Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152071.roa
File:                     AS152071.roa (raw, json)
Hash identifier:          GLTc/TiF3bPRBsMUrdTJcTryboHzHuH/KRgZBxMPhy4=
Subject key identifier:   23:B3:CB:F8:97:F4:B9:EC:60:E5:5B:62:10:56:27:D8:64:63:DB:4C
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0406C9F3270C275B12094A8889FC675F6F584561
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152071.roa
Signing time:             Sun 03 May 2026 05:55:21 +0000
ROA not before:           Sun 03 May 2026 05:50:21 +0000
ROA not after:            Sun 02 May 2027 05:55:21 +0000
asID:                     152071
IP address blocks:        157.10.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:06:c9:f3:27:0c:27:5b:12:09:4a:88:89:fc:67:5f:6f:58:45:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 05:50:21 2026 GMT
            Not After : May  2 05:55:21 2027 GMT
        Subject: CN=23B3CBF897F4B9EC60E55B62105627D86463DB4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0a:7e:8d:6f:c5:cd:17:14:e4:19:85:57:c8:
                    b0:80:4b:f7:3c:41:db:4b:f5:e2:d4:d5:09:ad:e3:
                    10:9f:28:68:0e:df:77:8b:b5:2d:6c:a8:d8:e9:04:
                    9a:f1:91:93:2d:fc:32:d9:77:e5:95:46:5c:bc:82:
                    ca:b6:6e:df:c4:ca:c7:31:a4:49:27:b6:e2:d7:a3:
                    16:8f:0e:b3:e6:21:75:8a:d1:29:75:9c:ea:e5:e2:
                    fd:a9:a6:cd:44:ca:d5:ea:45:13:66:ab:fe:0d:a8:
                    c3:77:e0:15:e1:98:5f:94:1d:ad:53:5f:e8:75:68:
                    24:13:cf:35:35:ed:75:bc:a6:3f:f8:cc:e9:0a:5e:
                    1a:fb:a3:f4:3e:e0:53:0a:f6:5a:93:53:94:13:8e:
                    e0:de:72:f9:57:9a:10:a6:9c:0a:83:07:09:4d:9a:
                    f7:70:5f:de:42:c7:36:14:83:f8:ee:f4:75:4a:13:
                    78:ba:1c:26:ed:43:f0:c8:4c:81:10:21:1a:bc:3d:
                    f2:b6:22:58:07:c3:50:0e:13:2c:fd:ed:7b:95:9c:
                    b1:76:b2:5f:af:c0:ae:94:4e:de:e5:91:12:28:7f:
                    e7:ef:03:40:2e:08:c9:13:ec:e9:ec:44:3b:e3:99:
                    10:b0:f5:f2:6a:20:76:7e:33:e9:d3:0a:98:fd:7c:
                    00:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B3:CB:F8:97:F4:B9:EC:60:E5:5B:62:10:56:27:D8:64:63:DB:4C
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:0c:7d:7c:64:a6:8e:c4:60:8e:b9:4f:98:c2:5d:5f:19:9e:
         5e:59:9e:54:fe:70:fa:6a:1c:01:83:95:b0:b0:4e:a6:2d:4c:
         50:65:2c:a9:03:80:d2:f2:1b:8f:93:8b:5b:7c:62:c4:84:01:
         00:07:a9:fb:7d:51:02:d3:9f:64:16:e6:3b:fe:9d:45:13:6b:
         3a:e4:28:bc:6e:c0:9f:23:36:64:c0:83:92:ad:10:d1:5b:a2:
         f8:26:db:84:d4:67:39:a4:08:eb:31:31:35:ab:1c:76:bd:65:
         bb:42:4d:a4:03:94:83:4e:1a:ce:05:c9:97:e1:26:c7:4c:f5:
         cf:f8:16:b3:ba:39:ee:d5:59:8a:f0:3f:0a:a8:e9:f0:97:84:
         71:5d:88:ce:78:ac:83:1f:66:85:96:72:a2:96:39:68:9c:b5:
         f2:fb:14:2e:a7:9b:b5:22:93:ff:ac:f1:69:19:7d:54:d8:7d:
         ff:ac:8b:53:a8:f6:ba:e5:0c:3f:91:53:92:68:ae:c4:0e:b1:
         2f:73:13:9b:c8:49:a2:4a:bb:3b:b9:da:69:d1:03:ae:e6:f5:
         74:df:be:c1:73:db:fa:89:26:96:e9:7a:85:1d:19:b6:5e:51:
         57:65:d9:ac:2b:79:41:13:e0:9f:1b:e0:eb:31:40:3a:27:88:
         8e:89:f7:0d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBAbJ8ycMJ1sSCUqIifxnX29YRWEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA1NTAyMVoX
DTI3MDUwMjA1NTUyMVowMzExMC8GA1UEAxMoMjNCM0NCRjg5N0Y0QjlFQzYwRTU1
QjYyMTA1NjI3RDg2NDYzREI0QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYKfo1vxc0XFOQZhVfIsIBL9zxB20v14tTVCa3jEJ8oaA7fd4u1LWyo2OkE
mvGRky38Mtl35ZVGXLyCyrZu38TKxzGkSSe24tejFo8Os+YhdYrRKXWc6uXi/amm
zUTK1epFE2ar/g2ow3fgFeGYX5QdrVNf6HVoJBPPNTXtdbymP/jM6QpeGvuj9D7g
Uwr2WpNTlBOO4N5y+VeaEKacCoMHCU2a93Bf3kLHNhSD+O70dUoTeLocJu1D8MhM
gRAhGrw98rYiWAfDUA4TLP3te5WcsXayX6/ArpRO3uWREih/5+8DQC4IyRPs6exE
O+OZELD18mogdn4z6dMKmP18AMsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQjs8v4
l/S57GDlW2IQVifYZGPbTDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyMDcxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnQoEMA0GCSqGSIb3DQEBCwUAA4IBAQCxDH18ZKaOxGCOuU+Ywl1fGZ5e
WZ5U/nD6ahwBg5WwsE6mLUxQZSypA4DS8huPk4tbfGLEhAEAB6n7fVEC059kFuY7
/p1FE2s65Ci8bsCfIzZkwIOSrRDRW6L4JtuE1Gc5pAjrMTE1qxx2vWW7Qk2kA5SD
ThrOBcmX4SbHTPXP+Bazujnu1VmK8D8KqOnwl4RxXYjOeKyDH2aFlnKiljlonLXy
+xQup5u1IpP/rPFpGX1U2H3/rItTqPa65Qw/kVOSaK7EDrEvcxObyEmiSrs7udpp
0QOu5vV0377Bc9v6iSaW6XqFHRm2XlFXZdmsK3lBE+CfG+DrMUA6J4iOifcN
-----END CERTIFICATE-----