Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154056.roa
File:                     AS154056.roa (raw, json)
Hash identifier:          XfsFFp57OqdAXseW1zAt0gzbca2190WqgmGczA32/8w=
Subject key identifier:   D5:F5:E7:39:24:07:61:E4:B8:A5:14:FB:BE:0E:6E:9C:5D:6C:51:32
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       60D93963BFF06B0EBC33A2CEC2DB11F1BD5CDEAB
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154056.roa
Signing time:             Sat 02 May 2026 09:25:14 +0000
ROA not before:           Sat 02 May 2026 09:20:14 +0000
ROA not after:            Sat 01 May 2027 09:25:14 +0000
asID:                     154056
IP address blocks:        165.101.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d9:39:63:bf:f0:6b:0e:bc:33:a2:ce:c2:db:11:f1:bd:5c:de:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:14 2026 GMT
            Not After : May  1 09:25:14 2027 GMT
        Subject: CN=D5F5E739240761E4B8A514FBBE0E6E9C5D6C5132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:73:ea:44:fc:7a:f3:17:64:34:ff:6c:1e:e5:
                    46:e9:6d:60:95:43:71:50:8f:b5:f9:d3:30:ca:ec:
                    4d:c8:8c:0d:28:dc:18:35:2c:ab:eb:ef:47:bf:88:
                    9d:a4:d0:05:ae:e4:87:fc:b9:5f:74:1e:ab:d0:9c:
                    4b:3b:1c:21:e8:13:ec:df:8f:c2:fb:2f:f4:58:f9:
                    e7:00:5f:f4:2f:ed:50:2c:8b:41:d5:c9:d0:5e:3a:
                    3c:f7:ff:85:f1:93:15:ec:2d:b5:65:e2:55:9a:df:
                    f8:97:a8:63:a5:3d:a0:25:04:66:29:d7:8b:87:f2:
                    76:fe:b4:95:91:8b:b0:ae:2d:c5:6a:93:a5:19:48:
                    98:03:e6:bb:55:44:73:e0:f2:9e:e9:3d:2d:f8:bb:
                    63:dd:b5:a2:d8:06:2c:ee:8b:41:ae:a4:7d:d1:d5:
                    60:70:b4:4b:1c:c3:06:98:de:65:dd:3d:34:fb:73:
                    68:d1:b2:cb:e0:41:c4:85:b7:c2:39:de:b3:06:18:
                    db:b9:8f:b3:ca:6a:6d:d7:7a:48:a6:c9:8c:9b:88:
                    f7:20:82:3c:60:3b:77:0a:e5:8b:5b:22:a5:53:9b:
                    32:08:5f:88:63:23:43:82:29:0c:47:ff:44:b7:fc:
                    ff:d6:2e:79:e6:08:96:c9:52:f6:e4:15:3e:d0:8c:
                    45:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F5:E7:39:24:07:61:E4:B8:A5:14:FB:BE:0E:6E:9C:5D:6C:51:32
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154056.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:19:99:52:db:91:91:4e:33:29:31:36:84:5e:28:14:a8:
         32:65:da:dd:14:aa:17:6f:4c:85:8b:3c:15:1b:22:4d:e9:36:
         a8:05:42:32:1e:c6:4f:f3:c3:da:89:25:23:6a:96:75:9d:7f:
         06:39:fd:04:c8:f2:49:b5:08:1a:15:2c:d6:23:60:16:e2:8d:
         91:0c:c0:47:d6:cc:96:32:e2:be:55:c4:71:80:61:6a:42:69:
         fb:1c:b7:d6:21:56:7d:d6:31:6a:6f:e8:d1:4f:55:84:96:2e:
         79:41:c4:5a:28:20:e2:2d:b0:2d:db:13:95:6c:0b:ea:f2:5c:
         3f:e5:d0:09:15:6f:25:8d:b9:67:1c:fa:58:cb:66:44:5a:ba:
         f0:25:6b:c4:fa:c5:fc:66:64:ed:68:a2:77:82:86:e3:4e:92:
         60:94:af:6b:79:af:8b:ac:2d:97:99:f5:30:4a:d8:d5:d0:d3:
         02:b5:be:7f:1a:e6:dd:a5:a6:ae:e8:0a:df:65:56:d9:4d:87:
         94:b8:76:35:f9:21:ea:13:5c:29:0d:b4:b3:a5:1b:7b:ad:84:
         0e:c0:6a:85:67:7c:3d:bf:10:84:e8:ae:8e:46:7b:7c:6c:0a:
         29:ef:2f:a3:f4:52:3c:42:df:4f:bf:67:a4:02:16:51:98:44:
         83:7f:50:55
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUYNk5Y7/waw68M6LOwtsR8b1c3qswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxNFoX
DTI3MDUwMTA5MjUxNFowMzExMC8GA1UEAxMoRDVGNUU3MzkyNDA3NjFFNEI4QTUx
NEZCQkUwRTZFOUM1RDZDNTEzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI5z6kT8evMXZDT/bB7lRultYJVDcVCPtfnTMMrsTciMDSjcGDUsq+vvR7+I
naTQBa7kh/y5X3Qeq9CcSzscIegT7N+Pwvsv9Fj55wBf9C/tUCyLQdXJ0F46PPf/
hfGTFewttWXiVZrf+JeoY6U9oCUEZinXi4fydv60lZGLsK4txWqTpRlImAPmu1VE
c+Dynuk9Lfi7Y921otgGLO6LQa6kfdHVYHC0SxzDBpjeZd09NPtzaNGyy+BBxIW3
wjneswYY27mPs8pqbdd6SKbJjJuI9yCCPGA7dwrli1sipVObMghfiGMjQ4IpDEf/
RLf8/9YueeYIlslS9uQVPtCMRfUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTV9ec5
JAdh5LilFPu+Dm6cXWxRMjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MDU2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWWzMA0GCSqGSIb3DQEBCwUAA4IBAQATHRmZUtuRkU4zKTE2hF4oFKgy
ZdrdFKoXb0yFizwVGyJN6TaoBUIyHsZP88PaiSUjapZ1nX8GOf0EyPJJtQgaFSzW
I2AW4o2RDMBH1syWMuK+VcRxgGFqQmn7HLfWIVZ91jFqb+jRT1WEli55QcRaKCDi
LbAt2xOVbAvq8lw/5dAJFW8ljblnHPpYy2ZEWrrwJWvE+sX8ZmTtaKJ3gobjTpJg
lK9rea+LrC2XmfUwStjV0NMCtb5/Gubdpaau6ArfZVbZTYeUuHY1+SHqE1wpDbSz
pRt7rYQOwGqFZ3w9vxCE6K6ORnt8bAop7y+j9FI8Qt9Pv2ekAhZRmESDf1BV
-----END CERTIFICATE-----