Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153963.roa
File:                     AS153963.roa (raw, json)
Hash identifier:          iaNAhJFAB0ljsymHhy2cEgXFx89j7MWWLjHwiLXBhwg=
Subject key identifier:   B1:C2:08:12:89:47:88:3C:C7:4B:6C:4A:DD:08:4F:5B:64:53:93:25
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       690884CF5BE7A6127EBF39FDC2C8529CF2322E62
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153963.roa
Signing time:             Sat 02 May 2026 09:22:42 +0000
ROA not before:           Sat 02 May 2026 09:17:42 +0000
ROA not after:            Sat 01 May 2027 09:22:42 +0000
asID:                     153963
IP address blocks:        165.99.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:08:84:cf:5b:e7:a6:12:7e:bf:39:fd:c2:c8:52:9c:f2:32:2e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:42 2026 GMT
            Not After : May  1 09:22:42 2027 GMT
        Subject: CN=B1C208128947883CC74B6C4ADD084F5B64539325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2d:da:a6:ff:5c:d2:57:2b:a6:47:43:a8:d8:
                    af:aa:c1:42:0c:5e:13:f0:01:2b:99:b9:af:21:87:
                    f0:4f:d2:03:5d:97:c0:e7:65:31:a4:24:65:f1:c8:
                    e9:ee:6a:f6:10:4c:b7:37:e4:8e:0f:90:3f:e9:d2:
                    0a:1d:96:f2:ba:49:62:dc:5b:53:49:7a:ae:e3:b5:
                    31:91:e9:a2:a8:db:83:7f:a5:6a:b8:b8:e3:34:bd:
                    f0:e0:af:9d:bb:54:08:89:0a:4b:45:f1:a5:c9:cb:
                    7c:f2:72:a4:cd:53:5d:98:67:1e:c8:3e:fb:a4:57:
                    a1:d6:51:60:b3:7c:d7:ca:42:05:df:55:64:22:83:
                    ec:b3:fa:e8:6f:74:d4:32:f5:5f:ec:15:e4:a2:e9:
                    25:43:eb:dc:33:87:be:10:eb:28:68:30:a6:da:c2:
                    4e:2c:c1:97:e1:42:12:f2:15:61:b6:a0:36:8f:39:
                    3a:64:a0:b6:de:4d:59:e8:81:49:99:9f:a2:e5:15:
                    e8:97:0d:03:58:19:0d:da:41:93:45:88:2c:c9:b2:
                    24:7a:e4:ca:17:a6:3a:5a:ec:15:c7:1a:71:6e:71:
                    c1:7b:b2:f9:50:e6:cd:8b:4a:96:61:ec:30:94:fa:
                    c2:2a:b0:e9:57:63:8c:a1:58:bd:bb:57:31:42:20:
                    e5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C2:08:12:89:47:88:3C:C7:4B:6C:4A:DD:08:4F:5B:64:53:93:25
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153963.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:f8:f5:71:bc:d9:fe:d6:83:79:c1:de:69:b8:aa:26:d6:ff:
         bb:b5:d7:fe:dd:63:d8:8f:06:7a:86:79:4d:90:21:e1:e0:4e:
         13:f2:06:7f:70:56:9e:1d:5a:58:a0:38:61:1a:6c:ce:80:43:
         81:04:d3:17:46:4b:2c:82:46:c1:e7:9b:7f:db:f9:b7:aa:ac:
         49:2d:f9:18:ea:0b:e7:e2:be:e8:df:10:45:46:82:a1:69:8d:
         7f:0d:f0:c9:4b:d9:4e:0c:25:b1:d0:b4:1f:95:0b:50:3d:1d:
         0f:48:7c:fb:d6:db:e4:cc:69:4f:23:f8:fa:f5:48:92:79:0f:
         21:29:48:f8:55:88:88:84:a9:97:2f:1e:ae:46:50:4b:d5:8d:
         24:5c:05:c4:b7:64:41:f3:c2:d9:49:e7:b5:56:3c:8b:97:28:
         ee:31:69:fa:05:9b:e7:b5:32:da:2f:50:18:14:c2:e3:1b:4b:
         d2:75:7e:0c:2f:48:81:d1:13:ed:fa:b8:e4:5e:0b:8a:ac:1e:
         1d:cc:9a:2c:ed:13:26:fc:4c:94:4c:0b:69:ee:86:6c:9e:01:
         df:bd:cf:07:51:0f:52:d2:6a:3c:c8:7e:c1:c4:38:3f:11:98:
         90:a0:47:02:68:95:a5:44:d3:f2:ed:3e:ae:e9:7b:8e:3f:5e:
         10:9b:42:cd
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUaQiEz1vnphJ+vzn9wshSnPIyLmIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0MloX
DTI3MDUwMTA5MjI0MlowMzExMC8GA1UEAxMoQjFDMjA4MTI4OTQ3ODgzQ0M3NEI2
QzRBREQwODRGNUI2NDUzOTMyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQt2qb/XNJXK6ZHQ6jYr6rBQgxeE/ABK5m5ryGH8E/SA12XwOdlMaQkZfHI
6e5q9hBMtzfkjg+QP+nSCh2W8rpJYtxbU0l6ruO1MZHpoqjbg3+lari44zS98OCv
nbtUCIkKS0XxpcnLfPJypM1TXZhnHsg++6RXodZRYLN818pCBd9VZCKD7LP66G90
1DL1X+wV5KLpJUPr3DOHvhDrKGgwptrCTizBl+FCEvIVYbagNo85OmSgtt5NWeiB
SZmfouUV6JcNA1gZDdpBk0WILMmyJHrkyhemOlrsFccacW5xwXuy+VDmzYtKlmHs
MJT6wiqw6VdjjKFYvbtXMUIg5TcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSxwggS
iUeIPMdLbErdCE9bZFOTJTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTYzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWOaMA0GCSqGSIb3DQEBCwUAA4IBAQAj+PVxvNn+1oN5wd5puKom1v+7
tdf+3WPYjwZ6hnlNkCHh4E4T8gZ/cFaeHVpYoDhhGmzOgEOBBNMXRkssgkbB55t/
2/m3qqxJLfkY6gvn4r7o3xBFRoKhaY1/DfDJS9lODCWx0LQflQtQPR0PSHz71tvk
zGlPI/j69UiSeQ8hKUj4VYiIhKmXLx6uRlBL1Y0kXAXEt2RB88LZSee1VjyLlyju
MWn6BZvntTLaL1AYFMLjG0vSdX4ML0iB0RPt+rjkXguKrB4dzJos7RMm/EyUTAtp
7oZsngHfvc8HUQ9S0mo8yH7BxDg/EZiQoEcCaJWlRNPy7T6u6XuOP14Qm0LN
-----END CERTIFICATE-----