Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS153875.roa
File:                     AS153875.roa (raw, json)
Hash identifier:          8uQ9Ru17Cv1fVOpZ3yODAS+0oxdWtWVB/9PusP/0kRQ=
Subject key identifier:   CE:A5:A3:DE:5B:95:CB:B5:3D:8C:A1:CD:5E:D6:37:23:C3:D1:64:B0
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       289BADCF271D0CCDB858B5D42B4CE472C6492C84
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153875.roa
Signing time:             Mon 11 May 2026 03:31:44 +0000
ROA not before:           Mon 11 May 2026 03:26:44 +0000
ROA not after:            Mon 10 May 2027 03:31:44 +0000
asID:                     153875
IP address blocks:        2001:df7:340::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:9b:ad:cf:27:1d:0c:cd:b8:58:b5:d4:2b:4c:e4:72:c6:49:2c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May 11 03:26:44 2026 GMT
            Not After : May 10 03:31:44 2027 GMT
        Subject: CN=CEA5A3DE5B95CBB53D8CA1CD5ED63723C3D164B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1c:a9:c3:b8:41:d9:cc:c4:78:a7:bf:c7:fc:
                    92:76:b5:c8:5f:d5:18:e8:88:8d:f4:49:f6:98:ad:
                    4f:20:01:a2:ef:ee:03:2e:40:63:b8:f7:51:01:15:
                    47:6b:f3:71:cd:db:68:46:19:82:17:35:75:26:92:
                    e2:4a:46:96:f4:91:36:a8:b5:b0:21:58:b9:0b:db:
                    33:63:55:3d:3f:53:33:e0:73:17:0b:c5:fe:51:54:
                    a0:5a:be:6e:77:bd:e0:da:58:20:ce:24:dd:3e:58:
                    3d:ca:f2:dd:aa:1f:81:cc:d8:a6:18:ff:db:be:cb:
                    15:4a:06:53:64:25:85:dd:5c:d0:91:26:84:e2:72:
                    f0:91:09:56:c2:e1:d4:a4:96:30:26:20:3e:ce:c9:
                    d0:9d:87:53:72:b1:9f:f3:ff:16:f1:09:3d:96:bd:
                    4f:b8:fa:46:61:d5:ff:b6:39:18:78:a5:e8:5d:0e:
                    de:39:3b:e3:6b:f9:d9:b2:ad:0e:c1:63:ef:ac:07:
                    94:dc:cd:96:59:a4:20:79:e7:77:4a:cc:dd:bb:c1:
                    17:e7:04:e1:01:f5:b6:3d:d8:b3:d3:6f:1f:da:49:
                    c4:8f:a4:d8:e1:11:b7:08:c6:c6:f3:d0:d3:d1:c9:
                    fa:ad:e4:6c:62:01:0e:09:da:57:d0:bf:63:53:af:
                    99:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A5:A3:DE:5B:95:CB:B5:3D:8C:A1:CD:5E:D6:37:23:C3:D1:64:B0
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS153875.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df7:340::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:46:93:9e:e0:da:c1:f4:82:5d:dc:fb:4e:79:1a:0a:f0:5f:
         f9:5f:d9:99:c1:3d:19:cf:2c:ff:ba:a9:eb:dc:f1:8e:d3:89:
         a4:10:a3:34:be:c0:99:27:b4:5a:43:de:8f:b5:51:af:7c:fe:
         0c:ce:63:a0:53:eb:1a:f3:85:4e:5e:46:06:93:3b:1d:f5:a4:
         dd:2a:5c:48:40:dd:20:26:13:bf:0f:ef:cb:64:99:f0:29:cb:
         70:1e:12:23:08:70:7d:16:b0:bd:cc:0f:1b:37:69:90:4a:2c:
         a0:a0:a2:af:fb:06:39:75:6f:9b:f6:ae:47:42:91:e6:30:54:
         4b:8d:8b:6e:b5:9d:c1:16:bc:65:4b:4f:9a:57:c7:c1:7a:28:
         5c:f8:39:13:fd:ad:d5:c6:a2:08:50:0b:4e:5a:34:f7:a7:79:
         2b:1f:c1:8c:9f:29:b1:95:7d:e8:6e:65:6e:7d:55:9f:32:0b:
         9e:de:d1:b1:86:64:25:b6:b4:31:50:cf:32:2e:74:9b:7d:89:
         83:2b:23:9c:58:20:da:59:00:37:ed:d0:05:5d:9e:19:ba:04:
         8d:da:77:f6:7b:9b:af:ca:21:76:dc:1d:63:20:59:d9:98:d6:
         7f:78:83:12:1e:c9:f7:17:b9:2e:8c:2b:b0:aa:08:71:b2:8b:
         d0:f3:f6:ce
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUKJutzycdDM24WLXUK0zkcsZJLIQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUxMTAzMjY0NFoX
DTI3MDUxMDAzMzE0NFowMzExMC8GA1UEAxMoQ0VBNUEzREU1Qjk1Q0JCNTNEOENB
MUNENUVENjM3MjNDM0QxNjRCMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkcqcO4QdnMxHinv8f8kna1yF/VGOiIjfRJ9pitTyABou/uAy5AY7j3UQEV
R2vzcc3baEYZghc1dSaS4kpGlvSRNqi1sCFYuQvbM2NVPT9TM+BzFwvF/lFUoFq+
bne94NpYIM4k3T5YPcry3aofgczYphj/277LFUoGU2Qlhd1c0JEmhOJy8JEJVsLh
1KSWMCYgPs7J0J2HU3Kxn/P/FvEJPZa9T7j6RmHV/7Y5GHil6F0O3jk742v52bKt
DsFj76wHlNzNllmkIHnnd0rM3bvBF+cE4QH1tj3Ys9NvH9pJxI+k2OERtwjGxvPQ
09HJ+q3kbGIBDgnaV9C/Y1OvmV0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTOpaPe
W5XLtT2Moc1e1jcjw9FksDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUzODc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9wNAMA0GCSqGSIb3DQEBCwUAA4IBAQBLRpOe4NrB9IJd3PtOeRoK
8F/5X9mZwT0Zzyz/uqnr3PGO04mkEKM0vsCZJ7RaQ96PtVGvfP4MzmOgU+sa84VO
XkYGkzsd9aTdKlxIQN0gJhO/D+/LZJnwKctwHhIjCHB9FrC9zA8bN2mQSiygoKKv
+wY5dW+b9q5HQpHmMFRLjYtutZ3BFrxlS0+aV8fBeihc+DkT/a3VxqIIUAtOWjT3
p3krH8GMnymxlX3obmVufVWfMgue3tGxhmQltrQxUM8yLnSbfYmDKyOcWCDaWQA3
7dAFXZ4ZugSN2nf2e5uvyiF23B1jIFnZmNZ/eIMSHsn3F7kujCuwqghxsovQ8/bO
-----END CERTIFICATE-----