Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149399.roa
File:                     AS149399.roa (raw, json)
Hash identifier:          BaBqcf1TJFMWwheTgnnSnWBDZkavtpH2b8lDADLs/tw=
Subject key identifier:   43:DF:75:2C:97:35:AC:A2:7A:F1:33:96:0D:6A:1D:EA:2E:A8:33:60
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6326985041EAB1C49C60D03C38593F47E19CBFF0
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149399.roa
Signing time:             Sat 02 May 2026 09:21:00 +0000
ROA not before:           Sat 02 May 2026 09:16:00 +0000
ROA not after:            Sat 01 May 2027 09:21:00 +0000
asID:                     149399
IP address blocks:        103.181.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:26:98:50:41:ea:b1:c4:9c:60:d0:3c:38:59:3f:47:e1:9c:bf:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:00 2026 GMT
            Not After : May  1 09:21:00 2027 GMT
        Subject: CN=43DF752C9735ACA27AF133960D6A1DEA2EA83360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0b:52:e0:bf:9b:93:f5:87:d2:8c:06:c7:d6:
                    eb:b7:f6:b7:b6:b8:00:48:49:f6:69:68:51:0d:1d:
                    e1:1e:7a:ff:f0:72:87:3e:01:79:a5:c6:29:f0:42:
                    c2:33:d6:f7:95:a3:27:57:20:c6:1a:35:97:6a:be:
                    7d:93:0d:bf:57:3f:3a:6e:37:b2:5a:2b:78:bc:f8:
                    a4:b1:94:f3:97:02:50:d2:6f:fe:0a:97:b7:5f:77:
                    24:de:ae:0f:a9:5e:e6:04:14:3c:18:29:f7:c6:81:
                    22:1a:d7:c3:00:7a:9f:1d:f3:8e:fc:16:45:25:fa:
                    e1:03:99:48:56:de:0f:be:b2:86:83:d6:3d:40:06:
                    5e:bd:c2:24:25:be:5e:15:2f:37:eb:93:21:f4:c8:
                    0b:dd:51:9e:3a:07:bf:f2:44:0a:4b:32:24:e6:58:
                    2b:1c:e3:66:85:86:5f:c1:25:8b:0f:55:46:ac:17:
                    96:6c:1b:91:29:04:9a:ae:aa:ff:5b:81:05:ce:dd:
                    e5:be:f5:cb:59:c3:30:8d:15:35:a2:bb:df:1d:36:
                    f2:16:48:11:71:5e:56:55:33:7a:86:01:d5:96:17:
                    69:5c:af:19:15:30:c5:73:0a:37:84:b0:aa:f7:a7:
                    66:dc:1e:2e:c5:9d:71:63:88:cb:fa:2b:8d:07:07:
                    a0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DF:75:2C:97:35:AC:A2:7A:F1:33:96:0D:6A:1D:EA:2E:A8:33:60
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149399.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.181.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:8f:c7:90:bd:88:5b:55:45:b1:53:5f:d8:37:61:c4:54:cd:
         92:6c:71:0d:9b:1a:b7:9e:96:7c:06:9f:82:4f:75:48:ee:c8:
         9c:23:22:27:f1:71:3c:f8:9b:83:4c:8b:d7:6a:33:8c:84:ce:
         28:c7:fa:20:92:93:f7:82:e5:83:b1:8b:3a:09:ec:81:40:c3:
         62:f6:4f:8e:03:4c:a8:01:bd:d5:31:61:93:a5:4a:b5:9f:f7:
         d2:dc:ce:1f:82:fd:6f:c7:c3:5b:ea:f1:87:dd:5d:cd:31:2d:
         30:ab:19:26:34:9b:bc:97:d1:75:65:29:dd:9c:d2:ee:48:81:
         e2:19:42:8b:18:77:6d:69:a0:a4:11:4d:bb:6c:b3:07:9d:68:
         51:b5:9b:90:c2:0a:da:22:a6:7b:27:9e:ad:bb:61:4e:cb:3c:
         26:f8:e5:43:ba:dd:5f:e2:57:b3:a9:d6:fa:09:6f:67:85:e8:
         9a:a5:a2:fc:ec:4f:1a:09:e3:26:e9:50:a5:de:3c:67:92:46:
         f2:0e:5b:11:2f:c6:58:28:83:23:2b:cd:9b:3a:4c:16:8a:a9:
         60:51:b2:5f:1d:bd:5f:35:75:3e:15:14:97:bc:85:3d:15:82:
         cb:e2:1d:b8:c8:45:dd:e4:ec:b8:a7:1e:7c:de:f3:9b:38:51:
         54:76:c5:21
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUYyaYUEHqscScYNA8OFk/R+Gcv/AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYwMFoX
DTI3MDUwMTA5MjEwMFowMzExMC8GA1UEAxMoNDNERjc1MkM5NzM1QUNBMjdBRjEz
Mzk2MEQ2QTFERUEyRUE4MzM2MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwLUuC/m5P1h9KMBsfW67f2t7a4AEhJ9mloUQ0d4R56//Byhz4BeaXGKfBC
wjPW95WjJ1cgxho1l2q+fZMNv1c/Om43sloreLz4pLGU85cCUNJv/gqXt193JN6u
D6le5gQUPBgp98aBIhrXwwB6nx3zjvwWRSX64QOZSFbeD76yhoPWPUAGXr3CJCW+
XhUvN+uTIfTIC91RnjoHv/JECksyJOZYKxzjZoWGX8Eliw9VRqwXlmwbkSkEmq6q
/1uBBc7d5b71y1nDMI0VNaK73x028hZIEXFeVlUzeoYB1ZYXaVyvGRUwxXMKN4Sw
qvenZtweLsWdcWOIy/orjQcHoGECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRD33Us
lzWsonrxM5YNah3qLqgzYDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5Mzk5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ7XyMA0GCSqGSIb3DQEBCwUAA4IBAQCIj8eQvYhbVUWxU1/YN2HEVM2S
bHENmxq3npZ8Bp+CT3VI7sicIyIn8XE8+JuDTIvXajOMhM4ox/ogkpP3guWDsYs6
CeyBQMNi9k+OA0yoAb3VMWGTpUq1n/fS3M4fgv1vx8Nb6vGH3V3NMS0wqxkmNJu8
l9F1ZSndnNLuSIHiGUKLGHdtaaCkEU27bLMHnWhRtZuQwgraIqZ7J56tu2FOyzwm
+OVDut1f4lezqdb6CW9nheiapaL87E8aCeMm6VCl3jxnkkbyDlsRL8ZYKIMjK82b
OkwWiqlgUbJfHb1fNXU+FRSXvIU9FYLL4h24yEXd5Oy4px583vObOFFUdsUh
-----END CERTIFICATE-----