Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153690.roa
File:                     AS153690.roa (raw, json)
Hash identifier:          44CMrLD9obXIRGtqX3ei6UwXYf1yQrMaNEPzYch2sZQ=
Subject key identifier:   89:33:E3:7B:23:C3:9D:E4:5A:F5:15:9A:43:DE:0C:BF:5F:D9:D3:84
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       53D02BA58A660F7B3994E5BFC3091E335555A72A
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153690.roa
Signing time:             Sat 02 May 2026 09:24:45 +0000
ROA not before:           Sat 02 May 2026 09:19:45 +0000
ROA not after:            Sat 01 May 2027 09:24:45 +0000
asID:                     153690
IP address blocks:        163.223.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:d0:2b:a5:8a:66:0f:7b:39:94:e5:bf:c3:09:1e:33:55:55:a7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:19:45 2026 GMT
            Not After : May  1 09:24:45 2027 GMT
        Subject: CN=8933E37B23C39DE45AF5159A43DE0CBF5FD9D384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:35:35:80:de:de:1c:00:b4:82:c4:23:f3:1c:
                    91:68:b7:6f:3b:f6:0c:37:e9:4a:7e:c0:f3:e2:b7:
                    ec:bc:9e:02:ac:03:40:8b:99:98:95:59:78:57:e2:
                    09:68:c9:a3:9c:34:c7:24:a4:8a:a6:88:08:66:11:
                    fe:28:ef:6a:cb:d9:a7:75:8d:1c:45:68:5a:ce:c5:
                    fe:95:23:db:17:6b:90:a8:7d:01:3c:53:e6:81:ef:
                    45:3e:6c:52:51:47:af:58:11:27:8d:f0:e2:d3:e9:
                    a0:29:26:26:4c:a7:1b:57:52:52:67:38:b6:10:7a:
                    de:7e:08:3f:ae:fe:00:e4:89:67:75:5d:bb:9e:09:
                    8a:e0:45:5e:0e:78:e0:3b:08:3d:4f:23:85:e3:f4:
                    2b:0c:ed:92:91:77:b5:60:27:c7:d5:e4:6b:ff:73:
                    1e:42:73:df:1c:15:90:03:6a:75:c5:47:06:aa:16:
                    d3:5d:11:b0:27:73:c4:1f:b0:ab:46:54:c2:2c:22:
                    66:fe:17:89:27:0c:65:8f:4e:ed:72:2f:22:19:9d:
                    83:91:75:48:77:cb:c3:b6:65:9b:ec:1b:d8:90:da:
                    0e:dc:8b:ae:11:a1:24:a8:2d:81:d6:e4:d1:2a:cd:
                    3b:8b:b0:42:75:55:ed:58:70:f7:97:6e:94:eb:54:
                    37:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:33:E3:7B:23:C3:9D:E4:5A:F5:15:9A:43:DE:0C:BF:5F:D9:D3:84
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.223.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:57:28:02:fb:fe:59:45:7b:5c:62:ce:a7:be:7d:f6:73:e5:
         00:3a:0e:36:04:22:a9:3a:8c:33:4f:2d:e0:a6:51:6b:80:05:
         3c:38:84:86:21:26:80:47:16:b5:b2:e5:61:6a:05:8c:bc:78:
         33:74:95:77:38:8f:85:b4:77:81:50:7a:77:01:8b:47:40:06:
         91:3d:05:cb:e1:fa:a9:cf:2c:e2:d1:45:28:2a:ca:a7:a3:20:
         91:0f:ef:29:da:39:d4:2a:63:57:f3:6a:72:79:d2:9d:42:5d:
         a2:0a:01:51:c8:56:ac:88:59:eb:71:7f:27:84:6e:43:0b:4d:
         0d:1b:fe:a7:53:02:1d:63:98:c2:b7:6c:8d:76:96:31:bf:5f:
         1e:af:fd:56:64:d3:bb:0b:58:ac:ea:88:44:92:06:bc:13:9f:
         34:aa:fd:fa:f8:86:cd:31:a3:fd:ca:93:7b:1f:59:ce:ed:5a:
         c8:ca:7c:f8:0a:5e:7e:34:52:ca:c6:d7:29:28:9c:2e:fa:83:
         57:f8:c3:74:ce:84:1b:f2:a4:04:ca:32:f1:df:41:8c:03:36:
         0c:0e:94:2c:1a:54:cd:67:6d:fe:6d:e2:53:a0:66:38:a4:fb:
         80:3e:8b:5b:86:d5:9a:80:da:26:e6:79:bc:a5:3a:89:5f:cc:
         7b:10:a1:ec
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUU9ArpYpmD3s5lOW/wwkeM1VVpyowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTk0NVoX
DTI3MDUwMTA5MjQ0NVowMzExMC8GA1UEAxMoODkzM0UzN0IyM0MzOURFNDVBRjUx
NTlBNDNERTBDQkY1RkQ5RDM4NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOw1NYDe3hwAtILEI/MckWi3bzv2DDfpSn7A8+K37LyeAqwDQIuZmJVZeFfi
CWjJo5w0xySkiqaICGYR/ijvasvZp3WNHEVoWs7F/pUj2xdrkKh9ATxT5oHvRT5s
UlFHr1gRJ43w4tPpoCkmJkynG1dSUmc4thB63n4IP67+AOSJZ3Vdu54JiuBFXg54
4DsIPU8jheP0KwztkpF3tWAnx9Xka/9zHkJz3xwVkANqdcVHBqoW010RsCdzxB+w
q0ZUwiwiZv4XiScMZY9O7XIvIhmdg5F1SHfLw7Zlm+wb2JDaDtyLrhGhJKgtgdbk
0SrNO4uwQnVV7Vhw95dulOtUNwcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSJM+N7
I8Od5Fr1FZpD3gy/X9nThDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzNjkwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAo99HMA0GCSqGSIb3DQEBCwUAA4IBAQCCVygC+/5ZRXtcYs6nvn32c+UA
Og42BCKpOowzTy3gplFrgAU8OISGISaARxa1suVhagWMvHgzdJV3OI+FtHeBUHp3
AYtHQAaRPQXL4fqpzyzi0UUoKsqnoyCRD+8p2jnUKmNX82pyedKdQl2iCgFRyFas
iFnrcX8nhG5DC00NG/6nUwIdY5jCt2yNdpYxv18er/1WZNO7C1is6ohEkga8E580
qv36+IbNMaP9ypN7H1nO7VrIynz4Cl5+NFLKxtcpKJwu+oNX+MN0zoQb8qQEyjLx
30GMAzYMDpQsGlTNZ23+beJToGY4pPuAPotbhtWagNom5nm8pTqJX8x7EKHs
-----END CERTIFICATE-----