Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS150690.roa
File:                     AS150690.roa (raw, json)
Hash identifier:          YO7AW5UWsVjHJq2BZdm1O/Eu5b4tyVXSd7lYrvxaON8=
Subject key identifier:   A0:F0:2C:81:84:55:A6:10:8D:46:4D:A9:74:9C:84:6E:14:90:86:8B
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       11985FC8F9F105B424CB8266EEDE04E276C5BC6A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150690.roa
Signing time:             Sat 02 May 2026 09:23:12 +0000
ROA not before:           Sat 02 May 2026 09:18:12 +0000
ROA not after:            Sat 01 May 2027 09:23:12 +0000
asID:                     150690
IP address blocks:        165.101.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:98:5f:c8:f9:f1:05:b4:24:cb:82:66:ee:de:04:e2:76:c5:bc:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:12 2026 GMT
            Not After : May  1 09:23:12 2027 GMT
        Subject: CN=A0F02C818455A6108D464DA9749C846E1490868B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:4e:04:01:34:0e:5e:79:8b:97:20:0d:00:
                    0a:5e:ac:13:9b:c5:a6:86:99:8f:3f:e5:ee:45:2a:
                    85:cb:4d:26:4d:3f:d7:8f:3e:f9:9e:21:be:81:36:
                    c8:ec:4d:16:a8:4b:95:a9:be:27:79:97:31:b5:c1:
                    61:70:bd:ab:15:e7:66:49:73:2c:e5:ec:80:d2:ce:
                    46:9e:27:ac:f8:3b:49:fb:27:86:ef:2a:b6:a2:4c:
                    bc:f5:d8:a0:1d:20:d8:64:d1:80:5a:09:db:4d:c1:
                    bb:fa:fa:ad:fe:12:5f:91:d6:d7:4b:67:d0:4e:36:
                    40:54:9b:63:60:f7:93:fa:c0:fe:58:6d:bb:5e:bf:
                    d5:e4:0c:a0:7b:11:96:c6:ab:ef:cd:7d:60:75:af:
                    a3:8e:db:b9:31:49:29:07:d9:9a:7f:ec:c5:e3:63:
                    38:51:4a:10:7d:b9:75:12:fd:ce:92:83:dc:5e:3a:
                    d0:70:78:ae:0a:48:43:5a:2c:c3:1a:bb:e2:c5:46:
                    5f:7d:ab:2e:f0:80:84:9b:55:23:6f:58:8c:e9:f1:
                    84:8a:d3:89:0a:ed:c6:f2:c5:95:58:7a:c6:1d:46:
                    80:0b:5b:fe:b1:f5:4c:9b:02:63:4e:35:d9:f6:42:
                    62:1c:e7:22:bd:68:c5:34:c0:25:f6:83:56:79:d7:
                    3b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F0:2C:81:84:55:A6:10:8D:46:4D:A9:74:9C:84:6E:14:90:86:8B
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:45:a5:7d:3e:c9:73:e8:6d:84:f9:42:69:5b:24:62:89:ca:
         3a:36:2f:cf:24:de:cf:89:49:0e:51:a3:6a:19:ad:4b:0e:3c:
         60:aa:c8:55:1b:90:dd:f9:ae:64:01:e9:10:4d:db:d4:63:46:
         43:3a:9b:5e:b4:f7:82:fd:37:d1:2b:59:26:27:04:c0:9e:76:
         85:33:ff:a3:1d:8e:0f:f8:d8:57:d4:0d:dd:3b:2e:ed:e2:82:
         7d:bb:eb:16:56:c5:41:33:70:03:14:06:8a:1a:68:97:97:60:
         36:35:ba:3d:6c:c9:f7:56:eb:2c:62:ce:a3:6d:3d:5b:64:ff:
         b1:15:8b:10:4d:9a:9d:e5:4e:6d:76:2c:48:5a:b9:29:fb:7a:
         5e:3b:9f:37:b3:e8:ff:d0:fe:51:4a:54:59:06:22:ee:1e:11:
         c4:cd:7c:c7:10:f0:9f:4d:64:95:b3:37:9f:77:c5:3d:0c:80:
         10:2e:bf:7f:91:d3:d7:9a:6a:91:cc:49:5c:2c:51:a2:38:bd:
         20:1f:a6:8f:38:52:1b:00:5f:48:de:e1:71:15:80:28:ab:1c:
         b3:f2:50:8d:b8:a1:0e:08:38:34:92:43:80:1f:a0:88:0e:5d:
         7e:c1:b8:1a:ba:e1:42:0e:97:55:ea:74:5c:4c:d2:bf:ac:1b:
         cb:47:d5:d5
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEZhfyPnxBbQky4Jm7t4E4nbFvGowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxMloX
DTI3MDUwMTA5MjMxMlowMzExMC8GA1UEAxMoQTBGMDJDODE4NDU1QTYxMDhENDY0
REE5NzQ5Qzg0NkUxNDkwODY4QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4YTgQBNA5eeYuXIA0ACl6sE5vFpoaZjz/l7kUqhctNJk0/148++Z4hvoE2
yOxNFqhLlam+J3mXMbXBYXC9qxXnZklzLOXsgNLORp4nrPg7Sfsnhu8qtqJMvPXY
oB0g2GTRgFoJ203Bu/r6rf4SX5HW10tn0E42QFSbY2D3k/rA/lhtu16/1eQMoHsR
lsar7819YHWvo47buTFJKQfZmn/sxeNjOFFKEH25dRL9zpKD3F460HB4rgpIQ1os
wxq74sVGX32rLvCAhJtVI29YjOnxhIrTiQrtxvLFlVh6xh1GgAtb/rH1TJsCY041
2fZCYhznIr1oxTTAJfaDVnnXO7cCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSg8CyB
hFWmEI1GTal0nIRuFJCGizAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUwNjkwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWUeMA0GCSqGSIb3DQEBCwUAA4IBAQAwRaV9Pslz6G2E+UJpWyRiico6
Ni/PJN7PiUkOUaNqGa1LDjxgqshVG5Dd+a5kAekQTdvUY0ZDOptetPeC/TfRK1km
JwTAnnaFM/+jHY4P+NhX1A3dOy7t4oJ9u+sWVsVBM3ADFAaKGmiXl2A2Nbo9bMn3
VussYs6jbT1bZP+xFYsQTZqd5U5tdixIWrkp+3peO583s+j/0P5RSlRZBiLuHhHE
zXzHEPCfTWSVszefd8U9DIAQLr9/kdPXmmqRzElcLFGiOL0gH6aPOFIbAF9I3uFx
FYAoqxyz8lCNuKEOCDg0kkOAH6CIDl1+wbgauuFCDpdV6nRcTNK/rBvLR9XV
-----END CERTIFICATE-----