Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153968.roa
File:                     AS153968.roa (raw, json)
Hash identifier:          atGkn2asXeBFOph79Z7s4PJijgpgDqejRSTGZKVFnGg=
Subject key identifier:   F4:71:FF:50:6E:82:0F:7F:AE:57:45:0E:EE:76:94:CC:78:22:92:08
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       721B299191B9EF61DB3B2014A4EC8D453C3AB19A
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153968.roa
Signing time:             Sat 02 May 2026 09:26:20 +0000
ROA not before:           Sat 02 May 2026 09:21:20 +0000
ROA not after:            Sat 01 May 2027 09:26:20 +0000
asID:                     153968
IP address blocks:        2001:df5:b4c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:1b:29:91:91:b9:ef:61:db:3b:20:14:a4:ec:8d:45:3c:3a:b1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:20 2026 GMT
            Not After : May  1 09:26:20 2027 GMT
        Subject: CN=F471FF506E820F7FAE57450EEE7694CC78229208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e6:a6:48:a6:6f:2e:0c:33:2c:4e:62:3d:78:
                    3e:8c:36:8d:4a:95:bc:f6:e8:b1:8f:fb:cb:45:e8:
                    6c:ef:7a:1a:3b:21:70:fb:aa:0d:a5:e2:61:96:75:
                    70:01:5c:3c:d0:ff:c8:18:3c:0e:8a:05:7d:a3:43:
                    80:b1:27:b4:82:c3:04:54:93:73:d8:77:55:01:20:
                    50:7d:0b:19:f6:48:74:9c:61:17:6c:56:c8:0f:16:
                    4e:66:46:40:51:36:a1:82:fb:6a:bd:c7:71:50:63:
                    28:cc:73:f5:ed:fe:ae:9a:ce:ed:f3:92:e7:2e:8d:
                    cf:21:37:7c:3f:8d:fa:6b:a7:ac:05:de:56:52:8f:
                    e2:8d:f5:c6:ca:4c:d6:89:1c:84:70:76:42:d6:72:
                    d4:ab:5f:ad:91:bb:61:01:73:6b:22:a7:e0:15:d7:
                    6a:74:48:8c:91:85:1b:b3:40:a3:b4:0e:d0:f9:5c:
                    b2:07:91:1f:e0:3a:8d:50:00:0c:a2:0e:71:e2:d3:
                    1f:60:82:ae:4e:b9:03:aa:9a:e7:3e:0a:cb:57:7f:
                    e0:33:c5:1f:67:32:a1:ef:9c:66:2a:fd:e8:6a:2b:
                    04:ff:80:59:c0:d2:e7:74:15:c8:88:11:be:7e:a9:
                    7a:3c:b3:17:ce:54:0a:cd:1f:44:68:94:31:b3:3f:
                    68:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:71:FF:50:6E:82:0F:7F:AE:57:45:0E:EE:76:94:CC:78:22:92:08
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:b4c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:c6:bc:0f:8d:a7:f7:90:78:b0:2e:01:35:d3:11:a8:52:3f:
         9e:80:52:8a:02:41:3a:9d:40:ea:df:14:33:16:c7:1a:da:03:
         b1:e9:67:49:59:8e:e9:9a:3b:b4:f3:df:e1:5d:cf:1c:a0:60:
         fa:e9:34:09:33:bc:67:42:e9:56:94:d5:a5:53:eb:9b:6e:34:
         eb:b9:35:8b:31:1d:be:3e:fe:6b:2f:94:4e:a4:20:bc:ac:07:
         58:2b:62:91:cc:1a:5f:e3:46:6e:b2:e8:8a:90:da:b2:52:80:
         ba:49:38:a9:59:8d:6a:50:4a:d6:46:f5:8c:44:e9:86:5d:72:
         bb:3e:38:5c:b6:1f:2c:e8:65:24:44:29:56:e4:a4:91:bf:75:
         b7:3b:f9:f3:a6:52:2d:61:43:ca:5a:32:55:93:68:d3:2c:01:
         f9:ad:7e:fd:29:c7:2a:22:21:b1:75:00:ff:a6:4b:27:01:ad:
         1f:6a:00:97:9f:81:d4:80:b0:ef:f5:3b:ef:e0:23:57:81:55:
         f4:07:ae:80:1e:92:c2:64:26:ea:cc:55:8c:8c:cc:9e:e9:ec:
         6f:3c:6b:1e:7d:1d:b0:10:fd:25:92:3b:d5:b9:61:7c:75:8e:
         a4:7a:2d:dd:a4:32:a9:d2:08:ed:d4:56:6c:11:9f:e8:a0:14:
         52:91:95:3d
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUchspkZG572HbOyAUpOyNRTw6sZowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEyMFoX
DTI3MDUwMTA5MjYyMFowMzExMC8GA1UEAxMoRjQ3MUZGNTA2RTgyMEY3RkFFNTc0
NTBFRUU3Njk0Q0M3ODIyOTIwODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvmpkimby4MMyxOYj14Pow2jUqVvPbosY/7y0XobO96GjshcPuqDaXiYZZ1
cAFcPND/yBg8DooFfaNDgLEntILDBFSTc9h3VQEgUH0LGfZIdJxhF2xWyA8WTmZG
QFE2oYL7ar3HcVBjKMxz9e3+rprO7fOS5y6NzyE3fD+N+munrAXeVlKP4o31xspM
1okchHB2QtZy1KtfrZG7YQFzayKn4BXXanRIjJGFG7NAo7QO0PlcsgeRH+A6jVAA
DKIOceLTH2CCrk65A6qa5z4Ky1d/4DPFH2cyoe+cZir96GorBP+AWcDS53QVyIgR
vn6pejyzF85UCs0fRGiUMbM/aIECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBT0cf9Q
boIPf65XRQ7udpTMeCKSCDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzOTY4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9bTAMA0GCSqGSIb3DQEBCwUAA4IBAQBCxrwPjaf3kHiwLgE10xGo
Uj+egFKKAkE6nUDq3xQzFsca2gOx6WdJWY7pmju089/hXc8coGD66TQJM7xnQulW
lNWlU+ubbjTruTWLMR2+Pv5rL5ROpCC8rAdYK2KRzBpf40ZusuiKkNqyUoC6STip
WY1qUErWRvWMROmGXXK7Pjhcth8s6GUkRClW5KSRv3W3O/nzplItYUPKWjJVk2jT
LAH5rX79KccqIiGxdQD/pksnAa0fagCXn4HUgLDv9Tvv4CNXgVX0B66AHpLCZCbq
zFWMjMye6exvPGsefR2wEP0lkjvVuWF8dY6kei3dpDKp0gjt1FZsEZ/ooBRSkZU9
-----END CERTIFICATE-----