Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154291.roa
File:                     AS154291.roa (raw, json)
Hash identifier:          gx0sFQU5k4R69sGxtEZEvW3akWAzh1hGkmdNWDZRQDE=
Subject key identifier:   F3:96:91:B3:A7:2D:55:F3:18:72:5A:2C:48:6A:92:37:64:69:D9:57
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       269D62C271ACF2DA266AD3EC2F482B01B1E93B3E
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154291.roa
Signing time:             Sat 02 May 2026 09:26:36 +0000
ROA not before:           Sat 02 May 2026 09:21:36 +0000
ROA not after:            Sat 01 May 2027 09:26:36 +0000
asID:                     154291
IP address blocks:        2001:df6:2fc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:9d:62:c2:71:ac:f2:da:26:6a:d3:ec:2f:48:2b:01:b1:e9:3b:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:36 2026 GMT
            Not After : May  1 09:26:36 2027 GMT
        Subject: CN=F39691B3A72D55F318725A2C486A92376469D957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:17:17:34:61:c6:3f:14:92:0c:47:e7:74:93:
                    88:d7:45:1e:b8:b0:32:9f:73:b8:83:12:ea:7c:6f:
                    7f:b3:b1:c8:7a:15:2e:8a:d8:c4:cf:0f:48:61:8a:
                    04:0e:69:21:0f:d2:ab:c4:95:1b:47:92:37:00:43:
                    67:43:c0:e1:93:f8:a2:41:2d:41:e9:3f:2b:37:0b:
                    9d:54:f1:65:b8:e2:5a:e7:a9:20:55:fe:49:d3:63:
                    13:29:8a:19:08:ed:59:8c:a9:aa:4a:1f:de:0a:b6:
                    e6:cd:ad:39:8d:d3:7c:4f:ab:62:4d:d6:22:e9:d8:
                    6d:55:88:96:ae:e7:a7:82:0c:8e:9e:6d:aa:17:ac:
                    fc:e3:44:e8:98:fb:4a:a4:23:9a:85:36:d7:ed:66:
                    c1:4c:65:9b:29:7f:d5:e4:97:96:7c:54:56:0c:84:
                    dd:b7:33:5b:62:0f:e9:9d:fd:3a:cd:87:52:09:0c:
                    d9:5c:07:a2:1e:b3:12:95:f6:55:75:87:1f:f6:57:
                    10:44:16:ea:69:44:ba:f5:8d:b8:3b:64:a8:ed:ea:
                    db:5f:a2:45:4b:a6:d0:a5:a6:01:72:e3:11:81:1f:
                    0a:84:ef:1f:e0:35:08:a2:f0:24:68:78:5a:91:2f:
                    2d:e4:77:84:8c:5d:21:aa:dd:72:68:a3:29:7e:30:
                    00:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:96:91:B3:A7:2D:55:F3:18:72:5A:2C:48:6A:92:37:64:69:D9:57
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154291.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:2fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:1a:94:4e:d4:0b:87:c4:c0:bf:2d:a1:45:5a:af:c2:70:51:
         42:3f:9e:ea:51:53:44:8c:cd:a9:9c:c1:ab:99:be:3a:37:c2:
         8d:50:32:b6:bd:ae:27:e8:b6:5a:ac:47:62:cf:0d:3b:9a:d0:
         06:62:f9:3c:3c:2f:98:72:98:23:0c:2f:ee:bd:fa:29:db:2c:
         f2:08:01:11:e7:8e:85:54:62:25:81:1b:b2:c7:19:97:62:df:
         37:04:5b:fc:7a:b2:de:ed:2b:0e:61:ea:71:61:4b:b8:0f:2a:
         c5:bc:07:d0:78:92:ef:41:1e:d4:1e:4e:37:9c:4a:53:26:5f:
         46:ac:48:30:67:93:c7:3f:3c:e2:8a:63:cb:83:1c:ee:e9:4f:
         9c:7e:cf:af:a6:54:7f:6a:27:d9:b1:35:b7:c3:71:78:96:b5:
         37:27:fc:8d:b7:7a:32:e4:57:49:8b:12:e5:2a:e2:c1:7f:34:
         c2:05:45:11:39:cb:d6:f0:23:55:2e:b2:3a:36:0c:42:54:68:
         27:f9:11:13:7a:2b:b2:40:a0:cb:1b:2e:03:db:44:aa:c6:e9:
         1a:d9:1e:aa:88:b5:cc:ec:68:e2:96:40:63:0c:cd:c4:ba:92:
         a2:e0:0a:67:37:94:8e:4f:dc:67:59:e6:5c:d2:36:74:89:98:
         92:92:79:78
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUJp1iwnGs8tomatPsL0grAbHpOz4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEzNloX
DTI3MDUwMTA5MjYzNlowMzExMC8GA1UEAxMoRjM5NjkxQjNBNzJENTVGMzE4NzI1
QTJDNDg2QTkyMzc2NDY5RDk1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJsXFzRhxj8UkgxH53STiNdFHriwMp9zuIMS6nxvf7OxyHoVLorYxM8PSGGK
BA5pIQ/Sq8SVG0eSNwBDZ0PA4ZP4okEtQek/KzcLnVTxZbjiWuepIFX+SdNjEymK
GQjtWYypqkof3gq25s2tOY3TfE+rYk3WIunYbVWIlq7np4IMjp5tqhes/ONE6Jj7
SqQjmoU21+1mwUxlmyl/1eSXlnxUVgyE3bczW2IP6Z39Os2HUgkM2VwHoh6zEpX2
VXWHH/ZXEEQW6mlEuvWNuDtkqO3q21+iRUum0KWmAXLjEYEfCoTvH+A1CKLwJGh4
WpEvLeR3hIxdIardcmijKX4wANcCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTzlpGz
py1V8xhyWixIapI3ZGnZVzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0MjkxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9i/AMA0GCSqGSIb3DQEBCwUAA4IBAQA8GpRO1AuHxMC/LaFFWq/C
cFFCP57qUVNEjM2pnMGrmb46N8KNUDK2va4n6LZarEdizw07mtAGYvk8PC+Ycpgj
DC/uvfop2yzyCAER546FVGIlgRuyxxmXYt83BFv8erLe7SsOYepxYUu4DyrFvAfQ
eJLvQR7UHk43nEpTJl9GrEgwZ5PHPzziimPLgxzu6U+cfs+vplR/aifZsTW3w3F4
lrU3J/yNt3oy5FdJixLlKuLBfzTCBUUROcvW8CNVLrI6NgxCVGgn+RETeiuyQKDL
Gy4D20Sqxuka2R6qiLXM7GjilkBjDM3EupKi4ApnN5SOT9xnWeZc0jZ0iZiSknl4
-----END CERTIFICATE-----