Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154336.roa
File:                     AS154336.roa (raw, json)
Hash identifier:          c0vOoiMqJA4gqDp0zmjxyV1swfVVnVjoBMJlfi43+Hw=
Subject key identifier:   4D:98:46:A2:02:31:40:94:0F:ED:88:4A:3D:49:B8:08:03:EA:79:2A
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       524DA869F242CE85CD5DE64C1CF7D2E2679085B5
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154336.roa
Signing time:             Sat 02 May 2026 09:23:11 +0000
ROA not before:           Sat 02 May 2026 09:18:11 +0000
ROA not after:            Sat 01 May 2027 09:23:11 +0000
asID:                     154336
IP address blocks:        138.252.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:4d:a8:69:f2:42:ce:85:cd:5d:e6:4c:1c:f7:d2:e2:67:90:85:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:11 2026 GMT
            Not After : May  1 09:23:11 2027 GMT
        Subject: CN=4D9846A2023140940FED884A3D49B80803EA792A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:75:19:65:51:cc:27:b7:d4:ec:ae:43:2f:e6:
                    3a:36:fb:f8:de:b6:4f:ea:ae:b3:75:59:fb:7b:58:
                    04:e0:dd:7e:70:be:fc:29:87:a4:de:4b:7e:74:c1:
                    4a:65:da:e2:f2:c9:be:ec:ba:ee:c4:a1:84:36:78:
                    6e:f6:3b:1f:40:74:31:5a:2d:81:87:cf:ab:91:6d:
                    cc:0e:c7:da:d2:ed:9a:a0:91:ef:4d:a5:3f:2b:58:
                    35:e8:ab:e0:f9:28:a4:9c:b3:65:4c:af:d4:c8:1b:
                    08:55:30:a5:43:0b:16:3d:98:db:78:8d:47:ee:34:
                    2b:60:fb:00:1d:8e:c8:f1:65:2b:f7:10:2e:dd:12:
                    86:62:08:15:c8:7f:b6:7a:5a:fc:29:8d:25:d3:f3:
                    12:85:10:99:e3:1e:15:59:99:d9:b6:17:5e:64:03:
                    e2:88:39:4a:d0:1d:22:6e:96:de:2f:fc:e5:3f:85:
                    2f:e9:08:95:28:c0:c8:c1:b7:d7:f9:40:64:e1:86:
                    9f:40:f9:3e:02:03:19:4b:2c:63:9b:57:87:75:9b:
                    54:51:da:78:6f:e9:32:d6:18:57:07:82:d0:07:6a:
                    47:8c:da:57:9b:00:3e:c8:d8:af:9b:bd:9c:60:83:
                    c1:45:d2:3a:86:04:0c:7c:4c:4b:02:95:6b:0b:a3:
                    03:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:98:46:A2:02:31:40:94:0F:ED:88:4A:3D:49:B8:08:03:EA:79:2A
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:62:5c:2a:35:bd:72:f8:1e:98:1e:3e:36:bf:a2:10:65:d0:
         53:22:38:13:68:a0:70:98:bb:72:7c:51:e9:af:cf:fb:61:26:
         39:92:24:ab:1c:5a:1f:86:0d:4b:bd:e4:ee:83:dc:fb:32:1d:
         9c:b5:1f:8e:5a:97:59:b2:ff:57:d3:6d:00:d0:d7:c6:80:0a:
         89:f8:a7:a3:23:9d:3d:cf:d5:4a:6c:4d:4c:0d:3a:2a:5c:d5:
         90:ec:a4:b2:19:53:f6:50:89:f9:c0:ee:8f:61:fe:1c:2e:f1:
         f1:1f:d1:59:31:df:1b:67:f5:20:50:da:43:26:94:5b:7f:12:
         03:e1:0a:6e:77:c3:42:6a:b7:fc:dd:b2:75:c2:b0:69:79:30:
         7a:6a:22:68:c2:2d:de:d2:cb:ab:bd:ad:b3:e2:fc:a6:66:16:
         68:32:e5:40:bf:95:a7:30:03:08:b0:0b:69:f3:ff:22:01:74:
         7c:03:33:68:5e:d3:d8:08:ff:15:f9:a9:d1:de:af:a1:30:12:
         10:bf:cb:f5:60:97:61:85:2c:cb:90:ab:7e:ad:08:26:d6:21:
         96:6a:a8:ad:9f:f1:18:28:18:dc:68:44:22:a9:61:67:16:08:
         60:15:8e:64:eb:df:30:74:7a:e9:80:fb:46:06:5b:56:03:1a:
         f9:7d:2f:c9
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUk2oafJCzoXNXeZMHPfS4meQhbUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxMVoX
DTI3MDUwMTA5MjMxMVowMzExMC8GA1UEAxMoNEQ5ODQ2QTIwMjMxNDA5NDBGRUQ4
ODRBM0Q0OUI4MDgwM0VBNzkyQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMp1GWVRzCe31OyuQy/mOjb7+N62T+qus3VZ+3tYBODdfnC+/CmHpN5LfnTB
SmXa4vLJvuy67sShhDZ4bvY7H0B0MVotgYfPq5FtzA7H2tLtmqCR702lPytYNeir
4PkopJyzZUyv1MgbCFUwpUMLFj2Y23iNR+40K2D7AB2OyPFlK/cQLt0ShmIIFch/
tnpa/CmNJdPzEoUQmeMeFVmZ2bYXXmQD4og5StAdIm6W3i/85T+FL+kIlSjAyMG3
1/lAZOGGn0D5PgIDGUssY5tXh3WbVFHaeG/pMtYYVweC0AdqR4zaV5sAPsjYr5u9
nGCDwUXSOoYEDHxMSwKVawujA0UCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRNmEai
AjFAlA/tiEo9SbgIA+p5KjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MzM2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivxWMA0GCSqGSIb3DQEBCwUAA4IBAQBZYlwqNb1y+B6YHj42v6IQZdBT
IjgTaKBwmLtyfFHpr8/7YSY5kiSrHFofhg1LveTug9z7Mh2ctR+OWpdZsv9X020A
0NfGgAqJ+KejI509z9VKbE1MDToqXNWQ7KSyGVP2UIn5wO6PYf4cLvHxH9FZMd8b
Z/UgUNpDJpRbfxID4Qpud8NCarf83bJ1wrBpeTB6aiJowi3e0surva2z4vymZhZo
MuVAv5WnMAMIsAtp8/8iAXR8AzNoXtPYCP8V+anR3q+hMBIQv8v1YJdhhSzLkKt+
rQgm1iGWaqitn/EYKBjcaEQiqWFnFghgFY5k698wdHrpgPtGBltWAxr5fS/J
-----END CERTIFICATE-----