Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149375.roa
File:                     AS149375.roa (raw, json)
Hash identifier:          AGE6so5TymbiCddWM9l+Gdw8MGnwQoDXgIs1b+hRE5Q=
Subject key identifier:   CB:F8:4F:DB:95:8E:38:C5:A8:E3:4F:1D:B1:A4:44:2D:69:A6:7B:FD
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6C13146FD0669A87F8C48A839F0DB973E36582D9
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149375.roa
Signing time:             Sat 02 May 2026 21:23:42 +0000
ROA not before:           Sat 02 May 2026 21:18:42 +0000
ROA not after:            Sat 01 May 2027 21:23:42 +0000
asID:                     149375
IP address blocks:        2001:df0:6b40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:13:14:6f:d0:66:9a:87:f8:c4:8a:83:9f:0d:b9:73:e3:65:82:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:18:42 2026 GMT
            Not After : May  1 21:23:42 2027 GMT
        Subject: CN=CBF84FDB958E38C5A8E34F1DB1A4442D69A67BFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3d:f5:c2:b3:e7:ee:f0:6a:b7:5e:d9:94:55:
                    1b:d7:64:af:28:fe:64:30:60:b1:3e:3a:c8:d3:10:
                    50:59:fc:16:bf:8c:c3:e4:18:a9:ba:79:47:33:a1:
                    dc:25:ae:28:e5:32:de:e6:57:eb:23:8f:d2:e8:2c:
                    aa:33:e9:8f:99:a9:31:46:74:ce:a0:9f:6a:0c:e7:
                    79:bc:de:65:8c:97:39:e1:1e:48:76:0d:f6:81:d9:
                    fc:30:e7:89:c8:6e:19:d9:ca:ef:21:43:80:ba:0e:
                    d1:af:06:eb:b2:95:74:60:8b:c0:f9:de:97:c3:3e:
                    c7:31:fe:33:0b:d6:96:62:c6:2b:bb:32:28:c2:0d:
                    a6:2c:5e:6e:ad:46:6a:4b:bd:f3:2b:e1:64:01:ee:
                    2f:8e:3f:02:05:62:96:96:6e:6e:82:d0:a5:a9:38:
                    ec:77:d4:78:b5:47:40:0f:7c:14:af:89:0c:22:45:
                    6c:90:4b:3b:96:1f:04:b7:35:ca:85:f3:81:d3:d5:
                    08:87:ba:a0:8f:fd:e2:59:5e:01:56:d2:c6:66:04:
                    b4:b7:e1:07:2f:8f:02:a5:da:de:ed:c3:c1:02:e0:
                    ea:b4:e4:88:50:b3:f2:6e:ac:07:4c:8d:33:2f:e9:
                    b7:1f:29:a6:ab:77:ed:d2:82:08:5e:17:0f:45:e1:
                    fc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F8:4F:DB:95:8E:38:C5:A8:E3:4F:1D:B1:A4:44:2D:69:A6:7B:FD
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149375.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:6b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:22:e6:6f:6c:e2:1a:2d:fc:33:48:b4:20:2c:d2:e5:90:f0:
         f8:23:8a:c2:99:de:cb:68:b4:f4:2a:fc:0c:e9:7e:59:d5:ec:
         93:d2:3a:8e:a8:f7:3c:4f:e2:c6:c5:58:79:af:29:c7:9e:85:
         4f:a3:22:13:32:9b:e9:30:86:80:02:78:5e:76:ed:0a:81:31:
         7c:d5:6f:4d:ed:04:0e:d8:22:86:1e:4e:af:25:82:69:cb:e3:
         f4:8a:dd:27:65:63:3c:d7:8d:ed:e5:90:15:fd:de:f2:f4:e3:
         7f:94:cd:cb:17:82:8e:ec:1a:02:45:31:17:30:02:8b:88:62:
         38:f5:1e:a7:c8:d4:b0:18:63:2b:a7:3b:30:26:d6:74:8e:df:
         d4:ff:dd:50:33:3b:a6:30:ad:23:4c:36:31:f0:e1:0b:6d:83:
         91:6c:d7:4a:56:12:e6:82:51:fe:e9:c3:82:c5:b2:9c:db:a1:
         25:b7:37:98:de:53:f0:70:9a:44:c6:a3:cd:56:24:80:25:66:
         d6:29:dd:7f:b8:1a:68:0d:72:21:df:96:08:93:a4:ff:e2:3b:
         6c:f8:31:b6:5a:0d:96:9b:b4:25:09:f2:34:b1:42:36:7e:ec:
         25:a6:a7:42:a5:0f:e1:a4:f8:37:2f:f3:f7:23:d0:a7:b7:93:
         9d:ec:8c:4b
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUbBMUb9Bmmof4xIqDnw25c+NlgtkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTg0MloX
DTI3MDUwMTIxMjM0MlowMzExMC8GA1UEAxMoQ0JGODRGREI5NThFMzhDNUE4RTM0
RjFEQjFBNDQ0MkQ2OUE2N0JGRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANI99cKz5+7warde2ZRVG9dkryj+ZDBgsT46yNMQUFn8Fr+Mw+QYqbp5RzOh
3CWuKOUy3uZX6yOP0ugsqjPpj5mpMUZ0zqCfagznebzeZYyXOeEeSHYN9oHZ/DDn
ichuGdnK7yFDgLoO0a8G67KVdGCLwPnel8M+xzH+MwvWlmLGK7syKMINpixebq1G
aku98yvhZAHuL44/AgVilpZuboLQpak47HfUeLVHQA98FK+JDCJFbJBLO5YfBLc1
yoXzgdPVCIe6oI/94lleAVbSxmYEtLfhBy+PAqXa3u3DwQLg6rTkiFCz8m6sB0yN
My/ptx8ppqt37dKCCF4XD0Xh/E0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTL+E/b
lY44xajjTx2xpEQtaaZ7/TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5Mzc1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8GtAMA0GCSqGSIb3DQEBCwUAA4IBAQBtIuZvbOIaLfwzSLQgLNLl
kPD4I4rCmd7LaLT0KvwM6X5Z1eyT0jqOqPc8T+LGxVh5rynHnoVPoyITMpvpMIaA
Anhedu0KgTF81W9N7QQO2CKGHk6vJYJpy+P0it0nZWM8143t5ZAV/d7y9ON/lM3L
F4KO7BoCRTEXMAKLiGI49R6nyNSwGGMrpzswJtZ0jt/U/91QMzumMK0jTDYx8OEL
bYORbNdKVhLmglH+6cOCxbKc26EltzeY3lPwcJpExqPNViSAJWbWKd1/uBpoDXIh
35YIk6T/4jts+DG2Wg2Wm7QlCfI0sUI2fuwlpqdCpQ/hpPg3L/P3I9Cnt5Od7IxL
-----END CERTIFICATE-----