Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149677.roa
File:                     AS149677.roa (raw, json)
Hash identifier:          u7u5wDZWuhPy5tQ06B8qEd6O/UrK28BlB5gt8bT/cYU=
Subject key identifier:   DB:D8:98:79:0C:7C:3B:1F:C4:96:81:71:2D:10:F8:2A:A0:86:0D:14
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2DABDCE8470FB591D429DDD6F498F37148950400
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149677.roa
Signing time:             Sat 02 May 2026 09:20:51 +0000
ROA not before:           Sat 02 May 2026 09:15:51 +0000
ROA not after:            Sat 01 May 2027 09:20:51 +0000
asID:                     149677
IP address blocks:        103.180.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:ab:dc:e8:47:0f:b5:91:d4:29:dd:d6:f4:98:f3:71:48:95:04:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:51 2026 GMT
            Not After : May  1 09:20:51 2027 GMT
        Subject: CN=DBD898790C7C3B1FC49681712D10F82AA0860D14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:23:21:c3:2d:7e:39:e1:7f:f3:d4:ef:0a:6d:
                    76:92:d9:97:fa:0d:d2:b4:ec:99:eb:d7:db:c5:05:
                    ce:5d:2a:0e:af:2e:ed:c2:1b:36:37:42:10:83:d6:
                    33:c6:6e:84:ad:36:dd:5b:86:88:73:39:5d:8e:91:
                    8d:ed:3c:15:3f:90:3f:fb:6e:33:e9:f6:ef:6c:c3:
                    5d:7b:21:55:5b:7a:01:d8:0c:37:fd:56:4e:b9:a5:
                    b6:bd:15:aa:51:2b:01:b6:11:fd:ee:44:e4:e4:64:
                    3c:79:22:85:3f:60:cc:62:7e:b4:43:89:70:9e:39:
                    56:95:00:fb:dc:01:f6:8a:af:f3:61:c4:33:0a:f5:
                    3a:82:96:8c:5f:0f:dd:a4:9e:e9:8d:78:a8:65:c0:
                    2c:8b:20:1f:dd:cb:ce:f5:f1:67:a5:04:f2:26:1b:
                    68:1f:fe:76:a5:2a:f8:74:8f:07:7b:ec:c9:a0:de:
                    a7:8a:5c:d4:63:28:8c:c3:58:b1:21:8a:df:df:ee:
                    2c:06:79:77:02:84:31:44:98:7c:63:5f:93:04:86:
                    2c:a8:21:3c:69:7e:44:c6:24:30:9c:15:ab:15:8a:
                    64:9d:b5:e6:ce:b7:69:df:64:76:5d:44:b8:c1:c6:
                    e2:39:e9:25:7b:7f:f1:b2:54:ad:36:ad:1b:af:5e:
                    8a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D8:98:79:0C:7C:3B:1F:C4:96:81:71:2D:10:F8:2A:A0:86:0D:14
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.180.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:25:8f:7f:e7:fc:5e:64:8a:30:33:28:68:9a:86:a8:f1:3a:
         b5:1f:76:b8:7e:ed:0b:53:41:0c:0d:27:86:aa:d2:d4:dc:89:
         b6:bf:a2:f9:bb:5a:03:a3:e4:4c:1b:a6:1e:2b:96:b5:6c:d4:
         ff:f9:97:d8:0c:c2:3d:a7:d2:ac:df:f6:6f:6c:f0:b5:c8:34:
         24:48:ab:fa:f2:03:ca:52:4d:ce:cf:b8:81:49:6b:21:58:e8:
         89:b7:a1:50:c1:c3:03:a4:04:9d:d6:b5:a1:e2:c3:d6:e7:e8:
         e2:6b:e3:38:ad:f8:00:9e:99:69:d5:c2:97:0e:91:e5:c6:e2:
         1a:f6:db:ec:2a:46:da:e9:7d:55:f8:d2:23:49:b0:c8:dd:f6:
         27:cb:35:f9:97:a9:50:d6:65:0b:0d:80:4e:c8:e1:f4:1c:69:
         18:9a:08:6f:50:72:c1:76:72:33:93:fc:24:97:3c:2f:86:a2:
         97:33:9b:20:cc:5e:30:4b:43:54:1b:d3:d4:8d:48:28:99:09:
         f5:0f:c7:a6:91:ce:b2:39:04:0e:04:7c:1a:e4:61:93:17:a9:
         3d:ed:75:62:e9:78:63:33:3a:c4:b0:1f:98:75:0f:6b:81:5d:
         a2:68:eb:b8:a3:ad:48:37:ed:5d:2f:1b:00:52:fc:25:b3:65:
         bc:70:9f:c5
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULavc6EcPtZHUKd3W9JjzcUiVBAAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTU1MVoX
DTI3MDUwMTA5MjA1MVowMzExMC8GA1UEAxMoREJEODk4NzkwQzdDM0IxRkM0OTY4
MTcxMkQxMEY4MkFBMDg2MEQxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMsjIcMtfjnhf/PU7wptdpLZl/oN0rTsmevX28UFzl0qDq8u7cIbNjdCEIPW
M8ZuhK023VuGiHM5XY6Rje08FT+QP/tuM+n272zDXXshVVt6AdgMN/1WTrmltr0V
qlErAbYR/e5E5ORkPHkihT9gzGJ+tEOJcJ45VpUA+9wB9oqv82HEMwr1OoKWjF8P
3aSe6Y14qGXALIsgH93LzvXxZ6UE8iYbaB/+dqUq+HSPB3vsyaDep4pc1GMojMNY
sSGK39/uLAZ5dwKEMUSYfGNfkwSGLKghPGl+RMYkMJwVqxWKZJ215s63ad9kdl1E
uMHG4jnpJXt/8bJUrTatG69eipUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTb2Jh5
DHw7H8SWgXEtEPgqoIYNFDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5Njc3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ7R0MA0GCSqGSIb3DQEBCwUAA4IBAQAkJY9/5/xeZIowMyhomoao8Tq1
H3a4fu0LU0EMDSeGqtLU3Im2v6L5u1oDo+RMG6YeK5a1bNT/+ZfYDMI9p9Ks3/Zv
bPC1yDQkSKv68gPKUk3Oz7iBSWshWOiJt6FQwcMDpASd1rWh4sPW5+jia+M4rfgA
nplp1cKXDpHlxuIa9tvsKkba6X1V+NIjSbDI3fYnyzX5l6lQ1mULDYBOyOH0HGkY
mghvUHLBdnIzk/wklzwvhqKXM5sgzF4wS0NUG9PUjUgomQn1D8emkc6yOQQOBHwa
5GGTF6k97XVi6XhjMzrEsB+YdQ9rgV2iaOu4o61IN+1dLxsAUvwls2W8cJ/F
-----END CERTIFICATE-----