Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149689.roa
File:                     AS149689.roa (raw, json)
Hash identifier:          v5ihFqhEmyFUvg2aUdricBadxprh2NgupycP2jDdozY=
Subject key identifier:   BC:45:4E:4F:CD:00:3B:28:22:2F:ED:ED:D2:E5:CF:C7:26:85:CB:03
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2B9D52AC9742A96C6B14383374632F81BF948F68
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149689.roa
Signing time:             Sat 02 May 2026 08:35:18 +0000
ROA not before:           Sat 02 May 2026 08:30:18 +0000
ROA not after:            Sat 01 May 2027 08:35:18 +0000
asID:                     149689
IP address blocks:        103.185.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:9d:52:ac:97:42:a9:6c:6b:14:38:33:74:63:2f:81:bf:94:8f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:18 2026 GMT
            Not After : May  1 08:35:18 2027 GMT
        Subject: CN=BC454E4FCD003B28222FEDEDD2E5CFC72685CB03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ce:58:01:5c:a1:ea:68:4d:91:89:c6:97:4c:
                    2a:c8:18:fe:33:53:b3:45:a1:46:97:d2:31:87:ae:
                    12:b1:5c:6d:74:45:41:27:49:d2:85:5e:75:7b:a8:
                    2b:43:44:dc:9a:84:e4:2c:d8:bc:d7:61:fc:c7:cf:
                    b7:34:7f:77:aa:44:8d:f7:fd:b5:6f:d5:fb:1d:9f:
                    df:c9:1f:f6:af:ea:2e:47:ab:27:2b:6b:a3:28:e6:
                    94:cf:1f:41:50:74:e1:71:0f:c7:65:a2:cf:ed:73:
                    de:e8:f8:71:3d:00:27:5f:00:f0:9c:36:da:c3:87:
                    a0:d2:02:39:f6:9e:1e:5c:3e:e7:17:88:c0:53:23:
                    50:b5:b1:b6:ef:a3:0d:96:e2:a8:06:05:aa:a2:4d:
                    84:b3:ae:30:08:75:0f:fa:4d:ab:d9:64:20:70:e9:
                    29:72:a3:40:e6:5e:18:a4:95:97:4d:05:4e:97:d8:
                    bc:72:1f:63:ef:d7:74:26:fd:cd:6a:76:db:a6:03:
                    d6:d4:17:ad:a9:63:38:7e:88:a9:b6:d4:e3:e3:cb:
                    01:40:18:54:ed:cd:0f:3b:f1:1e:6d:34:0a:cb:7f:
                    3a:c1:46:10:90:00:16:48:25:5d:61:1f:bf:c6:8a:
                    d5:4a:8c:ba:7f:8b:21:34:2f:47:7e:5c:19:87:6c:
                    6c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:45:4E:4F:CD:00:3B:28:22:2F:ED:ED:D2:E5:CF:C7:26:85:CB:03
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149689.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.185.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:d8:c5:74:1d:76:4f:38:7b:55:75:6a:7f:13:9e:73:3a:e1:
         17:2c:ad:43:73:d4:c4:4a:00:fd:fb:e0:64:c0:b7:65:82:c1:
         87:12:ae:be:a3:db:b2:11:01:20:9f:7f:65:e9:85:e6:27:4d:
         a4:cf:90:05:81:75:77:d6:8a:16:1e:e7:75:30:87:12:e9:3c:
         57:f0:61:db:26:af:f0:3e:7e:3f:83:c4:31:c2:d4:5e:a6:7f:
         00:f8:4d:57:30:91:7b:9e:1d:1c:5a:34:c3:d8:7d:59:e4:a1:
         be:a4:f4:b7:95:03:f6:5f:9c:b0:ec:96:37:a0:f1:2d:be:dd:
         a8:bd:e3:5e:9a:1f:3a:f0:f4:49:5d:9f:2c:72:d9:39:88:2a:
         14:74:65:a0:41:3e:ba:a6:c0:8b:d2:4d:c3:3a:f0:a5:5c:04:
         6c:44:ab:3e:01:20:fd:68:1e:48:a6:73:c9:ef:b9:eb:e8:90:
         0d:ee:29:00:26:6e:b0:45:e3:ad:c9:23:f3:54:0f:6f:b9:8f:
         65:39:81:c8:ec:2b:b9:46:c3:24:ce:b6:a7:df:ce:c6:f7:79:
         e1:08:cb:77:cc:18:95:4b:d7:15:e9:9b:de:66:eb:ba:a0:04:
         41:0e:8f:2d:4f:1e:49:d4:bc:2d:4d:15:5d:bc:0b:23:5b:da:
         fd:c2:a0:74
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUK51SrJdCqWxrFDgzdGMvgb+Uj2gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAxOFoX
DTI3MDUwMTA4MzUxOFowMzExMC8GA1UEAxMoQkM0NTRFNEZDRDAwM0IyODIyMkZF
REVERDJFNUNGQzcyNjg1Q0IwMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrOWAFcoepoTZGJxpdMKsgY/jNTs0WhRpfSMYeuErFcbXRFQSdJ0oVedXuo
K0NE3JqE5CzYvNdh/MfPtzR/d6pEjff9tW/V+x2f38kf9q/qLkerJytroyjmlM8f
QVB04XEPx2Wiz+1z3uj4cT0AJ18A8Jw22sOHoNICOfaeHlw+5xeIwFMjULWxtu+j
DZbiqAYFqqJNhLOuMAh1D/pNq9lkIHDpKXKjQOZeGKSVl00FTpfYvHIfY+/XdCb9
zWp226YD1tQXraljOH6IqbbU4+PLAUAYVO3NDzvxHm00Cst/OsFGEJAAFkglXWEf
v8aK1UqMun+LITQvR35cGYdsbFkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBS8RU5P
zQA7KCIv7e3S5c/HJoXLAzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5Njg5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ7n8MA0GCSqGSIb3DQEBCwUAA4IBAQA62MV0HXZPOHtVdWp/E55zOuEX
LK1Dc9TESgD9++BkwLdlgsGHEq6+o9uyEQEgn39l6YXmJ02kz5AFgXV31ooWHud1
MIcS6TxX8GHbJq/wPn4/g8QxwtRepn8A+E1XMJF7nh0cWjTD2H1Z5KG+pPS3lQP2
X5yw7JY3oPEtvt2oveNemh868PRJXZ8sctk5iCoUdGWgQT66psCL0k3DOvClXARs
RKs+ASD9aB5IpnPJ77nr6JAN7ikAJm6wReOtySPzVA9vuY9lOYHI7Cu5RsMkzran
387G93nhCMt3zBiVS9cV6ZveZuu6oARBDo8tTx5J1LwtTRVdvAsjW9r9wqB0
-----END CERTIFICATE-----