Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153968.roa
File:                     AS153968.roa (raw, json)
Hash identifier:          LvBfWYAWWSGYrnXcmNMdUWjLClEbNos472ZHJ9t/X8M=
Subject key identifier:   EF:6D:35:5B:3A:BB:E5:2E:EE:89:95:29:2D:4B:35:9C:0D:88:EB:E9
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3EDC357F035DC520717BCE1F6480200A3381F658
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153968.roa
Signing time:             Sat 02 May 2026 09:24:58 +0000
ROA not before:           Sat 02 May 2026 09:19:58 +0000
ROA not after:            Sat 01 May 2027 09:24:58 +0000
asID:                     153968
IP address blocks:        165.99.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:dc:35:7f:03:5d:c5:20:71:7b:ce:1f:64:80:20:0a:33:81:f6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:58 2026 GMT
            Not After : May  1 09:24:58 2027 GMT
        Subject: CN=EF6D355B3ABBE52EEE8995292D4B359C0D88EBE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:37:d9:bf:d7:dd:75:0b:68:6c:23:30:dd:5b:
                    88:8f:ef:bc:38:7c:3e:ac:7b:d9:60:59:fd:8f:86:
                    6a:62:5f:dd:23:14:c6:f5:5a:8e:64:67:db:74:06:
                    46:84:78:1e:94:0c:1a:0a:9d:bc:cd:a0:87:50:d4:
                    82:05:08:dd:ad:15:b8:76:e7:e0:01:fe:b5:41:2d:
                    60:3b:5b:71:06:40:f0:a3:39:e5:19:50:a2:ee:1d:
                    d2:bb:ca:b1:58:22:f0:c1:d0:8c:34:da:54:53:3c:
                    dc:d7:d6:65:8f:9e:6e:7e:90:6f:d2:b9:47:39:8d:
                    db:07:63:05:e4:51:94:ad:e9:5c:57:89:51:dc:9a:
                    b7:b2:50:b1:f4:a2:39:4e:c0:8f:65:17:ea:31:05:
                    db:8b:a1:20:57:c9:b5:ef:7b:85:77:1b:35:45:db:
                    98:f7:a6:0c:d3:29:94:14:2c:dd:97:35:0a:ef:aa:
                    c3:bf:b4:f4:2a:b4:d3:61:42:e1:ab:73:fb:f3:1f:
                    d4:03:ae:7d:68:3e:c7:80:f4:f7:48:92:f2:36:cb:
                    d3:03:d0:bc:66:34:33:dc:e7:2e:2e:c4:99:fe:6a:
                    95:76:1a:30:09:9b:96:2c:9a:50:d2:a6:53:a0:fb:
                    c4:9c:c7:83:78:5e:c9:30:13:bb:e4:fc:3f:42:95:
                    7e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6D:35:5B:3A:BB:E5:2E:EE:89:95:29:2D:4B:35:9C:0D:88:EB:E9
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:59:d7:c2:63:2a:f4:ef:fb:57:05:df:0a:ed:31:6f:8c:e1:
         6c:6c:f0:3c:89:86:53:bd:09:bb:4b:f3:e3:92:3e:69:93:d5:
         03:5f:71:8f:4c:97:81:44:ab:46:11:b2:a3:41:9f:bb:a9:60:
         27:93:e6:ec:2c:46:4b:ea:95:b7:26:c9:35:89:a3:17:d5:90:
         8e:92:75:94:bc:0d:e6:98:3f:fa:a6:8f:1e:b5:35:bb:c3:95:
         6e:55:3e:30:78:1d:5d:67:64:80:64:bb:02:71:85:ac:69:c5:
         b7:a3:a9:4b:09:8c:ee:4b:da:d1:e6:5c:ac:ed:59:3b:63:e7:
         4f:f7:b2:32:d3:dd:2c:11:bb:b9:e9:7f:55:17:70:0c:cc:7d:
         fa:dd:ce:5b:01:72:b5:45:e0:f7:d0:a7:1e:57:3e:0a:52:05:
         d3:59:94:c1:62:d7:f1:c0:c3:82:c7:09:7c:8b:0f:4a:4c:64:
         9d:47:fb:ef:91:f1:82:1b:bb:92:0b:28:27:dc:69:fa:57:4b:
         24:79:b4:e7:7a:b5:b1:a6:d8:d2:d8:c5:e8:eb:cd:8f:3c:aa:
         f3:44:f0:e1:7d:66:2e:95:6b:85:e7:27:4c:71:8a:b9:0f:a9:
         1f:82:a1:1a:26:2a:cb:3e:9d:a0:5f:54:0b:55:78:17:f1:47:
         05:11:79:0e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPtw1fwNdxSBxe84fZIAgCjOB9lgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTk1OFoX
DTI3MDUwMTA5MjQ1OFowMzExMC8GA1UEAxMoRUY2RDM1NUIzQUJCRTUyRUVFODk5
NTI5MkQ0QjM1OUMwRDg4RUJFOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJg32b/X3XULaGwjMN1biI/vvDh8Pqx72WBZ/Y+GamJf3SMUxvVajmRn23QG
RoR4HpQMGgqdvM2gh1DUggUI3a0VuHbn4AH+tUEtYDtbcQZA8KM55RlQou4d0rvK
sVgi8MHQjDTaVFM83NfWZY+ebn6Qb9K5RzmN2wdjBeRRlK3pXFeJUdyat7JQsfSi
OU7Aj2UX6jEF24uhIFfJte97hXcbNUXbmPemDNMplBQs3Zc1Cu+qw7+09Cq002FC
4atz+/Mf1AOufWg+x4D090iS8jbL0wPQvGY0M9znLi7Emf5qlXYaMAmbliyaUNKm
U6D7xJzHg3heyTATu+T8P0KVfokCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTvbTVb
OrvlLu6JlSktSzWcDYjr6TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTY4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBpWPuMA0GCSqGSIb3DQEBCwUAA4IBAQBNWdfCYyr07/tXBd8K7TFvjOFs
bPA8iYZTvQm7S/Pjkj5pk9UDX3GPTJeBRKtGEbKjQZ+7qWAnk+bsLEZL6pW3Jsk1
iaMX1ZCOknWUvA3mmD/6po8etTW7w5VuVT4weB1dZ2SAZLsCcYWsacW3o6lLCYzu
S9rR5lys7Vk7Y+dP97Iy090sEbu56X9VF3AMzH363c5bAXK1ReD30KceVz4KUgXT
WZTBYtfxwMOCxwl8iw9KTGSdR/vvkfGCG7uSCygn3Gn6V0skebTnerWxptjS2MXo
682PPKrzRPDhfWYulWuF5ydMcYq5D6kfgqEaJirLPp2gX1QLVXgX8UcFEXkO
-----END CERTIFICATE-----