Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154141.roa
File:                     AS154141.roa (raw, json)
Hash identifier:          7Ux4/ZJKECHIQB68OO2JkItNQh3LMtT3jBxiaQyBqjk=
Subject key identifier:   99:50:F0:5E:2B:C8:F6:4A:EC:8D:0F:6D:62:FE:19:E2:18:FA:C2:4B
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       57172B7E872A2DD0C5E4BC27E6BD0DF4211C2658
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154141.roa
Signing time:             Sat 02 May 2026 09:25:20 +0000
ROA not before:           Sat 02 May 2026 09:20:20 +0000
ROA not after:            Sat 01 May 2027 09:25:20 +0000
asID:                     154141
IP address blocks:        192.156.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:17:2b:7e:87:2a:2d:d0:c5:e4:bc:27:e6:bd:0d:f4:21:1c:26:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:20 2026 GMT
            Not After : May  1 09:25:20 2027 GMT
        Subject: CN=9950F05E2BC8F64AEC8D0F6D62FE19E218FAC24B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:69:be:e3:b8:9e:87:48:54:3d:85:4b:f4:1f:
                    0c:d4:d1:67:69:67:05:8e:46:3e:1d:24:ff:e5:ac:
                    37:25:df:61:42:c4:c7:d2:dc:c0:cc:5c:02:52:6e:
                    3a:6a:18:e7:4d:99:ab:64:78:81:aa:f8:80:89:f6:
                    67:1e:da:9c:65:a9:f1:0e:5d:84:28:0c:2e:6c:a1:
                    e0:d7:e6:f0:e5:87:89:61:9a:0d:cf:b0:3e:fa:c9:
                    50:8d:ee:43:a3:08:dc:9a:b3:ce:57:7e:a2:b6:3c:
                    a1:1e:ea:4b:bb:b3:98:f8:1a:d3:7f:c4:2b:bf:04:
                    6f:3f:62:cb:9a:35:b1:b6:4e:5e:be:b0:ab:3f:1b:
                    d8:11:a0:27:ab:90:72:4f:ab:48:e7:a5:f0:19:5a:
                    d4:b9:55:b0:37:f6:c2:e3:b9:71:17:fb:cf:97:d2:
                    59:1b:10:43:9e:e8:e0:b1:b5:2d:14:d7:32:5b:b5:
                    e2:67:8e:38:97:53:22:33:a8:92:e0:1d:43:43:e9:
                    87:30:f0:26:06:98:2f:25:59:5c:38:d0:df:1b:fd:
                    dd:93:83:d7:41:e1:66:d3:de:e5:19:7b:3d:9d:3d:
                    c3:e5:d6:b0:4e:5e:5d:78:d5:23:3c:3d:9d:26:5a:
                    4f:a2:54:71:58:13:43:d0:08:fb:f9:38:e8:b0:72:
                    04:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:50:F0:5E:2B:C8:F6:4A:EC:8D:0F:6D:62:FE:19:E2:18:FA:C2:4B
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.156.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:bd:5d:29:db:1c:8c:54:b8:78:37:87:23:19:e9:a9:85:b0:
         48:e8:f8:04:f7:5a:07:1c:31:fb:43:4b:b6:48:dd:44:b1:7e:
         97:dc:e1:34:dd:e3:14:68:f9:b0:bb:be:54:6d:19:fd:83:ab:
         57:9c:93:b7:1a:a8:7a:dc:43:c1:d0:c5:be:0c:cb:fc:7c:61:
         39:d4:d1:03:f4:6b:e3:13:4c:e5:68:c0:65:ec:f5:f8:9f:56:
         04:8c:ff:54:db:f9:13:f8:87:7c:2c:c4:55:1f:13:95:b6:48:
         9e:c4:a8:ec:4c:7a:27:04:b2:b5:0b:51:76:08:b0:3c:8e:1f:
         25:a8:fd:be:8b:30:6d:9d:ec:5b:b3:fc:18:a4:7e:9d:52:de:
         d5:38:ef:9b:c3:d9:9d:f1:6e:48:1f:b0:db:00:3f:a8:5f:03:
         e2:1c:49:4c:7c:2a:a1:e5:18:0b:0d:59:59:ea:4a:5b:33:93:
         13:8a:40:76:a3:c3:e3:5b:c7:b1:96:b8:bd:a9:13:25:3b:42:
         f6:b2:b3:1e:5b:fd:8f:06:07:34:7e:6b:9f:4a:8e:c9:66:e6:
         31:ff:04:28:4e:50:75:f7:8e:ff:0b:1b:3b:1f:30:a9:b2:39:
         02:61:71:3a:2b:73:f7:49:15:94:5e:f4:c4:1f:ff:99:87:4e:
         16:c4:26:43
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVxcrfocqLdDF5Lwn5r0N9CEcJlgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAyMFoX
DTI3MDUwMTA5MjUyMFowMzExMC8GA1UEAxMoOTk1MEYwNUUyQkM4RjY0QUVDOEQw
RjZENjJGRTE5RTIxOEZBQzI0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMNpvuO4nodIVD2FS/QfDNTRZ2lnBY5GPh0k/+WsNyXfYULEx9LcwMxcAlJu
OmoY502Zq2R4gar4gIn2Zx7anGWp8Q5dhCgMLmyh4Nfm8OWHiWGaDc+wPvrJUI3u
Q6MI3Jqzzld+orY8oR7qS7uzmPga03/EK78Ebz9iy5o1sbZOXr6wqz8b2BGgJ6uQ
ck+rSOel8Bla1LlVsDf2wuO5cRf7z5fSWRsQQ57o4LG1LRTXMlu14meOOJdTIjOo
kuAdQ0PphzDwJgaYLyVZXDjQ3xv93ZOD10HhZtPe5Rl7PZ09w+XWsE5eXXjVIzw9
nSZaT6JUcVgTQ9AI+/k46LByBG0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSZUPBe
K8j2SuyND21i/hniGPrCSzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MTQxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAwJyOMA0GCSqGSIb3DQEBCwUAA4IBAQBDvV0p2xyMVLh4N4cjGemphbBI
6PgE91oHHDH7Q0u2SN1EsX6X3OE03eMUaPmwu75UbRn9g6tXnJO3Gqh63EPB0MW+
DMv8fGE51NED9GvjE0zlaMBl7PX4n1YEjP9U2/kT+Id8LMRVHxOVtkiexKjsTHon
BLK1C1F2CLA8jh8lqP2+izBtnexbs/wYpH6dUt7VOO+bw9md8W5IH7DbAD+oXwPi
HElMfCqh5RgLDVlZ6kpbM5MTikB2o8PjW8exlri9qRMlO0L2srMeW/2PBgc0fmuf
So7JZuYx/wQoTlB1947/Cxs7HzCpsjkCYXE6K3P3SRWUXvTEH/+Zh04WxCZD
-----END CERTIFICATE-----