Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS152804.roa
File:                     AS152804.roa (raw, json)
Hash identifier:          o4qQAyzT93FdZ3wQVLG4ODaCu2dvX/ePWLgyOEqBIKo=
Subject key identifier:   6D:F8:0D:63:AA:AD:73:A0:32:8D:BB:5C:BF:10:FE:F5:F1:E1:65:83
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       16B0A08B84E1C0B31B14D7861BB5B01CC92B9B20
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152804.roa
Signing time:             Mon 04 May 2026 04:12:33 +0000
ROA not before:           Mon 04 May 2026 04:07:33 +0000
ROA not after:            Mon 03 May 2027 04:12:33 +0000
asID:                     152804
IP address blocks:        157.66.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:b0:a0:8b:84:e1:c0:b3:1b:14:d7:86:1b:b5:b0:1c:c9:2b:9b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  4 04:07:33 2026 GMT
            Not After : May  3 04:12:33 2027 GMT
        Subject: CN=6DF80D63AAAD73A0328DBB5CBF10FEF5F1E16583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:46:c5:8a:a6:18:af:a5:73:26:bb:03:f0:c7:
                    86:27:98:30:b3:a8:6d:a7:9c:9a:e2:da:dc:3d:3d:
                    cd:8c:e6:e8:13:83:25:60:1b:7e:24:35:9b:eb:1f:
                    c5:5e:47:3d:1e:47:93:a3:c7:d1:20:36:09:ca:a3:
                    c6:e4:3c:29:f3:da:72:fd:46:d9:f2:29:65:5c:11:
                    07:8a:66:25:9f:20:e3:4a:32:91:5b:bc:c7:0d:e2:
                    69:2b:6d:04:1a:be:9d:43:34:26:38:06:4f:e3:91:
                    9b:7c:b4:e6:28:1e:c2:b1:1c:2f:93:a2:e6:33:f9:
                    ec:41:55:87:6b:8a:68:0a:e3:6a:f6:0e:44:41:8c:
                    73:60:38:e7:34:9d:a8:0d:80:69:1a:e0:09:2e:c7:
                    c4:d0:44:24:ed:54:94:39:ad:65:ec:e5:d5:41:56:
                    f8:09:be:16:45:8f:e0:df:ec:90:23:63:92:5b:fe:
                    93:75:de:d8:bf:0b:dc:9b:d0:cc:a5:48:b4:78:cc:
                    6f:ad:e6:36:bc:22:a2:ab:00:31:87:74:90:fb:e1:
                    73:b9:56:f1:8b:b9:4b:d3:f9:38:ab:a4:43:00:12:
                    50:2e:20:04:92:7d:0c:46:24:da:bf:5f:f2:08:e1:
                    82:d0:ca:09:65:8a:4c:7e:2a:26:a8:e6:ae:52:ee:
                    30:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F8:0D:63:AA:AD:73:A0:32:8D:BB:5C:BF:10:FE:F5:F1:E1:65:83
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS152804.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:a1:b4:e8:db:f3:e6:9a:96:d2:df:f8:9d:1a:71:02:66:a8:
         4c:94:4a:1b:8c:97:c6:fd:bf:e6:a0:b7:0b:c3:b6:84:9f:a8:
         f1:3c:c9:0c:04:a4:96:a5:37:a8:db:0c:85:4f:6f:19:6a:0a:
         07:0d:e3:47:73:44:17:99:ae:19:05:b5:3c:21:17:0d:88:58:
         93:7d:05:77:31:4d:9b:ad:3c:79:71:a6:b6:42:bc:74:99:6f:
         df:71:e9:88:a7:a1:d8:c9:cc:6e:02:8b:d5:46:3a:19:d0:49:
         11:88:f5:8b:d0:01:92:29:3b:6a:71:24:02:5d:5c:42:b6:27:
         40:d2:52:49:47:d7:d3:8b:0a:34:29:9d:c8:0c:2d:0e:96:ae:
         f9:57:43:c8:9f:ab:46:09:06:48:6a:a0:4c:8b:ae:bc:68:1d:
         48:3c:9c:bd:3e:e8:85:e8:58:9c:31:2a:83:7a:c9:d1:c9:d7:
         39:a6:79:94:cd:1a:05:8d:91:d3:76:79:3e:3b:72:20:7b:28:
         31:8f:7c:dd:2a:e3:3e:3c:2a:20:99:81:d3:af:72:74:d1:5a:
         e3:6f:70:90:ed:4c:53:5c:4c:88:1f:5e:8a:93:3d:63:a0:06:
         84:ec:f9:c5:8c:82:70:d3:23:9a:46:d9:84:36:c3:ac:c4:7c:
         66:37:e0:be
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUFrCgi4ThwLMbFNeGG7WwHMkrmyAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwNDA0MDczM1oX
DTI3MDUwMzA0MTIzM1owMzExMC8GA1UEAxMoNkRGODBENjNBQUFENzNBMDMyOERC
QjVDQkYxMEZFRjVGMUUxNjU4MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdGxYqmGK+lcya7A/DHhieYMLOobaecmuLa3D09zYzm6BODJWAbfiQ1m+sf
xV5HPR5Hk6PH0SA2CcqjxuQ8KfPacv1G2fIpZVwRB4pmJZ8g40oykVu8xw3iaStt
BBq+nUM0JjgGT+ORm3y05igewrEcL5Oi5jP57EFVh2uKaArjavYOREGMc2A45zSd
qA2AaRrgCS7HxNBEJO1UlDmtZezl1UFW+Am+FkWP4N/skCNjklv+k3Xe2L8L3JvQ
zKVItHjMb63mNrwioqsAMYd0kPvhc7lW8Yu5S9P5OKukQwASUC4gBJJ9DEYk2r9f
8gjhgtDKCWWKTH4qJqjmrlLuMD0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRt+A1j
qq1zoDKNu1y/EP718eFlgzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUyODA0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnUK6MA0GCSqGSIb3DQEBCwUAA4IBAQCrobTo2/PmmpbS3/idGnECZqhM
lEobjJfG/b/moLcLw7aEn6jxPMkMBKSWpTeo2wyFT28ZagoHDeNHc0QXma4ZBbU8
IRcNiFiTfQV3MU2brTx5caa2Qrx0mW/fcemIp6HYycxuAovVRjoZ0EkRiPWL0AGS
KTtqcSQCXVxCtidA0lJJR9fTiwo0KZ3IDC0Olq75V0PIn6tGCQZIaqBMi668aB1I
PJy9PuiF6FicMSqDesnRydc5pnmUzRoFjZHTdnk+O3Igeygxj3zdKuM+PCogmYHT
r3J00Vrjb3CQ7UxTXEyIH16Kkz1joAaE7PnFjIJw0yOaRtmENsOsxHxmN+C+
-----END CERTIFICATE-----