Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153937.roa
File:                     AS153937.roa (raw, json)
Hash identifier:          NJOY/Jz9uFGqGibddp73U3+Y6dzhZHw/eO4sVvZd2oI=
Subject key identifier:   94:BA:7D:5E:FD:44:1D:D8:4D:D9:1F:D4:80:8C:E5:75:D5:CF:A3:08
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       55CFD8CFFCA3BDDCAEFC9020A6C98F5A3FF2176A
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153937.roa
Signing time:             Sat 02 May 2026 09:26:21 +0000
ROA not before:           Sat 02 May 2026 09:21:21 +0000
ROA not after:            Sat 01 May 2027 09:26:21 +0000
asID:                     153937
IP address blocks:        2001:df5:8cc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:cf:d8:cf:fc:a3:bd:dc:ae:fc:90:20:a6:c9:8f:5a:3f:f2:17:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:21 2026 GMT
            Not After : May  1 09:26:21 2027 GMT
        Subject: CN=94BA7D5EFD441DD84DD91FD4808CE575D5CFA308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9c:cd:39:ba:a3:a3:60:85:14:4a:b1:6f:fb:
                    94:be:74:bb:06:de:30:c4:c9:42:74:d2:3c:59:3f:
                    c7:75:cd:da:20:ea:aa:2b:03:e7:48:29:6e:6d:c6:
                    1d:3c:83:e1:31:9f:da:dc:5f:b8:af:96:82:8d:f4:
                    d9:98:d7:59:ff:28:86:31:e1:72:9d:41:d8:db:60:
                    65:c0:c1:61:9c:7f:01:d2:c9:7e:c0:22:39:5a:c0:
                    a6:67:01:17:a3:a7:53:4a:f0:9a:7c:32:54:26:35:
                    8f:9e:9e:9f:2e:ba:70:15:d5:9f:de:26:2a:0a:8f:
                    64:a8:c0:af:91:7b:45:82:64:40:93:f2:44:85:db:
                    84:9d:40:c2:18:db:98:05:38:39:67:15:75:fa:8c:
                    60:39:09:5d:f8:35:53:7a:d4:73:4b:f4:10:b5:ec:
                    69:98:90:77:f7:23:00:44:24:9e:4e:86:d6:56:b6:
                    4d:75:55:b5:0c:78:d2:64:20:2a:05:74:7d:d5:ae:
                    30:2d:79:e7:97:bf:f5:2c:8c:01:0a:56:b6:e3:13:
                    37:49:cf:1f:29:a1:75:93:b3:be:ec:7e:79:ea:57:
                    a1:8b:a3:16:cf:e6:b6:7c:df:c6:fb:c4:c2:5f:e3:
                    fa:8c:71:ff:00:36:23:aa:82:6f:34:03:97:14:ce:
                    07:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BA:7D:5E:FD:44:1D:D8:4D:D9:1F:D4:80:8C:E5:75:D5:CF:A3:08
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:8cc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:24:93:3a:2e:5a:cc:57:2e:96:47:12:06:57:04:a3:fc:97:
         95:12:91:f3:33:3b:c4:a1:64:8d:92:1f:04:69:ab:12:31:06:
         35:81:a8:6f:09:c8:21:6d:0a:8f:77:63:e4:63:ac:90:0b:05:
         be:dd:cc:4d:1d:9a:bb:fc:f0:78:48:c7:74:f6:61:1f:bd:78:
         6f:a4:50:b9:29:9d:de:04:fc:43:c7:29:7f:ee:8c:59:cc:b9:
         0f:cf:e1:64:5a:78:89:b5:df:cf:c3:0b:7b:52:17:44:2c:85:
         9e:22:fa:ee:63:0b:2d:d9:0c:58:97:c8:49:b9:c5:d3:2e:16:
         56:5f:87:1a:a7:a5:56:d1:5c:02:7a:4b:bc:a3:e3:b5:a4:b0:
         73:f7:bb:8d:93:92:2b:88:44:87:50:8d:de:49:92:26:e1:1f:
         35:3e:18:60:66:86:91:93:24:e7:ac:d4:10:8e:af:1c:38:0c:
         60:83:23:fd:41:50:0a:73:7b:b5:ad:f6:be:73:ac:14:80:0c:
         8b:9c:46:05:6a:b2:65:06:5c:ec:c4:5c:bf:70:8a:3c:72:14:
         1b:0b:b3:64:2d:d4:6c:52:72:64:12:3a:63:18:b5:1a:79:2b:
         ce:e6:d3:18:d8:9d:15:2f:fb:2b:ec:03:06:d7:8b:0b:4d:ed:
         68:fa:1e:02
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUVc/Yz/yjvdyu/JAgpsmPWj/yF2owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEyMVoX
DTI3MDUwMTA5MjYyMVowMzExMC8GA1UEAxMoOTRCQTdENUVGRDQ0MUREODRERDkx
RkQ0ODA4Q0U1NzVENUNGQTMwODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ2czTm6o6NghRRKsW/7lL50uwbeMMTJQnTSPFk/x3XN2iDqqisD50gpbm3G
HTyD4TGf2txfuK+Wgo302ZjXWf8ohjHhcp1B2NtgZcDBYZx/AdLJfsAiOVrApmcB
F6OnU0rwmnwyVCY1j56eny66cBXVn94mKgqPZKjAr5F7RYJkQJPyRIXbhJ1Awhjb
mAU4OWcVdfqMYDkJXfg1U3rUc0v0ELXsaZiQd/cjAEQknk6G1la2TXVVtQx40mQg
KgV0fdWuMC1555e/9SyMAQpWtuMTN0nPHymhdZOzvux+eepXoYujFs/mtnzfxvvE
wl/j+oxx/wA2I6qCbzQDlxTOB0MCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSUun1e
/UQd2E3ZH9SAjOV11c+jCDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzOTM3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9YzAMA0GCSqGSIb3DQEBCwUAA4IBAQASJJM6LlrMVy6WRxIGVwSj
/JeVEpHzMzvEoWSNkh8EaasSMQY1gahvCcghbQqPd2PkY6yQCwW+3cxNHZq7/PB4
SMd09mEfvXhvpFC5KZ3eBPxDxyl/7oxZzLkPz+FkWniJtd/Pwwt7UhdELIWeIvru
Ywst2QxYl8hJucXTLhZWX4cap6VW0VwCeku8o+O1pLBz97uNk5IriESHUI3eSZIm
4R81PhhgZoaRkyTnrNQQjq8cOAxggyP9QVAKc3u1rfa+c6wUgAyLnEYFarJlBlzs
xFy/cIo8chQbC7NkLdRsUnJkEjpjGLUaeSvO5tMY2J0VL/sr7AMG14sLTe1o+h4C
-----END CERTIFICATE-----