Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS151849.roa
File:                     AS151849.roa (raw, json)
Hash identifier:          +HuhF3dFL5QByck+fp/1Rngg7cTl1O70Z4EE/YF+MBE=
Subject key identifier:   88:C8:32:D6:B8:5B:C0:80:FD:C7:94:F6:9C:9D:CB:AA:1B:EA:BD:81
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       03597DACFEC741B9CBBC0720A4C2507A28126E98
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS151849.roa
Signing time:             Sat 02 May 2026 09:22:47 +0000
ROA not before:           Sat 02 May 2026 09:17:47 +0000
ROA not after:            Sat 01 May 2027 09:22:47 +0000
asID:                     151849
IP address blocks:        144.79.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:59:7d:ac:fe:c7:41:b9:cb:bc:07:20:a4:c2:50:7a:28:12:6e:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:47 2026 GMT
            Not After : May  1 09:22:47 2027 GMT
        Subject: CN=88C832D6B85BC080FDC794F69C9DCBAA1BEABD81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4d:40:a1:8f:35:11:7f:d5:d7:c0:35:6b:2f:
                    37:4f:5b:9a:8b:cc:8c:88:54:57:a4:5b:ed:28:5d:
                    b8:9e:d4:bb:7e:54:38:d7:53:98:d3:d6:62:f2:4a:
                    e1:a9:da:f4:90:08:db:52:84:b2:9e:71:83:73:5f:
                    ed:70:80:bb:ca:79:71:d9:7b:15:92:69:4c:35:52:
                    79:f5:b4:a3:c9:02:55:ad:28:f4:cd:1e:91:b8:a4:
                    b6:28:3b:3a:8a:2f:1d:4b:28:de:e5:22:9a:7d:8b:
                    5b:c5:22:96:e2:11:50:cb:02:1c:ab:5b:5e:cd:3d:
                    78:37:06:63:aa:a8:de:b6:2e:fd:9b:3a:5a:40:74:
                    8d:69:88:98:99:a1:a1:35:aa:76:ef:04:17:fb:91:
                    d8:a5:20:de:0a:a1:8d:96:b5:1c:df:6f:cf:1b:6f:
                    6b:a1:72:a8:98:7e:a9:eb:60:bd:03:c6:46:42:c2:
                    ab:79:7b:6d:f5:91:cf:8e:7d:dd:e6:51:cd:b9:40:
                    eb:11:4e:9f:cb:16:26:9f:97:0f:ea:0f:0b:f9:db:
                    78:8d:a7:f7:78:eb:63:3d:de:a6:2d:da:84:f6:15:
                    5f:bd:8b:bf:ff:bc:e1:19:ad:69:2a:35:20:13:30:
                    d3:4a:21:57:eb:b6:6c:df:3c:93:37:aa:21:b5:dd:
                    91:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C8:32:D6:B8:5B:C0:80:FD:C7:94:F6:9C:9D:CB:AA:1B:EA:BD:81
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS151849.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:0d:94:77:4c:d8:1e:13:54:2d:dc:01:d9:9d:43:4b:45:02:
         ea:17:f4:68:e3:0b:db:17:69:c2:4c:79:5b:09:14:15:4f:1a:
         2b:5e:a3:4c:90:2d:73:28:e7:14:a2:7e:91:38:d2:66:10:58:
         fc:ff:88:c5:51:6b:3f:dc:40:5e:2e:fc:fc:86:a0:d3:9c:07:
         7e:37:0a:e1:73:fe:62:b3:74:1f:00:d5:de:6b:bc:0d:1f:01:
         1c:9c:4b:55:41:e1:72:7d:6c:1f:74:eb:6c:5a:73:54:f0:06:
         d1:56:ef:f5:07:68:b2:18:1d:bd:4f:04:c8:59:47:d3:4f:7f:
         98:b5:ed:39:6a:77:6f:bb:9d:c2:9b:72:bd:df:46:7e:5c:db:
         cb:46:2b:39:76:7e:22:25:99:85:b0:41:ff:28:9f:c1:f7:2d:
         a6:41:93:2a:81:a9:71:89:c8:fb:5f:d9:9e:c7:a9:4d:a3:5d:
         0d:69:d4:a8:36:f0:b8:ea:f8:2a:52:cd:06:2f:72:9f:d9:74:
         05:4d:aa:d1:b9:61:88:ca:68:1d:2f:46:31:1d:75:e7:60:2d:
         95:7c:a3:1c:c5:51:7e:c8:55:af:7c:9c:95:03:eb:c6:e1:9a:
         b9:6c:21:35:61:4e:7c:10:6b:05:8b:04:75:db:48:fe:3d:72:
         d7:7b:e5:36
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUA1l9rP7HQbnLvAcgpMJQeigSbpgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0N1oX
DTI3MDUwMTA5MjI0N1owMzExMC8GA1UEAxMoODhDODMyRDZCODVCQzA4MEZEQzc5
NEY2OUM5RENCQUExQkVBQkQ4MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOBNQKGPNRF/1dfANWsvN09bmovMjIhUV6Rb7ShduJ7Uu35UONdTmNPWYvJK
4ana9JAI21KEsp5xg3Nf7XCAu8p5cdl7FZJpTDVSefW0o8kCVa0o9M0ekbiktig7
OoovHUso3uUimn2LW8UiluIRUMsCHKtbXs09eDcGY6qo3rYu/Zs6WkB0jWmImJmh
oTWqdu8EF/uR2KUg3gqhjZa1HN9vzxtva6FyqJh+qetgvQPGRkLCq3l7bfWRz459
3eZRzblA6xFOn8sWJp+XD+oPC/nbeI2n93jrYz3epi3ahPYVX72Lv/+84RmtaSo1
IBMw00ohV+u2bN88kzeqIbXdkZsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSIyDLW
uFvAgP3HlPacncuqG+q9gTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUxODQ5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE9IMA0GCSqGSIb3DQEBCwUAA4IBAQCODZR3TNgeE1Qt3AHZnUNLRQLq
F/Ro4wvbF2nCTHlbCRQVTxorXqNMkC1zKOcUon6RONJmEFj8/4jFUWs/3EBeLvz8
hqDTnAd+Nwrhc/5is3QfANXea7wNHwEcnEtVQeFyfWwfdOtsWnNU8AbRVu/1B2iy
GB29TwTIWUfTT3+Yte05andvu53Cm3K930Z+XNvLRis5dn4iJZmFsEH/KJ/B9y2m
QZMqgalxicj7X9mex6lNo10NadSoNvC46vgqUs0GL3Kf2XQFTarRuWGIymgdL0Yx
HXXnYC2VfKMcxVF+yFWvfJyVA+vG4Zq5bCE1YU58EGsFiwR120j+PXLXe+U2
-----END CERTIFICATE-----