Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152370.roa
File:                     AS152370.roa (raw, json)
Hash identifier:          g1KSD9WNrd1m/EV8pA4WPCNF83I2aM1JleTVnp+k/Bc=
Subject key identifier:   21:90:44:EE:99:E9:CF:E1:F9:AA:E4:82:9B:03:47:A0:59:8B:11:B4
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       392B59E3FAC06CFD0CB8A911B800798C2D22E714
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152370.roa
Signing time:             Sat 02 May 2026 09:21:10 +0000
ROA not before:           Sat 02 May 2026 09:16:10 +0000
ROA not after:            Sat 01 May 2027 09:21:10 +0000
asID:                     152370
IP address blocks:        103.215.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:2b:59:e3:fa:c0:6c:fd:0c:b8:a9:11:b8:00:79:8c:2d:22:e7:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:10 2026 GMT
            Not After : May  1 09:21:10 2027 GMT
        Subject: CN=219044EE99E9CFE1F9AAE4829B0347A0598B11B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:4e:72:f9:f0:9a:1e:52:0d:66:45:95:1a:
                    6e:77:96:1d:c4:92:8b:8b:c0:67:8d:74:8a:01:16:
                    ca:67:20:78:c5:67:5b:ff:58:90:6a:ac:93:66:81:
                    53:34:56:aa:17:26:9b:fa:ca:87:11:38:29:7f:4a:
                    bb:02:c6:ff:cf:0c:cf:89:b6:86:91:8c:19:35:ff:
                    db:6f:25:91:a6:b3:02:dc:22:19:a0:a0:06:43:69:
                    1c:aa:cc:4d:09:71:40:c8:9f:16:84:f8:ff:22:16:
                    56:ec:1a:4a:56:4b:19:8f:69:ba:78:0b:8a:02:dd:
                    0e:9d:c8:15:cc:f3:44:13:0d:49:36:7f:70:cc:c3:
                    52:69:0c:96:6c:c0:0c:09:5e:98:2d:ad:c5:63:68:
                    b7:ca:28:fb:f0:b4:eb:f4:c0:a4:00:a2:9a:83:38:
                    dd:8b:c9:30:a0:f2:8c:ca:51:01:f2:7e:9b:54:71:
                    d2:d6:a7:5a:48:17:d7:eb:5f:4d:c9:75:c9:a7:d1:
                    b4:b2:e7:85:d7:94:72:a7:59:f6:d9:f6:5d:76:54:
                    89:ce:52:36:dc:87:1e:72:92:69:b4:fe:34:e9:52:
                    bf:81:d8:a0:cb:e3:f5:7a:0d:88:3b:09:38:1b:3d:
                    1e:06:36:91:ae:d6:e7:ae:a1:b1:fb:2b:d0:f8:08:
                    6a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:90:44:EE:99:E9:CF:E1:F9:AA:E4:82:9B:03:47:A0:59:8B:11:B4
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152370.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:4c:c1:bb:82:50:b8:60:9d:55:60:20:31:dc:52:7f:62:40:
         80:8b:9c:cd:fa:65:53:8e:3e:8b:80:6a:98:2e:85:4c:9c:db:
         50:83:c3:56:3f:fe:c1:d5:49:61:bf:40:df:fe:e0:d9:9f:91:
         ff:ee:56:d3:88:da:e4:45:da:14:31:91:19:77:e6:4e:60:f5:
         54:11:d1:94:4d:36:85:98:cd:1e:31:1e:1c:ce:f7:5b:c9:f3:
         72:de:19:c8:ed:a8:3d:6d:41:2b:99:05:ee:88:46:86:06:2c:
         7d:33:20:24:e5:b7:fc:d5:4e:1d:02:36:d8:d5:2e:00:75:1d:
         01:6a:3b:e5:6a:1f:c1:14:70:77:93:b1:98:7c:0c:4a:be:c8:
         7f:0e:2a:cb:40:6e:6e:19:c3:5b:70:ee:8a:98:a5:37:35:0a:
         77:4c:4d:67:ef:79:70:2e:ff:90:d8:9f:e1:13:b4:20:8d:2e:
         81:a3:c1:7a:4d:42:31:1d:01:48:40:32:65:e5:d2:d3:a7:0f:
         bf:77:28:0d:be:d6:87:ed:32:af:b4:40:47:e1:18:0c:98:2a:
         58:db:a3:c1:ad:9f:e0:4d:a9:eb:a2:e6:26:0e:d1:a8:1a:38:
         ab:ec:e2:25:71:e3:28:38:27:53:76:d7:d2:ce:d5:26:96:6a:
         7b:dd:0f:8f
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOStZ4/rAbP0MuKkRuAB5jC0i5xQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYxMFoX
DTI3MDUwMTA5MjExMFowMzExMC8GA1UEAxMoMjE5MDQ0RUU5OUU5Q0ZFMUY5QUFF
NDgyOUIwMzQ3QTA1OThCMTFCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALM3TnL58JoeUg1mRZUabneWHcSSi4vAZ410igEWymcgeMVnW/9YkGqsk2aB
UzRWqhcmm/rKhxE4KX9KuwLG/88Mz4m2hpGMGTX/228lkaazAtwiGaCgBkNpHKrM
TQlxQMifFoT4/yIWVuwaSlZLGY9pungLigLdDp3IFczzRBMNSTZ/cMzDUmkMlmzA
DAlemC2txWNot8oo+/C06/TApACimoM43YvJMKDyjMpRAfJ+m1Rx0tanWkgX1+tf
Tcl1yafRtLLnhdeUcqdZ9tn2XXZUic5SNtyHHnKSabT+NOlSv4HYoMvj9XoNiDsJ
OBs9HgY2ka7W566hsfsr0PgIarsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQhkETu
menP4fmq5IKbA0egWYsRtDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyMzcwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ9dGMA0GCSqGSIb3DQEBCwUAA4IBAQANTMG7glC4YJ1VYCAx3FJ/YkCA
i5zN+mVTjj6LgGqYLoVMnNtQg8NWP/7B1Ulhv0Df/uDZn5H/7lbTiNrkRdoUMZEZ
d+ZOYPVUEdGUTTaFmM0eMR4czvdbyfNy3hnI7ag9bUErmQXuiEaGBix9MyAk5bf8
1U4dAjbY1S4AdR0Bajvlah/BFHB3k7GYfAxKvsh/DirLQG5uGcNbcO6KmKU3NQp3
TE1n73lwLv+Q2J/hE7QgjS6Bo8F6TUIxHQFIQDJl5dLTpw+/dygNvtaH7TKvtEBH
4RgMmCpY26PBrZ/gTanrouYmDtGoGjir7OIlceMoOCdTdtfSztUmlmp73Q+P
-----END CERTIFICATE-----