Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153945.roa
File:                     AS153945.roa (raw, json)
Hash identifier:          Ps7B22d0LPz9P3gDGkvTHmWECchG+X9RA+Unrky/kgU=
Subject key identifier:   96:8D:D5:CA:97:89:BD:84:21:9C:58:10:88:C1:D5:22:AB:FE:E3:46
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       7A6869EF73A7A8A0130BD1F1A5A2F96C28854DE8
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153945.roa
Signing time:             Sat 02 May 2026 08:35:06 +0000
ROA not before:           Sat 02 May 2026 08:30:06 +0000
ROA not after:            Sat 01 May 2027 08:35:06 +0000
asID:                     153945
IP address blocks:        2001:df5:9740::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:68:69:ef:73:a7:a8:a0:13:0b:d1:f1:a5:a2:f9:6c:28:85:4d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:06 2026 GMT
            Not After : May  1 08:35:06 2027 GMT
        Subject: CN=968DD5CA9789BD84219C581088C1D522ABFEE346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:51:34:62:4e:ad:5d:49:0c:ab:85:43:f9:e5:
                    ae:b6:28:f8:89:ad:b5:39:e0:07:26:c7:2e:88:8b:
                    f1:4a:58:45:47:c3:be:f7:a7:9c:25:24:6a:6a:5f:
                    88:86:ee:2d:3e:27:4b:55:1c:32:9e:2f:de:c4:9d:
                    77:49:9f:59:90:69:83:80:64:83:95:8b:5b:26:63:
                    c5:04:e0:b5:5b:51:a2:d7:c0:9e:26:13:28:75:36:
                    44:ea:55:2f:ea:48:9b:d8:bf:52:51:a5:23:87:61:
                    3a:72:99:14:1b:3c:35:03:91:61:4c:7f:5b:0c:cc:
                    f5:9d:55:12:6e:19:a4:1d:d9:e5:38:17:6a:9a:6e:
                    0a:72:76:53:be:fe:a3:5a:36:51:2e:99:b1:67:7e:
                    4c:be:9d:4e:ba:6e:45:de:ba:bf:39:07:f0:2c:eb:
                    f0:36:38:6f:ee:f4:52:ce:ee:53:71:c9:5f:c8:30:
                    9c:41:1c:9e:a4:72:82:6f:b4:a1:b2:3d:99:24:5e:
                    24:f0:4f:a0:8a:0e:32:49:d1:85:67:9d:7e:29:b0:
                    c2:33:45:69:91:d9:52:46:03:19:fd:0d:fb:cc:08:
                    c9:6d:af:1e:42:c1:ec:02:41:41:1d:c4:a4:c5:bb:
                    57:26:c2:20:cc:b9:52:6a:4a:e6:bc:70:5c:b7:aa:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8D:D5:CA:97:89:BD:84:21:9C:58:10:88:C1:D5:22:AB:FE:E3:46
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153945.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:9740::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:1d:0c:f7:04:be:eb:c6:25:44:54:57:f0:b0:c2:e6:65:03:
         db:89:f2:d5:01:c7:82:ac:5e:cb:26:97:c7:1e:18:4c:2b:1e:
         4c:94:86:bb:94:5f:70:ba:d7:34:e0:fb:a5:8b:d4:74:fa:62:
         c6:f6:e6:f2:1a:f5:3d:ca:34:39:aa:1e:08:ac:1a:cd:91:eb:
         c5:7d:2a:05:f0:77:62:a0:f8:da:7a:53:da:0b:2d:d9:0a:18:
         a8:a0:b0:97:75:b9:d9:e5:3a:4e:17:e9:1d:92:8d:d6:58:2d:
         b9:a7:c2:71:22:8c:fc:64:d6:e8:17:7f:de:7f:11:48:77:ab:
         e4:39:8f:b5:f7:65:42:29:e2:4e:4b:3c:7b:04:1c:a8:36:e2:
         94:d3:22:f8:33:b8:c9:11:de:7f:5d:cf:22:6f:d0:d2:72:ee:
         3c:8e:3a:49:ef:7d:35:21:c9:77:df:9a:6c:74:67:31:81:14:
         1d:ff:8f:72:57:67:5e:c5:67:fc:ff:96:ff:80:6b:63:34:a5:
         d7:88:a5:57:3a:fe:fe:53:19:df:f0:62:16:12:0b:ac:c9:eb:
         2c:6c:71:be:79:45:1c:05:18:96:82:ef:8f:a5:64:4e:90:6e:
         b6:e1:ea:08:c2:dd:9d:39:ca:b5:26:e9:50:c0:be:c5:5b:fd:
         46:08:1c:73
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUemhp73OnqKATC9HxpaL5bCiFTegwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAwNloX
DTI3MDUwMTA4MzUwNlowMzExMC8GA1UEAxMoOTY4REQ1Q0E5Nzg5QkQ4NDIxOUM1
ODEwODhDMUQ1MjJBQkZFRTM0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVRNGJOrV1JDKuFQ/nlrrYo+ImttTngBybHLoiL8UpYRUfDvvennCUkampf
iIbuLT4nS1UcMp4v3sSdd0mfWZBpg4Bkg5WLWyZjxQTgtVtRotfAniYTKHU2ROpV
L+pIm9i/UlGlI4dhOnKZFBs8NQORYUx/WwzM9Z1VEm4ZpB3Z5TgXappuCnJ2U77+
o1o2US6ZsWd+TL6dTrpuRd66vzkH8Czr8DY4b+70Us7uU3HJX8gwnEEcnqRygm+0
obI9mSReJPBPoIoOMknRhWedfimwwjNFaZHZUkYDGf0N+8wIyW2vHkLB7AJBQR3E
pMW7VybCIMy5UmpK5rxwXLeq2wMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSWjdXK
l4m9hCGcWBCIwdUiq/7jRjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzOTQ1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9ZdAMA0GCSqGSIb3DQEBCwUAA4IBAQANHQz3BL7rxiVEVFfwsMLm
ZQPbifLVAceCrF7LJpfHHhhMKx5MlIa7lF9wutc04Puli9R0+mLG9ubyGvU9yjQ5
qh4IrBrNkevFfSoF8HdioPjaelPaCy3ZChiooLCXdbnZ5TpOF+kdko3WWC25p8Jx
Ioz8ZNboF3/efxFId6vkOY+192VCKeJOSzx7BByoNuKU0yL4M7jJEd5/Xc8ib9DS
cu48jjpJ7301Icl335psdGcxgRQd/49yV2dexWf8/5b/gGtjNKXXiKVXOv7+Uxnf
8GIWEgusyessbHG+eUUcBRiWgu+PpWROkG624eoIwt2dOcq1JulQwL7FW/1GCBxz
-----END CERTIFICATE-----