Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152796.roa
File:                     AS152796.roa (raw, json)
Hash identifier:          yxtZFg3Nbv5uS+cX0OWw48MQknIePUaNPzqpuHVE1T0=
Subject key identifier:   A6:A7:32:67:7E:6A:7B:5A:23:90:DF:0C:69:D4:08:26:47:C2:8C:D2
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1E62FC782E1E6D0EFF8CC9C788D1FCFE1BEB6661
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152796.roa
Signing time:             Sun 03 May 2026 08:16:12 +0000
ROA not before:           Sun 03 May 2026 08:11:12 +0000
ROA not after:            Sun 02 May 2027 08:16:12 +0000
asID:                     152796
IP address blocks:        160.22.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:62:fc:78:2e:1e:6d:0e:ff:8c:c9:c7:88:d1:fc:fe:1b:eb:66:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 08:11:12 2026 GMT
            Not After : May  2 08:16:12 2027 GMT
        Subject: CN=A6A732677E6A7B5A2390DF0C69D4082647C28CD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:44:1f:46:86:b4:4c:66:16:30:0f:7a:55:42:
                    42:f6:c1:6d:fb:71:cd:26:01:36:27:b8:7d:3c:4a:
                    4d:9f:f6:4a:c0:37:45:b2:17:c0:bb:94:f1:3d:c3:
                    a5:f1:24:6d:1c:9a:ee:0e:39:de:fe:ba:c0:0d:a0:
                    ab:f1:3e:77:2d:90:d2:af:a4:5e:85:4b:bf:8c:9a:
                    03:28:eb:24:96:29:65:dd:04:f0:57:fd:56:b4:3a:
                    de:91:3e:89:9d:b2:12:c2:55:3a:66:9e:4a:50:0a:
                    09:60:de:4e:fe:af:05:a0:45:97:83:34:36:97:5c:
                    9d:d0:e2:71:4c:be:61:d1:36:89:de:05:16:0a:9a:
                    fc:9a:37:5f:19:9e:e3:49:81:1b:85:e1:32:ab:9d:
                    09:c1:7f:39:c0:8a:2b:e1:f9:19:44:aa:f2:76:1c:
                    8d:be:61:a3:5d:ca:a1:9e:a1:1b:0e:ec:fc:f9:a4:
                    f0:2c:e3:84:d8:1f:0c:12:c3:d6:8c:64:b0:2d:73:
                    06:e4:d9:bb:3b:9a:e5:92:ee:2a:26:ba:97:30:ed:
                    5f:83:d1:b8:40:4e:18:0e:29:40:1e:2d:23:f0:76:
                    94:ab:b6:5d:52:98:68:a0:ff:92:f2:ac:43:ed:04:
                    7f:d0:5b:70:99:1b:ba:af:33:32:34:3d:b0:38:7c:
                    72:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A7:32:67:7E:6A:7B:5A:23:90:DF:0C:69:D4:08:26:47:C2:8C:D2
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:14:dc:61:58:74:11:f0:cc:d2:67:7a:6a:f6:aa:99:c5:ad:
         d6:67:4e:3a:55:29:d4:10:e7:5e:15:7e:33:ca:3c:39:bf:43:
         1b:fd:88:48:9c:e9:44:5c:b5:5c:18:e4:80:0d:06:e8:95:d6:
         7c:f0:09:82:f2:9e:9b:b8:ed:c1:85:2a:eb:22:1b:5b:bd:04:
         81:91:b4:78:a8:50:74:37:ef:90:bf:2e:b2:46:00:55:08:ec:
         70:b6:0a:34:3a:1d:3d:d7:15:ee:b0:f3:22:c2:83:45:98:39:
         14:19:71:c8:8b:af:f4:b5:74:92:d5:e7:e1:0f:d8:5c:52:0c:
         63:48:70:3c:a4:36:b9:86:9f:f9:35:5e:e2:e5:92:eb:44:a8:
         ff:f2:9c:eb:7b:f3:72:1f:2f:00:2b:b8:b3:38:74:40:07:35:
         e2:fd:0e:6d:7c:36:3f:5f:69:d2:7c:42:1c:f1:11:e4:51:ff:
         aa:47:48:c2:99:b4:d9:2c:a7:17:66:c7:82:a5:13:01:1f:f3:
         82:0c:da:8e:d1:8c:6b:90:8e:a8:a1:b5:2d:6e:2d:17:fb:c7:
         06:5d:b2:d6:e8:66:4e:d6:8b:91:32:63:13:eb:3b:ce:99:16:
         1f:f7:38:4b:9d:c6:9d:1d:57:cb:24:0a:75:49:35:3b:16:23:
         fd:8c:d3:0a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUHmL8eC4ebQ7/jMnHiNH8/hvrZmEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA4MTExMloX
DTI3MDUwMjA4MTYxMlowMzExMC8GA1UEAxMoQTZBNzMyNjc3RTZBN0I1QTIzOTBE
RjBDNjlENDA4MjY0N0MyOENEMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9EH0aGtExmFjAPelVCQvbBbftxzSYBNie4fTxKTZ/2SsA3RbIXwLuU8T3D
pfEkbRya7g453v66wA2gq/E+dy2Q0q+kXoVLv4yaAyjrJJYpZd0E8Ff9VrQ63pE+
iZ2yEsJVOmaeSlAKCWDeTv6vBaBFl4M0NpdcndDicUy+YdE2id4FFgqa/Jo3Xxme
40mBG4XhMqudCcF/OcCKK+H5GUSq8nYcjb5ho13KoZ6hGw7s/Pmk8CzjhNgfDBLD
1oxksC1zBuTZuzua5ZLuKia6lzDtX4PRuEBOGA4pQB4tI/B2lKu2XVKYaKD/kvKs
Q+0Ef9BbcJkbuq8zMjQ9sDh8cnUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSmpzJn
fmp7WiOQ3wxp1AgmR8KM0jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyNzk2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBYGMA0GCSqGSIb3DQEBCwUAA4IBAQA8FNxhWHQR8MzSZ3pq9qqZxa3W
Z046VSnUEOdeFX4zyjw5v0Mb/YhInOlEXLVcGOSADQboldZ88AmC8p6buO3BhSrr
IhtbvQSBkbR4qFB0N++Qvy6yRgBVCOxwtgo0Oh091xXusPMiwoNFmDkUGXHIi6/0
tXSS1efhD9hcUgxjSHA8pDa5hp/5NV7i5ZLrRKj/8pzre/NyHy8AK7izOHRABzXi
/Q5tfDY/X2nSfEIc8RHkUf+qR0jCmbTZLKcXZseCpRMBH/OCDNqO0YxrkI6oobUt
bi0X+8cGXbLW6GZO1ouRMmMT6zvOmRYf9zhLncadHVfLJAp1STU7FiP9jNMK
-----END CERTIFICATE-----