Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154153.roa
File:                     AS154153.roa (raw, json)
Hash identifier:          iqo+2iYGHhloiUux0aPkROd8cLq4kDMgedPyWSKEEJM=
Subject key identifier:   3B:71:C6:C3:4C:31:B3:C2:39:A9:BB:D6:81:64:92:17:F3:DC:02:32
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       B6D5565916CC85D0D517A561C154B67F6FE0A8
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154153.roa
Signing time:             Sat 02 May 2026 08:34:52 +0000
ROA not before:           Sat 02 May 2026 08:29:52 +0000
ROA not after:            Sat 01 May 2027 08:34:52 +0000
asID:                     154153
IP address blocks:        2001:df5:e9c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b6:d5:56:59:16:cc:85:d0:d5:17:a5:61:c1:54:b6:7f:6f:e0:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:29:52 2026 GMT
            Not After : May  1 08:34:52 2027 GMT
        Subject: CN=3B71C6C34C31B3C239A9BBD681649217F3DC0232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:af:f0:65:65:dc:55:d2:8f:46:f3:7a:cd:9c:
                    fa:95:c5:30:f0:ea:69:be:69:ef:c4:01:85:4f:20:
                    98:d9:b8:96:13:3a:be:06:f6:88:1b:af:fe:d1:83:
                    e0:cb:31:2b:03:c6:c0:61:b2:a1:96:e7:01:07:d2:
                    f6:dc:3c:c3:5d:de:36:5e:9a:40:9e:2b:41:a8:c6:
                    6e:35:e7:20:d2:db:47:e2:2e:d4:29:05:e1:e6:c4:
                    8c:02:fc:6a:af:33:18:97:7e:d4:39:3b:fe:76:08:
                    0e:e8:7a:52:71:64:d7:72:0d:f5:1e:29:76:43:12:
                    fb:30:a7:b3:c1:e0:d5:5e:5f:57:02:fe:b2:e9:2f:
                    ad:b0:27:7c:bd:1c:9e:f0:89:44:f2:86:45:d6:21:
                    ae:ea:6f:14:cb:9d:f6:93:0f:28:40:8f:84:3a:3b:
                    f5:bd:fa:b7:a0:34:ef:f3:24:2f:50:20:a3:75:70:
                    55:65:b1:32:e9:9b:cd:b5:6e:17:89:ab:83:91:3c:
                    2f:d5:1e:7b:25:8d:00:bf:9a:58:29:1f:53:cd:52:
                    81:0e:22:1c:11:7b:42:9f:33:04:d6:9b:1f:4d:d8:
                    80:37:7f:88:af:3d:09:08:97:23:2e:2b:4c:3b:fe:
                    bb:55:1a:d3:b6:ce:c3:a8:22:d4:af:de:b1:22:cf:
                    47:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:71:C6:C3:4C:31:B3:C2:39:A9:BB:D6:81:64:92:17:F3:DC:02:32
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:e9c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:59:c3:7c:5a:30:f6:96:86:89:d0:c5:02:9e:79:7d:82:0f:
         81:cd:67:36:ef:aa:ca:c4:d2:b7:51:c9:ad:64:22:be:b6:15:
         49:ec:bf:d2:90:3d:28:4b:af:6f:98:76:eb:3a:64:6f:8d:ed:
         e2:db:ce:0a:d9:af:9c:1a:1e:6f:ad:e0:94:72:ae:0b:ce:1a:
         85:ba:6f:d0:ef:d3:e4:78:1d:2e:95:79:1c:b0:bc:6a:82:45:
         9e:ed:44:24:4a:4e:25:f2:bf:ad:32:54:98:3a:4a:d5:b7:6f:
         5f:38:10:ed:df:44:fb:8e:44:0b:09:1c:09:fa:46:a3:a2:f1:
         cc:f4:ee:d7:3b:b3:b8:21:79:31:36:a0:a7:49:7b:e4:8e:dc:
         3a:cd:f3:3f:ab:90:04:ba:62:a6:8a:41:38:56:50:9c:02:ad:
         84:65:13:de:31:af:7e:48:95:ca:dd:0c:3f:55:cf:7d:6d:91:
         be:32:7e:d6:27:44:c8:13:1d:c2:76:98:33:bf:f6:45:32:49:
         fd:ff:7d:80:c8:83:42:11:fc:7a:f6:11:cc:ef:19:2e:9e:bb:
         26:f0:c0:b0:15:59:32:4c:67:0c:b6:53:f3:ac:82:e1:6e:a2:
         72:f8:d8:61:96:50:25:58:77:5d:28:51:01:48:42:36:52:ac:
         5d:8a:f5:b5
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUALbVVlkWzIXQ1RelYcFUtn9v4KgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4Mjk1MloX
DTI3MDUwMTA4MzQ1MlowMzExMC8GA1UEAxMoM0I3MUM2QzM0QzMxQjNDMjM5QTlC
QkQ2ODE2NDkyMTdGM0RDMDIzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyv8GVl3FXSj0bzes2c+pXFMPDqab5p78QBhU8gmNm4lhM6vgb2iBuv/tGD
4MsxKwPGwGGyoZbnAQfS9tw8w13eNl6aQJ4rQajGbjXnINLbR+Iu1CkF4ebEjAL8
aq8zGJd+1Dk7/nYIDuh6UnFk13IN9R4pdkMS+zCns8Hg1V5fVwL+sukvrbAnfL0c
nvCJRPKGRdYhrupvFMud9pMPKECPhDo79b36t6A07/MkL1Ago3VwVWWxMumbzbVu
F4mrg5E8L9UeeyWNAL+aWCkfU81SgQ4iHBF7Qp8zBNabH03YgDd/iK89CQiXIy4r
TDv+u1Ua07bOw6gi1K/esSLPR9kCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQ7ccbD
TDGzwjmpu9aBZJIX89wCMjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0MTUzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9enAMA0GCSqGSIb3DQEBCwUAA4IBAQCOWcN8WjD2loaJ0MUCnnl9
gg+BzWc276rKxNK3UcmtZCK+thVJ7L/SkD0oS69vmHbrOmRvje3i284K2a+cGh5v
reCUcq4LzhqFum/Q79PkeB0ulXkcsLxqgkWe7UQkSk4l8r+tMlSYOkrVt29fOBDt
30T7jkQLCRwJ+kajovHM9O7XO7O4IXkxNqCnSXvkjtw6zfM/q5AEumKmikE4VlCc
Aq2EZRPeMa9+SJXK3Qw/Vc99bZG+Mn7WJ0TIEx3Cdpgzv/ZFMkn9/32AyINCEfx6
9hHM7xkunrsm8MCwFVkyTGcMtlPzrILhbqJy+NhhllAlWHddKFEBSEI2UqxdivW1
-----END CERTIFICATE-----