Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154400.roa
File:                     AS154400.roa (raw, json)
Hash identifier:          /d46iWOrRKmKJhLRBBGNgTh6pvRlrBB5Ldc89YGKi20=
Subject key identifier:   01:7D:1E:A3:12:C3:A2:EB:DE:A4:8D:90:1A:8F:9A:32:5C:1E:89:E4
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7AE1CDB494387808A36D2066F5830DAA683FF177
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154400.roa
Signing time:             Sat 02 May 2026 09:22:56 +0000
ROA not before:           Sat 02 May 2026 09:17:56 +0000
ROA not after:            Sat 01 May 2027 09:22:56 +0000
asID:                     154400
IP address blocks:        144.79.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:e1:cd:b4:94:38:78:08:a3:6d:20:66:f5:83:0d:aa:68:3f:f1:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:56 2026 GMT
            Not After : May  1 09:22:56 2027 GMT
        Subject: CN=017D1EA312C3A2EBDEA48D901A8F9A325C1E89E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7d:ea:1e:bf:64:bf:5b:bb:d5:40:de:02:cf:
                    73:1e:e9:71:ed:f1:30:76:de:67:62:07:17:51:97:
                    7b:04:fa:e1:aa:3c:ff:c1:af:f9:5f:23:dd:49:e8:
                    72:6c:b7:e4:68:b9:c2:99:61:94:19:d1:52:8c:a2:
                    64:dd:77:87:68:4d:74:20:3a:f8:b4:8b:50:2e:89:
                    92:b4:17:c5:d2:51:63:75:6c:10:c8:30:0f:fe:ad:
                    41:6f:ce:86:7a:93:88:b3:20:17:cb:1b:9d:34:e5:
                    6a:86:34:46:52:e6:51:a7:52:f7:cc:5d:ac:7c:8b:
                    3c:ba:86:fa:8c:27:34:ea:75:43:9a:de:27:12:52:
                    f4:2f:86:d5:24:02:98:3f:e6:b3:f7:20:fa:40:e9:
                    16:fd:90:40:32:c3:8a:84:c0:3a:eb:cc:77:e5:27:
                    1d:4d:da:f7:3b:ce:11:c6:0b:3c:60:f8:31:7d:20:
                    49:e2:16:c7:da:84:91:af:0a:e0:6d:05:2a:5c:3a:
                    54:b4:5f:c5:fd:5c:5f:57:1c:92:ea:aa:2c:42:07:
                    8f:24:17:fb:4c:5d:d1:79:fb:1e:d5:8c:c5:35:ab:
                    d4:c6:0d:52:1a:2a:42:1f:de:6a:b4:ec:1d:84:aa:
                    f9:3a:4e:24:7c:2f:f1:d7:9f:ce:b0:ad:3a:92:5f:
                    42:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7D:1E:A3:12:C3:A2:EB:DE:A4:8D:90:1A:8F:9A:32:5C:1E:89:E4
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154400.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:25:b6:c1:9c:d5:0c:c1:16:bc:f6:e8:26:bd:40:ee:72:60:
         8b:02:a3:b0:95:4c:a6:0e:51:8b:47:10:22:54:8c:24:ca:b0:
         1e:d3:ed:00:40:93:b8:ca:ed:68:a9:70:02:a4:c6:22:af:df:
         35:86:84:a8:5d:ba:1e:3a:5b:4a:eb:13:e6:aa:1f:96:e3:79:
         87:c4:d1:ee:bf:4f:0b:84:8e:73:cf:60:f1:68:46:14:b5:b6:
         ea:88:d5:8b:33:fa:22:62:24:f8:07:16:5c:00:cd:c0:9b:73:
         f3:4b:26:a6:97:98:0e:9f:3f:27:44:56:ba:4b:85:f0:05:82:
         cd:cf:93:45:67:33:23:71:a4:fd:81:75:a6:44:36:4b:d2:cb:
         f9:52:d4:64:5d:e0:03:3f:b6:ff:76:34:2d:9b:01:98:a2:81:
         ef:21:51:ce:3f:01:d7:6f:79:79:6e:a1:3e:3e:02:c2:fc:9b:
         e4:1b:99:b2:a5:65:e4:a8:de:7a:0d:ed:8c:b3:e8:37:d8:9a:
         8a:1b:37:0d:b4:70:73:48:bb:2d:27:ba:4e:93:0a:cc:01:e8:
         45:26:92:d9:83:97:f6:d9:39:f2:ed:37:11:74:37:5e:bb:a0:
         dc:8a:7f:5b:43:55:75:7b:fd:21:5e:af:cf:1f:4c:e5:c4:07:
         8c:b7:9e:00
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeuHNtJQ4eAijbSBm9YMNqmg/8XcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1NloX
DTI3MDUwMTA5MjI1NlowMzExMC8GA1UEAxMoMDE3RDFFQTMxMkMzQTJFQkRFQTQ4
RDkwMUE4RjlBMzI1QzFFODlFNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANl96h6/ZL9bu9VA3gLPcx7pce3xMHbeZ2IHF1GXewT64ao8/8Gv+V8j3Uno
cmy35Gi5wplhlBnRUoyiZN13h2hNdCA6+LSLUC6JkrQXxdJRY3VsEMgwD/6tQW/O
hnqTiLMgF8sbnTTlaoY0RlLmUadS98xdrHyLPLqG+ownNOp1Q5reJxJS9C+G1SQC
mD/ms/cg+kDpFv2QQDLDioTAOuvMd+UnHU3a9zvOEcYLPGD4MX0gSeIWx9qEka8K
4G0FKlw6VLRfxf1cX1cckuqqLEIHjyQX+0xd0Xn7HtWMxTWr1MYNUhoqQh/earTs
HYSq+TpOJHwv8defzrCtOpJfQs0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQBfR6j
EsOi696kjZAaj5oyXB6J5DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0NDAwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE8JMA0GCSqGSIb3DQEBCwUAA4IBAQAyJbbBnNUMwRa89ugmvUDucmCL
AqOwlUymDlGLRxAiVIwkyrAe0+0AQJO4yu1oqXACpMYir981hoSoXboeOltK6xPm
qh+W43mHxNHuv08LhI5zz2DxaEYUtbbqiNWLM/oiYiT4BxZcAM3Am3PzSyaml5gO
nz8nRFa6S4XwBYLNz5NFZzMjcaT9gXWmRDZL0sv5UtRkXeADP7b/djQtmwGYooHv
IVHOPwHXb3l5bqE+PgLC/JvkG5mypWXkqN56De2Ms+g32JqKGzcNtHBzSLstJ7pO
kwrMAehFJpLZg5f22Tny7TcRdDdeu6Dcin9bQ1V1e/0hXq/PH0zlxAeMt54A
-----END CERTIFICATE-----