Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS149675.roa
File:                     AS149675.roa (raw, json)
Hash identifier:          h+Sm8ocsFaKEfbjaGP5sgdxxnku3H6RBhUl92g5agfo=
Subject key identifier:   A7:C6:51:67:E3:49:74:1D:DC:AA:B1:5D:E3:6E:EE:D0:85:A6:87:40
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       550A6AA760FD9FC199282DF713946F7CD28D5310
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149675.roa
Signing time:             Mon 04 May 2026 04:13:02 +0000
ROA not before:           Mon 04 May 2026 04:08:02 +0000
ROA not after:            Mon 03 May 2027 04:13:02 +0000
asID:                     149675
IP address blocks:        157.66.186.0/23 maxlen: 24
                          157.66.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 06 May 2026 16:37:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:0a:6a:a7:60:fd:9f:c1:99:28:2d:f7:13:94:6f:7c:d2:8d:53:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  4 04:08:02 2026 GMT
            Not After : May  3 04:13:02 2027 GMT
        Subject: CN=A7C65167E349741DDCAAB15DE36EEED085A68740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:22:9f:f5:67:6a:af:7f:cc:fc:8d:3f:21:ec:
                    92:61:a1:e0:42:a4:a6:fc:6d:64:82:af:55:b5:a4:
                    8e:cf:37:1a:be:12:4b:45:ed:1f:17:e4:79:34:a0:
                    3f:9e:92:74:29:4a:43:d7:5e:9c:85:72:2c:bc:99:
                    fb:82:e7:da:1f:14:94:3c:bf:ef:4a:8d:9c:1c:be:
                    ec:46:72:eb:5f:d7:cd:e4:d9:7b:12:d2:bf:17:95:
                    f3:c5:21:a7:aa:c0:0a:eb:9d:94:6c:7c:67:30:bd:
                    24:2b:82:96:46:68:db:76:87:24:48:7b:e8:ae:fc:
                    f5:2e:3d:ab:27:b0:f2:e5:be:11:c9:7e:36:0a:1d:
                    34:1e:f6:2f:42:34:34:f7:7e:60:b8:dc:d7:bf:86:
                    00:02:c9:2e:b4:dc:89:e7:0f:4d:29:8c:20:67:2f:
                    c0:97:1d:5c:fe:50:73:0e:5b:ac:a3:61:2e:20:ef:
                    36:36:08:cf:9b:80:d6:e6:01:82:1f:fc:17:2b:0d:
                    05:69:8b:7d:be:16:be:d6:86:5b:b5:a6:2c:31:74:
                    cf:f4:86:8a:39:0e:88:a4:81:2e:6e:87:15:6f:97:
                    99:32:a7:48:c8:30:7b:b4:42:9f:a0:75:48:ac:2d:
                    8d:8c:be:3b:ea:36:48:c7:77:b9:5d:db:11:4e:a0:
                    c0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C6:51:67:E3:49:74:1D:DC:AA:B1:5D:E3:6E:EE:D0:85:A6:87:40
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:03:1b:41:4d:f6:56:43:90:1c:be:33:56:62:c7:c4:dd:a5:
         27:a5:75:55:a1:cb:ea:f6:f2:08:23:b2:f1:09:2f:fe:9d:21:
         93:25:15:61:ac:8d:5f:15:eb:1b:e7:f6:ca:eb:5e:bc:e5:c8:
         5a:f0:0f:1f:bf:1b:65:65:b7:88:fb:1b:1a:3a:b3:40:fc:6c:
         13:ad:74:e1:14:38:59:f2:c7:b9:e5:64:4f:ca:ab:77:82:59:
         2b:86:29:f7:57:c9:44:7d:04:a9:05:a4:3e:06:78:71:8c:eb:
         43:7e:06:d1:14:45:df:5c:0a:58:ea:a3:0b:e0:76:a0:90:f7:
         64:77:3b:ef:11:c2:12:1a:33:86:ba:31:1b:92:b7:03:8e:b6:
         10:26:46:cc:41:ff:cb:4e:f9:e2:ef:75:10:eb:56:8b:41:6d:
         6a:3f:5f:96:53:19:14:15:5b:e6:9c:d7:71:66:ed:e5:00:82:
         18:6d:2b:bc:00:1f:50:08:54:11:2b:8f:94:7a:f5:7c:1d:ed:
         a9:a6:e0:43:00:da:45:02:ba:fd:69:cb:69:79:ad:5d:a4:94:
         36:77:78:66:15:a0:59:ae:b1:57:06:aa:66:39:68:4b:34:03:
         b0:2d:90:c2:c1:f8:ca:4f:a4:b3:c2:fa:af:e1:d5:b2:83:cc:
         49:e0:74:63
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVQpqp2D9n8GZKC33E5RvfNKNUxAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwNDA0MDgwMloX
DTI3MDUwMzA0MTMwMlowMzExMC8GA1UEAxMoQTdDNjUxNjdFMzQ5NzQxRERDQUFC
MTVERTM2RUVFRDA4NUE2ODc0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANEin/Vnaq9/zPyNPyHskmGh4EKkpvxtZIKvVbWkjs83Gr4SS0XtHxfkeTSg
P56SdClKQ9denIVyLLyZ+4Ln2h8UlDy/70qNnBy+7EZy61/XzeTZexLSvxeV88Uh
p6rACuudlGx8ZzC9JCuClkZo23aHJEh76K789S49qyew8uW+Ecl+NgodNB72L0I0
NPd+YLjc17+GAALJLrTciecPTSmMIGcvwJcdXP5Qcw5brKNhLiDvNjYIz5uA1uYB
gh/8FysNBWmLfb4WvtaGW7WmLDF0z/SGijkOiKSBLm6HFW+XmTKnSMgwe7RCn6B1
SKwtjYy+O+o2SMd3uV3bEU6gwHcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSnxlFn
40l0HdyqsV3jbu7QhaaHQDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQ5Njc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnUK6MA0GCSqGSIb3DQEBCwUAA4IBAQAfAxtBTfZWQ5AcvjNWYsfE3aUn
pXVVocvq9vIII7LxCS/+nSGTJRVhrI1fFesb5/bK61685cha8A8fvxtlZbeI+xsa
OrNA/GwTrXThFDhZ8se55WRPyqt3glkrhin3V8lEfQSpBaQ+BnhxjOtDfgbRFEXf
XApY6qML4HagkPdkdzvvEcISGjOGujEbkrcDjrYQJkbMQf/LTvni73UQ61aLQW1q
P1+WUxkUFVvmnNdxZu3lAIIYbSu8AB9QCFQRK4+UevV8He2ppuBDANpFArr9actp
ea1dpJQ2d3hmFaBZrrFXBqpmOWhLNAOwLZDCwfjKT6Szwvqv4dWyg8xJ4HRj
-----END CERTIFICATE-----