Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153992.roa
File:                     AS153992.roa (raw, json)
Hash identifier:          OxDpuiP/A+Igb/5tIvw3txFv3Ayry4MhbQa1Ji8/1SU=
Subject key identifier:   DE:17:53:5F:B3:96:84:FF:31:A1:9B:19:66:B8:0F:9C:28:70:95:5D
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       268662B7B81933416520481BFDE508769BFD1B2B
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153992.roa
Signing time:             Sat 02 May 2026 09:25:18 +0000
ROA not before:           Sat 02 May 2026 09:20:18 +0000
ROA not after:            Sat 01 May 2027 09:25:18 +0000
asID:                     153992
IP address blocks:        165.99.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:86:62:b7:b8:19:33:41:65:20:48:1b:fd:e5:08:76:9b:fd:1b:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:18 2026 GMT
            Not After : May  1 09:25:18 2027 GMT
        Subject: CN=DE17535FB39684FF31A19B1966B80F9C2870955D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cc:a4:d2:68:b5:49:38:b2:38:55:33:9d:8a:
                    74:0d:ff:a7:ee:94:cc:42:19:b4:65:7b:5c:43:d2:
                    2f:ce:40:49:73:bf:ad:9f:a8:70:d9:a7:cc:e4:8a:
                    2b:ad:ca:cc:94:5c:dc:75:7e:93:20:e4:73:a2:2a:
                    d9:b4:4b:68:41:3d:c0:21:2f:d0:0b:a2:71:1e:b0:
                    c5:f8:7e:d4:32:0c:d9:79:f0:ed:fd:27:8e:96:65:
                    dc:7b:6e:59:2b:06:ff:7b:4e:4a:54:64:8f:18:cb:
                    11:7e:26:71:31:b9:0f:f4:e2:58:f4:32:9d:b2:3d:
                    7e:c7:ff:fc:0d:64:1e:64:4d:f7:e0:e6:39:c5:f4:
                    0d:a9:3b:76:18:64:7f:d0:cd:65:f8:43:4f:be:d4:
                    b2:75:96:6a:26:ba:f7:1c:a6:ae:88:c6:97:3c:28:
                    ef:84:2b:47:df:a6:3a:3a:f9:a5:f3:8b:3f:fe:c3:
                    15:be:09:c7:37:07:61:48:66:6a:2c:70:b3:52:c1:
                    dc:a0:65:4c:19:6c:40:be:59:55:0f:bd:29:31:45:
                    99:25:27:b8:f8:51:76:66:ee:72:51:87:2b:55:d8:
                    0f:81:b2:9b:5c:59:59:5f:89:ca:1d:84:28:7d:45:
                    8a:9d:fd:5f:d4:5e:88:d5:78:55:43:83:2b:41:2c:
                    22:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:17:53:5F:B3:96:84:FF:31:A1:9B:19:66:B8:0F:9C:28:70:95:5D
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153992.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:08:18:24:a5:0b:0b:bb:de:12:28:17:d1:ba:b3:e3:d1:11:
         1a:80:3e:50:10:f1:1c:b2:da:a9:d6:19:85:f7:38:42:0d:6a:
         e3:e1:3b:42:ed:c8:bf:07:57:97:08:a6:29:21:f2:5c:cc:6b:
         67:99:07:e6:4a:d9:62:98:7e:db:89:ac:d8:1d:88:36:7f:01:
         63:da:ca:f8:d0:40:bb:0f:51:d3:70:e8:81:95:90:47:73:ce:
         51:21:c3:98:6a:8c:36:aa:5e:5d:74:a7:4c:b1:a0:71:b2:6c:
         1a:f5:23:fa:73:34:ee:24:d2:46:51:66:31:5c:0a:b2:17:25:
         ba:17:46:30:e5:d8:99:26:5a:c8:dc:e6:7e:52:a1:64:82:a1:
         f0:c2:26:56:a3:88:51:19:3d:e8:2b:25:de:4d:6a:ca:92:17:
         5f:c0:2d:ce:36:a0:44:49:f5:3b:f4:58:40:28:ea:d9:8f:bd:
         2a:99:af:68:9d:90:cb:72:49:99:27:e1:d2:de:15:b4:20:cb:
         e5:46:17:b9:93:d5:16:13:c9:42:0c:b8:76:78:a5:bc:c4:57:
         70:c9:bb:b6:0c:cc:f1:88:28:52:22:5e:6f:4e:d6:58:94:1c:
         fa:17:07:a0:35:92:d8:2b:8c:fa:91:3f:75:38:a1:ae:ea:02:
         6d:51:15:07
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJoZit7gZM0FlIEgb/eUIdpv9GyswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxOFoX
DTI3MDUwMTA5MjUxOFowMzExMC8GA1UEAxMoREUxNzUzNUZCMzk2ODRGRjMxQTE5
QjE5NjZCODBGOUMyODcwOTU1RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJnMpNJotUk4sjhVM52KdA3/p+6UzEIZtGV7XEPSL85ASXO/rZ+ocNmnzOSK
K63KzJRc3HV+kyDkc6Iq2bRLaEE9wCEv0AuicR6wxfh+1DIM2Xnw7f0njpZl3Htu
WSsG/3tOSlRkjxjLEX4mcTG5D/TiWPQynbI9fsf//A1kHmRN9+DmOcX0Dak7dhhk
f9DNZfhDT77UsnWWaia69xymrojGlzwo74QrR9+mOjr5pfOLP/7DFb4JxzcHYUhm
aixws1LB3KBlTBlsQL5ZVQ+9KTFFmSUnuPhRdmbuclGHK1XYD4Gym1xZWV+Jyh2E
KH1Fip39X9ReiNV4VUODK0EsIuECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTeF1Nf
s5aE/zGhmxlmuA+cKHCVXTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTkyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWP8MA0GCSqGSIb3DQEBCwUAA4IBAQA7CBgkpQsLu94SKBfRurPj0REa
gD5QEPEcstqp1hmF9zhCDWrj4TtC7ci/B1eXCKYpIfJczGtnmQfmStlimH7biazY
HYg2fwFj2sr40EC7D1HTcOiBlZBHc85RIcOYaow2ql5ddKdMsaBxsmwa9SP6czTu
JNJGUWYxXAqyFyW6F0Yw5diZJlrI3OZ+UqFkgqHwwiZWo4hRGT3oKyXeTWrKkhdf
wC3ONqBESfU79FhAKOrZj70qma9onZDLckmZJ+HS3hW0IMvlRhe5k9UWE8lCDLh2
eKW8xFdwybu2DMzxiChSIl5vTtZYlBz6FwegNZLYK4z6kT91OKGu6gJtURUH
-----END CERTIFICATE-----