Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154075.roa
File:                     AS154075.roa (raw, json)
Hash identifier:          qENxgLRdtVYa4y+22xvPBn100ShUl/oO7TnWty0G5IE=
Subject key identifier:   5A:29:75:22:B5:CC:5E:0E:44:7E:57:0A:A1:BF:36:42:E6:78:F9:86
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       6B7C3020D134229B5F55771BA79AF76639706BAB
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154075.roa
Signing time:             Sat 02 May 2026 09:24:58 +0000
ROA not before:           Sat 02 May 2026 09:19:58 +0000
ROA not after:            Sat 01 May 2027 09:24:58 +0000
asID:                     154075
IP address blocks:        165.101.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:7c:30:20:d1:34:22:9b:5f:55:77:1b:a7:9a:f7:66:39:70:6b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:58 2026 GMT
            Not After : May  1 09:24:58 2027 GMT
        Subject: CN=5A297522B5CC5E0E447E570AA1BF3642E678F986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:69:be:45:cf:c4:7f:b7:4e:d2:e2:0e:f0:46:
                    c9:2d:eb:77:d6:91:55:66:94:37:32:ae:c5:69:bf:
                    33:83:18:96:78:05:17:d4:eb:ba:d9:cf:60:e4:d6:
                    08:01:9a:dd:b2:ab:d6:ad:2a:eb:11:6c:da:36:f9:
                    22:52:5d:28:35:7b:9b:ae:4a:f2:a1:2e:d9:d4:8b:
                    f1:59:ce:52:4c:63:ab:96:dc:57:b8:57:ea:48:74:
                    5c:f5:8b:b4:17:fe:9c:52:4a:dd:94:41:f3:52:a4:
                    86:11:ac:80:c5:6a:f1:44:1d:7b:d5:4e:e9:6f:34:
                    b3:f1:72:cb:8c:a4:3b:e8:9c:62:a9:a0:82:03:fb:
                    b5:ef:08:65:fc:7d:5f:96:b3:14:b4:04:57:ca:31:
                    39:22:66:f6:af:c8:c4:b6:4b:c7:bd:9e:b5:79:66:
                    50:09:6b:48:e6:de:30:6c:2d:65:f5:16:12:08:ef:
                    fe:c9:3b:b5:4b:c5:12:bf:4b:cf:a9:fa:01:41:a6:
                    2a:30:83:1b:97:66:7f:1e:c5:37:dc:ee:02:3b:c4:
                    ec:07:9f:02:f7:8c:38:8f:3b:10:3e:5d:60:cc:20:
                    18:7e:8a:0f:f4:11:b4:90:28:f4:98:f4:31:55:0f:
                    1e:ae:32:44:b7:41:60:ff:4b:ed:d9:5a:d7:ca:11:
                    dd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:29:75:22:B5:CC:5E:0E:44:7E:57:0A:A1:BF:36:42:E6:78:F9:86
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:01:58:e7:4b:53:fa:46:49:23:00:5b:2a:90:ee:f2:78:49:
         48:ef:ea:4e:34:9f:cb:0c:cb:a4:9d:2a:e5:3b:3b:d6:99:5c:
         5e:ee:6c:81:94:7f:87:97:b8:da:6e:a3:7d:57:5f:4e:64:59:
         98:81:ae:01:c1:96:a8:56:bf:fd:e8:a2:2c:27:d4:e7:d7:ad:
         eb:8e:2c:5d:f4:19:11:d7:99:46:7a:5a:57:54:27:fb:a1:1e:
         e8:75:63:18:1d:59:7b:24:37:24:c1:b9:93:cf:60:98:a2:b8:
         f0:a6:20:96:ff:5d:40:69:06:65:2c:d6:ae:ca:62:5a:94:26:
         d3:01:a4:ce:3e:46:b3:5f:41:6d:4c:05:8a:82:97:0c:ac:cf:
         29:ae:98:31:61:24:77:f8:a6:2b:02:ec:07:0a:2b:1e:6d:a7:
         2f:7c:66:25:28:73:3b:de:e6:75:3b:52:7c:45:c7:d5:ab:49:
         e1:99:7f:46:37:6d:da:3a:91:23:e7:4a:8e:25:78:94:c1:6a:
         3b:a8:91:cb:c4:78:06:53:25:12:a0:72:5f:46:14:89:f9:09:
         3e:4b:41:53:cf:da:9d:3e:f4:08:fa:6d:c8:cb:3b:7b:29:4f:
         39:1c:38:7d:cb:a6:26:db:be:8d:dd:20:69:23:fe:00:e8:ab:
         8d:a5:aa:96
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUa3wwINE0IptfVXcbp5r3Zjlwa6swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTk1OFoX
DTI3MDUwMTA5MjQ1OFowMzExMC8GA1UEAxMoNUEyOTc1MjJCNUNDNUUwRTQ0N0U1
NzBBQTFCRjM2NDJFNjc4Rjk4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANBpvkXPxH+3TtLiDvBGyS3rd9aRVWaUNzKuxWm/M4MYlngFF9TrutnPYOTW
CAGa3bKr1q0q6xFs2jb5IlJdKDV7m65K8qEu2dSL8VnOUkxjq5bcV7hX6kh0XPWL
tBf+nFJK3ZRB81KkhhGsgMVq8UQde9VO6W80s/Fyy4ykO+icYqmgggP7te8IZfx9
X5azFLQEV8oxOSJm9q/IxLZLx72etXlmUAlrSObeMGwtZfUWEgjv/sk7tUvFEr9L
z6n6AUGmKjCDG5dmfx7FN9zuAjvE7AefAveMOI87ED5dYMwgGH6KD/QRtJAo9Jj0
MVUPHq4yRLdBYP9L7dla18oR3XECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRaKXUi
tcxeDkR+VwqhvzZC5nj5hjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MDc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWXsMA0GCSqGSIb3DQEBCwUAA4IBAQA8AVjnS1P6RkkjAFsqkO7yeElI
7+pONJ/LDMuknSrlOzvWmVxe7myBlH+Hl7jabqN9V19OZFmYga4BwZaoVr/96KIs
J9Tn163rjixd9BkR15lGelpXVCf7oR7odWMYHVl7JDckwbmTz2CYorjwpiCW/11A
aQZlLNauymJalCbTAaTOPkazX0FtTAWKgpcMrM8prpgxYSR3+KYrAuwHCisebacv
fGYlKHM73uZ1O1J8RcfVq0nhmX9GN23aOpEj50qOJXiUwWo7qJHLxHgGUyUSoHJf
RhSJ+Qk+S0FTz9qdPvQI+m3Iyzt7KU85HDh9y6Ym276N3SBpI/4A6KuNpaqW
-----END CERTIFICATE-----