Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154415.roa
File:                     AS154415.roa (raw, json)
Hash identifier:          ABprhJ3mVD8NYKdSfgJQsx5x8jgmcXKjxRFDnu0Qlzk=
Subject key identifier:   AA:F5:94:2F:12:CA:89:69:53:80:9A:BF:FE:96:F8:3D:9B:35:F8:F1
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       155BF4300EA7A7BB07EE29D337E54B93DA8FB7F4
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154415.roa
Signing time:             Sat 02 May 2026 09:27:05 +0000
ROA not before:           Sat 02 May 2026 09:22:05 +0000
ROA not after:            Sat 01 May 2027 09:27:05 +0000
asID:                     154415
IP address blocks:        2001:df6:61c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:5b:f4:30:0e:a7:a7:bb:07:ee:29:d3:37:e5:4b:93:da:8f:b7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:05 2026 GMT
            Not After : May  1 09:27:05 2027 GMT
        Subject: CN=AAF5942F12CA896953809ABFFE96F83D9B35F8F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:31:d9:c4:9b:32:a6:b4:d2:bf:fe:8f:c3:01:
                    33:b5:df:d4:5e:25:d9:3a:c8:b8:ff:e8:31:51:8e:
                    06:db:1c:09:01:ce:57:8a:be:b6:55:b1:b8:7c:09:
                    47:82:84:71:3d:37:8d:c6:0a:98:2a:47:89:91:24:
                    e4:bc:23:04:98:2d:e1:f2:e0:58:03:36:a2:35:a6:
                    70:4e:b5:7f:bd:5e:01:22:e3:9f:8b:21:33:37:9a:
                    7e:87:9f:33:04:5f:cc:96:04:06:ed:a6:2a:13:b4:
                    2e:19:a3:b0:60:93:e0:e5:e2:7f:59:f0:ba:fe:ec:
                    67:d2:e0:3a:ae:de:6e:88:72:85:16:e8:f4:22:91:
                    da:d2:0a:c3:6c:e3:82:65:e7:09:bc:8f:cd:69:79:
                    21:c7:76:04:68:fe:ca:1b:03:39:f9:06:5c:02:76:
                    23:d6:83:5d:0a:f1:11:ac:f4:a1:b4:bf:45:1c:38:
                    ee:e1:1a:3f:57:e9:0e:82:30:23:9c:43:07:eb:00:
                    56:c1:23:59:fe:8a:24:99:92:83:42:b6:4d:3f:be:
                    06:5c:d0:88:b2:49:75:b3:52:86:e9:61:71:e2:04:
                    e4:2a:71:a4:53:9f:ce:3f:21:d0:d2:35:b2:96:75:
                    1f:42:1b:34:81:ad:07:9b:15:5e:19:c4:ca:2d:da:
                    2b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F5:94:2F:12:CA:89:69:53:80:9A:BF:FE:96:F8:3D:9B:35:F8:F1
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:61c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:7a:0c:c3:80:2f:74:7d:3a:ef:d7:90:98:4e:09:7c:32:90:
         ff:aa:d9:b9:d6:13:47:9b:de:0b:fc:d3:16:b1:59:3a:59:3c:
         93:98:e3:cd:a3:c5:ed:24:55:b5:ea:23:66:64:7d:7c:bc:67:
         0e:68:28:75:ec:af:bf:17:0a:be:ff:3d:5d:8b:0a:bc:67:93:
         ea:6f:3c:ff:e9:59:f1:a6:a3:b0:b7:09:6b:71:a2:ff:57:85:
         52:25:df:76:ab:7b:b5:2b:bb:80:a8:e3:ed:85:ac:c2:1c:da:
         16:55:eb:ac:73:ea:b5:c0:d6:04:f0:de:d7:07:27:f1:d9:2b:
         f5:0b:c7:1c:13:a2:fe:85:1d:eb:32:c0:8b:d9:fc:81:10:4d:
         a0:71:d8:3c:95:08:4b:da:55:a7:a9:62:c0:62:ea:0c:05:1d:
         6c:8f:d9:cf:16:75:54:01:00:a1:51:60:11:41:7d:6e:d1:d8:
         7b:fe:9a:0e:e0:35:3a:98:c4:25:50:2f:a4:fc:80:00:a8:00:
         91:7e:7c:78:8d:21:72:6f:7e:71:2a:2a:8f:51:a8:c7:a1:ef:
         b6:35:bf:ae:5d:5a:11:3d:fd:81:c8:ae:b4:de:1f:46:1b:4f:
         cc:ec:7f:a8:29:0c:71:99:5c:05:d2:37:94:99:9a:51:75:75:
         0e:60:49:75
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUFVv0MA6np7sH7inTN+VLk9qPt/QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIwNVoX
DTI3MDUwMTA5MjcwNVowMzExMC8GA1UEAxMoQUFGNTk0MkYxMkNBODk2OTUzODA5
QUJGRkU5NkY4M0Q5QjM1RjhGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKEx2cSbMqa00r/+j8MBM7Xf1F4l2TrIuP/oMVGOBtscCQHOV4q+tlWxuHwJ
R4KEcT03jcYKmCpHiZEk5LwjBJgt4fLgWAM2ojWmcE61f71eASLjn4shMzeafoef
MwRfzJYEBu2mKhO0LhmjsGCT4OXif1nwuv7sZ9LgOq7ebohyhRbo9CKR2tIKw2zj
gmXnCbyPzWl5Icd2BGj+yhsDOfkGXAJ2I9aDXQrxEaz0obS/RRw47uEaP1fpDoIw
I5xDB+sAVsEjWf6KJJmSg0K2TT++BlzQiLJJdbNShulhceIE5CpxpFOfzj8h0NI1
spZ1H0IbNIGtB5sVXhnEyi3aK9ECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSq9ZQv
EsqJaVOAmr/+lvg9mzX48TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0NDE1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9mHAMA0GCSqGSIb3DQEBCwUAA4IBAQCiegzDgC90fTrv15CYTgl8
MpD/qtm51hNHm94L/NMWsVk6WTyTmOPNo8XtJFW16iNmZH18vGcOaCh17K+/Fwq+
/z1diwq8Z5Pqbzz/6VnxpqOwtwlrcaL/V4VSJd92q3u1K7uAqOPthazCHNoWVeus
c+q1wNYE8N7XByfx2Sv1C8ccE6L+hR3rMsCL2fyBEE2gcdg8lQhL2lWnqWLAYuoM
BR1sj9nPFnVUAQChUWARQX1u0dh7/poO4DU6mMQlUC+k/IAAqACRfnx4jSFyb35x
KiqPUajHoe+2Nb+uXVoRPf2ByK603h9GG0/M7H+oKQxxmVwF0jeUmZpRdXUOYEl1
-----END CERTIFICATE-----