Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS149353.roa
File:                     AS149353.roa (raw, json)
Hash identifier:          BV2vUaUUT01cjZJW/yZF28sMUZVrFxyL5lYym3qj574=
Subject key identifier:   3E:29:5A:77:3F:4D:76:04:C4:FA:0C:77:DA:C2:23:2F:48:D4:1C:14
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4190EA7DA89F1AB8DB8FA4BDB8FF3AF88AE26502
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149353.roa
Signing time:             Sat 02 May 2026 09:23:00 +0000
ROA not before:           Sat 02 May 2026 09:18:00 +0000
ROA not after:            Sat 01 May 2027 09:23:00 +0000
asID:                     149353
IP address blocks:        157.15.48.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:90:ea:7d:a8:9f:1a:b8:db:8f:a4:bd:b8:ff:3a:f8:8a:e2:65:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:00 2026 GMT
            Not After : May  1 09:23:00 2027 GMT
        Subject: CN=3E295A773F4D7604C4FA0C77DAC2232F48D41C14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ab:35:7e:f8:42:4f:fd:44:02:28:f7:5b:99:
                    dd:36:c6:3b:14:2a:6f:dd:68:05:32:e1:d6:43:2c:
                    0b:32:2d:64:ab:f1:d8:a0:25:bb:fd:c5:44:66:87:
                    d5:32:ce:b1:f3:0e:1e:ca:6d:ca:bf:68:fb:8d:51:
                    58:14:e3:87:d2:36:d9:ae:c2:5d:7d:ea:99:c3:3d:
                    44:46:92:ef:24:a2:da:14:e9:1c:1f:89:42:ca:0f:
                    1a:73:a1:f9:4a:7d:95:12:1e:09:0e:e9:98:d8:5d:
                    ca:31:f0:cc:fc:10:24:9c:ae:02:32:c0:ab:48:93:
                    2d:70:a0:cc:48:45:09:5b:82:7e:7c:8f:6d:62:ce:
                    f9:04:86:f9:11:2d:ee:4f:b0:64:e1:ce:8d:54:b4:
                    e4:96:51:ce:a5:5e:4b:3c:6e:9c:af:5c:70:30:a0:
                    cc:b6:e3:59:a7:ae:e2:09:6d:0e:af:b8:b4:99:27:
                    6e:dd:6e:0f:a6:88:30:42:49:0b:bc:d2:08:d2:fa:
                    41:e8:b1:1d:28:1c:27:52:ad:0c:ca:36:98:33:22:
                    8b:d7:5b:9d:21:6e:51:17:42:20:bd:b1:ee:51:f2:
                    42:75:4f:8f:2e:45:ea:92:c7:49:47:5a:22:7f:34:
                    50:9a:4a:f2:dc:58:8f:39:46:4d:c2:14:dc:75:db:
                    09:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:29:5A:77:3F:4D:76:04:C4:FA:0C:77:DA:C2:23:2F:48:D4:1C:14
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:f7:38:ef:e1:30:32:1f:f2:57:fc:d1:9f:8b:0f:55:8a:b5:
         50:77:fb:68:21:cf:fb:1d:2b:91:ee:09:ee:25:b4:b0:89:0f:
         e7:c9:8a:b7:2d:f0:9f:aa:61:72:d1:8b:84:95:1a:23:83:9b:
         81:20:1a:1f:fc:58:9f:5c:2a:84:b0:e4:26:ce:29:c8:a2:d2:
         b3:80:f0:1e:92:db:dc:49:78:94:1e:5b:19:95:df:21:9b:51:
         13:f1:40:f8:c9:3f:1d:b3:df:e0:71:58:0a:65:77:85:64:1f:
         97:c6:61:b6:66:9d:4e:a9:45:6b:47:1f:48:ce:ec:bf:41:7a:
         83:ee:0e:4d:82:59:47:d3:f1:bc:d9:32:29:b6:4d:b1:09:cd:
         d9:7e:e7:3f:f0:52:da:ce:5e:bb:32:7e:06:7a:a6:87:e6:c3:
         1d:34:de:91:a5:bc:36:d5:fe:45:77:c2:d3:d4:2e:1a:4e:96:
         ef:f6:6a:7c:c7:de:aa:df:bc:56:d6:f9:35:2a:1c:af:6c:71:
         d7:7e:b6:4f:6e:ec:58:49:aa:a2:8c:f0:19:2f:a9:74:8a:c4:
         0e:77:fa:fb:9b:af:4c:95:e9:30:66:bc:2f:aa:7e:ee:a7:26:
         aa:0d:67:3d:c3:51:b0:8c:6b:43:d0:27:a0:51:66:60:bb:d8:
         74:e5:79:fc
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUQZDqfaifGrjbj6S9uP86+IriZQIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwMFoX
DTI3MDUwMTA5MjMwMFowMzExMC8GA1UEAxMoM0UyOTVBNzczRjRENzYwNEM0RkEw
Qzc3REFDMjIzMkY0OEQ0MUMxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIWrNX74Qk/9RAIo91uZ3TbGOxQqb91oBTLh1kMsCzItZKvx2KAlu/3FRGaH
1TLOsfMOHsptyr9o+41RWBTjh9I22a7CXX3qmcM9REaS7ySi2hTpHB+JQsoPGnOh
+Up9lRIeCQ7pmNhdyjHwzPwQJJyuAjLAq0iTLXCgzEhFCVuCfnyPbWLO+QSG+REt
7k+wZOHOjVS05JZRzqVeSzxunK9ccDCgzLbjWaeu4gltDq+4tJknbt1uD6aIMEJJ
C7zSCNL6QeixHSgcJ1KtDMo2mDMii9dbnSFuURdCIL2x7lHyQnVPjy5F6pLHSUda
In80UJpK8txYjzlGTcIU3HXbCe0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQ+KVp3
P012BMT6DHfawiMvSNQcFDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQ5MzUzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQ8wMA0GCSqGSIb3DQEBCwUAA4IBAQBP9zjv4TAyH/JX/NGfiw9VirVQ
d/toIc/7HSuR7gnuJbSwiQ/nyYq3LfCfqmFy0YuElRojg5uBIBof/FifXCqEsOQm
zinIotKzgPAektvcSXiUHlsZld8hm1ET8UD4yT8ds9/gcVgKZXeFZB+XxmG2Zp1O
qUVrRx9Izuy/QXqD7g5NgllH0/G82TIptk2xCc3Zfuc/8FLazl67Mn4GeqaH5sMd
NN6Rpbw21f5Fd8LT1C4aTpbv9mp8x96q37xW1vk1KhyvbHHXfrZPbuxYSaqijPAZ
L6l0isQOd/r7m69MlekwZrwvqn7upyaqDWc9w1GwjGtD0CegUWZgu9h05Xn8
-----END CERTIFICATE-----