Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154007.roa
File:                     AS154007.roa (raw, json)
Hash identifier:          lnqc/ZLxggnAfD4RHDQKB7GpEXEW2JLeckE4k/s9lMo=
Subject key identifier:   AF:F8:55:8F:8D:0A:38:9A:81:73:B3:C1:CF:26:03:64:A2:86:C3:63
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       03B4B13430379C2259F3927A834381A082236DEF
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154007.roa
Signing time:             Sat 02 May 2026 09:22:52 +0000
ROA not before:           Sat 02 May 2026 09:17:52 +0000
ROA not after:            Sat 01 May 2027 09:22:52 +0000
asID:                     154007
IP address blocks:        165.99.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b4:b1:34:30:37:9c:22:59:f3:92:7a:83:43:81:a0:82:23:6d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:52 2026 GMT
            Not After : May  1 09:22:52 2027 GMT
        Subject: CN=AFF8558F8D0A389A8173B3C1CF260364A286C363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:90:07:04:a4:7f:e4:97:61:74:a9:d3:2d:
                    2b:ba:82:de:da:34:bb:19:97:1c:c3:e8:fd:da:fa:
                    d1:f6:26:0b:ee:3d:d5:46:5c:59:47:11:4d:b9:a4:
                    7a:b5:7d:8a:62:f7:11:2c:db:6a:86:38:fe:d8:19:
                    c2:e7:82:b7:97:7b:43:00:9b:ef:05:d4:96:31:99:
                    45:f4:ca:95:1a:40:8c:ac:69:6b:be:e2:03:43:d5:
                    48:c9:cb:a7:f8:a5:50:41:8c:19:f6:4b:c8:1a:37:
                    c7:15:e4:e3:8f:66:c2:e5:a4:fa:bc:02:f7:12:ec:
                    fb:af:4e:b3:37:56:0e:79:1d:df:f1:50:26:d0:8d:
                    26:f1:76:5a:a1:d1:2e:b7:c1:bf:11:cf:e9:ac:ea:
                    72:2a:e7:83:db:9c:53:c4:97:d6:54:31:3d:d4:35:
                    2e:f3:e8:bb:5e:97:ae:e5:8c:c5:c7:6e:df:b1:92:
                    75:cc:9c:e6:78:9c:36:61:a4:b9:95:5d:82:8b:fe:
                    7b:4f:3e:03:0e:48:f8:b8:83:66:9c:db:35:a5:6f:
                    af:c1:6a:27:31:ba:d8:91:db:ad:37:9b:c5:b2:46:
                    7c:50:50:ea:f7:6e:ab:12:7f:48:a0:e3:3c:24:2f:
                    49:cc:0c:8d:97:f0:6e:7c:e1:23:cf:f3:4e:e8:7d:
                    69:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F8:55:8F:8D:0A:38:9A:81:73:B3:C1:CF:26:03:64:A2:86:C3:63
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c1:55:43:d6:a7:77:c3:f1:c6:b6:55:2c:af:11:b8:06:28:
         6e:0c:f1:24:3c:c1:04:e4:f4:4f:5b:14:12:a6:a1:e5:c1:35:
         52:13:e6:74:a3:2e:ba:15:02:4f:73:f6:e9:fd:45:4e:08:f9:
         96:7e:0b:86:43:8b:41:e9:7a:b7:63:4e:f9:10:65:c6:ab:52:
         3f:b6:9a:f2:ac:fc:e8:1d:25:81:35:01:aa:f4:b1:e4:65:a2:
         69:fa:85:95:d7:88:ff:91:62:f9:ba:26:85:73:25:09:7c:eb:
         7b:ca:2e:ed:41:fa:9c:b4:26:d8:5e:89:b9:25:8f:e2:2f:00:
         0c:64:8c:e8:49:62:94:10:e5:e9:e3:e1:2f:32:4d:34:de:de:
         4a:76:c0:39:19:b0:e3:76:c9:19:15:cd:85:d7:e1:f3:11:7f:
         70:13:bc:db:13:5f:16:ad:d1:7a:6d:64:52:e6:90:f1:f6:9f:
         4f:4e:51:87:42:ad:b8:53:94:da:f3:19:98:32:9e:94:e9:b5:
         8d:46:cd:e5:e3:54:19:be:44:a0:dc:7f:a8:21:71:d6:69:31:
         e1:46:05:4d:5d:86:15:bb:a9:ac:a0:80:a9:ee:70:2c:aa:c2:
         86:aa:0f:af:d7:e6:14:ae:4e:6c:07:7f:df:76:98:ad:63:01:
         00:f5:84:42
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUA7SxNDA3nCJZ85J6g0OBoIIjbe8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1MloX
DTI3MDUwMTA5MjI1MlowMzExMC8GA1UEAxMoQUZGODU1OEY4RDBBMzg5QTgxNzNC
M0MxQ0YyNjAzNjRBMjg2QzM2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4CkAcEpH/kl2F0qdMtK7qC3to0uxmXHMPo/dr60fYmC+491UZcWUcRTbmk
erV9imL3ESzbaoY4/tgZwueCt5d7QwCb7wXUljGZRfTKlRpAjKxpa77iA0PVSMnL
p/ilUEGMGfZLyBo3xxXk449mwuWk+rwC9xLs+69OszdWDnkd3/FQJtCNJvF2WqHR
LrfBvxHP6azqcirng9ucU8SX1lQxPdQ1LvPou16XruWMxcdu37GSdcyc5nicNmGk
uZVdgov+e08+Aw5I+LiDZpzbNaVvr8FqJzG62JHbrTebxbJGfFBQ6vduqxJ/SKDj
PCQvScwMjZfwbnzhI8/zTuh9abkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSv+FWP
jQo4moFzs8HPJgNkoobDYzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MDA3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWN4MA0GCSqGSIb3DQEBCwUAA4IBAQB+wVVD1qd3w/HGtlUsrxG4Bihu
DPEkPMEE5PRPWxQSpqHlwTVSE+Z0oy66FQJPc/bp/UVOCPmWfguGQ4tB6Xq3Y075
EGXGq1I/tpryrPzoHSWBNQGq9LHkZaJp+oWV14j/kWL5uiaFcyUJfOt7yi7tQfqc
tCbYXom5JY/iLwAMZIzoSWKUEOXp4+EvMk003t5KdsA5GbDjdskZFc2F1+HzEX9w
E7zbE18WrdF6bWRS5pDx9p9PTlGHQq24U5Ta8xmYMp6U6bWNRs3l41QZvkSg3H+o
IXHWaTHhRgVNXYYVu6msoICp7nAsqsKGqg+v1+YUrk5sB3/fdpitYwEA9YRC
-----END CERTIFICATE-----