Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS154709.roa
File:                     AS154709.roa (raw, json)
Hash identifier:          v5JcuSby8RPtt17xB+u/uDL1GIAvpM3wfh8Q+KP/2Fw=
Subject key identifier:   70:6C:75:F3:8A:C2:62:B8:AB:75:74:B6:69:CE:41:E9:96:8B:EF:57
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       297B53FC138611B53CC3103F620247BF44B7AB5C
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154709.roa
Signing time:             Fri 12 Jun 2026 07:29:47 +0000
ROA not before:           Fri 12 Jun 2026 07:24:47 +0000
ROA not after:            Fri 11 Jun 2027 07:29:47 +0000
asID:                     154709
IP address blocks:        162.4.224.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:7b:53:fc:13:86:11:b5:3c:c3:10:3f:62:02:47:bf:44:b7:ab:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: Jun 12 07:24:47 2026 GMT
            Not After : Jun 11 07:29:47 2027 GMT
        Subject: CN=706C75F38AC262B8AB7574B669CE41E9968BEF57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:51:2a:87:5c:eb:e2:43:2b:f8:3d:fe:49:f4:
                    7f:12:31:57:f8:d2:e0:20:cb:c9:56:6d:2b:45:49:
                    78:78:3c:05:a2:98:5a:96:eb:8a:e3:6a:a6:fd:5f:
                    fb:90:a0:c8:df:30:fb:06:be:12:8c:0b:e8:8b:f6:
                    3f:07:63:a3:fc:c7:54:6e:e0:4c:b1:6b:7a:a5:bc:
                    5b:4b:be:4f:45:f4:22:04:79:9f:32:a6:0b:be:74:
                    f4:59:52:e5:87:55:10:1d:25:09:72:72:1e:66:6d:
                    de:85:66:17:9e:e8:a8:4e:49:6d:fe:32:16:ee:32:
                    e9:8a:6b:fa:38:89:6f:a3:90:65:62:c0:8d:51:6c:
                    d2:b3:cb:e9:e7:5f:79:d3:40:76:56:63:c7:b1:16:
                    4e:ed:6a:ef:3e:14:3f:0f:fc:7b:c2:b1:e0:58:31:
                    bd:77:82:f4:81:14:0a:34:1f:a3:5e:5e:77:ad:3d:
                    da:53:85:c9:02:73:f7:22:79:0b:fa:87:77:07:3f:
                    3c:f2:0c:e4:9a:1c:b4:3e:73:fd:31:da:42:8e:0e:
                    d6:05:57:30:b1:47:21:4b:cb:a3:9f:cf:33:67:7f:
                    2b:87:68:b2:51:a5:58:1f:3d:62:68:7d:5e:15:8f:
                    7b:7f:2d:34:8a:e8:77:70:e6:93:12:ec:34:a4:8c:
                    a8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6C:75:F3:8A:C2:62:B8:AB:75:74:B6:69:CE:41:E9:96:8B:EF:57
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS154709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:5d:9c:eb:d3:8b:24:db:1e:0f:20:70:7d:cd:da:f2:bb:f8:
         29:9a:4a:27:0b:d5:14:e7:e7:69:7a:cd:65:de:54:01:f4:4f:
         b6:a5:6e:8e:42:a6:b1:14:55:23:d3:99:19:04:9b:26:12:a3:
         9c:e0:9a:90:8f:3a:0d:62:05:b5:ab:d5:67:c1:f3:3b:08:8c:
         28:c7:91:a2:8e:f6:0d:23:d6:7b:e9:64:d6:66:5a:13:de:3f:
         41:1e:b4:67:10:cc:f9:19:c0:88:f3:f9:25:4a:5e:0b:47:a7:
         4b:c6:b7:eb:1d:e0:a6:1c:b8:50:bb:a7:dc:2f:24:66:21:f6:
         6a:92:a8:71:5d:be:b3:1a:c7:d4:9c:74:e3:50:e7:44:90:9a:
         21:1a:17:8f:06:bc:dc:1d:2e:b4:43:a3:01:19:69:8b:9c:23:
         64:fc:20:8d:30:b3:a2:11:3f:bc:c9:06:9a:f8:e7:79:3c:57:
         92:69:e7:38:2e:d1:b9:2d:7f:2b:04:ec:40:f0:72:eb:18:89:
         6b:d4:53:67:e0:94:0c:e7:7b:fe:6d:0c:cf:0e:16:09:45:71:
         29:ae:a2:36:75:ff:e8:64:0f:9c:42:c7:a8:8e:93:a4:34:c0:
         d5:67:db:ab:a1:68:23:d3:d2:d6:ab:3c:76:0e:cf:96:7c:ef:
         a3:30:43:2d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKXtT/BOGEbU8wxA/YgJHv0S3q1wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDYxMjA3MjQ0N1oX
DTI3MDYxMTA3Mjk0N1owMzExMC8GA1UEAxMoNzA2Qzc1RjM4QUMyNjJCOEFCNzU3
NEI2NjlDRTQxRTk5NjhCRUY1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANBRKodc6+JDK/g9/kn0fxIxV/jS4CDLyVZtK0VJeHg8BaKYWpbriuNqpv1f
+5CgyN8w+wa+EowL6Iv2Pwdjo/zHVG7gTLFreqW8W0u+T0X0IgR5nzKmC7509FlS
5YdVEB0lCXJyHmZt3oVmF57oqE5Jbf4yFu4y6Ypr+jiJb6OQZWLAjVFs0rPL6edf
edNAdlZjx7EWTu1q7z4UPw/8e8Kx4FgxvXeC9IEUCjQfo15ed6092lOFyQJz9yJ5
C/qHdwc/PPIM5JoctD5z/THaQo4O1gVXMLFHIUvLo5/PM2d/K4doslGlWB89Ymh9
XhWPe38tNIrod3DmkxLsNKSMqBMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRwbHXz
isJiuKt1dLZpzkHplovvVzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTU0NzA5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBogTgMA0GCSqGSIb3DQEBCwUAA4IBAQBzXZzr04sk2x4PIHB9zdryu/gp
mkonC9UU5+dpes1l3lQB9E+2pW6OQqaxFFUj05kZBJsmEqOc4JqQjzoNYgW1q9Vn
wfM7CIwox5GijvYNI9Z76WTWZloT3j9BHrRnEMz5GcCI8/klSl4LR6dLxrfrHeCm
HLhQu6fcLyRmIfZqkqhxXb6zGsfUnHTjUOdEkJohGhePBrzcHS60Q6MBGWmLnCNk
/CCNMLOiET+8yQaa+Od5PFeSaec4LtG5LX8rBOxA8HLrGIlr1FNn4JQM53v+bQzP
DhYJRXEprqI2df/oZA+cQseojpOkNMDVZ9uroWgj09LWqzx2Ds+WfO+jMEMt
-----END CERTIFICATE-----