Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS64308.roa
File:                     AS64308.roa (raw, json)
Hash identifier:          R0J5yf6tI3c1VJOTHYpLEYl6YbjzmOFXzs9h//Tkgn4=
Subject key identifier:   F4:47:E7:21:10:71:B0:28:DC:F5:88:42:E4:B4:7F:4F:EE:7F:46:CA
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2421C0C8BCCD5BCD188B15D56E8A8E76101421D8
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS64308.roa
Signing time:             Sat 02 May 2026 09:23:40 +0000
ROA not before:           Sat 02 May 2026 09:18:40 +0000
ROA not after:            Sat 01 May 2027 09:23:40 +0000
asID:                     64308
IP address blocks:        157.20.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:21:c0:c8:bc:cd:5b:cd:18:8b:15:d5:6e:8a:8e:76:10:14:21:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:40 2026 GMT
            Not After : May  1 09:23:40 2027 GMT
        Subject: CN=F447E7211071B028DCF58842E4B47F4FEE7F46CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b3:74:c0:ed:dd:7c:83:ce:2c:a6:58:c0:3a:
                    ed:26:c3:b5:0e:c1:65:c9:cc:cc:d7:d8:a1:f7:ec:
                    2e:55:c8:86:04:85:49:36:83:6f:92:63:49:8b:ae:
                    7a:c4:b6:ab:bd:d1:66:80:b2:cc:8e:4a:83:86:e4:
                    e2:2a:14:80:d0:ec:bb:8f:f5:c9:87:5f:a7:64:e7:
                    86:10:78:47:13:a4:a8:63:33:d8:c7:69:df:2d:87:
                    66:eb:52:9b:98:17:ea:b7:4d:6c:82:73:3e:23:4d:
                    4f:6f:b5:60:96:21:96:46:3f:98:21:3f:a8:a2:95:
                    59:fa:ac:e8:20:6d:e7:33:0a:e8:8e:fd:84:8c:e3:
                    54:62:10:90:a2:e6:53:04:b1:4b:55:74:c9:ee:05:
                    11:9c:80:8a:f7:05:33:c6:8b:46:5e:2f:b6:f9:4d:
                    47:d1:6a:d3:52:ca:78:c4:28:c3:cf:da:3f:be:47:
                    5b:d0:0d:b3:cb:19:3c:12:21:ee:3d:ee:fa:fe:ff:
                    39:7a:56:4e:44:de:f9:b8:25:eb:8a:c6:25:01:af:
                    da:cb:b7:64:f9:47:88:fb:3f:1c:2a:9f:46:25:3e:
                    a0:f6:65:1e:88:de:5d:52:51:da:30:aa:de:17:ce:
                    f3:c3:2c:4d:a3:af:b4:79:b2:a7:10:2c:c9:59:11:
                    0b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:47:E7:21:10:71:B0:28:DC:F5:88:42:E4:B4:7F:4F:EE:7F:46:CA
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS64308.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:3a:16:ef:c3:21:5f:bd:14:11:16:f4:e9:e3:af:a5:ca:1f:
         9a:6e:b0:89:3e:1f:1c:12:77:8f:71:48:19:7b:e2:67:41:5c:
         38:bd:88:fa:f8:06:4a:af:72:84:36:c2:fd:81:c5:db:71:c5:
         7b:fc:34:6a:e5:67:a7:bf:d9:b2:78:6f:94:ea:04:4e:2f:17:
         ee:35:cb:d9:62:11:0b:59:9e:e6:44:79:86:85:6f:d5:8b:48:
         5b:cb:cd:e4:a5:23:26:36:3c:c5:f9:e4:34:07:fd:55:ef:aa:
         5a:2a:cd:1f:5a:21:54:e8:f8:ab:05:ca:8a:80:50:45:f6:64:
         e4:4d:06:2c:f4:fd:4d:9e:5a:88:90:5c:74:24:a9:b6:65:54:
         2a:71:52:64:fa:12:7a:4b:0a:70:57:38:98:00:bc:97:d4:3f:
         4a:a2:1f:0d:07:ac:8f:c3:d8:5f:1a:c9:ce:53:53:45:b0:d8:
         10:22:d8:be:a6:50:1d:4b:26:1d:f7:74:c9:58:f9:aa:b2:a8:
         97:a5:b1:18:d7:cd:fb:b1:9c:c4:af:87:1e:57:25:be:9e:89:
         20:b0:8c:c8:44:db:fa:8c:99:8a:73:b9:59:09:ce:10:e1:db:
         1b:18:8c:dd:ee:b2:f8:3c:1a:7a:4e:b0:cd:c3:43:15:9c:73:
         a5:1b:4d:64
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUJCHAyLzNW80YixXVboqOdhAUIdgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg0MFoX
DTI3MDUwMTA5MjM0MFowMzExMC8GA1UEAxMoRjQ0N0U3MjExMDcxQjAyOERDRjU4
ODQyRTRCNDdGNEZFRTdGNDZDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANyzdMDt3XyDziymWMA67SbDtQ7BZcnMzNfYoffsLlXIhgSFSTaDb5JjSYuu
esS2q73RZoCyzI5Kg4bk4ioUgNDsu4/1yYdfp2TnhhB4RxOkqGMz2Mdp3y2HZutS
m5gX6rdNbIJzPiNNT2+1YJYhlkY/mCE/qKKVWfqs6CBt5zMK6I79hIzjVGIQkKLm
UwSxS1V0ye4FEZyAivcFM8aLRl4vtvlNR9Fq01LKeMQow8/aP75HW9ANs8sZPBIh
7j3u+v7/OXpWTkTe+bgl64rGJQGv2su3ZPlHiPs/HCqfRiU+oPZlHojeXVJR2jCq
3hfO88MsTaOvtHmypxAsyVkRC0ECAwEAAaOCAcswggHHMB0GA1UdDgQWBBT0R+ch
EHGwKNz1iELktH9P7n9GyjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTNjQzMDgucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACdFNIwDQYJKoZIhvcNAQELBQADggEBADY6Fu/DIV+9FBEW9Onjr6XKH5pu
sIk+HxwSd49xSBl74mdBXDi9iPr4BkqvcoQ2wv2BxdtxxXv8NGrlZ6e/2bJ4b5Tq
BE4vF+41y9liEQtZnuZEeYaFb9WLSFvLzeSlIyY2PMX55DQH/VXvqloqzR9aIVTo
+KsFyoqAUEX2ZORNBiz0/U2eWoiQXHQkqbZlVCpxUmT6EnpLCnBXOJgAvJfUP0qi
Hw0HrI/D2F8ayc5TU0Ww2BAi2L6mUB1LJh33dMlY+aqyqJelsRjXzfuxnMSvhx5X
Jb6eiSCwjMhE2/qMmYpzuVkJzhDh2xsYjN3usvg8GnpOsM3DQxWcc6UbTWQ=
-----END CERTIFICATE-----