Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153127.roa
File:                     AS153127.roa (raw, json)
Hash identifier:          0O5OHtghE7ytfgC4A4nLtU1lXgoC3qnzimlr/Tx8XnM=
Subject key identifier:   EC:08:F2:63:D1:99:FC:05:AE:35:98:B7:A0:95:01:E4:97:AB:59:C3
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       399AD229F7630C8A80EF9F2255DD32F21933D31E
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153127.roa
Signing time:             Sat 02 May 2026 09:26:04 +0000
ROA not before:           Sat 02 May 2026 09:21:04 +0000
ROA not after:            Sat 01 May 2027 09:26:04 +0000
asID:                     153127
IP address blocks:        2001:df4:58c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:9a:d2:29:f7:63:0c:8a:80:ef:9f:22:55:dd:32:f2:19:33:d3:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:04 2026 GMT
            Not After : May  1 09:26:04 2027 GMT
        Subject: CN=EC08F263D199FC05AE3598B7A09501E497AB59C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:10:a0:cb:f8:d4:6f:9b:0c:74:7a:34:66:92:
                    45:8d:43:6a:d6:fa:e5:a4:15:02:2a:48:ff:ec:99:
                    3b:9e:55:ba:95:db:e5:c7:9d:d2:2b:83:9f:62:78:
                    e8:63:13:a7:b4:2e:9d:58:fc:9b:7d:b2:77:a8:a1:
                    a2:c4:32:fb:62:e4:4b:b4:d0:58:f7:9c:8e:b0:be:
                    2b:0d:6b:bc:30:5e:3c:93:54:76:1d:5a:1b:c0:2e:
                    3f:f5:db:7e:fe:f6:3b:71:fa:26:82:9b:e7:13:fa:
                    2b:42:4e:90:5f:65:a4:d0:5f:75:5a:2d:09:50:01:
                    25:47:20:6e:b5:dd:f1:6d:c0:c9:b1:5f:0d:f9:4b:
                    d2:21:d6:00:cc:e3:e9:9d:91:e7:3b:91:42:dd:d5:
                    4f:d8:eb:57:f7:0f:39:cf:9f:2d:f4:73:eb:53:10:
                    1f:b1:46:5c:ba:47:6d:5f:49:01:54:1f:23:a4:cb:
                    5e:c4:73:0d:2c:cc:8d:1b:a6:fa:6c:9b:1a:45:48:
                    86:d5:23:57:0c:f1:11:ce:e1:c6:87:c1:ed:ed:5b:
                    3e:e5:a8:67:19:b2:6c:33:81:f1:3d:df:b8:c9:b1:
                    a1:15:b2:46:16:4f:7f:49:74:f2:53:dd:2a:60:2d:
                    36:22:7f:e4:ec:c4:00:d1:28:47:ac:81:94:97:d5:
                    74:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:08:F2:63:D1:99:FC:05:AE:35:98:B7:A0:95:01:E4:97:AB:59:C3
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153127.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:58c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:7f:f6:f5:24:ed:4c:4b:5e:50:8c:10:7b:1a:5d:f1:1b:8b:
         66:81:57:dc:31:bf:22:24:ad:3e:0e:50:6e:11:ac:2f:f4:73:
         aa:1a:02:9e:05:5f:80:28:94:96:a5:fd:27:83:45:1d:1c:e4:
         15:1c:43:c4:4e:95:e6:8b:4f:e4:1e:0f:c4:6f:71:db:2b:76:
         27:f7:53:e9:d4:d6:64:78:51:b3:db:00:4d:76:96:6b:06:3c:
         b6:0a:86:73:8f:16:ad:bf:39:47:83:0a:34:fb:28:ab:62:04:
         a7:23:e3:b7:e1:a1:40:a4:f5:f2:fe:68:57:fb:b8:1e:36:ff:
         13:6e:d3:7d:ee:65:74:b2:04:aa:cd:35:b6:dc:4b:02:d9:f1:
         2a:a3:0a:ab:5c:24:3e:15:74:c8:d8:39:43:a5:79:18:d0:17:
         34:48:eb:d8:56:80:e8:74:18:e6:10:43:0b:9c:fa:ef:15:75:
         88:ae:7b:a4:f5:fc:f9:f8:be:ab:d3:80:cc:25:00:48:f3:52:
         d7:27:f8:37:6c:8b:19:6b:68:b2:cb:c3:a8:8f:de:2a:b2:28:
         25:3b:ee:0e:9e:80:66:e9:36:6f:c2:4f:01:e0:5c:08:3d:ff:
         e9:3d:ca:d5:42:8b:f9:70:f8:9e:58:d4:24:55:20:4a:f9:ac:
         6c:9e:6a:7c
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUOZrSKfdjDIqA758iVd0y8hkz0x4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEwNFoX
DTI3MDUwMTA5MjYwNFowMzExMC8GA1UEAxMoRUMwOEYyNjNEMTk5RkMwNUFFMzU5
OEI3QTA5NTAxRTQ5N0FCNTlDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkQoMv41G+bDHR6NGaSRY1Datb65aQVAipI/+yZO55VupXb5ced0iuDn2J4
6GMTp7QunVj8m32yd6ihosQy+2LkS7TQWPecjrC+Kw1rvDBePJNUdh1aG8AuP/Xb
fv72O3H6JoKb5xP6K0JOkF9lpNBfdVotCVABJUcgbrXd8W3AybFfDflL0iHWAMzj
6Z2R5zuRQt3VT9jrV/cPOc+fLfRz61MQH7FGXLpHbV9JAVQfI6TLXsRzDSzMjRum
+mybGkVIhtUjVwzxEc7hxofB7e1bPuWoZxmybDOB8T3fuMmxoRWyRhZPf0l08lPd
KmAtNiJ/5OzEANEoR6yBlJfVdFECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTsCPJj
0Zn8Ba41mLeglQHkl6tZwzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzMTI3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9FjAMA0GCSqGSIb3DQEBCwUAA4IBAQAxf/b1JO1MS15QjBB7Gl3x
G4tmgVfcMb8iJK0+DlBuEawv9HOqGgKeBV+AKJSWpf0ng0UdHOQVHEPETpXmi0/k
Hg/Eb3HbK3Yn91Pp1NZkeFGz2wBNdpZrBjy2CoZzjxatvzlHgwo0+yirYgSnI+O3
4aFApPXy/mhX+7geNv8TbtN97mV0sgSqzTW23EsC2fEqowqrXCQ+FXTI2DlDpXkY
0Bc0SOvYVoDodBjmEEMLnPrvFXWIrnuk9fz5+L6r04DMJQBI81LXJ/g3bIsZa2iy
y8Ooj94qsiglO+4OnoBm6TZvwk8B4FwIPf/pPcrVQov5cPieWNQkVSBK+axsnmp8
-----END CERTIFICATE-----