Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154331.roa
File:                     AS154331.roa (raw, json)
Hash identifier:          PWpen7oTIk68Le07+gwnRwA5EcQkKX/q216tlEinQYo=
Subject key identifier:   50:21:16:97:A3:0C:35:07:D4:F0:42:AD:D0:17:08:2A:4A:95:21:E9
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       47C57646108DF08D1636EB02727C722ED958CE76
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154331.roa
Signing time:             Sat 02 May 2026 09:22:40 +0000
ROA not before:           Sat 02 May 2026 09:17:40 +0000
ROA not after:            Sat 01 May 2027 09:22:40 +0000
asID:                     154331
IP address blocks:        138.252.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c5:76:46:10:8d:f0:8d:16:36:eb:02:72:7c:72:2e:d9:58:ce:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:40 2026 GMT
            Not After : May  1 09:22:40 2027 GMT
        Subject: CN=50211697A30C3507D4F042ADD017082A4A9521E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:be:87:c2:5e:1c:9a:be:45:bf:fe:8c:99:d6:
                    fd:59:90:5a:87:7d:fc:9d:f1:67:9d:fc:fc:0d:dc:
                    a5:c0:d5:fd:9c:df:15:d9:94:bb:14:e4:f9:3b:07:
                    f6:4e:a4:ca:74:90:c8:9e:f6:4c:a5:51:d6:23:ac:
                    96:7a:db:b1:26:7c:a7:95:7b:d8:10:fc:0e:ca:40:
                    44:ee:04:38:0b:cd:cb:a1:64:4e:52:a9:4e:08:1f:
                    a3:cb:a4:85:8f:10:73:58:13:de:47:c6:fa:37:89:
                    9f:27:46:e4:c2:ff:3f:5c:9d:04:e1:09:e8:eb:dc:
                    f2:8e:48:b4:1b:3a:a0:24:ba:7c:04:8e:62:3b:0b:
                    d7:f8:a6:9d:11:3f:42:50:8a:62:27:96:8b:d2:2a:
                    ac:77:f5:55:bd:98:7e:aa:03:c9:0b:55:35:9a:66:
                    27:7d:11:8c:b0:c2:f3:07:ba:92:ae:1c:1e:55:ea:
                    c8:91:1b:d2:f4:13:02:c0:a8:fb:5e:8e:57:50:84:
                    b9:b7:00:40:70:1b:be:fa:f9:94:d7:ce:2c:23:1a:
                    d5:29:ef:2b:c8:7e:62:21:72:c2:e2:32:42:c1:8e:
                    03:fd:83:3c:1f:69:78:e0:55:1e:aa:48:65:72:ab:
                    2e:fd:b6:95:d9:7c:57:cf:c6:b3:57:e3:0e:3f:8f:
                    40:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:21:16:97:A3:0C:35:07:D4:F0:42:AD:D0:17:08:2A:4A:95:21:E9
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f1:f6:4a:a7:ad:d2:69:1a:6b:24:ad:a5:56:ce:91:f7:73:
         91:77:37:b1:c7:81:09:3d:07:5d:8a:d1:24:52:6d:9d:79:37:
         ad:bd:84:97:20:87:e6:2a:38:73:fe:ca:42:f9:dd:65:42:83:
         bb:6d:51:f2:ec:b7:26:99:cf:93:3c:30:f3:72:97:0d:7d:2a:
         f0:3a:24:1c:b3:b0:8d:cb:f7:97:5e:aa:e8:16:bd:78:21:5e:
         2b:90:48:30:c9:58:c8:68:df:0b:2f:74:10:f6:9f:09:ee:86:
         a9:3d:7d:d1:d1:92:c8:59:3b:0d:bd:0f:14:f5:cc:90:40:86:
         ed:d4:3f:49:1c:50:e3:f9:a3:e9:14:be:31:cd:ea:bc:af:e2:
         74:b4:ce:fd:ff:93:a4:1e:d6:ee:50:d2:90:32:f5:c2:52:71:
         9a:86:57:8d:43:cc:80:ca:73:42:7a:de:58:a1:74:e7:ba:41:
         ac:81:8a:27:41:31:0a:b3:83:f1:52:0b:53:e2:f0:1d:03:c0:
         85:dd:a4:28:90:7c:ad:26:0e:08:09:07:0b:3c:d0:41:99:4f:
         97:85:1e:c3:70:a1:84:e2:4a:d5:2b:70:db:44:af:20:f8:b6:
         47:32:cb:da:5e:aa:82:59:1a:6f:e1:78:93:1c:40:8c:40:4c:
         94:7d:1d:65
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUR8V2RhCN8I0WNusCcnxyLtlYznYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0MFoX
DTI3MDUwMTA5MjI0MFowMzExMC8GA1UEAxMoNTAyMTE2OTdBMzBDMzUwN0Q0RjA0
MkFERDAxNzA4MkE0QTk1MjFFOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMy+h8JeHJq+Rb/+jJnW/VmQWod9/J3xZ538/A3cpcDV/ZzfFdmUuxTk+TsH
9k6kynSQyJ72TKVR1iOslnrbsSZ8p5V72BD8DspARO4EOAvNy6FkTlKpTggfo8uk
hY8Qc1gT3kfG+jeJnydG5ML/P1ydBOEJ6Ovc8o5ItBs6oCS6fASOYjsL1/imnRE/
QlCKYieWi9IqrHf1Vb2YfqoDyQtVNZpmJ30RjLDC8we6kq4cHlXqyJEb0vQTAsCo
+16OV1CEubcAQHAbvvr5lNfOLCMa1SnvK8h+YiFywuIyQsGOA/2DPB9peOBVHqpI
ZXKrLv22ldl8V8/Gs1fjDj+PQH0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRQIRaX
oww1B9TwQq3QFwgqSpUh6TAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MzMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivxfMA0GCSqGSIb3DQEBCwUAA4IBAQAh8fZKp63SaRprJK2lVs6R93OR
dzexx4EJPQdditEkUm2deTetvYSXIIfmKjhz/spC+d1lQoO7bVHy7Lcmmc+TPDDz
cpcNfSrwOiQcs7CNy/eXXqroFr14IV4rkEgwyVjIaN8LL3QQ9p8J7oapPX3R0ZLI
WTsNvQ8U9cyQQIbt1D9JHFDj+aPpFL4xzeq8r+J0tM79/5OkHtbuUNKQMvXCUnGa
hleNQ8yAynNCet5YoXTnukGsgYonQTEKs4PxUgtT4vAdA8CF3aQokHytJg4ICQcL
PNBBmU+XhR7DcKGE4krVK3DbRK8g+LZHMsvaXqqCWRpv4XiTHECMQEyUfR1l
-----END CERTIFICATE-----