Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa
File:                     AS152406.roa (raw, json)
Hash identifier:          tUn20i7+/VoEIIfSxzmTujmKRacvtHMIN815HGyUpuk=
Subject key identifier:   28:51:22:02:22:58:2E:69:C8:16:FE:A0:1F:8B:A5:79:21:B0:67:A0
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4B0748A97C42BCCB81C73531FE3F12381A764213
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa
Signing time:             Sun 03 May 2026 05:38:35 +0000
ROA not before:           Sun 03 May 2026 05:33:35 +0000
ROA not after:            Sun 02 May 2027 05:38:35 +0000
asID:                     152406
IP address blocks:        138.252.209.0/24 maxlen: 24
                          157.15.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:07:48:a9:7c:42:bc:cb:81:c7:35:31:fe:3f:12:38:1a:76:42:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 05:33:35 2026 GMT
            Not After : May  2 05:38:35 2027 GMT
        Subject: CN=2851220222582E69C816FEA01F8BA57921B067A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5c:70:0e:12:a5:5f:08:f2:bd:74:f5:d5:f0:
                    79:54:51:22:53:7d:a9:bf:97:45:36:87:70:41:26:
                    bf:7c:d5:e6:22:6e:35:28:17:47:80:d1:9b:54:a4:
                    76:a8:c2:d8:3e:35:ba:da:24:43:1a:64:e9:eb:e5:
                    8c:8f:87:47:f4:c9:c9:2e:a2:5f:bf:05:e8:67:70:
                    9f:a8:cb:79:8a:a9:60:3e:e5:74:c4:a4:2c:50:d3:
                    9f:c9:8b:8e:d8:5f:de:3d:e4:e7:ce:25:ee:40:59:
                    3c:c8:6f:e7:79:62:2a:b3:70:d1:13:2c:ba:63:93:
                    a2:f5:07:fc:af:7d:97:39:3c:bf:f3:f9:b5:f6:0b:
                    02:77:9f:fa:2e:bf:9b:bd:0e:25:c1:bc:50:11:26:
                    1c:9a:ff:2a:3a:8f:73:62:32:a4:9c:e6:e7:2a:05:
                    2a:d9:3d:3b:6a:95:17:32:a1:12:89:d5:c8:7e:9b:
                    d1:f4:a2:7e:f5:c8:64:e4:89:29:3a:0f:4c:5a:67:
                    41:bf:fd:ac:59:74:84:82:ab:cd:13:30:05:08:3e:
                    3c:65:99:21:97:9a:5f:4a:10:fa:fa:1c:58:d1:20:
                    27:74:73:28:a3:75:e0:23:8d:e2:d5:43:17:f7:80:
                    1d:fd:54:6a:b0:98:92:a4:a8:b0:dc:a9:6a:f1:ca:
                    c2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:51:22:02:22:58:2E:69:C8:16:FE:A0:1F:8B:A5:79:21:B0:67:A0
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152406.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.209.0/24
                  157.15.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:40:c4:e9:7d:1c:f1:5b:4b:c2:42:ed:6e:d3:92:27:48:a5:
         ed:72:64:c3:27:73:0f:b4:40:cf:45:2b:49:a6:6c:8b:12:a9:
         79:32:8f:16:7c:c9:5a:8e:81:a5:8c:32:79:0d:56:ed:46:c9:
         35:9b:fa:b4:1b:18:df:e5:b1:6c:7b:d8:99:fc:22:33:81:66:
         83:19:fe:9d:a0:2e:fd:eb:30:a8:8e:53:e9:18:ef:2d:d4:45:
         0c:e3:09:32:86:c1:13:ae:ed:a4:85:e0:70:68:b8:85:84:d5:
         77:a2:0c:62:d0:45:99:82:13:38:e6:02:fb:fb:46:80:f7:28:
         8f:e6:69:7a:ed:93:18:aa:67:9f:cc:35:05:8b:bd:dd:29:aa:
         5b:92:56:c7:0e:a1:2d:cd:07:96:07:d0:00:b8:b3:a3:5c:9c:
         3d:5d:bc:30:99:f6:e7:54:1e:26:ff:08:3d:59:3a:b9:28:59:
         a7:a5:9e:b9:28:aa:66:db:9b:58:f7:47:f7:dd:48:3f:49:20:
         36:48:f3:4f:72:69:f3:e0:91:28:50:93:2e:07:a2:d1:77:00:
         bb:85:15:9e:f8:5f:48:44:0a:fc:97:42:9b:cd:10:a6:30:46:
         fa:8b:83:c0:53:4f:38:b1:3b:7b:48:6d:4f:db:2e:3f:f1:cb:
         6d:03:73:0a
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUSwdIqXxCvMuBxzUx/j8SOBp2QhMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA1MzMzNVoX
DTI3MDUwMjA1MzgzNVowMzExMC8GA1UEAxMoMjg1MTIyMDIyMjU4MkU2OUM4MTZG
RUEwMUY4QkE1NzkyMUIwNjdBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBccA4SpV8I8r109dXweVRRIlN9qb+XRTaHcEEmv3zV5iJuNSgXR4DRm1Sk
dqjC2D41utokQxpk6evljI+HR/TJyS6iX78F6Gdwn6jLeYqpYD7ldMSkLFDTn8mL
jthf3j3k584l7kBZPMhv53liKrNw0RMsumOTovUH/K99lzk8v/P5tfYLAnef+i6/
m70OJcG8UBEmHJr/KjqPc2IypJzm5yoFKtk9O2qVFzKhEonVyH6b0fSifvXIZOSJ
KToPTFpnQb/9rFl0hIKrzRMwBQg+PGWZIZeaX0oQ+vocWNEgJ3RzKKN14CON4tVD
F/eAHf1UarCYkqSosNypavHKwrECAwEAAaOCAdIwggHOMB0GA1UdDgQWBBQoUSIC
IlguacgW/qAfi6V5IbBnoDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNDA2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIA
ATAMAwQAivzRAwQAnQ/UMA0GCSqGSIb3DQEBCwUAA4IBAQBRQMTpfRzxW0vCQu1u
05InSKXtcmTDJ3MPtEDPRStJpmyLEql5Mo8WfMlajoGljDJ5DVbtRsk1m/q0Gxjf
5bFse9iZ/CIzgWaDGf6doC796zCojlPpGO8t1EUM4wkyhsETru2kheBwaLiFhNV3
ogxi0EWZghM45gL7+0aA9yiP5ml67ZMYqmefzDUFi73dKapbklbHDqEtzQeWB9AA
uLOjXJw9XbwwmfbnVB4m/wg9WTq5KFmnpZ65KKpm25tY90f33Ug/SSA2SPNPcmnz
4JEoUJMuB6LRdwC7hRWe+F9IRAr8l0KbzRCmMEb6i4PAU084sTt7SG1P2y4/8ctt
A3MK
-----END CERTIFICATE-----