Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153946.roa
File:                     AS153946.roa (raw, json)
Hash identifier:          VE9c+DMNx/xr6sZpHOsdhgRXBgNvf9SRrQSoIB5pdy0=
Subject key identifier:   CF:A5:16:9F:E6:8B:DD:3B:4D:78:A2:1F:7E:80:FD:92:7D:BB:F8:4F
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1229E5813AF8ECE873A05A4556BA8D3BE2CC9C13
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153946.roa
Signing time:             Sat 02 May 2026 09:25:15 +0000
ROA not before:           Sat 02 May 2026 09:20:15 +0000
ROA not after:            Sat 01 May 2027 09:25:15 +0000
asID:                     153946
IP address blocks:        165.99.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:29:e5:81:3a:f8:ec:e8:73:a0:5a:45:56:ba:8d:3b:e2:cc:9c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:15 2026 GMT
            Not After : May  1 09:25:15 2027 GMT
        Subject: CN=CFA5169FE68BDD3B4D78A21F7E80FD927DBBF84F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:07:90:ed:06:37:0e:8c:bd:2c:10:3a:e5:59:
                    7f:9c:ae:f1:1b:15:69:e5:d8:23:04:1d:21:e4:3f:
                    a7:f5:8a:a8:93:3c:93:3f:0a:1f:f7:b6:9b:97:8d:
                    f1:ea:81:60:82:ef:df:fd:f0:67:5e:71:dc:1e:c0:
                    70:39:28:ad:12:aa:4d:06:ae:ed:cb:d2:af:89:57:
                    5a:62:a5:4a:ef:59:29:25:21:33:4e:36:2b:15:ee:
                    5f:65:55:8f:9d:c1:ed:ac:59:a6:85:f2:4d:70:d6:
                    c8:89:c9:de:95:66:e8:ea:7b:69:6f:00:fc:87:ac:
                    06:13:e9:4f:06:b2:94:7a:67:52:66:20:77:e1:a9:
                    1a:a7:cc:76:ce:7a:47:a2:64:d1:9d:8d:f8:e6:de:
                    23:f0:79:d0:a3:ef:bd:47:de:09:14:1f:6e:d8:4d:
                    7c:b6:fe:27:cf:f4:60:4c:d2:23:a8:37:e2:bd:30:
                    32:a3:cb:8e:70:0b:8c:82:f7:ef:e5:dc:20:32:51:
                    8f:19:2e:2e:4e:79:2e:73:2e:dc:10:45:58:af:fd:
                    6b:a5:e9:25:7e:32:2e:04:d7:8f:3e:81:5a:68:7c:
                    d4:9a:ce:a3:da:f4:51:7d:76:fb:c3:47:20:9c:cb:
                    15:27:1a:58:10:a7:68:4a:5b:2e:ad:88:f8:1e:7b:
                    1a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A5:16:9F:E6:8B:DD:3B:4D:78:A2:1F:7E:80:FD:92:7D:BB:F8:4F
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153946.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:84:83:7e:9b:6f:32:0f:e4:84:02:d9:b7:9f:98:b1:c7:72:
         77:0c:94:11:b9:e1:dc:b9:ed:58:f2:dd:e0:98:4a:69:78:f5:
         1e:e3:f6:2a:e3:e0:95:c7:6c:3b:f3:f5:e0:20:94:51:58:c9:
         dc:7b:e1:c0:29:5f:6a:1a:14:d4:89:05:9c:8b:7f:31:eb:6e:
         9f:a0:fc:9d:d7:96:79:44:39:d5:93:c5:28:88:fe:cf:1f:67:
         6e:bb:eb:75:f3:c0:81:82:7f:45:2d:9b:05:82:35:d8:04:2c:
         11:e1:e0:a6:8b:c6:39:5e:64:cd:00:ae:ef:19:78:86:d8:2e:
         46:ab:ec:bc:31:e5:ff:ea:a2:b2:ec:6d:4d:14:74:a7:b9:22:
         0a:c7:ed:cd:b4:eb:17:c7:1a:c6:39:74:a0:57:b7:fb:40:c8:
         83:01:bd:2b:04:8b:f9:92:91:c2:12:08:6d:5b:0b:b7:f9:1a:
         f3:20:aa:83:39:1e:39:93:cc:bb:5f:e6:65:6c:f6:bd:41:02:
         94:e8:04:1e:b2:36:98:86:41:ce:31:f0:ab:76:48:e0:5f:d1:
         f1:8f:bf:a4:86:60:bf:d4:85:ff:8d:6c:5b:7b:7b:f1:f7:78:
         9d:1d:1a:97:b1:69:fa:0a:ff:1e:31:43:d7:41:48:88:c7:9f:
         a8:f1:85:19
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEinlgTr47OhzoFpFVrqNO+LMnBMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxNVoX
DTI3MDUwMTA5MjUxNVowMzExMC8GA1UEAxMoQ0ZBNTE2OUZFNjhCREQzQjRENzhB
MjFGN0U4MEZEOTI3REJCRjg0RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKcHkO0GNw6MvSwQOuVZf5yu8RsVaeXYIwQdIeQ/p/WKqJM8kz8KH/e2m5eN
8eqBYILv3/3wZ15x3B7AcDkorRKqTQau7cvSr4lXWmKlSu9ZKSUhM042KxXuX2VV
j53B7axZpoXyTXDWyInJ3pVm6Op7aW8A/IesBhPpTwaylHpnUmYgd+GpGqfMds56
R6Jk0Z2N+ObeI/B50KPvvUfeCRQfbthNfLb+J8/0YEzSI6g34r0wMqPLjnALjIL3
7+XcIDJRjxkuLk55LnMu3BBFWK/9a6XpJX4yLgTXjz6BWmh81JrOo9r0UX12+8NH
IJzLFScaWBCnaEpbLq2I+B57GisCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTPpRaf
5ovdO014oh9+gP2Sfbv4TzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTQ2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWNsMA0GCSqGSIb3DQEBCwUAA4IBAQAHhIN+m28yD+SEAtm3n5ixx3J3
DJQRueHcue1Y8t3gmEppePUe4/Yq4+CVx2w78/XgIJRRWMnce+HAKV9qGhTUiQWc
i38x626foPyd15Z5RDnVk8UoiP7PH2duu+t188CBgn9FLZsFgjXYBCwR4eCmi8Y5
XmTNAK7vGXiG2C5Gq+y8MeX/6qKy7G1NFHSnuSIKx+3NtOsXxxrGOXSgV7f7QMiD
Ab0rBIv5kpHCEghtWwu3+RrzIKqDOR45k8y7X+ZlbPa9QQKU6AQesjaYhkHOMfCr
dkjgX9Hxj7+khmC/1IX/jWxbe3vx93idHRqXsWn6Cv8eMUPXQUiIx5+o8YUZ
-----END CERTIFICATE-----