Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154074.roa
File:                     AS154074.roa (raw, json)
Hash identifier:          2+iFcYGTP8wwEUnbG+DyqgUpLHIqMtNZiU0yhRhsryU=
Subject key identifier:   C4:5C:AB:78:1F:81:CC:ED:DA:0F:00:EF:E3:1F:5C:98:65:17:89:46
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       267B3D2A1E374C8F41D4F85F2FCF13A6A1FBA787
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154074.roa
Signing time:             Sat 02 May 2026 09:24:56 +0000
ROA not before:           Sat 02 May 2026 09:19:56 +0000
ROA not after:            Sat 01 May 2027 09:24:56 +0000
asID:                     154074
IP address blocks:        165.101.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:7b:3d:2a:1e:37:4c:8f:41:d4:f8:5f:2f:cf:13:a6:a1:fb:a7:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:56 2026 GMT
            Not After : May  1 09:24:56 2027 GMT
        Subject: CN=C45CAB781F81CCEDDA0F00EFE31F5C9865178946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:eb:f4:2c:27:7f:ca:6e:28:6e:fe:da:4f:88:
                    f5:8d:a9:da:7e:65:df:2c:30:d2:57:8e:2b:13:10:
                    ed:b4:66:a4:1b:9e:ec:66:bf:a2:e5:77:3d:e8:4f:
                    17:3e:6d:06:fe:a8:41:42:81:4b:6f:f9:08:40:c1:
                    e4:15:ad:b4:23:14:52:99:71:52:77:7e:30:e1:c9:
                    fc:d4:db:7e:05:4f:05:8e:62:d8:23:7f:83:95:a1:
                    43:f6:af:a4:a7:99:f7:7a:c9:e9:7c:4e:dc:48:cf:
                    81:4b:2e:bb:ff:a5:d9:5c:9a:79:7f:55:8f:00:e6:
                    05:5d:af:8b:b4:9a:20:c5:dd:d6:2f:76:c6:e6:9c:
                    fb:eb:d0:71:6f:04:a1:c7:a6:eb:0f:62:6e:08:1d:
                    ad:68:c0:65:09:e9:69:e9:7e:eb:f6:97:5d:cb:80:
                    40:30:da:88:20:f9:5a:c3:16:9d:4c:ed:fe:1f:4d:
                    88:08:1c:35:2f:26:bb:a2:e0:04:e1:c6:8f:b7:8e:
                    d2:8f:f8:7e:18:b1:45:45:a9:40:aa:ee:85:fe:95:
                    71:77:3e:c6:f5:88:71:7e:79:35:ba:be:90:b0:a2:
                    6d:72:0d:e5:9d:56:a6:1a:48:c5:00:1f:cd:b9:a5:
                    0a:ff:ee:98:76:0a:ee:b9:cf:79:44:f4:88:8d:5e:
                    c5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:5C:AB:78:1F:81:CC:ED:DA:0F:00:EF:E3:1F:5C:98:65:17:89:46
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154074.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0a:32:48:06:c0:0d:f6:e6:df:1e:0a:eb:6b:aa:3b:5f:5d:
         87:b1:4b:4d:2c:2a:76:bb:ae:b5:2e:dc:39:b6:22:2b:81:44:
         c4:fe:db:80:eb:a7:40:f1:d5:48:9f:43:1a:73:82:61:b0:63:
         4d:57:66:e2:1e:42:48:42:9b:27:38:04:dc:7f:61:1e:a7:5b:
         7c:d8:de:cb:19:4d:f1:03:42:55:19:f0:b1:94:4f:88:01:0a:
         68:cf:cd:9a:ed:3b:4c:3f:12:68:8d:df:fc:88:0a:54:35:08:
         27:8d:7a:6f:07:ca:cc:1b:e4:39:65:28:ff:92:5f:c4:50:c0:
         2f:f3:44:25:ee:de:eb:e6:9e:9f:bf:29:c3:7d:28:2f:75:67:
         67:d5:91:b9:e5:73:22:be:b0:0d:b5:fb:34:d8:17:b0:e6:67:
         3e:42:a6:9e:bc:d7:72:c4:32:3c:91:f0:fe:59:49:d0:b9:7b:
         5c:bb:76:9c:b3:12:a8:03:07:3e:5e:31:94:f3:50:9a:54:68:
         84:52:5b:4b:63:2c:d9:98:db:11:07:cd:87:f1:33:3a:a1:19:
         ee:4d:a2:0e:67:31:76:b7:48:a5:0f:ea:e1:83:40:cb:25:0a:
         cd:a5:86:61:4e:ea:d3:bb:bd:4b:00:be:79:30:d4:0e:30:75:
         19:55:99:01
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJns9Kh43TI9B1PhfL88TpqH7p4cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTk1NloX
DTI3MDUwMTA5MjQ1NlowMzExMC8GA1UEAxMoQzQ1Q0FCNzgxRjgxQ0NFRERBMEYw
MEVGRTMxRjVDOTg2NTE3ODk0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPr9Cwnf8puKG7+2k+I9Y2p2n5l3yww0leOKxMQ7bRmpBue7Ga/ouV3PehP
Fz5tBv6oQUKBS2/5CEDB5BWttCMUUplxUnd+MOHJ/NTbfgVPBY5i2CN/g5WhQ/av
pKeZ93rJ6XxO3EjPgUsuu/+l2VyaeX9VjwDmBV2vi7SaIMXd1i92xuac++vQcW8E
ocem6w9ibggdrWjAZQnpael+6/aXXcuAQDDaiCD5WsMWnUzt/h9NiAgcNS8mu6Lg
BOHGj7eO0o/4fhixRUWpQKruhf6VcXc+xvWIcX55Nbq+kLCibXIN5Z1WphpIxQAf
zbmlCv/umHYK7rnPeUT0iI1exU8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTEXKt4
H4HM7doPAO/jH1yYZReJRjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MDc0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWW6MA0GCSqGSIb3DQEBCwUAA4IBAQAICjJIBsAN9ubfHgrra6o7X12H
sUtNLCp2u661Ltw5tiIrgUTE/tuA66dA8dVIn0Mac4JhsGNNV2biHkJIQpsnOATc
f2Eep1t82N7LGU3xA0JVGfCxlE+IAQpoz82a7TtMPxJojd/8iApUNQgnjXpvB8rM
G+Q5ZSj/kl/EUMAv80Ql7t7r5p6fvynDfSgvdWdn1ZG55XMivrANtfs02Bew5mc+
QqaevNdyxDI8kfD+WUnQuXtcu3acsxKoAwc+XjGU81CaVGiEUltLYyzZmNsRB82H
8TM6oRnuTaIOZzF2t0ilD+rhg0DLJQrNpYZhTurTu71LAL55MNQOMHUZVZkB
-----END CERTIFICATE-----