Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154197.roa
File:                     AS154197.roa (raw, json)
Hash identifier:          7mvxntzn7g5yoAlv2AWCGpt8cWWVHz/cYRbCeU3Sw9Y=
Subject key identifier:   F9:E2:8A:91:DF:7F:DC:1E:23:5A:18:AA:87:A2:26:E8:A1:F8:14:0F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       4E90F8CCDD63D019CC769A5A84DB47C377453722
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154197.roa
Signing time:             Sat 02 May 2026 09:27:33 +0000
ROA not before:           Sat 02 May 2026 09:22:33 +0000
ROA not after:            Sat 01 May 2027 09:27:33 +0000
asID:                     154197
IP address blocks:        45.126.248.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:90:f8:cc:dd:63:d0:19:cc:76:9a:5a:84:db:47:c3:77:45:37:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:33 2026 GMT
            Not After : May  1 09:27:33 2027 GMT
        Subject: CN=F9E28A91DF7FDC1E235A18AA87A226E8A1F8140F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:81:fe:41:c7:e1:99:94:d4:e2:9c:e0:9e:4f:
                    14:10:43:97:7d:ff:2b:93:38:33:17:02:97:3c:19:
                    0c:1a:cf:66:9d:3b:49:ad:16:88:ce:b7:17:2a:99:
                    13:7a:a2:19:c6:7b:47:2f:eb:d4:16:d6:f3:3f:ee:
                    5d:5a:78:09:cd:6a:cd:26:0f:cc:8a:0e:66:e8:db:
                    53:d9:89:f4:f8:93:75:fb:38:c4:bd:fa:e4:23:30:
                    a8:81:a4:82:76:bc:f6:d3:ab:ee:83:c6:69:8f:9f:
                    90:44:bf:a8:76:80:68:17:85:04:e2:54:eb:02:99:
                    17:60:7b:0f:0d:b0:ec:d8:1c:90:25:e3:99:47:e7:
                    4f:c4:72:5c:52:31:4d:e7:c1:cd:3e:c7:7c:77:45:
                    bb:b0:c7:63:17:ac:41:7e:dc:76:02:c0:de:a9:2e:
                    60:ef:33:af:5b:4c:8b:2a:d5:7e:d0:38:67:9c:52:
                    2d:81:1d:8f:11:0f:50:e9:84:6d:2d:24:69:a9:54:
                    63:63:46:13:ce:77:f8:77:13:0c:d9:e2:0c:70:3d:
                    90:ea:49:bd:a8:ed:29:1f:f2:22:39:77:ea:2f:cd:
                    0a:5a:dd:c9:0b:de:f4:5a:3f:32:54:de:43:80:95:
                    1c:36:99:ee:ea:4f:7e:1d:c0:f4:91:bb:14:94:fb:
                    40:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E2:8A:91:DF:7F:DC:1E:23:5A:18:AA:87:A2:26:E8:A1:F8:14:0F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154197.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.126.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:70:8c:b5:87:21:82:27:ed:0f:ab:e1:d2:1b:c3:b1:64:9d:
         ee:b7:2a:f3:67:75:f3:95:e0:47:76:e4:18:fc:b8:77:19:a6:
         70:63:21:55:89:a6:56:f7:d3:59:73:63:d4:cc:26:a2:84:f2:
         d9:41:28:cc:12:9d:d1:c2:3d:c6:fd:8b:00:b5:fb:8f:21:46:
         c6:dc:2d:91:cd:b4:8d:6f:93:ba:50:85:82:c7:ff:b0:55:a1:
         60:8a:3b:ba:c4:b6:af:43:e7:b6:cd:b2:84:c2:b0:6d:b6:a8:
         ef:08:de:08:be:6a:90:32:a5:7a:3a:b2:fc:0e:8f:35:0c:d2:
         30:4e:b0:30:70:49:b9:01:88:c4:9d:ae:fc:e5:27:f3:75:3e:
         a8:f2:4d:94:55:9e:4a:59:46:bd:7a:d8:21:87:09:2d:80:90:
         e0:66:6c:20:10:73:3d:b7:2a:6a:87:0c:a2:e5:2f:4b:bb:c2:
         15:e4:d1:f7:18:20:37:9c:fb:3c:8b:58:de:17:4a:b1:68:08:
         9a:18:d8:37:c9:ed:ba:8d:ba:e7:58:31:e8:20:f0:d3:74:45:
         a7:ea:be:58:53:0c:6b:04:2f:de:6d:15:ff:df:fc:68:76:dc:
         cb:6d:57:b3:66:87:fc:7c:e5:1c:12:10:53:43:03:e6:9b:30:
         fb:dd:5e:18
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUTpD4zN1j0BnMdppahNtHw3dFNyIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIzM1oX
DTI3MDUwMTA5MjczM1owMzExMC8GA1UEAxMoRjlFMjhBOTFERjdGREMxRTIzNUEx
OEFBODdBMjI2RThBMUY4MTQwRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJeB/kHH4ZmU1OKc4J5PFBBDl33/K5M4MxcClzwZDBrPZp07Sa0WiM63FyqZ
E3qiGcZ7Ry/r1BbW8z/uXVp4Cc1qzSYPzIoOZujbU9mJ9PiTdfs4xL365CMwqIGk
gna89tOr7oPGaY+fkES/qHaAaBeFBOJU6wKZF2B7Dw2w7NgckCXjmUfnT8RyXFIx
TefBzT7HfHdFu7DHYxesQX7cdgLA3qkuYO8zr1tMiyrVftA4Z5xSLYEdjxEPUOmE
bS0kaalUY2NGE853+HcTDNniDHA9kOpJvajtKR/yIjl36i/NClrdyQve9Fo/MlTe
Q4CVHDaZ7upPfh3A9JG7FJT7QDkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT54oqR
33/cHiNaGKqHoiboofgUDzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0MTk3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBLX74MA0GCSqGSIb3DQEBCwUAA4IBAQBccIy1hyGCJ+0Pq+HSG8OxZJ3u
tyrzZ3XzleBHduQY/Lh3GaZwYyFViaZW99NZc2PUzCaihPLZQSjMEp3Rwj3G/YsA
tfuPIUbG3C2RzbSNb5O6UIWCx/+wVaFgiju6xLavQ+e2zbKEwrBttqjvCN4IvmqQ
MqV6OrL8Do81DNIwTrAwcEm5AYjEna785SfzdT6o8k2UVZ5KWUa9etghhwktgJDg
ZmwgEHM9typqhwyi5S9Lu8IV5NH3GCA3nPs8i1jeF0qxaAiaGNg3ye26jbrnWDHo
IPDTdEWn6r5YUwxrBC/ebRX/3/xodtzLbVezZof8fOUcEhBTQwPmmzD73V4Y
-----END CERTIFICATE-----