Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154318.roa
File:                     AS154318.roa (raw, json)
Hash identifier:          mUMCxnVXt1v1Yp+I4RVT+gjvafUVG5xRKBSLecquF3Q=
Subject key identifier:   EA:99:F5:9E:D2:67:B7:9E:A1:42:08:7F:36:0B:FD:9C:AB:7A:0F:79
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7774469EF8FFD4F8DF479F798C14CDF90BC08AA6
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154318.roa
Signing time:             Sat 02 May 2026 09:23:29 +0000
ROA not before:           Sat 02 May 2026 09:18:29 +0000
ROA not after:            Sat 01 May 2027 09:23:29 +0000
asID:                     154318
IP address blocks:        138.252.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:74:46:9e:f8:ff:d4:f8:df:47:9f:79:8c:14:cd:f9:0b:c0:8a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:29 2026 GMT
            Not After : May  1 09:23:29 2027 GMT
        Subject: CN=EA99F59ED267B79EA142087F360BFD9CAB7A0F79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5c:cc:7d:89:da:a6:15:91:4d:52:8c:55:b5:
                    e2:f9:f5:50:b7:57:7f:e0:17:68:ef:ad:7d:3e:6e:
                    7d:29:b9:67:f4:46:f7:11:57:54:6c:0d:e0:4b:32:
                    83:d4:09:5d:7a:a3:60:af:37:0e:87:50:82:56:b5:
                    17:35:d4:88:15:8e:f0:50:73:09:82:07:a9:80:04:
                    2e:29:86:1b:dc:ae:a1:c5:4d:4a:a0:3c:8f:92:5f:
                    91:52:96:d6:b3:15:33:bb:bb:ae:71:b5:74:14:0a:
                    ff:58:58:14:04:d6:fb:cd:0e:2f:9a:71:6e:52:03:
                    23:e5:17:96:42:3c:57:b1:22:e4:88:9d:da:d9:f5:
                    c6:46:55:4c:fa:16:56:9b:66:68:ed:2e:92:c7:4e:
                    37:f0:7a:89:11:27:cf:71:02:62:4f:a7:45:00:5d:
                    27:41:d5:fa:e9:83:f8:09:15:15:ff:23:3d:11:99:
                    5e:fb:64:f1:ee:85:f8:36:94:47:2b:cc:24:54:44:
                    2b:02:e7:af:95:88:e1:fc:fe:7c:7e:60:28:f6:02:
                    0a:59:de:ff:bc:0d:c0:32:62:6a:28:4e:5f:4d:b0:
                    8f:a4:50:ce:44:7d:ae:e3:2e:cb:80:28:77:54:76:
                    9b:92:e4:23:08:37:94:8f:74:43:89:82:89:d0:71:
                    dc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:99:F5:9E:D2:67:B7:9E:A1:42:08:7F:36:0B:FD:9C:AB:7A:0F:79
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6f:68:8c:f8:42:7b:71:b7:66:25:15:fa:bb:c5:d5:9d:5f:
         aa:d8:06:ba:1d:9d:0a:f2:0f:89:0a:df:2f:e4:2f:52:70:d7:
         72:de:40:47:b4:00:a3:f1:23:20:c5:8d:f9:d7:22:5d:b3:06:
         20:bf:ff:91:59:14:2a:2c:61:26:12:1c:fb:31:e2:5f:f0:aa:
         f3:0d:b5:17:e2:c4:d7:5d:20:ba:84:f2:08:59:7d:3f:a0:73:
         28:4a:18:a9:6a:bd:c6:13:61:a9:4c:d5:33:11:55:3a:20:db:
         74:bd:92:91:5d:04:1b:2f:d4:2b:18:b4:ef:15:ae:ee:b5:ad:
         53:27:7e:ac:b5:85:19:6e:06:cd:5d:b8:58:6a:92:a2:1d:b9:
         dc:0f:dc:f1:97:f8:e7:25:97:9b:b5:31:4e:b2:ae:1b:3a:ac:
         b6:64:df:25:85:0b:ce:d2:fd:82:a7:97:c9:34:8f:ef:08:7b:
         32:b6:08:40:90:a1:0f:e7:9f:8c:a5:9e:1b:e3:08:e2:a0:68:
         44:14:22:bd:05:e5:75:dc:4d:a9:d8:b9:8a:ea:a6:e4:d5:66:
         fe:95:de:15:bb:9f:5d:e2:55:c3:e3:41:2a:0d:9c:ae:de:3a:
         66:06:06:98:e5:72:45:9b:9d:c7:e9:1c:93:5b:77:1d:8b:a6:
         9b:49:5d:0e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUd3RGnvj/1PjfR595jBTN+QvAiqYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgyOVoX
DTI3MDUwMTA5MjMyOVowMzExMC8GA1UEAxMoRUE5OUY1OUVEMjY3Qjc5RUExNDIw
ODdGMzYwQkZEOUNBQjdBMEY3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZczH2J2qYVkU1SjFW14vn1ULdXf+AXaO+tfT5ufSm5Z/RG9xFXVGwN4Esy
g9QJXXqjYK83DodQgla1FzXUiBWO8FBzCYIHqYAELimGG9yuocVNSqA8j5JfkVKW
1rMVM7u7rnG1dBQK/1hYFATW+80OL5pxblIDI+UXlkI8V7Ei5Iid2tn1xkZVTPoW
VptmaO0uksdON/B6iREnz3ECYk+nRQBdJ0HV+umD+AkVFf8jPRGZXvtk8e6F+DaU
RyvMJFREKwLnr5WI4fz+fH5gKPYCClne/7wNwDJiaihOX02wj6RQzkR9ruMuy4Ao
d1R2m5LkIwg3lI90Q4mCidBx3KcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTqmfWe
0me3nqFCCH82C/2cq3oPeTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MzE4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivwyMA0GCSqGSIb3DQEBCwUAA4IBAQCIb2iM+EJ7cbdmJRX6u8XVnV+q
2Aa6HZ0K8g+JCt8v5C9ScNdy3kBHtACj8SMgxY351yJdswYgv/+RWRQqLGEmEhz7
MeJf8KrzDbUX4sTXXSC6hPIIWX0/oHMoShipar3GE2GpTNUzEVU6INt0vZKRXQQb
L9QrGLTvFa7uta1TJ36stYUZbgbNXbhYapKiHbncD9zxl/jnJZebtTFOsq4bOqy2
ZN8lhQvO0v2Cp5fJNI/vCHsytghAkKEP55+MpZ4b4wjioGhEFCK9BeV13E2p2LmK
6qbk1Wb+ld4Vu59d4lXD40EqDZyu3jpmBgaY5XJFm53H6RyTW3cdi6abSV0O
-----END CERTIFICATE-----