Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153923.roa
File:                     AS153923.roa (raw, json)
Hash identifier:          BJCW6Tay7zyOSxp1Ee6KhD3HLsM4s6BY1Y/ikG7xUrI=
Subject key identifier:   D9:5C:F8:BB:BD:D9:16:8F:10:57:E9:AD:F2:AA:32:3C:DB:D1:80:54
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       268D1AF2D399B9511C1D4C7394ED9DC2FC92503A
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153923.roa
Signing time:             Sat 02 May 2026 08:36:06 +0000
ROA not before:           Sat 02 May 2026 08:31:06 +0000
ROA not after:            Sat 01 May 2027 08:36:06 +0000
asID:                     153923
IP address blocks:        2001:df5:96c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:8d:1a:f2:d3:99:b9:51:1c:1d:4c:73:94:ed:9d:c2:fc:92:50:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:31:06 2026 GMT
            Not After : May  1 08:36:06 2027 GMT
        Subject: CN=D95CF8BBBDD9168F1057E9ADF2AA323CDBD18054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c0:c7:96:35:2c:23:66:0e:6b:f5:12:50:d1:
                    de:4e:42:fa:e2:be:f3:66:65:c2:a3:96:ea:d5:e5:
                    23:66:b5:8a:60:5d:98:57:d1:8b:50:d1:d9:84:a9:
                    2f:85:42:b5:c4:92:b2:5e:c5:7e:bf:0e:28:e3:b6:
                    e5:e3:18:cb:53:ef:e2:2b:b5:1c:38:f7:e2:ed:8c:
                    95:76:71:7f:44:8e:17:7f:78:99:2b:53:29:e6:87:
                    e5:29:1b:46:a7:d8:4b:f1:eb:8e:8d:ac:ab:8f:cc:
                    e3:46:20:b4:98:39:9e:3e:cf:d8:d5:e7:97:5d:90:
                    64:c1:ee:db:f7:07:46:bd:b4:c1:c7:26:de:f1:70:
                    a2:92:c7:f9:cd:7f:16:d6:58:c1:5b:a5:05:f1:3d:
                    3c:77:13:84:c0:36:c8:36:2e:b0:30:09:aa:17:f6:
                    37:5a:29:62:5a:9b:5c:f0:ef:44:f2:44:7d:56:a8:
                    12:c5:fa:11:05:d1:26:71:1e:de:02:7c:84:20:95:
                    b5:c5:f0:84:b7:89:ff:1b:27:da:16:a3:3f:8e:9d:
                    06:c4:1c:68:04:50:ac:d8:52:53:94:03:e6:95:8d:
                    dd:0c:19:37:17:a7:d9:98:21:dd:af:c9:75:20:5a:
                    64:9f:7f:29:23:ef:c9:9a:fe:92:17:62:96:97:24:
                    4b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5C:F8:BB:BD:D9:16:8F:10:57:E9:AD:F2:AA:32:3C:DB:D1:80:54
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153923.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:96c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:cb:6c:2d:25:a9:de:bd:12:d4:da:3e:d8:31:29:e9:9c:fc:
         b8:59:e5:f6:9d:15:1d:59:47:d8:00:86:00:51:8e:de:71:ee:
         16:f7:73:3b:d0:4b:75:d9:d5:c1:52:a1:99:62:b7:b5:2e:63:
         af:ad:56:d2:6c:88:41:d4:4f:7a:41:11:60:a4:61:0b:87:ff:
         e2:73:45:86:cf:5e:46:a4:8b:de:e3:45:a8:48:7f:66:81:d6:
         df:81:f3:05:29:6c:96:7d:bb:b8:6a:a7:c4:81:98:12:f5:64:
         9b:db:ed:96:f0:d2:21:23:81:2c:81:40:2b:8e:5e:b4:4f:6e:
         af:6c:30:45:ec:4c:5f:1d:d7:09:aa:61:55:1b:02:e7:d0:c8:
         8c:a2:22:40:0a:0e:32:ba:53:07:a1:a3:54:de:32:c0:30:bf:
         d8:8e:af:f2:9b:b7:af:d2:ce:85:38:2a:e3:14:60:e2:54:00:
         24:bc:1f:d8:dd:f8:b8:6d:ea:ac:a1:8e:a2:21:72:1e:e4:ba:
         75:60:4e:24:e4:e7:0b:1c:5d:a3:90:89:b8:a0:89:04:fa:0e:
         92:01:ec:1d:ed:21:a3:43:ff:50:a2:e3:67:d9:f0:57:a6:41:
         8a:8c:38:1d:c5:f8:05:10:73:86:11:f8:16:c9:69:ed:be:e5:
         e8:29:8d:ea
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUJo0a8tOZuVEcHUxzlO2dwvySUDowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzEwNloX
DTI3MDUwMTA4MzYwNlowMzExMC8GA1UEAxMoRDk1Q0Y4QkJCREQ5MTY4RjEwNTdF
OUFERjJBQTMyM0NEQkQxODA1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLAx5Y1LCNmDmv1ElDR3k5C+uK+82ZlwqOW6tXlI2a1imBdmFfRi1DR2YSp
L4VCtcSSsl7Ffr8OKOO25eMYy1Pv4iu1HDj34u2MlXZxf0SOF394mStTKeaH5Skb
RqfYS/Hrjo2sq4/M40YgtJg5nj7P2NXnl12QZMHu2/cHRr20wccm3vFwopLH+c1/
FtZYwVulBfE9PHcThMA2yDYusDAJqhf2N1opYlqbXPDvRPJEfVaoEsX6EQXRJnEe
3gJ8hCCVtcXwhLeJ/xsn2hajP46dBsQcaARQrNhSU5QD5pWN3QwZNxen2Zgh3a/J
dSBaZJ9/KSPvyZr+khdilpckS5kCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTZXPi7
vdkWjxBX6a3yqjI829GAVDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzOTIzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9ZbAMA0GCSqGSIb3DQEBCwUAA4IBAQCQy2wtJanevRLU2j7YMSnp
nPy4WeX2nRUdWUfYAIYAUY7ece4W93M70Et12dXBUqGZYre1LmOvrVbSbIhB1E96
QRFgpGELh//ic0WGz15GpIve40WoSH9mgdbfgfMFKWyWfbu4aqfEgZgS9WSb2+2W
8NIhI4EsgUArjl60T26vbDBF7ExfHdcJqmFVGwLn0MiMoiJACg4yulMHoaNU3jLA
ML/Yjq/ym7ev0s6FOCrjFGDiVAAkvB/Y3fi4beqsoY6iIXIe5Lp1YE4k5OcLHF2j
kIm4oIkE+g6SAewd7SGjQ/9QouNn2fBXpkGKjDgdxfgFEHOGEfgWyWntvuXoKY3q
-----END CERTIFICATE-----