKBWSvyzCrC
EvPmIqIkbQMb8EIhIggLRe0by5sF7+OJt8SwMbmlzBQiRj5xnPu9tSmUYflXr66y
3zQ9AI8vO4vBbien82Sy7ugNL+kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSR2C88
JCVVGdFY/YYQgMQtBF0MtTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTIzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWNqMA0GCSqGSIb3DQEBCwUAA4IBAQBhStE+0Z8mS/AMP3tveQ/RU5un
DDsVJXalhBqeLCgRC7OcA/QvM1xm6yKWnVncHn2US15O4CED27jLDX8b7bQo/pU4
8/fpZ15vAQaufBfWeE50mHPW9xzGI/uRqiNNbUv1fbw3fBCsvZX62ujuePUI0tNT
4m//JgMvXniytO1EFsETZetUaSSdzmyFcjllr3gWrhTZzmMh1qBJz90b3hohLKLW
09F+U3Y7avMoVFE/79oCwpx+UROeMDBFBBuOaXpo9wyDi24S8bebTFHbjDoZywjV
4JzOqhhHVWFtH42jXL/QjY2mv6zCsnxrVThnuwnP4zgrXZiEBYiG2BI9boC2
-----END CERTIFICATE-----