Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153070.roa
File:                     AS153070.roa (raw, json)
Hash identifier:          a5MkK5cq4YMF6mc6fInWwR2Yy9N6I3zzqMy4wzYAvOw=
Subject key identifier:   AD:34:52:0F:D7:1D:E4:E0:55:3A:37:7D:03:2E:63:B8:36:80:9D:97
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       08B9D2D9A356A8AC388781D0CE24F24EFACDD7C1
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153070.roa
Signing time:             Wed 10 Jun 2026 09:42:44 +0000
ROA not before:           Wed 10 Jun 2026 09:37:44 +0000
ROA not after:            Wed 09 Jun 2027 09:42:44 +0000
asID:                     153070
IP address blocks:        160.22.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:b9:d2:d9:a3:56:a8:ac:38:87:81:d0:ce:24:f2:4e:fa:cd:d7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: Jun 10 09:37:44 2026 GMT
            Not After : Jun  9 09:42:44 2027 GMT
        Subject: CN=AD34520FD71DE4E0553A377D032E63B836809D97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:07:48:21:2b:92:02:31:73:31:23:82:4c:a6:
                    9e:14:ed:9d:81:be:6f:6a:2e:62:ef:29:c8:64:b0:
                    35:09:82:03:d7:9c:93:7c:dc:6b:5f:09:8d:9e:0e:
                    3a:a6:86:6a:83:9b:49:a1:60:d3:0d:ce:6c:0a:5c:
                    70:3b:a0:18:1e:db:51:e6:bf:fb:94:59:3c:19:08:
                    e2:02:cc:e6:cb:63:44:da:a8:fb:a4:ce:1e:4f:88:
                    72:4d:78:85:9e:0e:37:e1:a8:5a:a0:fc:b9:a9:91:
                    0a:54:1e:56:c6:0a:44:95:98:4f:76:81:db:2e:47:
                    d1:4f:a2:a9:7d:0a:14:4b:27:85:f1:df:df:05:a9:
                    3a:72:3e:1f:af:91:f2:59:d6:bb:1e:f5:3f:e1:fa:
                    28:fe:89:81:5f:03:22:bb:69:da:5e:10:48:a5:a9:
                    44:91:04:0a:69:b0:8f:67:86:09:07:73:39:10:c4:
                    39:d7:38:b9:ed:40:6b:38:d5:ad:fa:a6:47:da:84:
                    ac:19:1b:c8:3a:0e:9b:e5:e1:84:7e:b7:9f:46:67:
                    cd:4d:87:55:63:fd:42:f5:83:44:ac:b3:fe:e3:6e:
                    ed:4e:7e:b1:4e:e1:9a:9c:92:bd:8c:11:7b:25:62:
                    81:c1:94:d5:22:ba:73:46:4b:62:ba:6e:4d:17:48:
                    48:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:34:52:0F:D7:1D:E4:E0:55:3A:37:7D:03:2E:63:B8:36:80:9D:97
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153070.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:88:a8:83:5c:cd:7a:1e:c1:4c:45:45:23:46:ab:54:3f:1f:
         7f:15:a1:d1:98:d7:e9:d0:27:0d:f0:c9:27:22:64:7b:12:49:
         e3:c3:be:36:15:d2:c3:b6:65:d3:bb:e0:76:7e:8f:fa:51:d8:
         38:74:80:a2:98:5a:18:e3:42:48:ea:18:ff:71:89:e6:a9:f1:
         32:d1:1b:bf:a2:de:b7:a2:00:3c:20:bf:d8:74:af:a3:78:be:
         95:c7:b4:c5:2b:f7:54:17:8a:c5:18:7a:f7:41:5a:7d:f2:12:
         5a:6f:4c:fe:4c:1a:94:ac:ac:81:81:4f:71:09:af:69:5d:28:
         01:7b:c1:8c:33:ea:4f:4b:de:7a:51:5d:72:ee:3a:17:dd:e6:
         77:a1:0a:52:71:30:63:12:50:fb:31:ad:28:1e:1a:74:6d:50:
         26:48:d9:cf:85:e5:67:a7:c7:27:b4:af:41:77:13:a4:7a:e3:
         7c:1b:32:96:7c:b6:84:6a:61:1b:48:b6:d6:62:bb:9f:27:78:
         48:69:38:0e:2e:29:6a:5c:c6:b2:28:e7:26:bc:82:22:60:70:
         c3:de:f4:1c:fe:18:4d:66:e0:d4:89:1b:da:0f:a4:62:18:6b:
         15:60:3f:ae:7f:c6:30:40:4b:c3:00:7f:cd:b6:07:fe:ec:07:
         20:d7:71:3a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUCLnS2aNWqKw4h4HQziTyTvrN18EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDYxMDA5Mzc0NFoX
DTI3MDYwOTA5NDI0NFowMzExMC8GA1UEAxMoQUQzNDUyMEZENzFERTRFMDU1M0Ez
NzdEMDMyRTYzQjgzNjgwOUQ5NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMEHSCErkgIxczEjgkymnhTtnYG+b2ouYu8pyGSwNQmCA9eck3zca18JjZ4O
OqaGaoObSaFg0w3ObApccDugGB7bUea/+5RZPBkI4gLM5stjRNqo+6TOHk+Ick14
hZ4ON+GoWqD8uamRClQeVsYKRJWYT3aB2y5H0U+iqX0KFEsnhfHf3wWpOnI+H6+R
8lnWux71P+H6KP6JgV8DIrtp2l4QSKWpRJEECmmwj2eGCQdzORDEOdc4ue1AazjV
rfqmR9qErBkbyDoOm+XhhH63n0ZnzU2HVWP9QvWDRKyz/uNu7U5+sU7hmpySvYwR
eyVigcGU1SK6c0ZLYrpuTRdISM8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBStNFIP
1x3k4FU6N30DLmO4NoCdlzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzMDcwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBbIMA0GCSqGSIb3DQEBCwUAA4IBAQAliKiDXM16HsFMRUUjRqtUPx9/
FaHRmNfp0CcN8MknImR7Eknjw742FdLDtmXTu+B2fo/6Udg4dICimFoY40JI6hj/
cYnmqfEy0Ru/ot63ogA8IL/YdK+jeL6Vx7TFK/dUF4rFGHr3QVp98hJab0z+TBqU
rKyBgU9xCa9pXSgBe8GMM+pPS956UV1y7joX3eZ3oQpScTBjElD7Ma0oHhp0bVAm
SNnPheVnp8cntK9BdxOkeuN8GzKWfLaEamEbSLbWYrufJ3hIaTgOLilqXMayKOcm
vIIiYHDD3vQc/hhNZuDUiRvaD6RiGGsVYD+uf8YwQEvDAH/Ntgf+7Acg13E6
-----END CERTIFICATE-----