Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153601.roa
File:                     AS153601.roa (raw, json)
Hash identifier:          pL39Osx4hvocETI6mXrt8vLlUayss89GbgsYbcTQ1mc=
Subject key identifier:   E1:FB:90:7E:BA:DC:B2:12:F3:F2:0A:09:A5:05:3A:93:4E:60:25:E9
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       0120145F1A22D4CCC0178F132F06916E9D95E621
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153601.roa
Signing time:             Sat 02 May 2026 09:26:40 +0000
ROA not before:           Sat 02 May 2026 09:21:40 +0000
ROA not after:            Sat 01 May 2027 09:26:40 +0000
asID:                     153601
IP address blocks:        2001:df4:f640::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:20:14:5f:1a:22:d4:cc:c0:17:8f:13:2f:06:91:6e:9d:95:e6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:40 2026 GMT
            Not After : May  1 09:26:40 2027 GMT
        Subject: CN=E1FB907EBADCB212F3F20A09A5053A934E6025E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:11:ac:bb:b2:eb:ff:26:87:f5:17:75:f3:5d:
                    1a:6a:84:be:4a:c2:8e:0d:0f:79:a3:1f:bd:c3:09:
                    37:d0:dc:b3:b8:a4:b8:45:d0:5a:22:9d:21:ad:42:
                    6a:d1:c3:85:52:c8:ad:4b:2d:92:e0:57:ef:0f:11:
                    57:98:6c:9f:76:ee:47:45:de:ba:30:be:72:e3:45:
                    26:ec:60:d0:13:c2:8b:24:c8:d7:1f:fc:91:50:c5:
                    ba:24:3c:8c:6d:b1:dd:30:fc:54:07:00:8e:88:a8:
                    74:f3:ff:f3:50:53:3f:81:07:19:6f:93:24:c3:12:
                    e8:22:dd:bc:2a:87:aa:c3:cf:66:11:40:70:6f:24:
                    34:df:97:16:76:e7:f8:ca:59:a2:31:b7:b7:69:f6:
                    d4:52:63:a7:26:4f:14:4f:d7:e4:be:0e:44:df:a0:
                    96:5f:45:37:44:e8:f6:40:0c:86:f6:63:32:0c:3c:
                    f9:de:80:e8:cd:96:f0:3c:0b:e0:e5:44:2e:9a:78:
                    37:56:c8:01:82:b4:da:7d:e1:69:61:d4:82:d6:5d:
                    7b:a5:7c:fe:dd:9d:1a:90:76:95:2a:b8:61:b7:2b:
                    1a:b8:b4:5d:36:3c:da:c2:a5:96:ca:85:49:a4:93:
                    e3:ba:c1:8c:24:49:26:2a:ea:cb:02:78:39:56:4b:
                    fb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:FB:90:7E:BA:DC:B2:12:F3:F2:0A:09:A5:05:3A:93:4E:60:25:E9
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153601.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:f640::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:96:8f:5d:c1:2e:79:78:41:8b:88:23:2f:7b:a0:e8:9c:50:
         fe:a4:9d:35:7b:c0:33:e4:f7:37:8f:89:dd:1d:0b:78:e9:df:
         fb:56:67:ac:26:74:8c:e2:85:e7:2c:11:fe:a7:af:96:da:5c:
         c6:2e:f6:17:48:c5:71:da:c6:35:8b:b1:ff:51:94:be:cf:d0:
         19:45:2f:86:1b:c9:48:d2:ed:0a:b7:96:a5:a5:79:cc:00:f5:
         31:f6:8c:b3:5e:cd:90:cb:ef:87:51:b8:b5:16:01:2b:ec:49:
         37:93:2f:a6:63:62:a1:37:14:f4:7f:b7:7c:48:d6:b0:2d:c1:
         50:2c:fd:78:b9:ba:dc:1e:9f:de:ff:c2:d8:5f:9f:c5:cc:fb:
         72:e4:2d:23:60:f1:78:9c:44:01:39:2c:11:62:03:ec:cb:bb:
         ef:64:fe:ec:83:4f:01:22:10:25:2d:59:a2:e4:46:6d:42:4b:
         bd:23:4c:3e:53:1e:d2:8f:35:cc:d5:08:67:39:7d:49:80:3a:
         a6:ee:9b:ed:be:02:c4:28:dd:3d:a9:1f:69:c3:e0:70:54:62:
         82:43:ac:7a:0a:1c:76:2f:73:10:c3:ca:b3:19:b3:c9:72:b8:
         fb:d3:f7:0e:cf:50:79:08:3f:03:dd:a7:a7:45:b4:ba:bc:3a:
         d6:43:0f:9d
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUASAUXxoi1MzAF48TLwaRbp2V5iEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjE0MFoX
DTI3MDUwMTA5MjY0MFowMzExMC8GA1UEAxMoRTFGQjkwN0VCQURDQjIxMkYzRjIw
QTA5QTUwNTNBOTM0RTYwMjVFOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMRrLuy6/8mh/UXdfNdGmqEvkrCjg0PeaMfvcMJN9Dcs7ikuEXQWiKdIa1C
atHDhVLIrUstkuBX7w8RV5hsn3buR0XeujC+cuNFJuxg0BPCiyTI1x/8kVDFuiQ8
jG2x3TD8VAcAjoiodPP/81BTP4EHGW+TJMMS6CLdvCqHqsPPZhFAcG8kNN+XFnbn
+MpZojG3t2n21FJjpyZPFE/X5L4ORN+gll9FN0To9kAMhvZjMgw8+d6A6M2W8DwL
4OVELpp4N1bIAYK02n3haWHUgtZde6V8/t2dGpB2lSq4YbcrGri0XTY82sKllsqF
SaST47rBjCRJJirqywJ4OVZL+9MCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTh+5B+
utyyEvPyCgmlBTqTTmAl6TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzNjAxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9PZAMA0GCSqGSIb3DQEBCwUAA4IBAQCFlo9dwS55eEGLiCMve6Do
nFD+pJ01e8Az5Pc3j4ndHQt46d/7VmesJnSM4oXnLBH+p6+W2lzGLvYXSMVx2sY1
i7H/UZS+z9AZRS+GG8lI0u0Kt5alpXnMAPUx9oyzXs2Qy++HUbi1FgEr7Ek3ky+m
Y2KhNxT0f7d8SNawLcFQLP14ubrcHp/e/8LYX5/FzPty5C0jYPF4nEQBOSwRYgPs
y7vvZP7sg08BIhAlLVmi5EZtQku9I0w+Ux7SjzXM1QhnOX1JgDqm7pvtvgLEKN09
qR9pw+BwVGKCQ6x6Chx2L3MQw8qzGbPJcrj70/cOz1B5CD8D3aenRbS6vDrWQw+d
-----END CERTIFICATE-----