Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154651.roa
File:                     AS154651.roa (raw, json)
Hash identifier:          HmkpZpZMRPDHLC1gMkFBh6YukIJO7ueMFaTCt5vwq8g=
Subject key identifier:   26:1E:88:6B:CE:65:FE:71:CE:03:30:EB:DD:B2:AA:55:18:A8:A2:5C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       736745FA02DDB791122636A4409DDB064241BFCD
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154651.roa
Signing time:             Thu 07 May 2026 03:56:16 +0000
ROA not before:           Thu 07 May 2026 03:51:16 +0000
ROA not after:            Thu 06 May 2027 03:56:16 +0000
asID:                     154651
IP address blocks:        2001:df6:fbc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:67:45:fa:02:dd:b7:91:12:26:36:a4:40:9d:db:06:42:41:bf:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  7 03:51:16 2026 GMT
            Not After : May  6 03:56:16 2027 GMT
        Subject: CN=261E886BCE65FE71CE0330EBDDB2AA5518A8A25C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:b4:ef:04:e7:60:af:04:05:ec:5c:24:4b:
                    9a:6e:8c:99:2b:c6:8b:a6:ff:af:21:ae:7c:24:0f:
                    70:ca:5a:cd:b0:99:8d:34:08:8d:e6:fa:d9:15:bc:
                    76:be:76:ec:a5:8f:db:63:4e:29:76:16:9e:9f:8d:
                    51:2c:de:f5:ea:37:cb:63:85:6e:e5:50:b9:a2:49:
                    29:a9:cb:60:25:e9:68:53:f2:e7:ad:38:ad:12:f4:
                    7d:bf:30:2b:2f:9a:3d:95:a1:4b:28:fe:fa:66:d2:
                    65:e8:62:52:de:82:7c:a4:58:2b:3a:a8:07:1f:cd:
                    c0:ed:39:62:e4:a7:c7:7d:54:5f:81:25:7b:ac:eb:
                    dc:fc:52:81:e9:0b:80:39:dd:d9:b5:e9:4b:a1:0c:
                    9f:93:c3:89:99:eb:41:48:2f:47:d0:85:8b:69:8f:
                    18:66:6d:b6:02:f2:99:64:55:c8:f6:f4:9e:c9:02:
                    ef:ba:72:a2:67:bd:fe:91:89:2f:4e:34:2b:e1:c3:
                    8c:91:84:ad:3d:d0:77:a0:bf:f0:88:47:19:f8:65:
                    44:92:46:82:2b:ef:70:04:2d:1a:76:17:af:8c:ff:
                    e1:82:ff:81:40:96:a0:f2:d1:d7:cf:60:75:00:c3:
                    e4:24:0a:17:b0:9f:ab:4a:76:50:60:5b:63:88:21:
                    83:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:1E:88:6B:CE:65:FE:71:CE:03:30:EB:DD:B2:AA:55:18:A8:A2:5C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154651.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:fbc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:75:8d:43:d7:a6:66:91:d7:7f:11:8c:ec:fc:a5:69:80:6d:
         23:8c:0c:e9:ec:73:bf:89:4b:3e:cb:a1:9d:de:d8:15:44:e6:
         21:92:94:3b:c7:8e:90:e0:4d:4e:66:b1:da:8a:71:5f:e2:a8:
         d7:b7:ef:c5:87:8d:f0:96:1c:fb:31:94:a2:f9:25:1e:4d:a1:
         2d:48:d9:34:c3:c2:67:c3:4e:cd:63:49:2b:ed:28:2b:de:df:
         58:48:86:22:26:1e:c6:78:1f:96:e4:a4:70:ff:5f:9a:4e:ce:
         6b:09:e7:2f:f7:23:0a:44:0d:c7:64:30:92:d1:60:a6:ad:94:
         e1:86:2e:48:21:a3:0c:48:0a:98:9f:2b:c6:02:af:07:f0:09:
         b5:b7:ed:11:89:b9:e3:89:8b:a8:92:27:80:e5:b1:a6:04:eb:
         0e:2d:b8:89:c8:59:5e:b4:8a:67:74:54:4d:cc:15:80:f9:ee:
         f3:b1:a4:5f:6c:12:4e:af:78:2b:16:3d:ad:19:95:c3:a9:09:
         8b:cf:02:63:88:ca:83:d3:15:03:1d:74:e5:c6:ef:76:72:31:
         f3:93:7f:94:ea:2a:75:58:4b:d6:22:29:62:1b:a8:21:9d:5b:
         2b:d6:7e:f5:56:79:02:bf:23:ef:a6:35:16:bb:04:9a:64:db:
         47:a5:e9:19
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUc2dF+gLdt5ESJjakQJ3bBkJBv80wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwNzAzNTExNloX
DTI3MDUwNjAzNTYxNlowMzExMC8GA1UEAxMoMjYxRTg4NkJDRTY1RkU3MUNFMDMz
MEVCRERCMkFBNTUxOEE4QTI1QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjDtO8E52CvBAXsXCRLmm6MmSvGi6b/ryGufCQPcMpazbCZjTQIjeb62RW8
dr527KWP22NOKXYWnp+NUSze9eo3y2OFbuVQuaJJKanLYCXpaFPy5604rRL0fb8w
Ky+aPZWhSyj++mbSZehiUt6CfKRYKzqoBx/NwO05YuSnx31UX4Ele6zr3PxSgekL
gDnd2bXpS6EMn5PDiZnrQUgvR9CFi2mPGGZttgLymWRVyPb0nskC77pyome9/pGJ
L040K+HDjJGErT3Qd6C/8IhHGfhlRJJGgivvcAQtGnYXr4z/4YL/gUCWoPLR189g
dQDD5CQKF7Cfq0p2UGBbY4ghg+0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQmHohr
zmX+cc4DMOvdsqpVGKiiXDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0NjUxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9vvAMA0GCSqGSIb3DQEBCwUAA4IBAQA0dY1D16Zmkdd/EYzs/KVp
gG0jjAzp7HO/iUs+y6Gd3tgVROYhkpQ7x46Q4E1OZrHainFf4qjXt+/Fh43wlhz7
MZSi+SUeTaEtSNk0w8Jnw07NY0kr7Sgr3t9YSIYiJh7GeB+W5KRw/1+aTs5rCecv
9yMKRA3HZDCS0WCmrZThhi5IIaMMSAqYnyvGAq8H8Am1t+0RibnjiYuokieA5bGm
BOsOLbiJyFletIpndFRNzBWA+e7zsaRfbBJOr3grFj2tGZXDqQmLzwJjiMqD0xUD
HXTlxu92cjHzk3+U6ip1WEvWIiliG6ghnVsr1n71VnkCvyPvpjUWuwSaZNtHpekZ
-----END CERTIFICATE-----