Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152758.roa
File:                     AS152758.roa (raw, json)
Hash identifier:          firvtai2RghIk1O1+5ogWUh8vD+6BhDRKqNVnwwhXVQ=
Subject key identifier:   1C:4B:BF:68:80:F7:4B:92:0A:35:51:B6:5D:79:9A:7E:92:95:2D:F5
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       4E0F908346D4C48268896FD26057B0FAAC0AD2EA
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152758.roa
Signing time:             Sun 03 May 2026 05:38:22 +0000
ROA not before:           Sun 03 May 2026 05:33:22 +0000
ROA not after:            Sun 02 May 2027 05:38:22 +0000
asID:                     152758
IP address blocks:        2001:df3:d1c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:0f:90:83:46:d4:c4:82:68:89:6f:d2:60:57:b0:fa:ac:0a:d2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 05:33:22 2026 GMT
            Not After : May  2 05:38:22 2027 GMT
        Subject: CN=1C4BBF6880F74B920A3551B65D799A7E92952DF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c0:ab:84:a0:8d:6d:a5:5c:27:98:5f:74:f7:
                    c9:13:31:f3:10:a9:69:64:14:f8:33:01:0b:f0:9b:
                    3f:91:cf:2b:54:95:17:5a:0c:68:b6:f2:d4:4e:dd:
                    06:69:59:b4:a5:f2:9a:9d:b4:59:65:a6:4c:45:0f:
                    15:fb:a0:cc:85:e8:5a:c6:4d:00:2e:8d:c0:35:87:
                    34:85:55:b1:29:7d:dc:58:a1:48:3c:8e:11:47:11:
                    5d:ca:08:29:ff:b0:84:3a:59:d4:6f:60:c4:ea:9f:
                    f9:1b:29:0b:55:7e:b1:a4:72:48:2d:b2:d4:0f:f6:
                    1c:ac:5f:cb:2b:dd:5d:c2:d3:59:e2:ef:2f:9b:99:
                    a7:a3:e2:44:30:70:1b:9c:ab:78:ab:e1:f0:b9:e5:
                    0c:a8:be:49:5d:93:53:83:8d:16:fa:9a:26:28:62:
                    59:49:51:50:b9:3c:ff:ce:e9:ff:00:46:15:32:dc:
                    46:09:9e:d3:04:0d:ee:e5:96:80:1b:47:b0:2e:b0:
                    ee:ed:63:61:ae:48:16:d7:ff:31:0e:ee:df:25:1e:
                    b7:b3:35:67:75:58:7e:6a:44:a9:2f:63:00:e3:6c:
                    f2:4b:78:c8:75:a8:19:78:4f:2d:63:05:e7:af:b7:
                    f6:5e:db:fc:8a:f4:92:be:b4:9d:24:f3:97:de:e7:
                    6b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:4B:BF:68:80:F7:4B:92:0A:35:51:B6:5D:79:9A:7E:92:95:2D:F5
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152758.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:d1c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:d5:25:38:1e:a0:88:43:61:d5:44:c5:80:07:20:3e:60:2d:
         cc:d5:b8:1c:ad:4a:da:b1:9d:e8:e8:84:af:29:0e:a7:e4:3c:
         17:1c:e7:d2:52:a6:60:d5:46:49:71:e7:e9:f5:50:11:21:9d:
         6b:1a:0b:6e:2b:7b:01:90:b1:e2:78:88:04:10:2a:8b:6f:52:
         fa:f1:84:4d:61:ad:31:71:80:bf:42:f4:29:7c:0a:41:f9:89:
         c7:fb:cc:2a:53:54:9f:1f:f6:52:f4:d6:ae:8a:9a:19:81:12:
         8a:31:ec:e2:ba:c6:71:ef:0c:58:1f:01:42:de:6a:22:36:32:
         91:9b:94:70:67:a2:4d:04:3f:d0:6e:e5:00:75:8f:22:81:1a:
         62:7d:fa:bc:d8:52:73:ef:4f:f8:16:45:e7:bd:9b:5c:ff:68:
         73:8c:22:5a:5e:fb:0d:1a:82:4c:36:24:d4:7a:2d:29:d7:ef:
         33:77:88:0c:29:93:5f:02:d9:d1:e5:ba:02:10:43:93:9c:8f:
         8e:e2:57:63:7c:31:e1:03:10:1f:7e:bc:51:06:ee:22:67:c6:
         74:fb:6d:41:2a:97:bc:c3:39:d2:e5:5d:a7:6a:97:c3:df:37:
         76:24:14:ec:9a:8f:eb:35:fb:08:92:fd:4e:d4:f5:4d:e3:2f:
         05:14:1d:3b
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUTg+Qg0bUxIJoiW/SYFew+qwK0uowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzA1MzMyMloX
DTI3MDUwMjA1MzgyMlowMzExMC8GA1UEAxMoMUM0QkJGNjg4MEY3NEI5MjBBMzU1
MUI2NUQ3OTlBN0U5Mjk1MkRGNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDAq4SgjW2lXCeYX3T3yRMx8xCpaWQU+DMBC/CbP5HPK1SVF1oMaLby1E7d
BmlZtKXymp20WWWmTEUPFfugzIXoWsZNAC6NwDWHNIVVsSl93FihSDyOEUcRXcoI
Kf+whDpZ1G9gxOqf+RspC1V+saRySC2y1A/2HKxfyyvdXcLTWeLvL5uZp6PiRDBw
G5yreKvh8LnlDKi+SV2TU4ONFvqaJihiWUlRULk8/87p/wBGFTLcRgme0wQN7uWW
gBtHsC6w7u1jYa5IFtf/MQ7u3yUet7M1Z3VYfmpEqS9jAONs8kt4yHWoGXhPLWMF
56+39l7b/Ir0kr60nSTzl97nawUCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQcS79o
gPdLkgo1UbZdeZp+kpUt9TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyNzU4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN89HAMA0GCSqGSIb3DQEBCwUAA4IBAQB41SU4HqCIQ2HVRMWAByA+
YC3M1bgcrUrasZ3o6ISvKQ6n5DwXHOfSUqZg1UZJcefp9VARIZ1rGgtuK3sBkLHi
eIgEECqLb1L68YRNYa0xcYC/QvQpfApB+YnH+8wqU1SfH/ZS9NauipoZgRKKMezi
usZx7wxYHwFC3moiNjKRm5RwZ6JNBD/QbuUAdY8igRpiffq82FJz70/4FkXnvZtc
/2hzjCJaXvsNGoJMNiTUei0p1+8zd4gMKZNfAtnR5boCEEOTnI+O4ldjfDHhAxAf
frxRBu4iZ8Z0+21BKpe8wznS5V2napfD3zd2JBTsmo/rNfsIkv1O1PVN4y8FFB07
-----END CERTIFICATE-----