Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154385.roa
File:                     AS154385.roa (raw, json)
Hash identifier:          Cljw4DdY1YM6OagAhF9d9Tw55zFefBQANkJYKVNR248=
Subject key identifier:   86:7F:93:DD:3E:8A:4B:82:D9:24:D2:DF:54:54:48:14:33:7C:6B:32
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       17D35BF5FDE740F2FEC76B4F476139DCFA790436
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154385.roa
Signing time:             Sat 02 May 2026 09:22:39 +0000
ROA not before:           Sat 02 May 2026 09:17:39 +0000
ROA not after:            Sat 01 May 2027 09:22:39 +0000
asID:                     154385
IP address blocks:        138.252.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:d3:5b:f5:fd:e7:40:f2:fe:c7:6b:4f:47:61:39:dc:fa:79:04:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:39 2026 GMT
            Not After : May  1 09:22:39 2027 GMT
        Subject: CN=867F93DD3E8A4B82D924D2DF54544814337C6B32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:30:67:40:f2:e9:9e:2a:dd:20:8b:77:31:
                    8a:c8:f7:7e:ba:0a:19:ea:23:5e:3b:ed:2f:98:c1:
                    cc:a5:3f:ef:79:d8:12:6a:e4:58:fc:0d:1a:3e:39:
                    36:e3:6e:d7:d1:19:5f:71:98:ee:6d:30:dd:be:f6:
                    d7:8f:8b:5a:11:23:df:92:60:6d:61:c3:34:a7:df:
                    fb:ac:eb:99:49:15:f6:7a:99:d7:48:16:38:d3:f0:
                    c0:49:24:1b:6a:f7:82:8a:5b:52:17:9e:9d:65:48:
                    02:07:7c:28:ca:64:4f:be:97:77:d5:46:a0:0d:a6:
                    3d:4c:e7:a5:b2:e7:c4:43:a7:d6:c9:f2:08:46:04:
                    8f:a5:32:ec:f0:1d:27:23:8c:4b:a2:fa:9e:e5:b6:
                    f3:88:95:26:56:10:e4:83:e3:ee:51:85:8f:f4:fe:
                    68:73:bd:47:35:88:52:a2:a3:0d:f3:2b:8d:e4:59:
                    6b:86:b5:f8:fe:d5:bd:53:19:53:1e:ab:0f:bd:b3:
                    39:dc:cb:e9:1d:51:3f:3b:e0:e0:6c:b4:e4:be:8e:
                    c7:88:9c:8e:70:d1:cd:a7:04:d0:ee:e0:a8:5d:17:
                    14:95:02:19:b6:c8:3a:91:3f:4b:0a:7e:ca:d8:c5:
                    e7:10:25:5b:6f:3a:09:b4:1f:6e:a9:18:a2:7d:8a:
                    42:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7F:93:DD:3E:8A:4B:82:D9:24:D2:DF:54:54:48:14:33:7C:6B:32
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154385.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:65:f2:a3:2d:19:88:06:06:05:64:f1:20:26:45:aa:09:52:
         6c:35:81:b6:01:e6:4a:5e:c1:be:40:6b:85:56:7e:56:2c:20:
         f0:cd:f3:4b:68:2b:34:14:ca:c7:4f:89:63:8c:21:1f:54:96:
         47:64:de:b4:a9:3e:17:7a:92:59:6f:5e:cf:7c:ad:8f:fc:b1:
         89:d8:17:53:e3:dd:d9:1f:cf:59:e4:8f:36:75:85:4f:c2:7c:
         4d:a3:5e:9d:db:bf:c8:69:91:f0:e8:ca:d8:dc:5c:97:77:46:
         c3:07:97:61:c3:fe:3c:6e:20:c2:68:bb:95:21:82:37:12:6e:
         cd:3d:da:41:d5:6a:11:86:cc:59:33:e5:22:05:56:25:a3:8f:
         e5:2d:a5:a0:e1:c7:e0:cf:75:5e:57:50:ed:eb:99:15:f2:d9:
         37:a5:b6:83:ee:d8:2f:e2:74:37:d8:81:ab:a6:62:90:3e:64:
         c7:78:8f:a8:9d:d3:21:7c:50:50:37:62:51:9d:e3:d9:e5:80:
         c4:c6:b7:58:4a:ca:d3:dc:21:32:96:b7:bc:f1:0b:8f:0e:85:
         31:f3:60:24:5a:84:e1:12:33:a1:de:77:4c:8a:87:e3:81:82:
         de:39:0f:60:6a:f9:99:bb:48:0f:12:3b:28:3a:41:a5:a2:01:
         96:04:77:d9
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUF9Nb9f3nQPL+x2tPR2E53Pp5BDYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczOVoX
DTI3MDUwMTA5MjIzOVowMzExMC8GA1UEAxMoODY3RjkzREQzRThBNEI4MkQ5MjRE
MkRGNTQ1NDQ4MTQzMzdDNkIzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKPPMGdA8umeKt0gi3cxisj3froKGeojXjvtL5jBzKU/73nYEmrkWPwNGj45
NuNu19EZX3GY7m0w3b7214+LWhEj35JgbWHDNKff+6zrmUkV9nqZ10gWONPwwEkk
G2r3gopbUheenWVIAgd8KMpkT76Xd9VGoA2mPUznpbLnxEOn1snyCEYEj6Uy7PAd
JyOMS6L6nuW284iVJlYQ5IPj7lGFj/T+aHO9RzWIUqKjDfMrjeRZa4a1+P7VvVMZ
Ux6rD72zOdzL6R1RPzvg4Gy05L6Ox4icjnDRzacE0O7gqF0XFJUCGbbIOpE/Swp+
ytjF5xAlW286CbQfbqkYon2KQpUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSGf5Pd
PopLgtkk0t9UVEgUM3xrMjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0Mzg1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivztMA0GCSqGSIb3DQEBCwUAA4IBAQBZZfKjLRmIBgYFZPEgJkWqCVJs
NYG2AeZKXsG+QGuFVn5WLCDwzfNLaCs0FMrHT4ljjCEfVJZHZN60qT4XepJZb17P
fK2P/LGJ2BdT493ZH89Z5I82dYVPwnxNo16d27/IaZHw6MrY3FyXd0bDB5dhw/48
biDCaLuVIYI3Em7NPdpB1WoRhsxZM+UiBVYlo4/lLaWg4cfgz3VeV1Dt65kV8tk3
pbaD7tgv4nQ32IGrpmKQPmTHeI+ondMhfFBQN2JRnePZ5YDExrdYSsrT3CEylre8
8QuPDoUx82AkWoThEjOh3ndMiofjgYLeOQ9gavmZu0gPEjsoOkGlogGWBHfZ
-----END CERTIFICATE-----