Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153565.roa
File:                     AS153565.roa (raw, json)
Hash identifier:          4XkyTY9zX6TtlbRJSpRuTAZCeSXarnr4FnztiCjRYBA=
Subject key identifier:   6F:25:D7:C1:C0:E4:BE:E0:7A:2B:0F:CF:87:ED:1B:9A:95:FD:5A:0B
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       553E83F20313D8644E3583F304AF844AC55F366B
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153565.roa
Signing time:             Fri 13 Feb 2026 06:00:00 +0000
ROA not before:           Fri 13 Feb 2026 05:55:00 +0000
ROA not after:            Fri 12 Feb 2027 06:00:00 +0000
asID:                     153565
IP address blocks:        161.248.226.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 05 Mar 2026 02:45:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:3e:83:f2:03:13:d8:64:4e:35:83:f3:04:af:84:4a:c5:5f:36:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Feb 13 05:55:00 2026 GMT
            Not After : Feb 12 06:00:00 2027 GMT
        Subject: CN=6F25D7C1C0E4BEE07A2B0FCF87ED1B9A95FD5A0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c6:bb:a9:3c:e9:e7:83:99:15:0f:8a:27:25:
                    f0:c6:b0:69:d3:47:d7:4e:8b:6d:cf:fc:eb:24:f7:
                    6d:4c:1a:d8:fa:eb:f0:3a:c3:3b:a6:f2:3e:bb:8e:
                    4f:c9:63:b0:c4:51:13:d7:c0:9f:42:76:f8:c9:b6:
                    40:86:75:15:99:0e:c4:54:f8:d5:e0:de:7b:88:38:
                    9b:33:7c:45:9d:87:b4:aa:e7:9f:2b:30:9c:4f:5c:
                    42:a8:77:ed:e0:6f:71:93:f5:3b:21:33:46:92:ff:
                    4f:85:8c:aa:a2:24:f4:6f:13:90:ef:42:09:cf:78:
                    fb:31:4c:15:e6:9f:a6:d4:1b:d0:a0:9b:22:25:ef:
                    3e:ff:de:b2:88:ab:98:c7:1f:09:c3:ba:3e:62:1a:
                    d7:f6:5c:0e:39:37:9e:e4:6d:e9:78:aa:f3:82:2b:
                    73:a0:59:2e:97:d8:ca:57:76:1f:ed:7e:29:82:0e:
                    a4:3e:19:01:2d:4b:f4:e6:f2:83:26:aa:3e:98:fc:
                    11:d7:a7:fb:21:17:57:1e:e0:d9:3c:96:44:a2:2d:
                    56:24:0b:f8:1f:d5:fe:0f:e9:ab:5d:66:73:48:d1:
                    0a:74:15:32:ac:9d:a2:c7:25:ac:aa:34:f4:2b:2e:
                    bb:36:43:13:53:3b:56:59:e9:5b:2b:eb:4a:8d:fb:
                    49:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:25:D7:C1:C0:E4:BE:E0:7A:2B:0F:CF:87:ED:1B:9A:95:FD:5A:0B
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS153565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:f1:26:27:96:b1:fe:7c:c8:a0:2f:c1:33:65:60:46:1e:b9:
         57:42:98:05:88:48:60:c0:52:ac:75:a1:bf:82:78:c6:b7:42:
         9d:9a:a7:83:31:4f:0c:18:7d:91:7d:42:a7:0b:cf:c8:16:b2:
         ff:d4:34:bc:8d:e4:6a:5d:4f:49:37:3d:32:53:7d:e4:5e:91:
         4d:4e:37:2b:ef:46:05:f6:5c:5b:9f:aa:ab:23:07:96:6f:97:
         e6:a6:0d:7e:b9:30:11:f5:6b:5c:29:be:ce:98:5a:27:e6:39:
         e6:26:a3:e0:b3:f1:98:4b:0a:2e:3a:11:75:28:ef:2c:e0:87:
         1e:99:00:73:0f:52:8a:30:b4:74:13:7c:07:b7:4c:7d:8a:31:
         58:ed:a6:23:0d:bd:67:11:04:65:3c:98:0f:01:dc:bd:1a:6f:
         2d:a8:ac:eb:54:09:3a:50:f8:2f:2c:e1:8b:f2:81:02:0d:a2:
         b5:2d:0e:1a:4d:40:1e:7b:48:4b:7d:a1:40:82:95:d2:6c:83:
         e3:b8:e2:49:c0:23:d0:d4:3f:49:f8:a7:12:22:aa:33:44:f9:
         dc:71:81:78:22:19:56:7c:49:ac:54:1b:9d:2b:e2:0a:74:67:
         71:b0:ca:7e:b4:a2:2d:ab:ab:d9:17:3f:72:f7:48:11:92:3e:
         46:3e:28:c7
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUVT6D8gMT2GRONYPzBK+ESsVfNmswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDIxMzA1NTUwMFoX
DTI3MDIxMjA2MDAwMFowMzExMC8GA1UEAxMoNkYyNUQ3QzFDMEU0QkVFMDdBMkIw
RkNGODdFRDFCOUE5NUZENUEwQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTGu6k86eeDmRUPiicl8MawadNH106Lbc/86yT3bUwa2Prr8DrDO6byPruO
T8ljsMRRE9fAn0J2+Mm2QIZ1FZkOxFT41eDee4g4mzN8RZ2HtKrnnyswnE9cQqh3
7eBvcZP1OyEzRpL/T4WMqqIk9G8TkO9CCc94+zFMFeafptQb0KCbIiXvPv/esoir
mMcfCcO6PmIa1/ZcDjk3nuRt6Xiq84Irc6BZLpfYyld2H+1+KYIOpD4ZAS1L9Oby
gyaqPpj8Eden+yEXVx7g2TyWRKItViQL+B/V/g/pq11mc0jRCnQVMqydosclrKo0
9CsuuzZDE1M7VlnpWyvrSo37STMCAwEAAaOCAdAwggHMMB0GA1UdDgQWBBRvJdfB
wOS+4HorD8+H7Rualf1aCzAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE1MzU2NS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaH44jANBgkqhkiG9w0BAQsFAAOCAQEAXPEmJ5ax/nzIoC/BM2Vg
Rh65V0KYBYhIYMBSrHWhv4J4xrdCnZqngzFPDBh9kX1CpwvPyBay/9Q0vI3kal1P
STc9MlN95F6RTU43K+9GBfZcW5+qqyMHlm+X5qYNfrkwEfVrXCm+zphaJ+Y55iaj
4LPxmEsKLjoRdSjvLOCHHpkAcw9SijC0dBN8B7dMfYoxWO2mIw29ZxEEZTyYDwHc
vRpvLais61QJOlD4Lyzhi/KBAg2itS0OGk1AHntIS32hQIKV0myD47jiScAj0NQ/
SfinEiKqM0T53HGBeCIZVnxJrFQbnSviCnRncbDKfrSiLaur2Rc/cvdIEZI+Rj4o
xw==
-----END CERTIFICATE-----