Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154039.roa
File:                     AS154039.roa (raw, json)
Hash identifier:          eWj2y5Y8HDPofDp1aZTYE2oZtbZ5RoeZbemQiBDiZ/g=
Subject key identifier:   9F:D4:6D:27:59:CA:2D:76:C9:10:20:F5:5D:4D:02:07:FC:23:25:64
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6D0AD31B9B2B8574294B75260E3A3753030BE654
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154039.roa
Signing time:             Sat 02 May 2026 09:26:14 +0000
ROA not before:           Sat 02 May 2026 09:21:14 +0000
ROA not after:            Sat 01 May 2027 09:26:14 +0000
asID:                     154039
IP address blocks:        2001:df5:89c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:0a:d3:1b:9b:2b:85:74:29:4b:75:26:0e:3a:37:53:03:0b:e6:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:14 2026 GMT
            Not After : May  1 09:26:14 2027 GMT
        Subject: CN=9FD46D2759CA2D76C91020F55D4D0207FC232564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0c:34:a9:31:73:73:1f:b2:4d:6c:d9:1b:11:
                    f4:db:50:28:90:59:10:fe:f3:5d:6f:fc:bd:51:0f:
                    4d:01:f9:84:f1:02:a9:23:f1:11:19:ba:df:92:8f:
                    ee:22:0a:ce:d6:1e:38:6c:80:bd:38:8f:02:d1:cb:
                    5f:92:2f:ff:5d:a4:e6:01:3a:c8:a0:84:1a:92:30:
                    00:08:d8:91:c5:04:0a:ab:e4:03:af:2a:15:f6:f5:
                    8a:dc:a4:5a:41:33:23:e1:74:f8:b6:5c:4d:39:55:
                    f7:23:2b:ad:e0:84:d3:6b:d1:a6:be:1e:90:58:99:
                    21:e0:cd:87:ef:f9:cd:f3:be:27:95:ac:fe:4a:d6:
                    fa:3a:5e:72:a9:1b:65:a5:52:55:0a:2b:e6:a3:a5:
                    b3:81:a6:11:c8:35:8e:6e:b0:75:5f:b4:b3:52:7e:
                    f6:a4:33:75:c9:78:08:92:29:ae:10:b5:7f:a4:7b:
                    d8:d8:c6:69:8f:e1:74:59:c0:2d:22:d8:69:4a:62:
                    5e:51:77:d3:4b:0a:e7:15:89:72:5d:94:78:05:df:
                    6e:2d:cd:b1:44:d5:2b:4e:03:86:97:73:63:48:e7:
                    16:fb:3a:0e:22:ae:5e:34:fb:30:9e:b2:ba:e8:30:
                    fd:c9:77:57:c2:86:97:1b:26:72:ea:6c:01:0b:20:
                    50:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D4:6D:27:59:CA:2D:76:C9:10:20:F5:5D:4D:02:07:FC:23:25:64
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:89c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:bc:b3:ea:b2:f4:81:fa:80:08:e6:74:6c:0f:7e:d7:1d:bc:
         de:c9:eb:8c:89:9a:4d:81:be:b1:51:6b:9a:fa:0f:14:72:15:
         e8:a6:b6:e1:f9:67:90:30:95:7b:87:d2:6a:11:04:4a:f1:43:
         ae:1d:8f:52:ce:01:27:d7:e4:54:52:33:49:8e:b0:aa:05:35:
         40:f2:8f:6c:11:a0:3c:56:ab:64:6f:6d:3e:99:23:39:89:14:
         76:00:b1:72:f4:e0:c7:43:ea:75:c8:65:fa:13:43:21:3a:e2:
         8e:33:b6:5b:1b:2b:a2:41:88:e1:6f:53:08:81:bd:95:fd:8f:
         b5:0c:b0:eb:d5:34:eb:37:33:64:30:78:bc:bf:b4:a0:6c:73:
         7f:5b:6f:ef:90:ba:48:2c:95:dc:2f:0c:b6:6c:f5:09:6c:f8:
         cf:ee:7a:0e:23:a1:79:51:14:96:4a:a4:44:81:86:1d:13:de:
         88:67:fc:ff:e5:25:27:1c:07:ae:8e:9c:58:05:50:21:eb:93:
         eb:12:17:42:d3:30:7e:2a:da:55:7d:f9:07:9a:c3:1a:73:29:
         21:29:16:da:26:a9:d7:14:af:5a:fd:58:c3:ea:e6:53:a0:ab:
         49:a3:45:dd:a2:64:27:ad:ea:08:5e:b8:e6:99:65:76:3d:33:
         26:5a:5c:36
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUbQrTG5srhXQpS3UmDjo3UwML5lQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjExNFoX
DTI3MDUwMTA5MjYxNFowMzExMC8GA1UEAxMoOUZENDZEMjc1OUNBMkQ3NkM5MTAy
MEY1NUQ0RDAyMDdGQzIzMjU2NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJQMNKkxc3Mfsk1s2RsR9NtQKJBZEP7zXW/8vVEPTQH5hPECqSPxERm635KP
7iIKztYeOGyAvTiPAtHLX5Iv/12k5gE6yKCEGpIwAAjYkcUECqvkA68qFfb1ityk
WkEzI+F0+LZcTTlV9yMrreCE02vRpr4ekFiZIeDNh+/5zfO+J5Ws/krW+jpecqkb
ZaVSVQor5qOls4GmEcg1jm6wdV+0s1J+9qQzdcl4CJIprhC1f6R72NjGaY/hdFnA
LSLYaUpiXlF300sK5xWJcl2UeAXfbi3NsUTVK04DhpdzY0jnFvs6DiKuXjT7MJ6y
uugw/cl3V8KGlxsmcupsAQsgUJ0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSf1G0n
WcotdskQIPVdTQIH/CMlZDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0MDM5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9YnAMA0GCSqGSIb3DQEBCwUAA4IBAQAVvLPqsvSB+oAI5nRsD37X
HbzeyeuMiZpNgb6xUWua+g8UchXoprbh+WeQMJV7h9JqEQRK8UOuHY9SzgEn1+RU
UjNJjrCqBTVA8o9sEaA8Vqtkb20+mSM5iRR2ALFy9ODHQ+p1yGX6E0MhOuKOM7Zb
GyuiQYjhb1MIgb2V/Y+1DLDr1TTrNzNkMHi8v7SgbHN/W2/vkLpILJXcLwy2bPUJ
bPjP7noOI6F5URSWSqREgYYdE96IZ/z/5SUnHAeujpxYBVAh65PrEhdC0zB+KtpV
ffkHmsMacykhKRbaJqnXFK9a/VjD6uZToKtJo0XdomQnreoIXrjmmWV2PTMmWlw2
-----END CERTIFICATE-----