Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS153919.roa
File:                     AS153919.roa (raw, json)
Hash identifier:          zY/arLrT7yfkoWoX7LnHPvgesYXR+PzyyJPg4PbbzJE=
Subject key identifier:   D3:D7:C3:66:F3:74:86:28:5F:C0:A9:4E:89:CE:AD:FF:AA:73:4F:F4
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0F3C2B3FD0999A7F830476B7B051646955049AB8
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153919.roa
Signing time:             Sat 30 May 2026 02:07:03 +0000
ROA not before:           Sat 30 May 2026 02:02:03 +0000
ROA not after:            Sat 29 May 2027 02:07:03 +0000
asID:                     153919
IP address blocks:        165.99.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:3c:2b:3f:d0:99:9a:7f:83:04:76:b7:b0:51:64:69:55:04:9a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May 30 02:02:03 2026 GMT
            Not After : May 29 02:07:03 2027 GMT
        Subject: CN=D3D7C366F37486285FC0A94E89CEADFFAA734FF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:14:3c:ea:39:02:2b:da:72:a0:3f:24:e5:26:
                    33:e8:17:88:35:64:22:2e:67:fa:30:0b:5b:ff:2e:
                    00:54:e6:f5:a1:3c:57:29:ea:40:cf:0e:24:09:7e:
                    6e:40:f9:54:ab:a2:df:a9:f0:dc:e3:fb:a7:e0:d4:
                    18:71:70:86:82:74:fe:d6:19:63:1d:7d:6c:92:3c:
                    3f:2d:f5:6c:3a:bc:3d:0e:2a:0c:10:81:34:53:b1:
                    ad:f3:a4:55:40:0f:43:27:0e:85:e0:4c:8b:ea:d0:
                    58:fa:86:53:b9:41:83:08:7e:c7:3a:d8:5b:25:c5:
                    46:1d:2d:23:59:24:97:df:0d:e7:cd:90:07:bf:1e:
                    c2:e6:b5:83:a9:14:24:3b:10:37:30:33:5f:d1:ae:
                    2f:07:ae:69:6d:90:34:72:b6:a0:72:66:86:fb:0a:
                    52:60:f6:33:2c:63:75:d0:96:6f:7d:79:71:ef:5f:
                    9b:ff:94:b7:2e:43:7b:b0:1c:c7:11:5a:bc:d9:c8:
                    d6:62:fb:11:3e:13:4a:73:fb:5e:87:69:85:54:ec:
                    94:50:3e:b5:35:0b:51:38:82:52:c4:94:79:68:4e:
                    40:a9:27:48:50:6d:73:4e:de:62:1a:52:7a:03:bb:
                    df:4d:0e:39:c3:ab:de:4f:a0:dc:49:ac:a5:86:9a:
                    a9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D7:C3:66:F3:74:86:28:5F:C0:A9:4E:89:CE:AD:FF:AA:73:4F:F4
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS153919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:10:00:87:8a:e8:6f:c8:17:78:2e:dc:b2:19:7e:8e:cf:10:
         76:30:fe:35:ee:9e:76:95:60:7c:42:8b:f0:c5:e3:93:09:e4:
         0f:78:23:87:11:fa:0b:fd:d9:f6:09:43:ce:84:e4:5f:f9:b8:
         a4:9f:fb:bf:3b:99:6b:48:cc:09:c0:8d:9d:fd:7c:d3:67:e7:
         a3:60:73:fd:d4:48:9b:f5:b8:1f:27:c3:0d:ca:db:dc:44:56:
         e4:92:30:cc:7d:69:a5:dc:a1:65:0c:07:bb:aa:8b:12:9c:db:
         bc:b6:45:4b:59:4f:84:fd:d7:b1:9f:87:7c:5d:6a:a4:68:2e:
         47:f7:e4:37:dc:81:5f:e5:fa:9b:af:42:83:1b:40:3b:11:ac:
         0f:41:df:d9:bb:4e:1e:c9:63:37:3a:38:44:1b:4e:bc:cc:f4:
         7c:e0:38:95:81:4a:44:cb:7a:55:34:f2:d6:85:4c:d5:d2:09:
         7b:6e:11:6c:ea:38:53:81:10:c5:32:1d:d9:bf:36:17:35:c8:
         88:1d:1f:ef:f2:fc:96:e3:ab:82:4a:65:ad:2b:59:54:9a:fa:
         7e:2e:72:ab:56:0e:50:28:46:75:09:67:62:5b:79:a3:a6:13:
         12:05:62:75:2a:04:8a:b8:3a:e4:fc:d5:97:c2:54:8f:95:f2:
         76:59:e6:70
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDzwrP9CZmn+DBHa3sFFkaVUEmrgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUzMDAyMDIwM1oX
DTI3MDUyOTAyMDcwM1owMzExMC8GA1UEAxMoRDNEN0MzNjZGMzc0ODYyODVGQzBB
OTRFODlDRUFERkZBQTczNEZGNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkUPOo5AivacqA/JOUmM+gXiDVkIi5n+jALW/8uAFTm9aE8VynqQM8OJAl+
bkD5VKui36nw3OP7p+DUGHFwhoJ0/tYZYx19bJI8Py31bDq8PQ4qDBCBNFOxrfOk
VUAPQycOheBMi+rQWPqGU7lBgwh+xzrYWyXFRh0tI1kkl98N582QB78ewua1g6kU
JDsQNzAzX9GuLweuaW2QNHK2oHJmhvsKUmD2MyxjddCWb315ce9fm/+Uty5De7Ac
xxFavNnI1mL7ET4TSnP7XodphVTslFA+tTULUTiCUsSUeWhOQKknSFBtc07eYhpS
egO7300OOcOr3k+g3EmspYaaqS8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTT18Nm
83SGKF/AqU6Jzq3/qnNP9DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUzOTE5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWN5MA0GCSqGSIb3DQEBCwUAA4IBAQCnEACHiuhvyBd4LtyyGX6OzxB2
MP417p52lWB8QovwxeOTCeQPeCOHEfoL/dn2CUPOhORf+bikn/u/O5lrSMwJwI2d
/XzTZ+ejYHP91Eib9bgfJ8MNytvcRFbkkjDMfWml3KFlDAe7qosSnNu8tkVLWU+E
/dexn4d8XWqkaC5H9+Q33IFf5fqbr0KDG0A7EawPQd/Zu04eyWM3OjhEG068zPR8
4DiVgUpEy3pVNPLWhUzV0gl7bhFs6jhTgRDFMh3ZvzYXNciIHR/v8vyW46uCSmWt
K1lUmvp+LnKrVg5QKEZ1CWdiW3mjphMSBWJ1KgSKuDrk/NWXwlSPlfJ2WeZw
-----END CERTIFICATE-----