Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149704.roa
File:                     AS149704.roa (raw, json)
Hash identifier:          KYOjaxdLD3QsMX3JL/Lj3C/SChkEVC9Kcm/MKdHzdvk=
Subject key identifier:   64:18:E0:77:9D:A9:BA:60:18:35:85:33:12:BE:37:48:6B:A7:2F:48
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       11B59293DEDAD55F5817D23FD11EAB0ED3BAFC1A
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149704.roa
Signing time:             Sat 02 May 2026 09:20:35 +0000
ROA not before:           Sat 02 May 2026 09:15:35 +0000
ROA not after:            Sat 01 May 2027 09:20:35 +0000
asID:                     149704
IP address blocks:        103.175.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:b5:92:93:de:da:d5:5f:58:17:d2:3f:d1:1e:ab:0e:d3:ba:fc:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:35 2026 GMT
            Not After : May  1 09:20:35 2027 GMT
        Subject: CN=6418E0779DA9BA601835853312BE37486BA72F48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4d:81:7e:34:5d:e9:69:78:f2:3b:b3:f5:c6:
                    89:38:38:83:62:1d:d3:ab:3a:23:f7:c8:a4:d5:9f:
                    92:d8:e3:ed:a2:8f:37:44:16:0f:f1:dc:4d:e7:1b:
                    15:30:6f:df:6b:26:b8:f7:36:92:65:aa:7c:cd:41:
                    1f:d3:d9:24:06:87:e5:48:ca:f4:67:11:02:77:3e:
                    ff:2a:04:11:1d:2b:8a:64:99:16:19:ab:e1:9f:1b:
                    1f:4c:f8:cc:99:95:db:5e:d7:67:fa:37:57:57:d9:
                    aa:c8:a0:b8:03:71:1b:d2:7c:7e:3c:ba:0d:0c:0e:
                    76:af:08:62:2b:fe:f3:9b:7f:69:bb:d3:80:e6:05:
                    a2:bf:c0:64:a0:61:52:c3:b9:8e:07:33:78:c5:69:
                    8a:67:09:4b:08:e6:13:88:3d:f6:7b:ee:7c:e3:66:
                    0f:d4:7e:48:37:df:76:dd:bd:5c:7b:43:b8:35:1d:
                    b0:14:56:d9:5b:92:6c:2b:86:b2:84:1a:24:48:b9:
                    c8:07:15:fc:64:e5:55:b6:7d:74:9c:51:70:6f:e9:
                    d9:26:61:c1:8a:8c:0f:e4:72:70:ed:de:1f:34:aa:
                    44:8b:3f:a8:3a:fe:4c:15:70:7a:20:67:1d:c1:91:
                    18:1e:15:9f:b2:af:94:ec:bf:04:bf:f6:5b:6d:95:
                    8c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:18:E0:77:9D:A9:BA:60:18:35:85:33:12:BE:37:48:6B:A7:2F:48
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.175.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:9a:df:2a:9e:ed:af:c4:5c:a2:4f:ba:0c:3e:d7:2f:52:d7:
         14:20:f4:42:72:94:84:fc:47:21:0d:57:9d:de:df:b3:d9:2e:
         9e:19:82:5f:9d:18:40:a5:6c:7c:92:bf:30:28:ed:5a:91:01:
         54:d5:6f:ea:da:09:ac:3e:a2:6c:00:6a:52:1d:cf:c2:f4:a5:
         af:30:f3:0a:84:22:60:97:28:4b:c4:69:86:e1:ae:81:be:ab:
         9b:04:a5:8a:36:30:07:fe:76:8c:d6:b3:63:2d:33:c8:6f:a7:
         94:d3:83:91:95:2f:c6:d0:8c:dc:74:9b:46:ff:18:fd:27:1e:
         6c:82:2a:f6:34:bc:f1:64:59:56:6c:5f:a2:4d:d0:ff:cb:87:
         81:5d:25:e2:fe:4f:88:27:3a:bf:83:cd:2f:35:26:70:d8:ad:
         05:7e:8c:d6:48:82:03:f5:78:34:e9:d5:fc:ad:c9:7d:5d:65:
         90:26:e2:b1:45:47:b7:09:17:95:26:27:20:4f:b0:75:13:66:
         e2:5d:45:39:cd:b2:e3:33:96:4a:fd:39:08:3e:0d:50:20:71:
         ec:40:1c:2c:8f:16:98:40:65:4e:8e:09:36:cf:9c:45:f2:29:
         10:81:df:15:c0:e5:60:25:9d:be:5a:35:ed:7b:3c:7e:14:a7:
         e8:3e:61:b4
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEbWSk97a1V9YF9I/0R6rDtO6/BowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTUzNVoX
DTI3MDUwMTA5MjAzNVowMzExMC8GA1UEAxMoNjQxOEUwNzc5REE5QkE2MDE4MzU4
NTMzMTJCRTM3NDg2QkE3MkY0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKlNgX40XelpePI7s/XGiTg4g2Id06s6I/fIpNWfktjj7aKPN0QWD/HcTecb
FTBv32smuPc2kmWqfM1BH9PZJAaH5UjK9GcRAnc+/yoEER0rimSZFhmr4Z8bH0z4
zJmV217XZ/o3V1fZqsiguANxG9J8fjy6DQwOdq8IYiv+85t/abvTgOYFor/AZKBh
UsO5jgczeMVpimcJSwjmE4g99nvufONmD9R+SDffdt29XHtDuDUdsBRW2VuSbCuG
soQaJEi5yAcV/GTlVbZ9dJxRcG/p2SZhwYqMD+RycO3eHzSqRIs/qDr+TBVweiBn
HcGRGB4Vn7KvlOy/BL/2W22VjOUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRkGOB3
nam6YBg1hTMSvjdIa6cvSDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5NzA0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ69QMA0GCSqGSIb3DQEBCwUAA4IBAQAFmt8qnu2vxFyiT7oMPtcvUtcU
IPRCcpSE/EchDVed3t+z2S6eGYJfnRhApWx8kr8wKO1akQFU1W/q2gmsPqJsAGpS
Hc/C9KWvMPMKhCJglyhLxGmG4a6BvqubBKWKNjAH/naM1rNjLTPIb6eU04ORlS/G
0IzcdJtG/xj9Jx5sgir2NLzxZFlWbF+iTdD/y4eBXSXi/k+IJzq/g80vNSZw2K0F
fozWSIID9Xg06dX8rcl9XWWQJuKxRUe3CReVJicgT7B1E2biXUU5zbLjM5ZK/TkI
Pg1QIHHsQBwsjxaYQGVOjgk2z5xF8ikQgd8VwOVgJZ2+WjXtezx+FKfoPmG0
-----END CERTIFICATE-----