Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149325.roa
File:                     AS149325.roa (raw, json)
Hash identifier:          E3JwvPFcwDXYZ7kLeMZ00CDSCAlt+v8ZRzozZogZiq0=
Subject key identifier:   6D:66:E6:D7:87:68:BA:16:12:D7:99:61:A2:A6:39:0B:33:72:80:85
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       0EAA3DF1FD03EF60D146DC73D06FEE414E92496C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149325.roa
Signing time:             Sat 02 May 2026 09:20:36 +0000
ROA not before:           Sat 02 May 2026 09:15:36 +0000
ROA not after:            Sat 01 May 2027 09:20:36 +0000
asID:                     149325
IP address blocks:        103.178.172.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:aa:3d:f1:fd:03:ef:60:d1:46:dc:73:d0:6f:ee:41:4e:92:49:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:36 2026 GMT
            Not After : May  1 09:20:36 2027 GMT
        Subject: CN=6D66E6D78768BA1612D79961A2A6390B33728085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:ee:a1:31:3c:c2:22:57:b7:a7:88:a9:27:
                    f6:4c:3b:3c:b9:1f:82:50:2f:36:82:ce:27:eb:61:
                    d3:9a:6a:62:7e:35:15:98:90:e5:7c:57:ba:6c:25:
                    28:fc:50:34:ee:57:0d:2d:2b:44:47:5f:dd:48:df:
                    24:9f:3f:21:a7:25:35:62:03:a4:ba:e0:75:18:4b:
                    86:8f:b1:9c:ed:b6:cc:8f:2e:9e:62:5a:c4:df:00:
                    fc:14:70:3b:25:86:89:61:a9:27:d3:b1:d4:70:72:
                    9d:4e:0f:f2:9c:45:77:ba:60:5a:35:64:82:52:30:
                    16:df:c6:74:b0:49:a4:79:e9:54:29:5f:57:b1:5c:
                    65:65:61:47:d1:29:1f:c8:88:94:89:e3:48:24:8e:
                    86:8a:00:78:ed:4a:22:9c:58:9c:b4:69:f9:a8:69:
                    79:36:e8:e2:b7:3c:e5:32:59:ba:e9:39:51:7b:8f:
                    3a:b6:c5:91:e5:f9:55:97:05:4a:dc:31:1d:15:e1:
                    9f:42:0d:89:2a:5d:16:66:fb:05:6d:e4:38:ee:f7:
                    1c:aa:5e:6c:c6:ac:40:7e:75:32:de:ff:d1:dc:85:
                    88:aa:29:03:c3:1c:7b:06:4d:e1:19:23:af:00:82:
                    db:1a:3d:a3:59:33:ec:e1:12:7f:95:ef:cc:16:70:
                    c0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:66:E6:D7:87:68:BA:16:12:D7:99:61:A2:A6:39:0B:33:72:80:85
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.178.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:2c:b3:b5:14:47:7d:77:4a:b1:0e:17:e6:cc:a8:f1:39:f9:
         8a:7e:c5:94:03:de:f6:a5:b3:2f:b1:9c:5d:c1:29:74:5f:a1:
         ed:e0:1f:dc:2c:ed:90:bd:62:d0:0a:77:3e:a7:ca:b5:87:6b:
         ed:bc:98:28:bf:ef:b4:cd:35:cf:31:5b:2f:2b:c4:49:65:b3:
         ec:57:0e:32:83:9b:ec:c8:f7:85:c4:64:6f:23:f1:04:0d:1a:
         4d:4c:ec:ce:7e:12:bf:70:c4:02:cc:85:c4:f3:42:be:16:67:
         8b:e2:3c:b7:a7:1e:52:09:a6:fe:d6:f3:dd:f2:34:14:84:a8:
         55:21:b6:25:61:61:6f:c0:f8:5c:4b:9c:bb:32:e6:ae:7b:e4:
         49:dc:29:cd:fe:0a:dd:56:58:24:82:c7:e8:c7:25:af:9c:d0:
         e7:af:75:73:03:9b:0d:8a:ed:73:e1:ef:bf:57:d1:9e:b6:8a:
         a7:78:1a:6d:cf:a1:67:19:dd:dc:00:4f:6e:47:54:e1:7b:3d:
         38:e5:ac:af:70:ec:73:c5:10:29:a1:1f:68:40:63:70:1f:98:
         37:bc:1c:3c:54:e5:10:45:24:7c:d8:ab:d4:d7:7e:0b:e9:a5:
         65:f5:c8:c1:e2:15:79:d2:14:b0:21:c5:9b:68:6b:31:d6:47:
         2f:02:97:d7
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDqo98f0D72DRRtxz0G/uQU6SSWwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTUzNloX
DTI3MDUwMTA5MjAzNlowMzExMC8GA1UEAxMoNkQ2NkU2RDc4NzY4QkExNjEyRDc5
OTYxQTJBNjM5MEIzMzcyODA4NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKq/7qExPMIiV7eniKkn9kw7PLkfglAvNoLOJ+th05pqYn41FZiQ5XxXumwl
KPxQNO5XDS0rREdf3UjfJJ8/IaclNWIDpLrgdRhLho+xnO22zI8unmJaxN8A/BRw
OyWGiWGpJ9Ox1HBynU4P8pxFd7pgWjVkglIwFt/GdLBJpHnpVClfV7FcZWVhR9Ep
H8iIlInjSCSOhooAeO1KIpxYnLRp+ahpeTbo4rc85TJZuuk5UXuPOrbFkeX5VZcF
StwxHRXhn0INiSpdFmb7BW3kOO73HKpebMasQH51Mt7/0dyFiKopA8McewZN4Rkj
rwCC2xo9o1kz7OESf5XvzBZwwFsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRtZubX
h2i6FhLXmWGipjkLM3KAhTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5MzI1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ7KsMA0GCSqGSIb3DQEBCwUAA4IBAQASLLO1FEd9d0qxDhfmzKjxOfmK
fsWUA972pbMvsZxdwSl0X6Ht4B/cLO2QvWLQCnc+p8q1h2vtvJgov++0zTXPMVsv
K8RJZbPsVw4yg5vsyPeFxGRvI/EEDRpNTOzOfhK/cMQCzIXE80K+FmeL4jy3px5S
Cab+1vPd8jQUhKhVIbYlYWFvwPhcS5y7Muaue+RJ3CnN/grdVlgkgsfoxyWvnNDn
r3VzA5sNiu1z4e+/V9GetoqneBptz6FnGd3cAE9uR1Thez045ayvcOxzxRApoR9o
QGNwH5g3vBw8VOUQRSR82KvU134L6aVl9cjB4hV50hSwIcWbaGsx1kcvApfX
-----END CERTIFICATE-----