Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153875.roa
File:                     AS153875.roa (raw, json)
Hash identifier:          m1r6DdrNEtiQUFQLnZJV8D5t9UD2YiT1D4BTFaWP/LA=
Subject key identifier:   E9:65:3E:BF:D4:A4:8E:50:AF:C6:B8:FC:DC:9F:DA:6D:54:FD:2B:32
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       257262F1127B3D0EA832A30DBD0B2804335B20A7
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153875.roa
Signing time:             Mon 11 May 2026 03:31:13 +0000
ROA not before:           Mon 11 May 2026 03:26:13 +0000
ROA not after:            Mon 10 May 2027 03:31:13 +0000
asID:                     153875
IP address blocks:        162.4.90.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:72:62:f1:12:7b:3d:0e:a8:32:a3:0d:bd:0b:28:04:33:5b:20:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May 11 03:26:13 2026 GMT
            Not After : May 10 03:31:13 2027 GMT
        Subject: CN=E9653EBFD4A48E50AFC6B8FCDC9FDA6D54FD2B32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dc:27:7d:52:cd:7c:c7:d8:fd:c5:2b:1c:f1:
                    a8:32:54:90:63:d0:b4:65:11:eb:83:8b:bb:52:99:
                    1f:f9:54:d1:80:22:ca:0a:38:63:6a:80:3d:e3:a8:
                    56:d0:dc:de:e6:38:da:64:d9:24:32:4b:1a:d5:5f:
                    44:a6:a3:02:7f:d8:ee:95:eb:d3:e8:e9:dc:30:1e:
                    54:b8:7e:6c:0b:ab:3d:7b:6c:5d:4b:98:50:1a:c5:
                    b2:31:67:b4:6e:7f:9c:51:96:cb:d4:1e:8c:af:4b:
                    da:27:e9:04:ce:df:88:22:ee:67:8f:58:8d:ee:89:
                    b0:05:56:9f:ef:36:ab:55:e6:57:db:96:31:f3:f0:
                    f5:89:e0:fd:a7:38:59:4a:4e:71:88:ea:d8:ed:a8:
                    b5:f5:38:74:83:44:ae:8c:87:1c:cd:90:ff:2e:6c:
                    ed:82:51:92:90:1a:e7:97:c3:ac:bc:32:75:11:b7:
                    e4:17:4e:bb:79:d9:fb:f6:06:2c:e1:a7:56:66:32:
                    ee:91:d9:af:33:e4:3a:52:d2:07:43:12:11:55:f3:
                    c9:ec:17:75:80:ae:dd:44:cb:d3:7b:d1:2e:f2:1c:
                    b7:d0:e4:25:11:64:cd:23:64:ab:f4:e6:02:61:a8:
                    f0:71:ef:04:d9:35:fa:00:d4:9c:4f:40:6c:6b:9f:
                    a8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:65:3E:BF:D4:A4:8E:50:AF:C6:B8:FC:DC:9F:DA:6D:54:FD:2B:32
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153875.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:9e:85:c6:77:12:30:58:77:16:6f:bc:40:de:6c:a3:6d:0f:
         c1:33:92:6e:2d:0b:96:2e:32:95:67:fa:bb:16:82:66:89:ff:
         6c:8e:e5:82:a7:70:c6:50:9f:02:16:7f:19:35:8a:92:8b:da:
         e2:99:50:9e:b6:ba:92:c3:6b:60:1b:10:e0:1c:af:3f:9d:4c:
         15:30:7f:04:62:7d:17:42:e0:1a:da:59:00:3c:9b:aa:33:cc:
         aa:e7:44:5e:d1:a4:5e:83:67:b7:0e:51:44:4e:01:13:c8:18:
         d3:7e:cd:a9:7d:48:bc:01:eb:c8:a6:7d:c1:bc:82:ed:7d:98:
         3e:1f:91:10:6e:c8:15:65:73:76:58:46:bf:b7:30:e7:4f:4e:
         78:07:88:f6:a2:c0:f0:80:d8:15:f7:45:ae:67:46:18:7d:cf:
         16:6f:68:f4:38:c7:20:c1:b7:b7:ee:48:3b:90:67:7b:28:ef:
         d4:15:d3:a6:96:6a:53:2e:f4:f0:89:7a:f5:b5:eb:d9:9a:e9:
         72:34:21:99:b8:2e:3f:9d:dd:68:7a:14:37:34:22:bc:28:50:
         16:a9:61:ee:82:65:56:51:70:42:09:31:7e:3f:30:d6:d5:f6:
         9b:10:0f:17:ce:9c:1a:3b:7c:0a:46:ac:b6:4a:07:9b:0a:b5:
         65:c3:90:57
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJXJi8RJ7PQ6oMqMNvQsoBDNbIKcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUxMTAzMjYxM1oX
DTI3MDUxMDAzMzExM1owMzExMC8GA1UEAxMoRTk2NTNFQkZENEE0OEU1MEFGQzZC
OEZDREM5RkRBNkQ1NEZEMkIzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHcJ31SzXzH2P3FKxzxqDJUkGPQtGUR64OLu1KZH/lU0YAiygo4Y2qAPeOo
VtDc3uY42mTZJDJLGtVfRKajAn/Y7pXr0+jp3DAeVLh+bAurPXtsXUuYUBrFsjFn
tG5/nFGWy9QejK9L2ifpBM7fiCLuZ49Yje6JsAVWn+82q1XmV9uWMfPw9Yng/ac4
WUpOcYjq2O2otfU4dINEroyHHM2Q/y5s7YJRkpAa55fDrLwydRG35BdOu3nZ+/YG
LOGnVmYy7pHZrzPkOlLSB0MSEVXzyewXdYCu3UTL03vRLvIct9DkJRFkzSNkq/Tm
AmGo8HHvBNk1+gDUnE9AbGufqCkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTpZT6/
1KSOUK/GuPzcn9ptVP0rMjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzODc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBogRaMA0GCSqGSIb3DQEBCwUAA4IBAQAlnoXGdxIwWHcWb7xA3myjbQ/B
M5JuLQuWLjKVZ/q7FoJmif9sjuWCp3DGUJ8CFn8ZNYqSi9rimVCetrqSw2tgGxDg
HK8/nUwVMH8EYn0XQuAa2lkAPJuqM8yq50Re0aReg2e3DlFETgETyBjTfs2pfUi8
AevIpn3BvILtfZg+H5EQbsgVZXN2WEa/tzDnT054B4j2osDwgNgV90WuZ0YYfc8W
b2j0OMcgwbe37kg7kGd7KO/UFdOmlmpTLvTwiXr1tevZmulyNCGZuC4/nd1oehQ3
NCK8KFAWqWHugmVWUXBCCTF+PzDW1fabEA8XzpwaO3wKRqy2SgebCrVlw5BX
-----END CERTIFICATE-----