Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152749.roa
File:                     AS152749.roa (raw, json)
Hash identifier:          gXl1pAtISyB1rF7UjpLYsw7FjG4RB1ioQE/wDO2QYRc=
Subject key identifier:   CC:E3:4A:65:F4:03:DD:8F:AF:B8:FB:DC:1C:BE:31:EC:AA:81:19:55
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       291700E4B7DE20E1905034291C3845668DE9BCD0
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152749.roa
Signing time:             Sun 03 May 2026 05:38:54 +0000
ROA not before:           Sun 03 May 2026 05:33:54 +0000
ROA not after:            Sun 02 May 2027 05:38:54 +0000
asID:                     152749
IP address blocks:        157.66.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:17:00:e4:b7:de:20:e1:90:50:34:29:1c:38:45:66:8d:e9:bc:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 05:33:54 2026 GMT
            Not After : May  2 05:38:54 2027 GMT
        Subject: CN=CCE34A65F403DD8FAFB8FBDC1CBE31ECAA811955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:95:fc:d9:ef:8a:9d:ea:65:f4:eb:85:e1:91:
                    db:13:fe:ba:28:68:dd:56:e7:c3:0a:96:5b:88:1a:
                    6e:dd:37:62:fc:37:b5:04:14:87:51:41:fa:53:69:
                    d0:82:91:e9:fd:a9:6e:46:aa:8f:f5:de:d8:f8:a5:
                    19:1e:f9:42:0b:51:2c:67:fd:48:81:00:95:5e:c5:
                    68:15:13:f1:72:6e:5e:bd:56:01:3e:a8:8a:1a:41:
                    77:02:11:1f:ef:a1:4e:b0:af:0d:10:f6:57:9b:6a:
                    91:a1:c5:2c:58:37:73:fa:1e:1e:14:7c:ac:1a:5e:
                    ce:cb:35:20:8a:ec:ad:d3:f9:d8:e8:27:24:a7:d2:
                    c7:12:32:3b:76:29:eb:2a:88:54:aa:af:18:ba:62:
                    96:28:e5:47:b0:fd:3a:39:fe:eb:e3:83:17:10:cc:
                    3a:0d:4d:56:5f:06:ca:0f:32:31:e0:00:2e:23:5c:
                    77:f7:1d:44:35:bb:53:9f:d5:ba:52:46:59:e4:54:
                    74:3e:f2:12:89:d6:28:3e:c7:29:3d:85:14:31:f1:
                    62:d7:c8:a0:57:35:9a:da:08:ab:57:fe:e7:dd:8a:
                    b4:61:d2:0c:26:22:be:f1:d6:09:01:c1:6d:45:6a:
                    12:5f:8b:95:68:45:bf:d9:52:ff:f1:f5:04:73:df:
                    08:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E3:4A:65:F4:03:DD:8F:AF:B8:FB:DC:1C:BE:31:EC:AA:81:19:55
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152749.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:45:d7:c6:f2:21:b0:37:e7:ec:fd:e7:30:9a:3c:f2:94:57:
         e9:4f:d2:91:df:b6:6c:18:2e:7a:ba:04:5d:ca:dc:5d:3d:40:
         43:ac:0d:d1:dd:57:a2:f6:54:ee:05:16:2a:06:20:2f:33:91:
         6e:e9:74:d9:96:cd:e3:65:c8:48:54:95:ba:0a:2b:2e:9a:45:
         11:cf:8b:2d:c9:cc:d3:4e:c9:1d:86:e7:2b:84:da:7f:ca:f0:
         62:1e:d8:7e:4a:92:1d:d8:24:90:f9:12:d4:f2:e6:dd:4a:48:
         f4:a0:61:ed:96:12:73:d8:19:7f:ed:18:fc:92:23:7b:12:46:
         5b:42:c3:32:08:f3:17:24:f4:5e:2b:6e:b7:f0:4e:53:9f:b8:
         27:72:3e:05:9b:cc:ff:52:a4:9f:7e:83:5d:14:78:5e:89:71:
         7d:4a:71:8b:a7:c0:38:c2:20:bb:13:e0:bb:a6:83:2f:03:56:
         5f:5b:3f:92:a1:99:92:66:8b:a7:8a:a3:3f:f7:5f:41:38:da:
         e1:5c:f2:f5:48:4c:81:4c:d4:fc:dd:ce:19:15:f1:3b:32:ab:
         20:81:f4:72:d7:25:9e:93:db:e6:a8:22:90:0d:e3:b3:dd:ca:
         d9:d3:e9:f6:d6:aa:59:11:29:58:7b:7c:7d:c2:e1:a8:c6:2d:
         21:43:6f:90
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKRcA5LfeIOGQUDQpHDhFZo3pvNAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA1MzM1NFoX
DTI3MDUwMjA1Mzg1NFowMzExMC8GA1UEAxMoQ0NFMzRBNjVGNDAzREQ4RkFGQjhG
QkRDMUNCRTMxRUNBQTgxMTk1NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJuV/Nnvip3qZfTrheGR2xP+uiho3VbnwwqWW4gabt03Yvw3tQQUh1FB+lNp
0IKR6f2pbkaqj/Xe2PilGR75QgtRLGf9SIEAlV7FaBUT8XJuXr1WAT6oihpBdwIR
H++hTrCvDRD2V5tqkaHFLFg3c/oeHhR8rBpezss1IIrsrdP52OgnJKfSxxIyO3Yp
6yqIVKqvGLpilijlR7D9Ojn+6+ODFxDMOg1NVl8Gyg8yMeAALiNcd/cdRDW7U5/V
ulJGWeRUdD7yEonWKD7HKT2FFDHxYtfIoFc1mtoIq1f+592KtGHSDCYivvHWCQHB
bUVqEl+LlWhFv9lS//H1BHPfCBECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTM40pl
9APdj6+4+9wcvjHsqoEZVTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNzQ5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnUKuMA0GCSqGSIb3DQEBCwUAA4IBAQBSRdfG8iGwN+fs/ecwmjzylFfp
T9KR37ZsGC56ugRdytxdPUBDrA3R3Vei9lTuBRYqBiAvM5Fu6XTZls3jZchIVJW6
CisumkURz4styczTTskdhucrhNp/yvBiHth+SpId2CSQ+RLU8ubdSkj0oGHtlhJz
2Bl/7Rj8kiN7EkZbQsMyCPMXJPReK2638E5Tn7gncj4Fm8z/UqSffoNdFHheiXF9
SnGLp8A4wiC7E+C7poMvA1ZfWz+SoZmSZouniqM/919BONrhXPL1SEyBTNT83c4Z
FfE7MqsggfRy1yWek9vmqCKQDeOz3crZ0+n21qpZESlYe3x9wuGoxi0hQ2+Q
-----END CERTIFICATE-----