Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS149785.roa
File:                     AS149785.roa (raw, json)
Hash identifier:          qWDp/XgbHZZMdepM4sCatH/BhhWmKkHL7Jqdi0VbN80=
Subject key identifier:   4A:3B:43:0F:2F:0E:0D:70:59:8B:84:73:43:1E:8F:3D:DA:28:AB:06
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7909FAC9D0A17047B9F99AE7D4EA13304079C84A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149785.roa
Signing time:             Thu 18 Jun 2026 08:33:35 +0000
ROA not before:           Thu 18 Jun 2026 08:28:35 +0000
ROA not after:            Thu 17 Jun 2027 08:33:35 +0000
asID:                     149785
IP address blocks:        162.4.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jun 2026 08:44:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:09:fa:c9:d0:a1:70:47:b9:f9:9a:e7:d4:ea:13:30:40:79:c8:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: Jun 18 08:28:35 2026 GMT
            Not After : Jun 17 08:33:35 2027 GMT
        Subject: CN=4A3B430F2F0E0D70598B8473431E8F3DDA28AB06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ff:d5:f7:80:2c:b6:54:a4:b4:f4:d8:15:ae:
                    78:d1:0e:7d:a2:9c:49:ec:18:25:60:ee:ae:1a:99:
                    97:29:d3:67:ba:d0:d5:ed:db:38:05:86:46:3d:29:
                    f0:37:95:c4:47:3e:0d:fe:fb:2e:c8:e3:79:3c:72:
                    98:43:fe:3e:46:72:60:38:24:86:0b:ac:9d:ea:bf:
                    fd:57:36:93:83:ee:ff:37:cf:f9:de:81:c6:7d:20:
                    d5:7f:a7:0a:24:89:08:5f:16:26:76:bf:36:74:6c:
                    1b:c5:57:16:47:df:f1:bf:b7:39:a3:06:e4:b5:c4:
                    20:be:4a:c0:1b:66:31:ca:9c:b7:bb:12:10:41:43:
                    87:78:67:e0:5e:97:34:53:9b:72:96:eb:38:da:98:
                    1e:f8:3e:09:03:c8:13:e9:e3:ed:76:96:e6:60:a6:
                    8c:e9:53:ca:69:e6:8c:36:1a:4a:5a:cb:25:3d:59:
                    f8:23:6a:1f:93:1f:98:b6:fa:62:55:23:62:4a:aa:
                    a5:d9:d5:8e:02:c1:81:aa:93:3e:0a:7c:f7:fa:88:
                    8f:a6:c2:4a:2c:74:4d:92:43:26:56:c2:9f:a0:bf:
                    76:22:20:4a:73:90:00:60:0b:17:19:42:cc:af:d1:
                    0c:8f:53:17:71:e4:85:aa:f9:cd:cf:c0:c1:d7:0e:
                    53:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3B:43:0F:2F:0E:0D:70:59:8B:84:73:43:1E:8F:3D:DA:28:AB:06
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS149785.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:2b:b7:dc:cc:c7:d8:87:bb:5e:f5:9b:41:7c:fb:40:2d:73:
         c4:df:02:66:5c:4a:14:f9:4b:4a:96:85:ff:f0:18:ab:d1:22:
         7b:b1:c5:f1:c7:db:23:b5:f2:86:74:51:38:5b:5d:3b:fd:78:
         45:8e:80:94:b6:39:88:d4:ea:02:a4:79:d7:ea:76:1a:3c:86:
         98:11:82:70:5c:bb:1a:00:29:ec:de:6e:f5:52:a5:fb:27:5f:
         8f:1b:b7:0d:7f:8a:bb:8d:19:c1:45:b9:9f:d0:1c:e9:ae:43:
         e5:40:fe:39:2b:59:d9:0e:1b:01:07:31:3b:fe:f3:72:ff:01:
         1e:fc:21:5b:e5:4c:6c:c7:e9:a8:d7:d9:93:ae:13:6c:8c:63:
         e8:f3:52:99:a1:7d:73:48:55:4b:75:7f:41:87:66:cb:bb:a9:
         af:b9:11:c1:a9:94:f3:d9:e6:a1:c6:4b:50:2b:64:42:39:7e:
         51:66:3b:5f:a8:86:17:db:a6:b2:cb:57:c9:d4:0c:3d:19:12:
         8d:9d:c5:23:97:e2:45:49:d1:6c:05:89:e5:93:b7:5a:5e:7e:
         a7:18:c3:9e:aa:9a:27:9a:bb:bd:df:a8:f0:35:00:55:03:65:
         54:06:b4:ec:92:6d:84:74:b1:ff:ed:95:50:2d:0f:e9:5e:be:
         57:55:f9:1c
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeQn6ydChcEe5+Zrn1OoTMEB5yEowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDYxODA4MjgzNVoX
DTI3MDYxNzA4MzMzNVowMzExMC8GA1UEAxMoNEEzQjQzMEYyRjBFMEQ3MDU5OEI4
NDczNDMxRThGM0REQTI4QUIwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3/1feALLZUpLT02BWueNEOfaKcSewYJWDurhqZlynTZ7rQ1e3bOAWGRj0p
8DeVxEc+Df77LsjjeTxymEP+PkZyYDgkhgusneq//Vc2k4Pu/zfP+d6Bxn0g1X+n
CiSJCF8WJna/NnRsG8VXFkff8b+3OaMG5LXEIL5KwBtmMcqct7sSEEFDh3hn4F6X
NFObcpbrONqYHvg+CQPIE+nj7XaW5mCmjOlTymnmjDYaSlrLJT1Z+CNqH5MfmLb6
YlUjYkqqpdnVjgLBgaqTPgp89/qIj6bCSix0TZJDJlbCn6C/diIgSnOQAGALFxlC
zK/RDI9TF3Hkhar5zc/AwdcOUzcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRKO0MP
Lw4NcFmLhHNDHo892iirBjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQ5Nzg1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAogTyMA0GCSqGSIb3DQEBCwUAA4IBAQBMK7fczMfYh7te9ZtBfPtALXPE
3wJmXEoU+UtKloX/8Bir0SJ7scXxx9sjtfKGdFE4W107/XhFjoCUtjmI1OoCpHnX
6nYaPIaYEYJwXLsaACns3m71UqX7J1+PG7cNf4q7jRnBRbmf0BzprkPlQP45K1nZ
DhsBBzE7/vNy/wEe/CFb5Uxsx+mo19mTrhNsjGPo81KZoX1zSFVLdX9Bh2bLu6mv
uRHBqZTz2eahxktQK2RCOX5RZjtfqIYX26ayy1fJ1Aw9GRKNncUjl+JFSdFsBYnl
k7daXn6nGMOeqponmru936jwNQBVA2VUBrTskm2EdLH/7ZVQLQ/pXr5XVfkc
-----END CERTIFICATE-----