Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154522.roa
File:                     AS154522.roa (raw, json)
Hash identifier:          +uvZjfKKwVsC4470l4Y3PcqpAkIIdpx2/XY+uABpBJ4=
Subject key identifier:   7D:BD:CB:B6:1F:D7:A4:16:EE:D0:65:2F:85:BD:30:6D:AE:4F:E2:9D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3FFE72BEC77B7B897F7B26C6A7375A2F5636B305
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154522.roa
Signing time:             Sat 02 May 2026 09:27:20 +0000
ROA not before:           Sat 02 May 2026 09:22:20 +0000
ROA not after:            Sat 01 May 2027 09:27:20 +0000
asID:                     154522
IP address blocks:        2001:df6:bc40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:fe:72:be:c7:7b:7b:89:7f:7b:26:c6:a7:37:5a:2f:56:36:b3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:20 2026 GMT
            Not After : May  1 09:27:20 2027 GMT
        Subject: CN=7DBDCBB61FD7A416EED0652F85BD306DAE4FE29D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6b:c4:8f:30:08:af:08:13:59:d3:e9:64:29:
                    bc:b7:81:06:91:0d:34:ba:02:22:65:a7:dd:c1:a1:
                    84:b3:5b:1e:cc:da:5d:3e:ce:ab:c2:af:c9:90:ca:
                    ff:b4:ba:d5:10:11:1d:ce:25:a1:3e:65:25:3e:f8:
                    6c:1b:72:52:06:fe:44:63:0b:08:fd:3e:24:e4:0b:
                    81:83:6d:87:1d:0e:7e:42:a9:62:44:a7:06:87:1d:
                    a0:ed:3a:5d:57:ee:47:48:6c:67:50:cb:2a:af:7a:
                    2f:f0:b9:4f:f0:42:42:06:e8:93:4e:88:f3:3f:de:
                    22:21:ea:54:45:33:77:2a:95:51:8d:30:5d:8a:d5:
                    91:86:87:e1:88:89:8a:bf:94:dd:cc:a4:83:28:d9:
                    6b:3b:1b:b4:87:04:5f:b2:df:8d:1a:d8:06:4d:02:
                    4a:64:e2:3c:3a:42:5a:d5:05:30:b7:53:8c:d1:19:
                    fe:58:14:85:d8:a9:45:f7:48:5a:63:40:b3:54:70:
                    41:0e:36:61:72:56:71:14:ed:54:09:db:c6:6f:6a:
                    38:f4:1e:1a:5a:f4:5a:0b:2e:78:a2:f6:42:43:82:
                    19:8d:c2:7e:0d:57:34:7b:ec:fe:34:98:2f:7c:1e:
                    0c:5c:cb:7b:5e:ed:40:66:5b:2a:2a:6a:ec:aa:60:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BD:CB:B6:1F:D7:A4:16:EE:D0:65:2F:85:BD:30:6D:AE:4F:E2:9D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154522.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:bc40::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:a1:94:d9:b8:9a:0f:aa:06:12:e2:01:45:65:58:c0:ad:a8:
         ad:b2:72:0a:3f:ed:cd:d7:95:af:a4:2b:be:03:52:40:6a:ff:
         c6:53:33:13:34:4f:9f:62:ff:bd:19:23:de:70:7e:67:11:6b:
         49:67:63:c8:c5:ec:4d:a6:a0:b7:0d:93:fa:3c:bb:a1:4f:cc:
         09:7d:86:56:79:01:39:07:a5:d6:89:b6:3c:35:b9:66:92:51:
         8a:58:86:db:22:ca:92:b9:97:8f:6a:44:bc:55:ce:6f:72:19:
         d8:c7:48:99:dd:7b:5b:28:82:b8:07:5d:1a:f7:84:62:15:1d:
         d4:5e:cc:23:4e:88:c0:4b:92:68:25:46:50:29:7a:17:94:28:
         6f:94:89:ee:77:b7:1a:b6:1a:9f:7f:15:d8:7c:0c:50:44:21:
         d1:ba:9b:51:c5:23:80:b2:5f:3f:dc:23:84:bb:1e:9e:d5:a5:
         76:1c:9a:1c:1d:e4:d1:de:fe:b4:3d:d9:79:04:84:c4:70:90:
         20:b9:d3:11:05:0f:14:57:ca:1b:c3:9a:08:7e:bd:8c:ed:95:
         ea:55:95:ec:48:6c:38:75:fe:fc:da:cf:33:b8:e1:c7:88:fe:
         99:df:ba:86:a0:9e:9e:90:ec:8d:6e:b9:89:33:c3:c3:8b:7d:
         8e:53:9c:d8
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUP/5yvsd7e4l/eybGpzdaL1Y2swUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIyMFoX
DTI3MDUwMTA5MjcyMFowMzExMC8GA1UEAxMoN0RCRENCQjYxRkQ3QTQxNkVFRDA2
NTJGODVCRDMwNkRBRTRGRTI5RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZrxI8wCK8IE1nT6WQpvLeBBpENNLoCImWn3cGhhLNbHszaXT7Oq8KvyZDK
/7S61RARHc4loT5lJT74bBtyUgb+RGMLCP0+JOQLgYNthx0OfkKpYkSnBocdoO06
XVfuR0hsZ1DLKq96L/C5T/BCQgbok06I8z/eIiHqVEUzdyqVUY0wXYrVkYaH4YiJ
ir+U3cykgyjZazsbtIcEX7LfjRrYBk0CSmTiPDpCWtUFMLdTjNEZ/lgUhdipRfdI
WmNAs1RwQQ42YXJWcRTtVAnbxm9qOPQeGlr0WgsueKL2QkOCGY3Cfg1XNHvs/jSY
L3weDFzLe17tQGZbKipq7KpgRB0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBR9vcu2
H9ekFu7QZS+FvTBtrk/inTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0NTIyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9rxAMA0GCSqGSIb3DQEBCwUAA4IBAQAWoZTZuJoPqgYS4gFFZVjA
raitsnIKP+3N15WvpCu+A1JAav/GUzMTNE+fYv+9GSPecH5nEWtJZ2PIxexNpqC3
DZP6PLuhT8wJfYZWeQE5B6XWibY8NblmklGKWIbbIsqSuZePakS8Vc5vchnYx0iZ
3XtbKIK4B10a94RiFR3UXswjTojAS5JoJUZQKXoXlChvlInud7cathqffxXYfAxQ
RCHRuptRxSOAsl8/3COEux6e1aV2HJocHeTR3v60Pdl5BITEcJAgudMRBQ8UV8ob
w5oIfr2M7ZXqVZXsSGw4df782s8zuOHHiP6Z37qGoJ6ekOyNbrmJM8PDi32OU5zY
-----END CERTIFICATE-----