Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153889.roa
File:                     AS153889.roa (raw, json)
Hash identifier:          WD8iDzOMFRxPk3mUaQiL7dRClwd/qossx3q42DflDzo=
Subject key identifier:   2D:81:E8:D5:B4:5E:04:34:D3:1D:26:05:5F:03:84:FC:33:E0:AC:B9
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5A8E1AA933378D1B0F88B2A9C53503153E4D4FAF
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153889.roa
Signing time:             Sat 02 May 2026 08:37:19 +0000
ROA not before:           Sat 02 May 2026 08:32:19 +0000
ROA not after:            Sat 01 May 2027 08:37:19 +0000
asID:                     153889
IP address blocks:        163.227.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:8e:1a:a9:33:37:8d:1b:0f:88:b2:a9:c5:35:03:15:3e:4d:4f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:32:19 2026 GMT
            Not After : May  1 08:37:19 2027 GMT
        Subject: CN=2D81E8D5B45E0434D31D26055F0384FC33E0ACB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:ce:25:cb:40:58:5b:e8:bb:bf:33:4f:ad:
                    0c:a3:07:21:80:df:46:21:f4:e8:d9:f5:08:e8:a5:
                    c1:72:28:46:17:bb:48:11:96:9e:ca:fa:3b:92:2b:
                    92:30:bd:fe:72:21:72:55:8a:c5:c4:97:51:40:c6:
                    03:c6:ba:d0:b2:7a:b5:c5:80:f2:da:0e:28:c4:c6:
                    cb:03:3c:d7:99:fa:e9:70:06:bc:4a:57:a0:b8:60:
                    1d:49:4d:5f:08:15:d3:24:ce:92:cd:b8:6c:b0:32:
                    5c:28:98:85:8b:bb:e4:30:53:53:61:aa:c0:20:17:
                    6c:81:99:33:72:2f:57:7c:12:a6:12:86:c6:75:49:
                    6b:38:93:b5:db:21:c0:d4:58:50:20:8c:9a:d3:4d:
                    1c:fc:e1:0e:77:d7:1b:3d:ab:4e:2c:20:44:43:f7:
                    30:9e:41:54:f2:b3:c7:37:b5:23:e4:55:76:fb:89:
                    81:18:08:e4:fd:49:44:9f:a4:08:22:38:96:a4:25:
                    40:a5:e6:77:ca:1a:04:fe:e0:58:51:6d:98:86:1f:
                    d4:c5:db:74:27:d4:1a:17:47:54:f9:e6:18:29:72:
                    d9:e9:fe:d9:75:5c:9a:84:a1:35:b3:06:29:1a:6f:
                    a7:26:0c:81:a3:52:46:f9:67:b6:e2:73:4c:8d:3c:
                    71:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:81:E8:D5:B4:5E:04:34:D3:1D:26:05:5F:03:84:FC:33:E0:AC:B9
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153889.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.227.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:b5:85:dd:0c:5f:a9:ed:bb:01:39:1d:99:a7:44:a5:b5:bb:
         5b:01:9b:96:e8:89:69:33:1e:14:4a:9e:2d:72:27:45:81:30:
         79:c6:e5:02:f8:e7:73:a2:4f:cf:90:91:b6:8c:e8:79:dd:df:
         e6:7d:c5:49:b6:d5:c2:b3:d0:0a:0c:98:b8:c7:68:29:72:15:
         cd:d8:ab:55:c0:00:33:cf:6a:7e:a6:cb:24:70:d5:4f:77:c1:
         b7:ea:bb:bc:64:de:c8:58:cd:55:6b:40:85:62:d9:34:9a:42:
         08:d8:91:e8:fc:b6:87:b5:f3:7c:e5:8b:18:57:36:65:81:bd:
         a2:bc:ae:cb:03:5d:fe:be:7c:a0:a6:02:21:b8:6e:a6:f4:b7:
         ae:a7:01:86:32:e3:05:8a:38:f7:71:bf:ab:cc:76:c2:22:e4:
         1f:f6:6c:39:5a:25:82:ab:13:73:c6:00:a6:0f:8b:56:d9:40:
         53:f0:dd:72:ef:79:fe:fc:d8:19:b9:60:82:12:7a:87:4b:ff:
         69:f4:3a:9d:1a:93:3a:16:98:36:76:e8:cd:81:81:cf:c7:2f:
         82:d3:ca:d2:1c:97:80:60:c1:38:0d:2c:8d:f5:9e:89:50:de:
         90:0a:a1:e0:ca:fb:b0:56:50:d7:f1:1d:aa:7d:75:6c:37:cd:
         f4:27:36:49
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUWo4aqTM3jRsPiLKpxTUDFT5NT68wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzIxOVoX
DTI3MDUwMTA4MzcxOVowMzExMC8GA1UEAxMoMkQ4MUU4RDVCNDVFMDQzNEQzMUQy
NjA1NUYwMzg0RkMzM0UwQUNCOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJQjziXLQFhb6Lu/M0+tDKMHIYDfRiH06Nn1COilwXIoRhe7SBGWnsr6O5Ir
kjC9/nIhclWKxcSXUUDGA8a60LJ6tcWA8toOKMTGywM815n66XAGvEpXoLhgHUlN
XwgV0yTOks24bLAyXCiYhYu75DBTU2GqwCAXbIGZM3IvV3wSphKGxnVJaziTtdsh
wNRYUCCMmtNNHPzhDnfXGz2rTiwgREP3MJ5BVPKzxze1I+RVdvuJgRgI5P1JRJ+k
CCI4lqQlQKXmd8oaBP7gWFFtmIYf1MXbdCfUGhdHVPnmGCly2en+2XVcmoShNbMG
KRpvpyYMgaNSRvlntuJzTI08cb0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQtgejV
tF4ENNMdJgVfA4T8M+CsuTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzODg5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBo+P6MA0GCSqGSIb3DQEBCwUAA4IBAQBNtYXdDF+p7bsBOR2Zp0Sltbtb
AZuW6IlpMx4USp4tcidFgTB5xuUC+Odzok/PkJG2jOh53d/mfcVJttXCs9AKDJi4
x2gpchXN2KtVwAAzz2p+psskcNVPd8G36ru8ZN7IWM1Va0CFYtk0mkII2JHo/LaH
tfN85YsYVzZlgb2ivK7LA13+vnygpgIhuG6m9LeupwGGMuMFijj3cb+rzHbCIuQf
9mw5WiWCqxNzxgCmD4tW2UBT8N1y73n+/NgZuWCCEnqHS/9p9DqdGpM6Fpg2dujN
gYHPxy+C08rSHJeAYME4DSyN9Z6JUN6QCqHgyvuwVlDX8R2qfXVsN830JzZJ
-----END CERTIFICATE-----