Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154452.roa
File:                     AS154452.roa (raw, json)
Hash identifier:          MKAnNMbSNyepDZiAV6913hd0J6hxlvL/g2Mw5jCu/jU=
Subject key identifier:   06:E3:EF:99:FB:63:61:3B:58:E6:42:6A:89:5B:C7:A4:39:C1:AA:3E
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       60AB2E15E27A86045BC0CAA81E199AB8A9A6BC37
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154452.roa
Signing time:             Sat 02 May 2026 09:27:01 +0000
ROA not before:           Sat 02 May 2026 09:22:01 +0000
ROA not after:            Sat 01 May 2027 09:27:01 +0000
asID:                     154452
IP address blocks:        2001:df6:7140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ab:2e:15:e2:7a:86:04:5b:c0:ca:a8:1e:19:9a:b8:a9:a6:bc:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:01 2026 GMT
            Not After : May  1 09:27:01 2027 GMT
        Subject: CN=06E3EF99FB63613B58E6426A895BC7A439C1AA3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fb:7b:7e:91:a5:da:06:e5:c1:d4:a2:49:4a:
                    17:54:dd:8c:bf:f0:3f:dd:a0:30:51:1d:78:f6:d5:
                    77:ed:af:ac:8a:a0:05:e7:6d:65:91:32:2f:01:e5:
                    b3:99:4e:7f:dd:9c:cb:9d:ed:18:98:22:24:ea:74:
                    48:01:b5:c3:dd:db:e3:ea:32:67:ec:e0:69:30:da:
                    36:75:aa:cf:22:e7:0c:be:28:65:1b:7c:5e:a2:d3:
                    e3:89:38:03:83:20:18:7a:57:dd:8f:ae:df:77:b5:
                    d3:6f:3f:43:74:5b:c0:28:80:4e:69:ab:92:70:51:
                    6d:14:f4:64:de:10:e2:9b:d1:93:7c:f0:58:08:03:
                    99:95:e5:c6:fc:03:12:9a:85:c0:ed:56:1b:70:e9:
                    16:52:a9:89:54:f0:26:58:5a:f7:6f:12:fd:67:d3:
                    10:27:e3:94:00:16:75:0b:33:a4:43:66:24:65:aa:
                    c3:f5:44:c3:73:8f:b4:5f:4e:4f:ec:4c:a4:39:05:
                    2e:b8:48:2d:17:90:bd:d1:44:33:d0:e0:91:d7:5e:
                    63:24:1f:db:8c:f3:84:3e:6b:a2:8a:24:4c:de:fa:
                    b9:14:c7:d3:89:68:4c:c7:e9:b1:61:ab:2c:86:ff:
                    2b:e8:74:55:b4:ba:af:32:42:16:94:bd:64:c5:bf:
                    18:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E3:EF:99:FB:63:61:3B:58:E6:42:6A:89:5B:C7:A4:39:C1:AA:3E
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154452.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:7140::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:bc:0e:d7:16:cc:6b:e6:37:b8:5b:42:a1:f3:71:f7:9d:c7:
         71:14:d0:c1:b5:ef:ea:2b:b7:b1:9d:6b:e0:05:54:7e:05:60:
         e5:75:8d:e3:e3:22:17:c6:b8:b9:1c:48:13:42:00:51:d6:cf:
         54:1e:0f:96:b1:aa:9d:df:c5:02:76:f1:23:92:b6:79:db:18:
         38:dc:8c:8a:88:e4:43:4a:cf:ec:41:9c:eb:67:80:ed:34:21:
         15:4b:59:0b:f4:82:a6:a3:e8:ef:3f:51:6e:de:d8:08:65:43:
         50:7f:95:dd:68:b0:f5:67:02:9c:7c:78:18:43:0f:82:f7:a8:
         b1:ce:50:7e:fc:fc:a9:69:77:d4:62:4b:74:5d:14:7d:3b:d6:
         e1:b5:f2:4e:33:9c:e3:16:e0:39:aa:77:3e:62:2b:79:8d:84:
         38:76:50:b8:72:71:18:40:b0:29:c6:cd:3a:5a:44:74:7f:c9:
         bf:87:ae:91:a3:08:ea:d6:dc:cd:36:94:da:5c:71:f9:8f:5f:
         ba:18:fb:2b:2d:c1:a8:37:bb:81:16:4c:bc:22:e3:fa:89:fc:
         2f:d5:c2:eb:b3:c8:00:59:e7:ce:28:fa:e9:d3:5e:c5:47:83:
         fd:43:cd:d4:07:f2:d9:6c:4a:77:55:8e:e8:cb:b2:4b:80:29:
         83:0b:a8:5e
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUYKsuFeJ6hgRbwMqoHhmauKmmvDcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIwMVoX
DTI3MDUwMTA5MjcwMVowMzExMC8GA1UEAxMoMDZFM0VGOTlGQjYzNjEzQjU4RTY0
MjZBODk1QkM3QTQzOUMxQUEzRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/7e36RpdoG5cHUoklKF1TdjL/wP92gMFEdePbVd+2vrIqgBedtZZEyLwHl
s5lOf92cy53tGJgiJOp0SAG1w93b4+oyZ+zgaTDaNnWqzyLnDL4oZRt8XqLT44k4
A4MgGHpX3Y+u33e1028/Q3RbwCiATmmrknBRbRT0ZN4Q4pvRk3zwWAgDmZXlxvwD
EpqFwO1WG3DpFlKpiVTwJlha928S/WfTECfjlAAWdQszpENmJGWqw/VEw3OPtF9O
T+xMpDkFLrhILReQvdFEM9DgkddeYyQf24zzhD5roookTN76uRTH04loTMfpsWGr
LIb/K+h0VbS6rzJCFpS9ZMW/GE0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQG4++Z
+2NhO1jmQmqJW8ekOcGqPjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0NDUyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9nFAMA0GCSqGSIb3DQEBCwUAA4IBAQBlvA7XFsxr5je4W0Kh83H3
ncdxFNDBte/qK7exnWvgBVR+BWDldY3j4yIXxri5HEgTQgBR1s9UHg+Wsaqd38UC
dvEjkrZ52xg43IyKiORDSs/sQZzrZ4DtNCEVS1kL9IKmo+jvP1Fu3tgIZUNQf5Xd
aLD1ZwKcfHgYQw+C96ixzlB+/PypaXfUYkt0XRR9O9bhtfJOM5zjFuA5qnc+Yit5
jYQ4dlC4cnEYQLApxs06WkR0f8m/h66Rowjq1tzNNpTaXHH5j1+6GPsrLcGoN7uB
Fky8IuP6ifwv1cLrs8gAWefOKPrp017FR4P9Q83UB/LZbEp3VY7oy7JLgCmDC6he
-----END CERTIFICATE-----