Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS150281.roa
File:                     AS150281.roa (raw, json)
Hash identifier:          wgrCmND44V83hiRiv/EAKB3kGream1R2Uqldym/YET0=
Subject key identifier:   65:F2:AE:D6:31:A8:BE:65:32:DD:88:A8:7C:66:5A:59:B0:7F:B5:00
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       78D613FE72716D1E41C96EC27DDFAC109E48F3A8
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150281.roa
Signing time:             Sat 02 May 2026 09:24:22 +0000
ROA not before:           Sat 02 May 2026 09:19:22 +0000
ROA not after:            Sat 01 May 2027 09:24:22 +0000
asID:                     150281
IP address blocks:        161.248.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:d6:13:fe:72:71:6d:1e:41:c9:6e:c2:7d:df:ac:10:9e:48:f3:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:22 2026 GMT
            Not After : May  1 09:24:22 2027 GMT
        Subject: CN=65F2AED631A8BE6532DD88A87C665A59B07FB500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1a:64:6f:10:8c:f7:df:49:48:9d:3d:7a:9c:
                    d1:5c:9f:f8:77:28:48:23:f1:88:31:6b:6b:49:b9:
                    f1:e6:bd:9a:5b:fb:a6:20:47:33:39:77:57:9e:f9:
                    20:aa:61:e7:06:4d:a9:21:1e:ea:a9:d0:d8:31:b5:
                    3e:83:d7:df:d2:b1:8b:92:5a:fb:36:40:63:d1:f8:
                    13:fa:30:68:24:a4:c5:b4:b5:ec:6f:6c:78:97:18:
                    70:83:68:d7:c1:8c:66:7b:17:61:c0:61:74:f0:3a:
                    3e:21:b3:35:e4:69:2e:36:cd:99:56:c5:9c:72:e2:
                    b3:fc:1e:17:4e:35:07:47:d6:3a:af:09:1a:ed:5e:
                    51:f8:29:80:05:d2:21:96:f9:1b:ff:b2:25:30:3c:
                    57:50:92:67:b2:ae:d5:50:e0:21:9d:f3:61:16:e1:
                    57:97:f7:c5:01:2e:c2:ef:7d:d8:23:8d:0a:16:80:
                    45:90:79:d2:21:fa:20:55:ef:b7:5f:f6:18:3e:2a:
                    f4:26:b7:de:09:6a:a6:9d:ca:79:14:eb:3e:8e:f5:
                    91:b8:74:ad:7e:46:43:89:d4:9a:b1:e4:c9:1d:d6:
                    73:db:dc:a1:9c:48:a1:3e:71:61:17:13:6e:b6:f5:
                    47:a3:e3:a1:2b:5d:5b:ce:5d:57:4d:ed:be:6d:db:
                    d8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F2:AE:D6:31:A8:BE:65:32:DD:88:A8:7C:66:5A:59:B0:7F:B5:00
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150281.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ae:dc:37:f4:0f:bf:d1:af:48:05:4c:80:f6:27:21:a7:4c:
         8b:ef:d9:84:cf:f6:8e:31:61:cf:ff:4d:77:d5:18:a0:a7:a8:
         59:e7:4e:dc:89:e1:da:52:7f:b1:0a:7a:c6:fe:cf:09:51:a1:
         17:51:f5:83:94:5e:a5:40:a8:44:db:3c:cc:1e:51:4c:03:89:
         53:84:a2:d5:3c:22:22:23:21:25:9e:2b:8b:d1:9f:9d:88:4b:
         98:8e:d7:1b:29:b7:db:f5:81:a7:49:ac:48:50:90:59:c9:ff:
         dd:04:a7:17:ae:a5:eb:56:2e:a8:4b:1d:65:7c:6a:b1:10:d0:
         f8:35:32:9d:0a:1a:a8:f6:2e:3c:8a:96:b7:b9:c5:ef:96:28:
         04:ab:37:49:42:ac:cb:d5:ab:a9:4f:22:7a:2d:4e:3b:50:3c:
         aa:68:cc:57:e8:73:f5:5c:92:21:4b:c9:5c:5f:7a:a9:b3:b2:
         e5:90:fd:40:52:33:32:36:01:d3:72:95:ec:24:57:9c:5c:e4:
         01:2e:34:c6:53:45:2d:87:29:de:df:02:d5:7c:30:9b:f5:ed:
         5d:fc:b8:05:27:5c:93:94:6d:63:86:42:20:66:12:25:57:85:
         af:fe:ca:6e:06:a4:c3:32:61:4c:4b:ca:98:38:00:d0:25:67:
         75:09:2c:42
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeNYT/nJxbR5ByW7Cfd+sEJ5I86gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyMloX
DTI3MDUwMTA5MjQyMlowMzExMC8GA1UEAxMoNjVGMkFFRDYzMUE4QkU2NTMyREQ4
OEE4N0M2NjVBNTlCMDdGQjUwMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0aZG8QjPffSUidPXqc0Vyf+HcoSCPxiDFra0m58ea9mlv7piBHMzl3V575
IKph5wZNqSEe6qnQ2DG1PoPX39Kxi5Ja+zZAY9H4E/owaCSkxbS17G9seJcYcINo
18GMZnsXYcBhdPA6PiGzNeRpLjbNmVbFnHLis/weF041B0fWOq8JGu1eUfgpgAXS
IZb5G/+yJTA8V1CSZ7Ku1VDgIZ3zYRbhV5f3xQEuwu992CONChaARZB50iH6IFXv
t1/2GD4q9Ca33glqpp3KeRTrPo71kbh0rX5GQ4nUmrHkyR3Wc9vcoZxIoT5xYRcT
brb1R6PjoStdW85dV03tvm3b2JUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRl8q7W
Mai+ZTLdiKh8ZlpZsH+1ADAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUwMjgxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAofhrMA0GCSqGSIb3DQEBCwUAA4IBAQCArtw39A+/0a9IBUyA9ichp0yL
79mEz/aOMWHP/0131Rigp6hZ507cieHaUn+xCnrG/s8JUaEXUfWDlF6lQKhE2zzM
HlFMA4lThKLVPCIiIyElniuL0Z+diEuYjtcbKbfb9YGnSaxIUJBZyf/dBKcXrqXr
Vi6oSx1lfGqxEND4NTKdChqo9i48ipa3ucXvligEqzdJQqzL1aupTyJ6LU47UDyq
aMxX6HP1XJIhS8lcX3qps7LlkP1AUjMyNgHTcpXsJFecXOQBLjTGU0Uthyne3wLV
fDCb9e1d/LgFJ1yTlG1jhkIgZhIlV4Wv/spuBqTDMmFMS8qYOADQJWd1CSxC
-----END CERTIFICATE-----