Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154475.roa
File:                     AS154475.roa (raw, json)
Hash identifier:          YlnNx/A4S5rQiSj+FvcQPEUxlw7yISqDwWE0DKhGF1s=
Subject key identifier:   4D:86:3B:E1:A0:D3:1C:CD:8E:6B:D0:E4:EA:4E:5B:BE:7C:69:0F:D6
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7F9DD591F24B255504C951CBE922C5D2FB9F7B17
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154475.roa
Signing time:             Sat 02 May 2026 09:23:14 +0000
ROA not before:           Sat 02 May 2026 09:18:14 +0000
ROA not after:            Sat 01 May 2027 09:23:14 +0000
asID:                     154475
IP address blocks:        144.79.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:9d:d5:91:f2:4b:25:55:04:c9:51:cb:e9:22:c5:d2:fb:9f:7b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:14 2026 GMT
            Not After : May  1 09:23:14 2027 GMT
        Subject: CN=4D863BE1A0D31CCD8E6BD0E4EA4E5BBE7C690FD6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ea:5e:80:2c:6c:5b:94:5a:ad:a5:44:31:91:
                    e6:04:d7:17:2c:f0:78:dc:0b:d9:75:16:9c:5c:89:
                    78:2e:4d:45:f3:f0:7a:72:aa:cb:42:e9:56:94:25:
                    91:89:55:15:88:1f:6e:c2:81:fe:f0:83:63:fb:59:
                    95:08:dd:0c:2c:5b:e4:47:fb:42:26:91:b8:b1:d5:
                    e4:fb:4c:e8:b8:5d:1f:3e:7d:f9:6e:30:9e:24:5a:
                    2b:bc:1a:07:06:59:c4:c9:dd:4c:90:40:00:93:ff:
                    49:35:25:09:a9:9d:64:70:19:31:3c:4b:f5:2e:38:
                    eb:84:97:c0:e5:49:91:da:78:c5:24:0b:e8:78:0d:
                    2c:ba:69:96:4b:e7:da:ce:a2:88:37:05:82:74:4e:
                    c0:2e:01:68:0f:0c:62:e5:72:1e:e2:bf:7e:68:f5:
                    35:03:0b:0b:43:a4:ee:16:f6:55:b1:41:52:9f:9b:
                    a6:a8:30:5b:12:a5:ed:fd:b7:65:60:31:2b:24:e7:
                    50:cb:47:d6:05:57:f6:5a:cd:66:22:47:5c:75:90:
                    f2:51:d6:8d:94:f8:ea:20:95:6f:5b:27:15:40:fd:
                    37:4a:7a:2e:5c:74:63:a2:23:63:1d:e4:e5:aa:73:
                    d5:48:bf:a5:61:f9:1b:6d:21:24:c6:bd:5f:4f:fd:
                    c1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:86:3B:E1:A0:D3:1C:CD:8E:6B:D0:E4:EA:4E:5B:BE:7C:69:0F:D6
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154475.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:1e:77:e4:df:a3:a6:a1:9d:d1:f9:4d:4d:c3:59:77:e3:22:
         10:86:56:4b:a7:ef:b0:05:88:46:2f:bc:bd:dc:63:8b:9f:7c:
         bf:6a:8d:dd:77:cf:57:f1:ca:3d:66:dc:29:d7:c2:41:6b:3a:
         62:1f:22:87:5b:e7:1c:96:c5:e5:69:b9:0c:74:87:66:02:9c:
         d9:8d:7d:44:9d:2d:1c:63:3e:a9:13:9b:83:a6:f5:31:7f:df:
         1e:de:b2:59:1c:da:41:87:be:c4:2a:d2:94:f8:e3:6d:90:a9:
         b2:6f:95:60:5d:af:11:26:01:0a:b5:41:66:4c:57:7b:d2:6a:
         bc:25:f2:83:b5:04:84:44:68:26:cb:1b:c5:dc:31:ff:c1:6e:
         3e:e3:68:df:21:78:b1:07:55:a3:b7:20:f7:8b:83:06:84:a6:
         22:3f:d3:a9:a0:a1:88:9c:68:7b:0a:5a:60:66:7d:ad:25:64:
         07:ca:df:ec:51:a6:11:9a:4f:2a:4c:55:13:0d:32:7d:3c:cb:
         79:b5:7e:92:34:f3:00:a7:d8:60:28:2e:b4:51:8d:81:04:e8:
         04:d9:1f:8f:c6:0c:89:e0:c7:e0:78:c6:79:1c:00:29:a7:28:
         7d:06:6d:0e:fa:8f:08:85:df:29:7c:19:ec:f8:6b:09:93:74:
         24:87:a6:53
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUf53VkfJLJVUEyVHL6SLF0vufexcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxNFoX
DTI3MDUwMTA5MjMxNFowMzExMC8GA1UEAxMoNEQ4NjNCRTFBMEQzMUNDRDhFNkJE
MEU0RUE0RTVCQkU3QzY5MEZENjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMvqXoAsbFuUWq2lRDGR5gTXFyzweNwL2XUWnFyJeC5NRfPwenKqy0LpVpQl
kYlVFYgfbsKB/vCDY/tZlQjdDCxb5Ef7QiaRuLHV5PtM6LhdHz59+W4wniRaK7wa
BwZZxMndTJBAAJP/STUlCamdZHAZMTxL9S4464SXwOVJkdp4xSQL6HgNLLpplkvn
2s6iiDcFgnROwC4BaA8MYuVyHuK/fmj1NQMLC0Ok7hb2VbFBUp+bpqgwWxKl7f23
ZWAxKyTnUMtH1gVX9lrNZiJHXHWQ8lHWjZT46iCVb1snFUD9N0p6Llx0Y6IjYx3k
5apz1Ui/pWH5G20hJMa9X0/9wT8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRNhjvh
oNMczY5r0OTqTlu+fGkP1jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0NDc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE/WMA0GCSqGSIb3DQEBCwUAA4IBAQAPHnfk36OmoZ3R+U1Nw1l34yIQ
hlZLp++wBYhGL7y93GOLn3y/ao3dd89X8co9Ztwp18JBazpiHyKHW+cclsXlabkM
dIdmApzZjX1EnS0cYz6pE5uDpvUxf98e3rJZHNpBh77EKtKU+ONtkKmyb5VgXa8R
JgEKtUFmTFd70mq8JfKDtQSERGgmyxvF3DH/wW4+42jfIXixB1WjtyD3i4MGhKYi
P9OpoKGInGh7ClpgZn2tJWQHyt/sUaYRmk8qTFUTDTJ9PMt5tX6SNPMAp9hgKC60
UY2BBOgE2R+PxgyJ4MfgeMZ5HAAppyh9Bm0O+o8Ihd8pfBns+GsJk3Qkh6ZT
-----END CERTIFICATE-----