Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS149379.roa
File:                     AS149379.roa (raw, json)
Hash identifier:          qH3r4sGkxswPcQEyF7zEvYraUHrEd22vfnEwepNjCRc=
Subject key identifier:   F2:91:C6:6D:8B:5E:8D:DC:06:CF:CB:D5:94:73:CE:6F:EA:04:53:C1
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0A2CC1C08E560F9EA15DD9DB191A0B48062CB563
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149379.roa
Signing time:             Sat 02 May 2026 09:22:35 +0000
ROA not before:           Sat 02 May 2026 09:17:35 +0000
ROA not after:            Sat 01 May 2027 09:22:35 +0000
asID:                     149379
IP address blocks:        165.99.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:2c:c1:c0:8e:56:0f:9e:a1:5d:d9:db:19:1a:0b:48:06:2c:b5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:35 2026 GMT
            Not After : May  1 09:22:35 2027 GMT
        Subject: CN=F291C66D8B5E8DDC06CFCBD59473CE6FEA0453C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1a:0b:4f:06:f2:b1:5d:e7:8e:93:f8:20:27:
                    01:98:58:45:d6:f2:16:c3:2e:4f:53:41:ec:3f:4d:
                    71:f7:ad:82:eb:94:8f:14:d2:8b:99:f9:4b:49:f2:
                    b3:bb:29:96:a3:5e:cb:68:e1:b7:77:19:c0:60:87:
                    95:61:ab:87:01:ad:76:10:d3:d6:1e:3c:a4:f7:ed:
                    14:b3:1a:2b:99:d5:53:68:b9:74:fb:37:32:f0:29:
                    36:f9:02:af:bb:44:57:e8:42:fc:08:e4:9a:c1:eb:
                    f7:b3:67:a7:99:1f:21:bd:4c:37:8c:46:43:51:fd:
                    5c:62:97:9e:c1:01:57:85:38:72:31:f3:94:f9:8f:
                    b9:56:76:02:2c:b0:17:e4:77:50:94:f9:5c:bd:7b:
                    32:9b:fc:76:45:e0:20:88:9d:59:b6:96:57:98:26:
                    d4:a7:c2:e1:ed:67:c9:d0:ac:43:7e:52:a3:4b:47:
                    53:9b:33:08:06:5d:56:d7:16:cf:5c:8d:0f:fb:a8:
                    24:93:29:ad:56:ae:37:1c:fe:c3:e5:37:69:4d:a5:
                    b4:15:87:35:75:a1:7b:6c:29:0e:ab:57:5b:31:f8:
                    6f:5b:0f:80:97:97:f2:aa:bd:d9:e3:29:6e:e5:0c:
                    61:95:9d:75:fa:a3:c5:67:94:87:c5:a9:2e:e1:42:
                    d5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:91:C6:6D:8B:5E:8D:DC:06:CF:CB:D5:94:73:CE:6F:EA:04:53:C1
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149379.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e7:2a:43:a8:1d:4f:13:52:44:e7:19:12:25:76:8d:b3:7e:
         e6:74:79:a0:d3:61:54:d2:35:80:11:71:d0:fe:4a:62:96:ba:
         24:5f:ae:c0:ac:20:0b:1f:8d:3d:5f:ed:c9:fc:76:28:81:25:
         a6:dd:82:45:da:12:bd:39:51:9a:b1:e5:60:4d:6f:f1:8f:a6:
         8d:b8:fe:08:41:3a:ac:54:68:2f:8d:e0:21:7a:cd:0a:26:74:
         f1:f9:14:69:c0:f6:fb:d3:44:f0:ec:d6:af:bd:ac:9e:7f:b2:
         0f:be:50:0a:f9:e5:d0:70:8a:fb:2f:0a:7b:20:e7:8e:86:f0:
         45:e9:c4:0b:ae:68:db:71:5d:76:8f:3d:ec:3e:78:1a:b3:e6:
         20:a8:85:e5:30:08:0b:d3:7d:18:e9:d1:80:19:c5:bd:7d:35:
         c4:34:d0:18:a6:a4:4b:0e:27:aa:9a:0a:d1:a7:79:01:81:9f:
         7e:1f:85:84:b6:e6:88:71:8e:71:32:dc:94:e4:c4:68:52:ef:
         e8:87:79:3d:7f:59:87:57:50:a8:1a:3a:69:ed:90:a6:aa:fa:
         f8:1f:11:d5:1d:da:84:1f:ca:92:6a:4c:9e:1c:10:d8:3a:2c:
         d0:09:a2:47:76:ca:9b:cb:1f:fa:ec:58:b0:38:78:9e:f2:27:
         33:fc:6f:5e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUCizBwI5WD56hXdnbGRoLSAYstWMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczNVoX
DTI3MDUwMTA5MjIzNVowMzExMC8GA1UEAxMoRjI5MUM2NkQ4QjVFOEREQzA2Q0ZD
QkQ1OTQ3M0NFNkZFQTA0NTNDMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOsaC08G8rFd546T+CAnAZhYRdbyFsMuT1NB7D9NcfetguuUjxTSi5n5S0ny
s7splqNey2jht3cZwGCHlWGrhwGtdhDT1h48pPftFLMaK5nVU2i5dPs3MvApNvkC
r7tEV+hC/AjkmsHr97Nnp5kfIb1MN4xGQ1H9XGKXnsEBV4U4cjHzlPmPuVZ2Aiyw
F+R3UJT5XL17Mpv8dkXgIIidWbaWV5gm1KfC4e1nydCsQ35So0tHU5szCAZdVtcW
z1yND/uoJJMprVauNxz+w+U3aU2ltBWHNXWhe2wpDqtXWzH4b1sPgJeX8qq92eMp
buUMYZWddfqjxWeUh8WpLuFC1UcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTykcZt
i16N3AbPy9WUc85v6gRTwTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQ5Mzc5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWMxMA0GCSqGSIb3DQEBCwUAA4IBAQBi5ypDqB1PE1JE5xkSJXaNs37m
dHmg02FU0jWAEXHQ/kpilrokX67ArCALH409X+3J/HYogSWm3YJF2hK9OVGaseVg
TW/xj6aNuP4IQTqsVGgvjeAhes0KJnTx+RRpwPb700Tw7Navvayef7IPvlAK+eXQ
cIr7Lwp7IOeOhvBF6cQLrmjbcV12jz3sPngas+YgqIXlMAgL030Y6dGAGcW9fTXE
NNAYpqRLDieqmgrRp3kBgZ9+H4WEtuaIcY5xMtyU5MRoUu/oh3k9f1mHV1CoGjpp
7ZCmqvr4HxHVHdqEH8qSakyeHBDYOizQCaJHdsqbyx/67FiwOHie8icz/G9e
-----END CERTIFICATE-----