Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154218.roa
File:                     AS154218.roa (raw, json)
Hash identifier:          AJR9ijLzBu7ScuBz7rHtiqqaa9N0/AEbNNGY/wFT4vw=
Subject key identifier:   32:FC:A9:66:BE:B2:22:09:65:6D:AC:EC:FF:8C:AA:59:5F:2E:5B:CE
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2CF1A573C68D0DEA1F5BDE42F6A85CD0C15AE10A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154218.roa
Signing time:             Tue 09 Jun 2026 12:46:19 +0000
ROA not before:           Tue 09 Jun 2026 12:41:19 +0000
ROA not after:            Tue 08 Jun 2027 12:46:19 +0000
asID:                     154218
IP address blocks:        162.4.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:f1:a5:73:c6:8d:0d:ea:1f:5b:de:42:f6:a8:5c:d0:c1:5a:e1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: Jun  9 12:41:19 2026 GMT
            Not After : Jun  8 12:46:19 2027 GMT
        Subject: CN=32FCA966BEB22209656DACECFF8CAA595F2E5BCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:b6:0e:a5:69:f6:e8:0a:82:1f:e7:09:ef:
                    e9:fd:1f:5a:00:fd:cf:ea:18:29:e3:d6:60:dd:69:
                    3b:e2:6c:c3:62:32:f0:c5:19:97:1c:73:1a:7d:15:
                    1c:91:14:88:0a:50:19:28:e4:55:0c:d9:7f:af:f1:
                    e1:40:ad:1b:47:1f:15:02:64:b6:c5:23:18:c5:0a:
                    f7:1d:ea:19:da:3e:c7:d5:ef:a1:23:c4:38:d8:bc:
                    bf:6b:d8:ab:6d:4e:d5:7d:d5:d0:1d:83:f5:01:d5:
                    80:08:28:b1:6e:a9:29:ac:4e:2b:dc:42:40:9b:53:
                    5c:13:3a:65:63:08:82:24:88:5f:e5:2b:0f:4c:8d:
                    c5:4d:a6:71:67:84:6a:28:bc:d5:80:32:ea:1e:a0:
                    24:7a:13:91:d7:3d:67:47:99:07:68:f0:64:c0:01:
                    7c:48:ba:47:61:e1:e9:56:b2:f7:17:16:77:e2:9c:
                    a0:56:fd:23:0f:35:7d:d5:76:21:b9:25:67:f0:2b:
                    f3:7c:b1:3a:e2:6b:9f:10:55:d0:cd:d8:84:b0:e6:
                    5f:7f:38:f2:34:e7:91:40:8d:1e:2b:45:08:03:c3:
                    f1:4b:69:cd:7d:86:d2:4e:56:35:72:e2:61:49:29:
                    ed:66:3a:1d:48:7c:08:fc:a9:89:b9:f4:ab:b0:cc:
                    dc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FC:A9:66:BE:B2:22:09:65:6D:AC:EC:FF:8C:AA:59:5F:2E:5B:CE
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:7b:5b:af:d4:15:5e:43:2d:83:47:9c:dc:76:fc:58:37:a1:
         16:a2:81:9c:d4:97:56:55:6a:03:36:4d:1c:51:be:7d:33:83:
         df:2b:b8:59:e5:30:0e:47:23:54:6b:39:1a:c2:d4:5d:a8:5b:
         e6:6d:95:8f:72:22:bd:a0:45:73:9a:37:4b:18:c5:be:ab:59:
         fa:c4:b5:02:22:ff:5c:67:45:ee:a5:ea:07:be:9f:d3:8d:51:
         9f:e2:a8:52:e7:62:eb:4b:df:39:c0:2a:19:25:e5:db:eb:3f:
         bd:69:b7:5d:1d:87:90:a2:0e:d4:c6:73:38:7a:c8:ef:70:95:
         e4:e6:d6:d7:ad:b5:81:de:2d:07:a0:29:2d:18:f2:f8:73:bc:
         35:b2:ed:47:c3:ce:19:35:c7:c2:5a:63:79:2d:ea:9d:c7:4f:
         fa:f1:9a:b7:02:64:f6:04:9c:58:2a:4f:e5:03:e0:9b:b0:bf:
         98:04:aa:56:e4:06:8f:ca:d5:43:2a:08:c5:f0:76:34:60:8b:
         bf:90:76:e8:6b:fc:23:16:7c:ea:43:87:a6:90:7f:e2:ba:d7:
         55:87:ea:cc:b5:6f:85:07:97:5e:fe:fa:73:9c:01:eb:7e:38:
         bf:d5:dc:ab:08:ab:c5:3c:a2:14:2c:49:06:25:61:39:3c:bc:
         cb:eb:38:c4
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULPGlc8aNDeofW95C9qhc0MFa4QowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDYwOTEyNDExOVoX
DTI3MDYwODEyNDYxOVowMzExMC8GA1UEAxMoMzJGQ0E5NjZCRUIyMjIwOTY1NkRB
Q0VDRkY4Q0FBNTk1RjJFNUJDRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjytg6lafboCoIf5wnv6f0fWgD9z+oYKePWYN1pO+Jsw2Iy8MUZlxxzGn0V
HJEUiApQGSjkVQzZf6/x4UCtG0cfFQJktsUjGMUK9x3qGdo+x9XvoSPEONi8v2vY
q21O1X3V0B2D9QHVgAgosW6pKaxOK9xCQJtTXBM6ZWMIgiSIX+UrD0yNxU2mcWeE
aii81YAy6h6gJHoTkdc9Z0eZB2jwZMABfEi6R2Hh6Vay9xcWd+KcoFb9Iw81fdV2
IbklZ/Ar83yxOuJrnxBV0M3YhLDmX3848jTnkUCNHitFCAPD8UtpzX2G0k5WNXLi
YUkp7WY6HUh8CPypibn0q7DM3BkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQy/Klm
vrIiCWVtrOz/jKpZXy5bzjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0MjE4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAogQuMA0GCSqGSIb3DQEBCwUAA4IBAQCUe1uv1BVeQy2DR5zcdvxYN6EW
ooGc1JdWVWoDNk0cUb59M4PfK7hZ5TAORyNUazkawtRdqFvmbZWPciK9oEVzmjdL
GMW+q1n6xLUCIv9cZ0XupeoHvp/TjVGf4qhS52LrS985wCoZJeXb6z+9abddHYeQ
og7UxnM4esjvcJXk5tbXrbWB3i0HoCktGPL4c7w1su1Hw84ZNcfCWmN5Leqdx0/6
8Zq3AmT2BJxYKk/lA+CbsL+YBKpW5AaPytVDKgjF8HY0YIu/kHboa/wjFnzqQ4em
kH/iutdVh+rMtW+FB5de/vpznAHrfji/1dyrCKvFPKIULEkGJWE5PLzL6zjE
-----END CERTIFICATE-----