Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154687.roa
File:                     AS154687.roa (raw, json)
Hash identifier:          iGnpV+KcqXZbHAY/+boCocxPJyWcWmwwHSmCS3aLr3c=
Subject key identifier:   AA:86:28:56:5D:C1:23:0B:58:EE:AE:0F:BE:DB:02:CD:A3:2B:21:16
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       067A3A1A0A21F902DE36256CE9EC9A5D4CEB4749
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154687.roa
Signing time:             Fri 22 May 2026 03:31:17 +0000
ROA not before:           Fri 22 May 2026 03:26:17 +0000
ROA not after:            Fri 21 May 2027 03:31:17 +0000
asID:                     154687
IP address blocks:        162.4.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:7a:3a:1a:0a:21:f9:02:de:36:25:6c:e9:ec:9a:5d:4c:eb:47:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May 22 03:26:17 2026 GMT
            Not After : May 21 03:31:17 2027 GMT
        Subject: CN=AA8628565DC1230B58EEAE0FBEDB02CDA32B2116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:aa:a2:8a:1a:30:e5:d4:6f:68:89:b7:7b:
                    c7:45:a8:4b:5a:e0:26:72:23:7f:39:3d:32:2f:66:
                    72:6d:9b:9b:a7:3e:ea:93:cd:2b:a5:f3:af:e3:c2:
                    20:f3:46:92:e1:de:48:fb:f9:fe:04:95:1c:d4:a9:
                    1c:c7:e5:c4:04:6f:d1:59:a4:65:57:1b:ea:0e:71:
                    ad:1f:d8:bb:93:c1:25:2f:b2:a2:06:f3:08:13:aa:
                    c2:84:92:ba:26:bb:d4:be:e9:aa:64:52:82:48:61:
                    71:a9:2a:e3:4c:58:63:04:36:02:68:aa:81:ce:a5:
                    50:b2:21:6c:da:73:83:4b:2f:0c:73:93:6c:1b:70:
                    20:92:aa:1b:ae:b8:8e:31:c7:0f:08:9f:81:bc:50:
                    c5:02:88:36:5f:b6:84:e5:fc:bc:61:e8:07:f6:f8:
                    73:58:9e:6a:ce:59:6d:22:95:80:8b:53:e7:50:9a:
                    b7:52:1f:ad:97:8c:7f:b4:75:d7:9a:a6:3e:46:d2:
                    b6:64:e8:f9:55:47:f5:20:06:c1:35:9a:bf:92:ac:
                    57:5a:1b:a6:ea:fb:f5:1f:84:cb:68:76:9c:d8:ba:
                    a2:7f:00:69:5b:06:5f:6c:90:c7:5a:13:6e:89:94:
                    42:2a:fb:39:07:fe:6b:e4:2a:e9:40:a2:bb:a3:63:
                    42:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:86:28:56:5D:C1:23:0B:58:EE:AE:0F:BE:DB:02:CD:A3:2B:21:16
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154687.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:8b:de:2b:37:f2:83:ae:af:2a:25:4f:e0:0f:70:51:39:91:
         89:3b:07:98:4c:e7:eb:85:3b:21:53:8a:41:b3:df:04:e7:5d:
         78:ea:4e:58:7a:b9:08:9c:9c:f1:e1:f8:b5:d6:4e:13:08:8c:
         29:f1:1d:10:ae:7d:7f:be:fa:22:c7:a3:8e:31:ed:f2:b5:15:
         c9:bb:29:b1:70:d4:af:3c:94:c7:5a:f8:09:56:92:43:d6:17:
         89:90:0f:a9:42:a1:28:6b:82:74:98:0e:c7:f0:ce:82:1a:0a:
         e9:ef:0d:54:74:a0:87:88:08:56:3e:80:83:86:e3:68:5e:00:
         0d:06:fe:7b:ac:87:ba:5c:17:44:68:d9:75:b1:4c:12:43:a8:
         34:34:7f:68:d0:79:3e:e7:d2:ed:61:78:39:0a:cb:10:26:85:
         e7:c3:08:85:91:b7:23:4e:3b:9d:20:d4:b9:0c:d2:32:93:6f:
         6a:84:b3:68:0d:65:5d:84:ed:8d:0c:54:fd:29:3a:50:e7:ab:
         54:ff:de:3b:e7:49:d9:70:91:72:18:83:2c:4d:87:b0:fa:90:
         fe:4a:6f:73:95:af:5c:8e:94:e0:71:a1:b0:c4:f2:de:35:fb:
         e3:b5:bc:3f:b5:7e:cd:8b:20:6d:f5:45:55:ea:ce:1a:f1:8a:
         19:4f:76:0e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBno6Ggoh+QLeNiVs6eyaXUzrR0kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUyMjAzMjYxN1oX
DTI3MDUyMTAzMzExN1owMzExMC8GA1UEAxMoQUE4NjI4NTY1REMxMjMwQjU4RUVB
RTBGQkVEQjAyQ0RBMzJCMjExNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCEqqKKGjDl1G9oibd7x0WoS1rgJnIjfzk9Mi9mcm2bm6c+6pPNK6Xzr+PC
IPNGkuHeSPv5/gSVHNSpHMflxARv0VmkZVcb6g5xrR/Yu5PBJS+yogbzCBOqwoSS
uia71L7pqmRSgkhhcakq40xYYwQ2Amiqgc6lULIhbNpzg0svDHOTbBtwIJKqG664
jjHHDwifgbxQxQKINl+2hOX8vGHoB/b4c1ieas5ZbSKVgItT51Cat1IfrZeMf7R1
15qmPkbStmTo+VVH9SAGwTWav5KsV1obpur79R+Ey2h2nNi6on8AaVsGX2yQx1oT
bomUQir7OQf+a+Qq6UCiu6NjQicCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSqhihW
XcEjC1jurg++2wLNoyshFjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0Njg3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAogSaMA0GCSqGSIb3DQEBCwUAA4IBAQA6i94rN/KDrq8qJU/gD3BROZGJ
OweYTOfrhTshU4pBs98E51146k5YerkInJzx4fi11k4TCIwp8R0Qrn1/vvoix6OO
Me3ytRXJuymxcNSvPJTHWvgJVpJD1heJkA+pQqEoa4J0mA7H8M6CGgrp7w1UdKCH
iAhWPoCDhuNoXgANBv57rIe6XBdEaNl1sUwSQ6g0NH9o0Hk+59LtYXg5CssQJoXn
wwiFkbcjTjudINS5DNIyk29qhLNoDWVdhO2NDFT9KTpQ56tU/94750nZcJFyGIMs
TYew+pD+Sm9zla9cjpTgcaGwxPLeNfvjtbw/tX7NiyBt9UVV6s4a8YoZT3YO
-----END CERTIFICATE-----