Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152057.roa
File:                     AS152057.roa (raw, json)
Hash identifier:          YXEYfMLCxyhbHYPVo4JT5e/4zjzajzVz+kzAjl0W2Gg=
Subject key identifier:   8A:27:93:32:9B:AC:7B:C8:12:8B:08:BF:99:FC:00:04:D2:04:DB:1C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3A39A7DE55409089139CAC2813B4C572717E34CC
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152057.roa
Signing time:             Sat 02 May 2026 21:36:29 +0000
ROA not before:           Sat 02 May 2026 21:31:29 +0000
ROA not after:            Sat 01 May 2027 21:36:29 +0000
asID:                     152057
IP address blocks:        2407:87c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:39:a7:de:55:40:90:89:13:9c:ac:28:13:b4:c5:72:71:7e:34:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:31:29 2026 GMT
            Not After : May  1 21:36:29 2027 GMT
        Subject: CN=8A2793329BAC7BC8128B08BF99FC0004D204DB1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:89:b3:05:4c:36:a1:b7:17:b2:b8:d7:a3:c6:
                    27:d0:6a:b6:a9:ec:36:ef:a8:a4:5b:96:5b:29:d6:
                    13:a2:d5:96:dc:06:ba:ff:d8:39:e5:e4:37:f3:6d:
                    8b:34:3d:a1:6f:23:c0:e7:57:7d:a5:a9:c2:d4:0d:
                    72:d9:27:f3:bc:50:04:94:34:b6:e5:25:7b:28:15:
                    43:d4:d2:9a:4b:ca:9f:fb:b2:fa:9e:35:d0:36:8b:
                    8d:dd:f0:9d:df:0a:8b:81:31:9d:0c:76:b9:a2:5c:
                    2c:b1:23:a2:d8:1a:99:76:42:a3:8c:c9:e9:ab:5e:
                    eb:77:6b:e9:5c:d3:2a:cf:13:ff:5f:ee:77:61:28:
                    bf:eb:7c:ec:7f:d8:75:09:ef:f6:bf:5c:d8:75:65:
                    01:69:bb:90:c1:c6:81:50:8e:c8:1f:ec:73:35:e9:
                    d0:e7:c2:5b:f7:40:f5:7a:14:59:75:a2:69:60:c4:
                    b0:81:6f:96:54:c0:f0:cc:75:0e:4c:ff:a1:5c:91:
                    27:b5:3e:af:5c:5a:f8:5a:e5:4c:6b:93:34:cc:78:
                    b2:7e:b3:21:64:cc:be:5a:23:3f:e8:be:7d:61:ef:
                    41:5c:28:2a:fc:34:f9:0f:9e:3e:cb:dc:01:b5:a3:
                    7a:14:52:e2:f9:e8:9f:34:2b:4b:94:79:88:bf:44:
                    1e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:27:93:32:9B:AC:7B:C8:12:8B:08:BF:99:FC:00:04:D2:04:DB:1C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152057.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:87c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:82:d2:8b:6d:a9:ad:7c:01:08:b8:25:4f:f1:86:31:aa:8d:
         79:31:22:a1:b4:6a:50:26:33:42:c7:8a:de:2e:c0:d4:84:21:
         a7:4d:18:db:4f:2b:9f:04:6e:b0:cd:c7:ea:b4:e6:52:15:f0:
         49:68:ca:d5:ec:dd:72:a4:97:7c:7e:81:0b:ca:6b:c5:a5:67:
         02:88:4d:3b:58:d2:d1:6b:6c:78:ad:4b:08:62:82:c2:8d:9e:
         04:14:c5:bb:70:49:d4:33:26:41:3e:63:c2:5d:d5:ad:ab:76:
         d5:0f:0b:20:66:13:b6:bc:90:9d:38:37:79:a9:d4:53:cc:db:
         01:11:93:e1:e3:5e:02:af:eb:d5:98:ee:2f:3b:ef:63:c4:5d:
         50:5a:95:3f:1b:36:c1:2b:cb:3c:05:af:00:8c:2e:6d:81:01:
         b2:22:db:4e:40:60:25:46:a0:70:1e:e1:d0:6e:c2:18:d8:e8:
         de:38:61:e8:51:4b:ca:e5:24:39:c1:2c:f4:12:b2:e1:a5:57:
         0e:2d:ab:ca:99:fe:23:65:5a:cf:24:1d:44:bf:b8:c1:ad:c0:
         66:ab:5e:9f:55:09:ac:a4:fa:42:7a:59:17:09:fa:01:54:7f:
         c9:03:c5:7b:92:b3:f6:98:55:b3:41:55:b7:55:cd:9e:01:e6:
         5a:0a:a8:bd
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUOjmn3lVAkIkTnKwoE7TFcnF+NMwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMzEyOVoX
DTI3MDUwMTIxMzYyOVowMzExMC8GA1UEAxMoOEEyNzkzMzI5QkFDN0JDODEyOEIw
OEJGOTlGQzAwMDREMjA0REIxQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALqJswVMNqG3F7K416PGJ9BqtqnsNu+opFuWWynWE6LVltwGuv/YOeXkN/Nt
izQ9oW8jwOdXfaWpwtQNctkn87xQBJQ0tuUleygVQ9TSmkvKn/uy+p410DaLjd3w
nd8Ki4ExnQx2uaJcLLEjotgamXZCo4zJ6ate63dr6VzTKs8T/1/ud2Eov+t87H/Y
dQnv9r9c2HVlAWm7kMHGgVCOyB/sczXp0OfCW/dA9XoUWXWiaWDEsIFvllTA8Mx1
Dkz/oVyRJ7U+r1xa+FrlTGuTNMx4sn6zIWTMvlojP+i+fWHvQVwoKvw0+Q+ePsvc
AbWjehRS4vnonzQrS5R5iL9EHrcCAwEAAaOCAc0wggHJMB0GA1UdDgQWBBSKJ5My
m6x7yBKLCL+Z/AAE0gTbHDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyMDU3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIA
AjAHAwUAJAeHwDANBgkqhkiG9w0BAQsFAAOCAQEAaILSi22prXwBCLglT/GGMaqN
eTEiobRqUCYzQseK3i7A1IQhp00Y208rnwRusM3H6rTmUhXwSWjK1ezdcqSXfH6B
C8prxaVnAohNO1jS0WtseK1LCGKCwo2eBBTFu3BJ1DMmQT5jwl3Vrat21Q8LIGYT
tryQnTg3eanUU8zbARGT4eNeAq/r1ZjuLzvvY8RdUFqVPxs2wSvLPAWvAIwubYEB
siLbTkBgJUagcB7h0G7CGNjo3jhh6FFLyuUkOcEs9BKy4aVXDi2rypn+I2VazyQd
RL+4wa3AZqten1UJrKT6QnpZFwn6AVR/yQPFe5Kz9phVs0FVt1XNngHmWgqovQ==
-----END CERTIFICATE-----