Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152407.roa
File:                     AS152407.roa (raw, json)
Hash identifier:          jUAazXG92e1vdD02NHXyqMOtCDJjDeeHtxg/dpR7Prc=
Subject key identifier:   A4:35:7F:86:43:D5:6F:0D:21:10:2B:2B:93:34:A8:50:E8:22:09:7E
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       04B69C111DE03E6B2C7C0A2C02066238FF0B3DCA
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152407.roa
Signing time:             Sat 02 May 2026 09:27:16 +0000
ROA not before:           Sat 02 May 2026 09:22:16 +0000
ROA not after:            Sat 01 May 2027 09:27:16 +0000
asID:                     152407
IP address blocks:        2001:df6:86c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:b6:9c:11:1d:e0:3e:6b:2c:7c:0a:2c:02:06:62:38:ff:0b:3d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:16 2026 GMT
            Not After : May  1 09:27:16 2027 GMT
        Subject: CN=A4357F8643D56F0D21102B2B9334A850E822097E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d2:5e:00:fe:b5:8d:5a:17:4b:36:56:8b:37:
                    1d:49:f5:f3:d2:a8:64:bc:95:f1:7e:89:b3:3b:2d:
                    85:21:c9:ad:f7:18:98:64:dc:9b:93:46:d0:71:cb:
                    21:48:e8:ac:4d:0f:08:a9:5e:75:43:00:be:28:e0:
                    ae:a8:74:f7:98:2b:dc:9b:98:20:66:1f:04:2c:42:
                    f0:75:24:ce:b9:ae:98:58:be:2d:81:46:11:47:09:
                    ee:11:82:30:c0:d8:e8:de:ef:cc:35:8e:22:88:26:
                    68:ee:b7:1b:76:2a:96:a1:70:e5:c2:c4:20:c6:75:
                    f2:9b:7c:8c:c1:62:d2:3c:69:75:bb:0f:12:4b:3d:
                    e6:99:a9:d7:0c:69:c9:73:0d:c3:89:0f:ce:73:79:
                    36:40:cd:e1:28:c4:05:54:21:b4:47:4c:e0:3e:0d:
                    2d:b0:00:14:76:c8:c1:9c:4d:18:24:a7:a0:0e:98:
                    21:15:bd:9b:6c:13:d6:cf:f6:66:42:a6:44:70:b9:
                    21:34:25:d0:65:1b:31:b4:1a:8f:b3:d9:fa:53:3e:
                    70:5b:79:b5:dd:f6:f6:67:01:fc:34:01:95:8b:ed:
                    4d:3b:62:ec:bc:87:2b:37:29:7b:1c:84:d1:df:3a:
                    5d:72:5f:ad:1d:f5:3c:ff:79:3f:da:d4:37:87:9f:
                    2e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:35:7F:86:43:D5:6F:0D:21:10:2B:2B:93:34:A8:50:E8:22:09:7E
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:86c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:e8:f9:fe:06:67:66:03:49:12:00:8b:a4:6a:ec:55:ed:fd:
         dc:62:ca:20:60:05:86:c3:80:cc:8e:5c:76:bd:de:1d:68:c1:
         cf:f8:2d:77:36:66:2b:62:0b:7e:bd:5f:1e:ca:65:9d:30:67:
         b5:2b:f3:bd:f1:72:e2:e0:95:ee:dc:79:cf:ac:f7:34:bd:ec:
         33:5f:b5:50:34:a7:eb:ec:17:50:7a:55:bf:6a:08:aa:63:e5:
         7f:2c:05:e4:5a:43:05:09:3e:c0:d0:14:35:7b:79:f3:ee:94:
         ed:c2:ff:a9:e9:1b:b9:78:aa:e7:73:81:a1:74:49:03:49:4f:
         c9:1c:02:19:7d:50:8e:6f:d8:5a:49:08:cf:4d:bc:2f:cb:31:
         ca:d0:d6:e0:0a:b6:b7:0b:1b:38:06:08:1b:ef:30:33:6a:be:
         6e:c9:40:5c:a7:91:e4:3b:9d:18:f9:e6:c2:cf:a2:d3:47:2c:
         a0:d4:24:73:fd:b0:64:34:93:97:eb:66:43:27:e2:2f:69:fe:
         a8:29:0c:e0:80:6e:5b:98:33:1f:d8:cf:4b:78:f2:cb:35:64:
         0e:24:ac:bb:7c:3d:7d:86:a8:9e:86:7c:27:27:e5:46:2e:62:
         52:cf:41:89:11:12:b7:37:f4:af:1c:76:f3:d8:54:74:4d:4c:
         ad:d0:32:95
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUBLacER3gPmssfAosAgZiOP8LPcowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIxNloX
DTI3MDUwMTA5MjcxNlowMzExMC8GA1UEAxMoQTQzNTdGODY0M0Q1NkYwRDIxMTAy
QjJCOTMzNEE4NTBFODIyMDk3RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXSXgD+tY1aF0s2Vos3HUn189KoZLyV8X6JszsthSHJrfcYmGTcm5NG0HHL
IUjorE0PCKledUMAvijgrqh095gr3JuYIGYfBCxC8HUkzrmumFi+LYFGEUcJ7hGC
MMDY6N7vzDWOIogmaO63G3YqlqFw5cLEIMZ18pt8jMFi0jxpdbsPEks95pmp1wxp
yXMNw4kPznN5NkDN4SjEBVQhtEdM4D4NLbAAFHbIwZxNGCSnoA6YIRW9m2wT1s/2
ZkKmRHC5ITQl0GUbMbQaj7PZ+lM+cFt5td329mcB/DQBlYvtTTti7LyHKzcpexyE
0d86XXJfrR31PP95P9rUN4efLpcCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSkNX+G
Q9VvDSEQKyuTNKhQ6CIJfjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyNDA3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9obAMA0GCSqGSIb3DQEBCwUAA4IBAQBF6Pn+BmdmA0kSAIukauxV
7f3cYsogYAWGw4DMjlx2vd4daMHP+C13NmYrYgt+vV8eymWdMGe1K/O98XLi4JXu
3HnPrPc0vewzX7VQNKfr7BdQelW/agiqY+V/LAXkWkMFCT7A0BQ1e3nz7pTtwv+p
6Ru5eKrnc4GhdEkDSU/JHAIZfVCOb9haSQjPTbwvyzHK0NbgCra3Cxs4Bggb7zAz
ar5uyUBcp5HkO50Y+ebCz6LTRyyg1CRz/bBkNJOX62ZDJ+Ivaf6oKQzggG5bmDMf
2M9LePLLNWQOJKy7fD19hqiehnwnJ+VGLmJSz0GJERK3N/SvHHbz2FR0TUyt0DKV
-----END CERTIFICATE-----