Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153940.roa
File:                     AS153940.roa (raw, json)
Hash identifier:          NxphoQhyiXROr6NIsM7C09Cv8icduEIWAGApFw05aM8=
Subject key identifier:   D0:C6:21:26:38:F0:3B:23:36:4F:C6:FD:D3:F2:E5:EA:94:16:E0:73
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3CF6D83E2A8A0DA1127C17FB7AAA1F61AB044F62
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153940.roa
Signing time:             Sat 02 May 2026 09:22:50 +0000
ROA not before:           Sat 02 May 2026 09:17:50 +0000
ROA not after:            Sat 01 May 2027 09:22:50 +0000
asID:                     153940
IP address blocks:        165.99.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f6:d8:3e:2a:8a:0d:a1:12:7c:17:fb:7a:aa:1f:61:ab:04:4f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:50 2026 GMT
            Not After : May  1 09:22:50 2027 GMT
        Subject: CN=D0C6212638F03B23364FC6FDD3F2E5EA9416E073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a3:2e:07:f0:f9:56:a3:62:87:15:70:12:09:
                    74:3b:00:f1:ee:02:80:18:71:6c:49:9c:09:29:0f:
                    10:fa:4e:67:ce:b2:36:d1:53:ee:29:61:7c:d6:11:
                    96:3b:72:68:77:6d:10:51:b4:56:ab:6d:b2:da:4f:
                    7e:71:98:b8:18:39:de:17:77:1b:ae:a3:02:30:37:
                    9b:57:48:e8:9b:27:43:bd:c3:e4:9b:37:4b:d5:bb:
                    d9:99:e8:0a:02:fd:15:d5:8e:5f:8d:d9:8e:da:c6:
                    be:56:ff:f9:01:84:6a:9f:93:df:2a:e6:d6:83:ab:
                    43:96:ff:0c:7c:e4:5b:f0:8e:0a:14:30:fa:0e:65:
                    7a:56:a5:34:fc:3b:62:15:71:f3:51:c8:b0:c5:9e:
                    14:19:32:df:90:5a:5e:ee:12:a1:cc:19:40:e0:87:
                    73:76:5f:d6:a8:bb:9f:94:85:a0:f1:cc:b1:99:78:
                    a7:6e:d4:c8:44:88:6d:c7:27:d8:26:7b:7e:5e:41:
                    e5:6b:ba:06:25:0a:7c:83:4b:f2:52:74:19:c0:29:
                    b2:62:19:7c:51:2d:cd:7b:ba:1a:7f:fc:77:2d:61:
                    44:73:e3:e8:20:d6:a8:3a:5e:74:4f:c5:a0:5e:aa:
                    b0:eb:82:0f:b2:f0:16:f4:0f:9b:fa:62:13:69:7b:
                    57:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C6:21:26:38:F0:3B:23:36:4F:C6:FD:D3:F2:E5:EA:94:16:E0:73
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:be:d5:60:f1:66:35:f9:97:5d:14:1f:cc:87:43:c5:a9:7f:
         34:bb:6f:f2:ed:f7:88:23:c7:69:d5:bf:16:bc:03:c1:e4:8b:
         41:5b:dc:9a:cd:40:1e:ce:ab:dc:59:64:c8:28:f6:3c:a4:82:
         69:e9:8f:49:19:1d:0e:4f:ad:bd:ad:39:98:d6:ba:89:86:df:
         e7:5a:5e:43:25:01:43:2f:fd:e5:0d:28:a7:e7:5b:1b:2e:85:
         4a:b7:5d:29:03:ba:ff:40:9b:b1:ee:97:40:be:10:72:70:ce:
         dc:11:65:9a:41:56:21:fa:33:b8:ff:69:25:56:91:de:56:ab:
         6d:2f:28:72:8e:6d:63:f5:50:7f:2d:c4:2a:ca:9f:90:bd:41:
         b2:0a:c0:0e:ae:4e:3c:a3:3b:9c:34:db:e0:cc:b9:9c:fe:83:
         21:be:5e:5d:11:0f:d1:f1:59:90:d6:9c:bf:77:81:39:93:f1:
         58:52:06:42:40:88:15:15:f4:44:8b:6a:b1:76:23:a1:ac:e2:
         ca:70:d2:9a:c4:82:d9:37:d5:8b:00:8d:f2:59:98:0d:e4:40:
         8c:1d:a9:41:0f:69:14:94:f3:ae:4b:7d:1b:6f:63:14:4f:72:
         0d:cc:1f:37:39:7d:07:e0:bb:5d:9a:ec:02:3c:c6:35:bf:46:
         60:80:7a:96
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPPbYPiqKDaESfBf7eqofYasET2IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1MFoX
DTI3MDUwMTA5MjI1MFowMzExMC8GA1UEAxMoRDBDNjIxMjYzOEYwM0IyMzM2NEZD
NkZERDNGMkU1RUE5NDE2RTA3MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALajLgfw+VajYocVcBIJdDsA8e4CgBhxbEmcCSkPEPpOZ86yNtFT7ilhfNYR
ljtyaHdtEFG0VqttstpPfnGYuBg53hd3G66jAjA3m1dI6JsnQ73D5Js3S9W72Zno
CgL9FdWOX43ZjtrGvlb/+QGEap+T3yrm1oOrQ5b/DHzkW/COChQw+g5lelalNPw7
YhVx81HIsMWeFBky35BaXu4SocwZQOCHc3Zf1qi7n5SFoPHMsZl4p27UyESIbccn
2CZ7fl5B5Wu6BiUKfINL8lJ0GcApsmIZfFEtzXu6Gn/8dy1hRHPj6CDWqDpedE/F
oF6qsOuCD7LwFvQPm/piE2l7V0kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTQxiEm
OPA7IzZPxv3T8uXqlBbgczAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTQwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWOXMA0GCSqGSIb3DQEBCwUAA4IBAQCtvtVg8WY1+ZddFB/Mh0PFqX80
u2/y7feII8dp1b8WvAPB5ItBW9yazUAezqvcWWTIKPY8pIJp6Y9JGR0OT629rTmY
1rqJht/nWl5DJQFDL/3lDSin51sbLoVKt10pA7r/QJux7pdAvhBycM7cEWWaQVYh
+jO4/2klVpHeVqttLyhyjm1j9VB/LcQqyp+QvUGyCsAOrk48ozucNNvgzLmc/oMh
vl5dEQ/R8VmQ1py/d4E5k/FYUgZCQIgVFfREi2qxdiOhrOLKcNKaxILZN9WLAI3y
WZgN5ECMHalBD2kUlPOuS30bb2MUT3INzB83OX0H4LtdmuwCPMY1v0ZggHqW
-----END CERTIFICATE-----