Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154344.roa
File:                     AS154344.roa (raw, json)
Hash identifier:          DdqFehjx9QYt5YoBhD4lVotY5TFGtOl5NuRFRsD4bZY=
Subject key identifier:   58:05:2E:46:6B:1D:4D:19:7A:24:C9:9C:99:34:26:42:1D:52:89:B7
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       7022768A357442AA4A02D7E04783B3C1A440DB10
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154344.roa
Signing time:             Sat 02 May 2026 09:27:12 +0000
ROA not before:           Sat 02 May 2026 09:22:12 +0000
ROA not after:            Sat 01 May 2027 09:27:12 +0000
asID:                     154344
IP address blocks:        2001:df6:4040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:22:76:8a:35:74:42:aa:4a:02:d7:e0:47:83:b3:c1:a4:40:db:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:12 2026 GMT
            Not After : May  1 09:27:12 2027 GMT
        Subject: CN=58052E466B1D4D197A24C99C993426421D5289B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:b5:91:6d:ba:01:24:cc:e2:ba:ab:c6:37:
                    dd:5a:16:1e:3d:1c:89:92:48:9d:d0:df:27:70:e6:
                    23:dd:1c:6a:b2:da:78:38:62:5f:82:4d:d1:e7:ec:
                    51:21:de:3b:03:50:77:91:76:1c:76:ac:c3:fa:7a:
                    af:89:60:60:01:8c:d7:79:15:b5:24:f8:fa:e3:8b:
                    25:80:cb:c6:0e:52:07:47:b0:95:a3:77:78:a9:2b:
                    5d:d8:fb:c2:e5:34:51:77:8d:73:21:ca:d1:db:5f:
                    85:a4:be:31:6e:ae:e5:af:fd:59:10:5c:8e:5e:ad:
                    97:c6:5c:38:c9:d6:6b:c9:2a:b1:77:d0:bf:eb:bd:
                    81:4f:ca:f0:d7:52:dd:b2:b8:51:46:bb:a9:42:2f:
                    88:15:ee:cc:3c:88:7e:9c:1f:83:4c:97:c1:59:7c:
                    bd:00:cd:1c:d6:9f:27:66:32:f5:cb:72:5d:68:0c:
                    de:60:7b:f4:0e:ca:f4:28:6c:01:04:bb:47:b3:f0:
                    5f:03:7c:d2:7b:6d:fd:05:22:06:d8:a0:ec:d2:50:
                    f0:de:2c:67:73:34:98:bb:80:61:c5:b5:ff:2f:7f:
                    68:de:c5:0d:e3:2e:bb:75:1a:95:b7:da:aa:88:a9:
                    5a:fe:67:3b:dd:5e:76:01:2e:cf:0d:8c:4e:87:b0:
                    d2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:05:2E:46:6B:1D:4D:19:7A:24:C9:9C:99:34:26:42:1D:52:89:B7
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:4040::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:69:27:fa:a3:38:4d:1c:26:9c:1c:22:3b:8e:47:ed:22:80:
         62:59:08:27:bb:17:5c:ec:a7:93:85:c9:21:cb:34:90:02:72:
         4b:f1:2a:de:96:da:ae:4c:51:e8:a9:0e:d6:03:d3:05:ab:4d:
         31:93:51:17:44:76:a7:89:fe:d6:28:85:25:6e:ac:4a:30:32:
         84:0e:71:45:a3:06:d5:b3:d3:65:77:fc:4c:f6:76:5d:da:66:
         bc:99:33:24:97:6d:0f:bb:4b:fe:f1:12:b2:ae:65:73:c1:7b:
         f6:56:67:56:7a:78:13:ed:02:19:39:70:9e:bf:fd:e5:d1:ca:
         6a:31:64:3d:32:24:84:44:cb:3e:74:a0:b3:93:1a:d2:16:1f:
         20:19:06:c8:92:be:1d:85:e6:46:37:b4:3f:32:82:5a:f2:5e:
         d8:4f:58:ab:d4:09:a5:2b:62:0e:a7:cf:84:bb:db:34:0b:9c:
         4e:9c:3b:c2:59:2b:20:b8:1b:de:b9:01:7c:52:35:e6:c6:8f:
         85:30:89:f1:07:9a:59:af:55:c4:58:1b:29:cb:fc:25:1b:5c:
         3f:fb:70:92:89:d4:f3:e1:ea:12:8b:99:de:c4:39:fc:aa:a8:
         26:b3:dc:b8:02:77:16:16:f7:a3:bb:4e:72:9f:ca:cc:70:85:
         ca:2e:39:ce
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUcCJ2ijV0QqpKAtfgR4OzwaRA2xAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIxMloX
DTI3MDUwMTA5MjcxMlowMzExMC8GA1UEAxMoNTgwNTJFNDY2QjFENEQxOTdBMjRD
OTlDOTkzNDI2NDIxRDUyODlCNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMlttZFtugEkzOK6q8Y33VoWHj0ciZJIndDfJ3DmI90carLaeDhiX4JN0efs
USHeOwNQd5F2HHasw/p6r4lgYAGM13kVtST4+uOLJYDLxg5SB0ewlaN3eKkrXdj7
wuU0UXeNcyHK0dtfhaS+MW6u5a/9WRBcjl6tl8ZcOMnWa8kqsXfQv+u9gU/K8NdS
3bK4UUa7qUIviBXuzDyIfpwfg0yXwVl8vQDNHNafJ2Yy9ctyXWgM3mB79A7K9Chs
AQS7R7PwXwN80ntt/QUiBtig7NJQ8N4sZ3M0mLuAYcW1/y9/aN7FDeMuu3Ualbfa
qoipWv5nO91edgEuzw2MToew0hsCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRYBS5G
ax1NGXokyZyZNCZCHVKJtzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0MzQ0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9kBAMA0GCSqGSIb3DQEBCwUAA4IBAQAxaSf6ozhNHCacHCI7jkft
IoBiWQgnuxdc7KeThckhyzSQAnJL8SreltquTFHoqQ7WA9MFq00xk1EXRHanif7W
KIUlbqxKMDKEDnFFowbVs9Nld/xM9nZd2ma8mTMkl20Pu0v+8RKyrmVzwXv2VmdW
engT7QIZOXCev/3l0cpqMWQ9MiSERMs+dKCzkxrSFh8gGQbIkr4dheZGN7Q/MoJa
8l7YT1ir1AmlK2IOp8+Eu9s0C5xOnDvCWSsguBveuQF8UjXmxo+FMInxB5pZr1XE
WBspy/wlG1w/+3CSidTz4eoSi5nexDn8qqgms9y4AncWFveju05yn8rMcIXKLjnO
-----END CERTIFICATE-----