Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS154663.roa
File:                     AS154663.roa (raw, json)
Hash identifier:          NG2W4F2FcngjYQP6bUWBwu1bup430VVnjuSx9QLrDvU=
Subject key identifier:   3E:6E:DC:FC:25:4F:9F:46:7E:22:40:78:6F:93:55:3A:52:EE:AB:49
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       11DAF570E31917A14312E61216E2FBCAAE838E7E
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154663.roa
Signing time:             Fri 08 May 2026 03:21:45 +0000
ROA not before:           Fri 08 May 2026 03:16:45 +0000
ROA not after:            Fri 07 May 2027 03:21:45 +0000
asID:                     154663
IP address blocks:        2001:df6:fb40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:da:f5:70:e3:19:17:a1:43:12:e6:12:16:e2:fb:ca:ae:83:8e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  8 03:16:45 2026 GMT
            Not After : May  7 03:21:45 2027 GMT
        Subject: CN=3E6EDCFC254F9F467E2240786F93553A52EEAB49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a6:7f:a1:91:c5:84:e8:65:4b:f6:90:a3:eb:
                    8f:69:d0:40:ff:37:5c:c3:82:cf:1e:b9:89:58:1a:
                    b5:7c:75:52:19:f2:68:95:97:07:5f:bb:df:3e:e5:
                    be:ee:af:86:27:29:bb:27:74:40:a2:73:31:cb:45:
                    39:fc:bb:3f:89:3b:37:4c:61:cf:bf:8a:de:34:88:
                    8f:fe:c4:62:63:8b:e4:d0:f2:c5:fe:ab:d5:d2:3b:
                    23:18:cf:cf:a4:12:01:7d:50:e8:7a:b3:9a:d2:62:
                    fc:01:84:ca:0a:f7:e3:2e:e8:9a:8c:a7:ff:76:4e:
                    88:28:05:b4:90:5c:ff:a2:63:f7:11:1f:ab:7e:4e:
                    92:9d:9e:79:3a:79:ea:f0:40:85:a6:75:aa:76:d7:
                    8b:53:1c:56:5e:5d:db:cc:be:d9:25:a1:f8:21:82:
                    c5:f6:2b:a4:33:b2:26:d5:4a:32:cd:30:23:26:41:
                    71:41:3b:38:44:32:a8:74:f6:b1:ab:50:8a:fe:f1:
                    5b:a3:23:64:67:bf:67:5d:9d:3b:62:95:8a:68:a2:
                    5b:b6:45:bf:a4:d7:b3:5c:b7:e0:35:c7:af:d5:14:
                    d3:8d:7f:d0:7e:1a:8a:75:ca:1d:e4:2a:de:3c:0c:
                    96:f4:f8:fc:c4:1a:7c:d8:12:d2:89:ee:69:a6:0a:
                    af:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6E:DC:FC:25:4F:9F:46:7E:22:40:78:6F:93:55:3A:52:EE:AB:49
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS154663.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:fb40::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:41:11:31:12:db:47:f7:7c:24:a7:b1:2b:a2:66:2e:0b:cf:
         46:52:72:f2:71:b6:9e:56:0e:c2:c9:b3:70:8c:bc:04:a5:d5:
         29:31:0d:64:ad:eb:17:f7:91:73:7a:c8:a7:48:46:34:c7:a1:
         01:3c:a4:37:dd:a2:d9:2c:c5:58:04:2a:4c:71:cf:3c:90:4b:
         3e:19:61:00:93:65:a7:65:9b:0b:90:37:a0:d7:40:d7:7e:c3:
         94:b7:48:36:eb:67:08:0d:62:f5:6d:9e:7c:10:92:2d:bc:3e:
         f2:00:21:07:c2:09:e9:37:3a:ba:8a:38:ae:27:11:31:c2:e1:
         b7:d2:a1:59:29:41:b2:89:8d:59:2c:af:31:f9:85:6a:52:11:
         a6:44:6b:f1:4c:16:fb:38:04:7c:a0:fd:3a:58:db:16:80:b4:
         30:e4:14:a9:54:80:dd:e7:b8:84:ba:b7:6e:40:28:41:7c:20:
         43:31:2b:4a:a9:54:39:ad:ae:83:d7:8d:79:dc:59:fd:eb:34:
         36:97:bd:0b:a0:ff:c8:e2:49:d6:4e:32:45:6c:9c:73:4f:c1:
         19:2e:ea:ba:f9:1d:ac:46:81:52:78:fd:05:ba:d8:9d:9c:66:
         30:aa:a4:ae:c2:fa:52:af:71:71:a2:73:0b:95:4e:54:da:66:
         fd:23:f0:59
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUEdr1cOMZF6FDEuYSFuL7yq6Djn4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwODAzMTY0NVoX
DTI3MDUwNzAzMjE0NVowMzExMC8GA1UEAxMoM0U2RURDRkMyNTRGOUY0NjdFMjI0
MDc4NkY5MzU1M0E1MkVFQUI0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGmf6GRxYToZUv2kKPrj2nQQP83XMOCzx65iVgatXx1UhnyaJWXB1+73z7l
vu6vhicpuyd0QKJzMctFOfy7P4k7N0xhz7+K3jSIj/7EYmOL5NDyxf6r1dI7IxjP
z6QSAX1Q6HqzmtJi/AGEygr34y7omoyn/3ZOiCgFtJBc/6Jj9xEfq35Okp2eeTp5
6vBAhaZ1qnbXi1McVl5d28y+2SWh+CGCxfYrpDOyJtVKMs0wIyZBcUE7OEQyqHT2
satQiv7xW6MjZGe/Z12dO2KVimiiW7ZFv6TXs1y34DXHr9UU041/0H4ainXKHeQq
3jwMlvT4/MQafNgS0onuaaYKr7MCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQ+btz8
JU+fRn4iQHhvk1U6Uu6rSTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTU0NjYzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9vtAMA0GCSqGSIb3DQEBCwUAA4IBAQAYQRExEttH93wkp7EromYu
C89GUnLycbaeVg7CybNwjLwEpdUpMQ1kresX95FzesinSEY0x6EBPKQ33aLZLMVY
BCpMcc88kEs+GWEAk2WnZZsLkDeg10DXfsOUt0g262cIDWL1bZ58EJItvD7yACEH
wgnpNzq6ijiuJxExwuG30qFZKUGyiY1ZLK8x+YVqUhGmRGvxTBb7OAR8oP06WNsW
gLQw5BSpVIDd57iEurduQChBfCBDMStKqVQ5ra6D14153Fn96zQ2l70LoP/I4knW
TjJFbJxzT8EZLuq6+R2sRoFSeP0FutidnGYwqqSuwvpSr3FxonMLlU5U2mb9I/BZ
-----END CERTIFICATE-----