Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152757.roa
File:                     AS152757.roa (raw, json)
Hash identifier:          9Jhhw4z8lUi3Kp4v5rf26Eo3sgeSt1ZW75sqx4cZUDo=
Subject key identifier:   8E:47:CA:CA:44:4D:35:72:B7:3E:33:35:B9:1B:B6:A6:15:81:B2:15
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       4708288CA682662B7AD314FD30704E1CEBEF9EFF
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152757.roa
Signing time:             Mon 04 May 2026 06:43:13 +0000
ROA not before:           Mon 04 May 2026 06:38:13 +0000
ROA not after:            Mon 03 May 2027 06:43:13 +0000
asID:                     152757
IP address blocks:        2001:df3:d2c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:08:28:8c:a6:82:66:2b:7a:d3:14:fd:30:70:4e:1c:eb:ef:9e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  4 06:38:13 2026 GMT
            Not After : May  3 06:43:13 2027 GMT
        Subject: CN=8E47CACA444D3572B73E3335B91BB6A61581B215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:23:d3:2a:43:d4:ff:a5:ea:a0:24:5a:79:1e:
                    08:f3:88:2b:9c:61:b2:eb:6e:1f:e2:af:4e:de:39:
                    2a:c8:fe:45:71:86:81:11:92:64:25:72:3c:ed:9a:
                    f0:57:e4:87:76:d7:66:ff:ad:96:c8:e7:92:fa:b9:
                    a2:40:53:ab:52:2d:c5:86:33:ba:9f:fe:e3:6c:5b:
                    14:05:9c:c4:fe:9c:8c:24:40:9a:bf:72:7e:95:6d:
                    8a:0d:1c:aa:da:f8:bb:77:f1:0e:80:4f:7b:71:3a:
                    d0:0f:75:3f:5d:63:cf:5a:53:9a:86:90:55:11:63:
                    98:03:d3:e9:b7:8d:f7:52:aa:39:31:b0:95:7b:19:
                    c0:e5:8a:60:11:cf:d1:e7:c5:70:2c:0c:f7:21:ed:
                    11:29:84:b8:0b:44:2d:d1:0e:2c:8d:de:17:de:15:
                    95:9a:d7:de:72:9a:90:77:93:a3:bb:2e:56:89:c2:
                    e0:14:d8:f6:d6:e9:28:b8:9e:78:2d:ea:27:fc:92:
                    5a:fe:dc:61:cc:98:e4:c6:e1:c2:93:93:05:24:54:
                    bf:e6:2d:0b:51:d0:69:06:4f:77:49:59:99:c5:92:
                    99:b9:08:ea:3d:a6:c8:c8:d7:f0:3e:3d:da:9e:a8:
                    ad:c5:ee:bf:bd:bf:0f:ac:84:45:d6:1a:23:98:b4:
                    ea:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:47:CA:CA:44:4D:35:72:B7:3E:33:35:B9:1B:B6:A6:15:81:B2:15
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152757.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:d2c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:99:92:7e:83:38:b4:45:bb:d2:d0:6d:00:b2:54:da:8e:ed:
         99:79:6d:ab:49:51:63:6d:cb:9d:bb:41:00:49:99:b5:4b:08:
         c6:2e:fa:ed:96:ac:5a:08:48:7c:82:d6:b6:1f:e3:44:01:92:
         c1:b5:fa:20:19:0f:48:74:e9:c7:0c:42:3f:29:60:51:8f:d7:
         df:b9:49:1b:69:ec:fc:f6:91:12:84:56:5e:03:31:76:5c:38:
         bc:f2:b5:5a:3f:fa:82:e1:24:95:53:6c:d1:00:22:92:82:56:
         ae:0f:1a:9e:a4:5a:6a:be:65:1f:f0:2d:86:f8:5b:6c:82:50:
         08:63:a1:2a:c2:56:31:f5:30:e4:ff:88:14:02:f2:71:9b:02:
         1b:71:b7:c0:c8:53:53:6d:05:4f:a4:b9:5a:d5:35:51:a1:ab:
         96:1e:79:68:c2:55:90:99:18:fa:ab:c9:1c:92:c0:4b:5d:4b:
         65:d2:4c:19:df:ad:2e:76:37:71:f8:1b:4b:78:6c:e8:a1:f6:
         aa:be:71:f9:50:90:39:10:fa:eb:e5:45:22:41:cf:1d:fe:40:
         0c:07:9b:a3:f0:77:ba:d7:67:a3:4b:af:58:f4:fc:12:f8:07:
         ad:59:34:da:60:0e:8d:f6:ca:16:c5:66:64:0f:39:b9:a3:19:
         8c:12:e3:6a
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIURwgojKaCZit60xT9MHBOHOvvnv8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwNDA2MzgxM1oX
DTI3MDUwMzA2NDMxM1owMzExMC8GA1UEAxMoOEU0N0NBQ0E0NDREMzU3MkI3M0Uz
MzM1QjkxQkI2QTYxNTgxQjIxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0j0ypD1P+l6qAkWnkeCPOIK5xhsutuH+KvTt45Ksj+RXGGgRGSZCVyPO2a
8Ffkh3bXZv+tlsjnkvq5okBTq1ItxYYzup/+42xbFAWcxP6cjCRAmr9yfpVtig0c
qtr4u3fxDoBPe3E60A91P11jz1pTmoaQVRFjmAPT6beN91KqOTGwlXsZwOWKYBHP
0efFcCwM9yHtESmEuAtELdEOLI3eF94VlZrX3nKakHeTo7suVonC4BTY9tbpKLie
eC3qJ/ySWv7cYcyY5MbhwpOTBSRUv+YtC1HQaQZPd0lZmcWSmbkI6j2myMjX8D49
2p6orcXuv72/D6yERdYaI5i06t8CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBSOR8rK
RE01crc+MzW5G7amFYGyFTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyNzU3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN89LAMA0GCSqGSIb3DQEBCwUAA4IBAQCCmZJ+gzi0RbvS0G0AslTa
ju2ZeW2rSVFjbcudu0EASZm1SwjGLvrtlqxaCEh8gta2H+NEAZLBtfogGQ9IdOnH
DEI/KWBRj9ffuUkbaez89pEShFZeAzF2XDi88rVaP/qC4SSVU2zRACKSglauDxqe
pFpqvmUf8C2G+FtsglAIY6EqwlYx9TDk/4gUAvJxmwIbcbfAyFNTbQVPpLla1TVR
oauWHnlowlWQmRj6q8kcksBLXUtl0kwZ360udjdx+BtLeGzoofaqvnH5UJA5EPrr
5UUiQc8d/kAMB5uj8He612ejS69Y9PwS+AetWTTaYA6N9soWxWZkDzm5oxmMEuNq
-----END CERTIFICATE-----