Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152060.roa
File:                     AS152060.roa (raw, json)
Hash identifier:          +P+0tcQnqeU3OVXgwKPXAkzEHy7TfBcyq0tekUDS8Xw=
Subject key identifier:   D0:46:EB:63:09:9E:C9:4C:C5:5E:D4:DD:74:B2:A4:0D:35:A0:C0:04
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6FD594BB14A79804C4A4B31DE5AB242EF0EF9072
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152060.roa
Signing time:             Sat 02 May 2026 13:22:58 +0000
ROA not before:           Sat 02 May 2026 13:17:58 +0000
ROA not after:            Sat 01 May 2027 13:22:58 +0000
asID:                     152060
IP address blocks:        113.192.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d5:94:bb:14:a7:98:04:c4:a4:b3:1d:e5:ab:24:2e:f0:ef:90:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 13:17:58 2026 GMT
            Not After : May  1 13:22:58 2027 GMT
        Subject: CN=D046EB63099EC94CC55ED4DD74B2A40D35A0C004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:63:64:0d:6b:16:ca:d9:16:27:e8:36:ab:a8:
                    27:71:0f:af:d7:bc:d1:fa:5d:eb:2f:78:33:20:9e:
                    56:1c:b5:6d:c0:42:38:c3:98:b1:78:e1:2a:21:45:
                    6e:70:b3:0f:5c:89:91:c9:cd:e3:51:f9:ba:81:1f:
                    f0:12:60:76:72:94:56:4b:71:a1:fc:47:46:b4:64:
                    a4:f4:14:ad:b9:65:0e:cd:71:74:ec:14:e1:e2:46:
                    0d:f9:95:c5:39:88:cf:db:08:19:7e:ce:38:76:24:
                    40:83:98:38:58:36:80:4b:85:5b:fe:27:52:f7:17:
                    73:96:ad:6f:af:7c:d0:94:9c:8a:35:f2:21:92:ac:
                    7f:0b:b8:2b:92:d6:14:b8:66:a8:20:02:63:5a:49:
                    bb:10:e9:cc:d1:d7:3b:3f:c5:7a:a4:90:7b:ab:b3:
                    15:ce:7c:1b:3e:8e:fb:02:b2:b5:f8:fc:ea:bd:fa:
                    35:9d:bc:b9:09:20:e9:49:f1:44:f6:53:68:d3:c3:
                    72:3a:9b:7a:13:52:84:b9:cb:d4:07:60:fa:e4:35:
                    1e:32:7c:cf:a6:49:09:91:b2:47:a3:eb:00:d4:1e:
                    79:54:ee:4f:5b:62:d9:81:21:f3:4f:7f:6f:1b:c8:
                    78:a7:0b:7e:69:d1:93:ce:ca:75:b9:79:84:26:f4:
                    e4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:46:EB:63:09:9E:C9:4C:C5:5E:D4:DD:74:B2:A4:0D:35:A0:C0:04
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152060.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.192.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:be:ea:9e:24:d0:7f:97:e3:4b:8b:bd:e3:01:84:64:00:52:
         bf:3f:09:af:5e:32:76:48:e2:a8:86:cb:d6:32:ae:b3:7e:8a:
         ce:47:04:84:66:a5:bf:50:c8:43:ad:ce:98:b0:94:fa:ff:d7:
         ae:14:8b:31:77:53:2f:46:6c:d6:9d:a4:78:ae:aa:2a:e1:99:
         96:b4:40:21:d6:64:e2:95:f2:26:fa:63:12:98:db:51:e2:4f:
         b0:b6:97:60:36:92:54:86:fd:0a:68:d9:6b:ee:fa:3e:02:93:
         c7:2a:b3:ba:36:e4:94:48:fd:c5:5a:50:a0:a5:5a:0c:e5:08:
         52:82:ad:43:b3:6e:09:ec:42:f7:2d:1f:81:3b:b9:e5:11:e2:
         f8:62:5b:21:75:1e:8d:6d:0c:56:38:2a:4a:ca:cd:04:02:e2:
         07:59:f5:c5:e7:36:c5:33:2f:47:30:b4:04:1f:0d:cb:f0:bc:
         0b:51:d8:8c:2b:8c:2a:f5:07:f0:f0:73:4e:9d:21:1a:88:70:
         6f:48:ac:09:f9:db:ab:e5:54:20:e6:88:1e:a0:8d:96:3d:f4:
         ba:f1:a8:c6:f5:df:c8:b7:13:5d:96:a5:ca:07:98:2c:e6:df:
         73:de:95:15:ba:45:b9:82:ff:b6:b0:32:08:d1:a6:e7:22:54:
         d5:a1:20:78
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUb9WUuxSnmATEpLMd5askLvDvkHIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjEzMTc1OFoX
DTI3MDUwMTEzMjI1OFowMzExMC8GA1UEAxMoRDA0NkVCNjMwOTlFQzk0Q0M1NUVE
NERENzRCMkE0MEQzNUEwQzAwNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFjZA1rFsrZFifoNquoJ3EPr9e80fpd6y94MyCeVhy1bcBCOMOYsXjhKiFF
bnCzD1yJkcnN41H5uoEf8BJgdnKUVktxofxHRrRkpPQUrbllDs1xdOwU4eJGDfmV
xTmIz9sIGX7OOHYkQIOYOFg2gEuFW/4nUvcXc5atb6980JScijXyIZKsfwu4K5LW
FLhmqCACY1pJuxDpzNHXOz/FeqSQe6uzFc58Gz6O+wKytfj86r36NZ28uQkg6Unx
RPZTaNPDcjqbehNShLnL1Adg+uQ1HjJ8z6ZJCZGyR6PrANQeeVTuT1ti2YEh809/
bxvIeKcLfmnRk87Kdbl5hCb05BsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTQRutj
CZ7JTMVe1N10sqQNNaDABDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyMDYwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBccAAMA0GCSqGSIb3DQEBCwUAA4IBAQB5vuqeJNB/l+NLi73jAYRkAFK/
PwmvXjJ2SOKohsvWMq6zforORwSEZqW/UMhDrc6YsJT6/9euFIsxd1MvRmzWnaR4
rqoq4ZmWtEAh1mTilfIm+mMSmNtR4k+wtpdgNpJUhv0KaNlr7vo+ApPHKrO6NuSU
SP3FWlCgpVoM5QhSgq1Ds24J7EL3LR+BO7nlEeL4YlshdR6NbQxWOCpKys0EAuIH
WfXF5zbFMy9HMLQEHw3L8LwLUdiMK4wq9Qfw8HNOnSEaiHBvSKwJ+dur5VQg5oge
oI2WPfS68ajG9d/ItxNdlqXKB5gs5t9z3pUVukW5gv+2sDII0abnIlTVoSB4
-----END CERTIFICATE-----