Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153565.roa
File:                     AS153565.roa (raw, json)
Hash identifier:          lDD3CwuN/EXX2Dc5DiXPMjtMmQs/wjxik2p2kJedAxg=
Subject key identifier:   F4:8A:FA:12:37:49:8A:7E:BC:67:74:D0:8F:2F:0D:14:6E:AD:45:11
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       251CE413B3F1DFECF343E794585844C4D02A7E38
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153565.roa
Signing time:             Sat 02 May 2026 09:26:18 +0000
ROA not before:           Sat 02 May 2026 09:21:18 +0000
ROA not after:            Sat 01 May 2027 09:26:18 +0000
asID:                     153565
IP address blocks:        2001:df4:f2c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:1c:e4:13:b3:f1:df:ec:f3:43:e7:94:58:58:44:c4:d0:2a:7e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:18 2026 GMT
            Not After : May  1 09:26:18 2027 GMT
        Subject: CN=F48AFA1237498A7EBC6774D08F2F0D146EAD4511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b7:a2:ab:42:1f:37:48:68:66:10:56:31:91:
                    f1:26:a5:86:2d:6c:be:74:0a:0b:8a:55:ba:7f:07:
                    4b:03:e1:ec:6e:16:f2:6c:b2:d5:0d:e1:b3:a8:93:
                    25:08:2f:a3:60:77:34:92:f8:1b:ce:25:13:56:d8:
                    7a:29:77:e5:b6:a1:53:0a:24:2f:e2:05:ef:82:b4:
                    cc:9c:ad:86:bb:39:4c:f1:7d:b5:34:1f:ea:73:6f:
                    88:4b:6d:83:2b:09:94:25:17:ee:19:42:ef:69:87:
                    c5:09:64:a0:eb:c4:14:f5:f4:c3:d7:da:47:5c:e2:
                    e0:88:9b:86:ad:98:54:d6:88:6b:a6:b1:0f:81:8e:
                    6e:ea:72:b3:97:59:ba:68:e5:92:7f:19:ee:bb:dd:
                    0b:b0:ec:9c:da:45:58:29:cf:b7:41:76:b0:df:c6:
                    29:82:55:d2:74:be:a0:27:de:96:5f:c9:04:34:7b:
                    b1:db:b3:39:c6:db:ff:24:54:31:77:62:b4:a4:3f:
                    ca:ae:b3:a3:72:36:7f:96:01:36:23:6c:b0:a1:20:
                    46:4d:56:e0:3f:9e:e0:a1:b9:20:7a:64:bf:68:8b:
                    fa:23:b5:2d:ca:66:99:16:c1:2e:94:1d:cf:0f:53:
                    7c:b2:8d:17:ee:77:fa:d8:ff:90:63:d1:d9:3b:ae:
                    f8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8A:FA:12:37:49:8A:7E:BC:67:74:D0:8F:2F:0D:14:6E:AD:45:11
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:f2c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:3c:22:a8:fc:27:2d:c9:14:5a:96:7c:92:ca:66:9c:bf:42:
         b1:bd:06:3e:f5:a8:e6:42:98:c9:6e:7c:0c:19:7d:40:72:1a:
         51:54:b6:80:41:a2:45:6b:17:fa:37:e7:d0:89:44:e3:94:95:
         52:7d:c4:1b:fe:bd:3d:2c:da:a6:5a:93:96:84:8b:e8:c8:3e:
         a1:77:d0:23:eb:66:96:44:f4:9e:52:68:00:66:c6:28:84:ee:
         5b:5e:44:dc:5e:41:e5:c4:c7:cc:35:b3:5f:08:5a:3b:9c:6c:
         b2:36:60:89:b2:41:f3:84:86:a4:3d:75:de:44:7c:d9:ac:b9:
         9a:5f:5a:fc:58:78:5c:65:bd:f7:54:7d:6c:bf:14:37:90:0b:
         0f:0d:72:b6:15:58:4c:5e:04:48:be:2c:07:15:04:36:d4:d6:
         1d:1f:81:01:ab:72:11:5e:e3:71:41:de:ee:29:06:72:9d:be:
         ec:ed:78:21:52:06:18:6e:89:7c:9a:3b:83:d3:be:49:85:2b:
         61:87:e3:ba:09:88:aa:30:25:d0:c6:d5:db:f3:5e:e2:83:07:
         91:83:7f:70:9c:99:a2:fb:9e:63:8b:5f:cc:73:30:b6:9e:73:
         9f:a4:08:3e:d9:e2:f5:c2:44:a3:bd:a4:16:de:86:59:62:40:
         48:bd:6d:a6
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUJRzkE7Px3+zzQ+eUWFhExNAqfjgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjExOFoX
DTI3MDUwMTA5MjYxOFowMzExMC8GA1UEAxMoRjQ4QUZBMTIzNzQ5OEE3RUJDNjc3
NEQwOEYyRjBEMTQ2RUFENDUxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+3oqtCHzdIaGYQVjGR8Salhi1svnQKC4pVun8HSwPh7G4W8myy1Q3hs6iT
JQgvo2B3NJL4G84lE1bYeil35bahUwokL+IF74K0zJythrs5TPF9tTQf6nNviEtt
gysJlCUX7hlC72mHxQlkoOvEFPX0w9faR1zi4Iibhq2YVNaIa6axD4GObupys5dZ
umjlkn8Z7rvdC7DsnNpFWCnPt0F2sN/GKYJV0nS+oCfell/JBDR7sduzOcbb/yRU
MXditKQ/yq6zo3I2f5YBNiNssKEgRk1W4D+e4KG5IHpkv2iL+iO1LcpmmRbBLpQd
zw9TfLKNF+53+tj/kGPR2Tuu+LMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBT0ivoS
N0mKfrxndNCPLw0Ubq1FETAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzNTY1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9PLAMA0GCSqGSIb3DQEBCwUAA4IBAQAlPCKo/CctyRRalnySymac
v0KxvQY+9ajmQpjJbnwMGX1AchpRVLaAQaJFaxf6N+fQiUTjlJVSfcQb/r09LNqm
WpOWhIvoyD6hd9Aj62aWRPSeUmgAZsYohO5bXkTcXkHlxMfMNbNfCFo7nGyyNmCJ
skHzhIakPXXeRHzZrLmaX1r8WHhcZb33VH1svxQ3kAsPDXK2FVhMXgRIviwHFQQ2
1NYdH4EBq3IRXuNxQd7uKQZynb7s7XghUgYYbol8mjuD075JhSthh+O6CYiqMCXQ
xtXb817igweRg39wnJmi+55ji1/MczC2nnOfpAg+2eL1wkSjvaQW3oZZYkBIvW2m
-----END CERTIFICATE-----