Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149715.roa
File:                     AS149715.roa (raw, json)
Hash identifier:          q33qRll0/7jzjqmTGU7Xh9XVdl9ZavjKndRaeg/mdzU=
Subject key identifier:   1B:1E:4E:FC:D4:CB:BA:6B:EB:CF:60:71:16:9F:B4:35:D6:4C:58:AC
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       76ABE3F6FFD57A6E0DB358B8647D3A35B3F1AA7C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149715.roa
Signing time:             Sat 02 May 2026 21:24:29 +0000
ROA not before:           Sat 02 May 2026 21:19:29 +0000
ROA not after:            Sat 01 May 2027 21:24:29 +0000
asID:                     149715
IP address blocks:        2001:df1:1140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:ab:e3:f6:ff:d5:7a:6e:0d:b3:58:b8:64:7d:3a:35:b3:f1:aa:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:19:29 2026 GMT
            Not After : May  1 21:24:29 2027 GMT
        Subject: CN=1B1E4EFCD4CBBA6BEBCF6071169FB435D64C58AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:45:b1:5c:fa:89:10:d0:de:9f:1d:b0:af:b9:
                    d0:ae:18:16:51:13:79:a0:4b:0b:6b:1e:6a:91:8f:
                    02:6a:63:05:de:53:8a:89:11:28:76:d5:37:b4:8e:
                    78:be:86:f3:2e:cd:35:cb:a9:a8:d1:91:ca:2b:c4:
                    98:ca:5b:a0:8d:a5:dc:47:95:ba:b2:2a:16:2e:b8:
                    32:aa:84:b9:b7:18:59:54:fb:49:a9:64:f0:37:5a:
                    16:de:f3:c5:a4:db:a3:ec:b1:86:dd:b5:d4:2d:8c:
                    ca:a4:3f:db:c5:8d:ad:30:93:44:a8:fa:0f:a9:ef:
                    48:2f:03:25:fe:11:ba:74:b3:cd:f9:86:15:41:13:
                    f1:1e:87:6b:e3:ff:23:ac:d8:b1:aa:74:c7:d5:f7:
                    eb:7d:7e:6f:01:73:2e:28:d5:00:c1:c7:1b:69:93:
                    31:dc:14:95:d4:e7:c7:89:f4:ed:86:8b:4c:4d:66:
                    ad:eb:48:9e:79:ed:19:bf:e6:bc:f1:40:76:a9:e2:
                    a1:2a:7f:f6:81:2a:49:04:50:cd:8a:67:1b:f2:ef:
                    b3:1a:2f:07:c5:9a:04:d8:b3:51:45:b2:5b:2d:4f:
                    41:22:c0:b4:ed:14:20:e8:0d:76:c9:4c:da:0c:52:
                    ed:3e:f0:10:83:57:7a:87:4f:86:d5:31:8d:8e:f6:
                    fc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1E:4E:FC:D4:CB:BA:6B:EB:CF:60:71:16:9F:B4:35:D6:4C:58:AC
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149715.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:1140::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:5d:da:ea:10:e7:d1:5a:86:21:43:7c:07:59:23:01:af:6c:
         eb:9b:7a:e9:31:83:29:cb:b3:95:40:37:0a:83:92:02:35:9d:
         30:15:13:e8:79:38:bf:cb:3c:d9:ab:54:25:8f:ec:0e:37:dc:
         5d:c2:6c:0c:8e:58:47:e3:21:0e:08:2f:bd:c6:b6:a2:d2:97:
         93:c5:3d:eb:4d:2d:63:ea:4c:4a:c2:4e:54:b3:07:17:05:87:
         67:ac:7c:8d:4a:06:b2:f0:0b:73:1a:d6:c2:e9:72:0b:5d:5e:
         43:bb:70:f1:6c:10:17:8a:95:0b:c2:9a:07:73:98:10:29:0d:
         7d:7a:45:4b:b8:8e:93:78:8f:c5:ed:9d:d0:b5:71:21:7e:8f:
         36:41:c9:f3:3b:1b:86:45:1d:52:1c:b4:76:a3:68:c3:64:83:
         fc:4c:30:9a:d1:b7:c1:bc:97:d2:eb:3a:f7:c8:8a:91:ae:02:
         f5:e5:ec:7a:39:2c:7d:36:e0:b3:cb:da:48:26:56:33:49:23:
         f4:eb:11:54:44:1d:05:b7:86:c8:4e:66:73:e5:1b:78:77:7d:
         c0:9b:6f:6a:08:1c:f6:bb:83:a4:a6:d7:5c:bf:2d:e2:bc:e4:
         00:11:62:1d:66:cc:12:c5:01:50:95:99:ae:3a:bc:83:25:06:
         b4:82:95:8a
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUdqvj9v/Vem4Ns1i4ZH06NbPxqnwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTkyOVoX
DTI3MDUwMTIxMjQyOVowMzExMC8GA1UEAxMoMUIxRTRFRkNENENCQkE2QkVCQ0Y2
MDcxMTY5RkI0MzVENjRDNThBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdFsVz6iRDQ3p8dsK+50K4YFlETeaBLC2seapGPAmpjBd5TiokRKHbVN7SO
eL6G8y7NNcupqNGRyivEmMpboI2l3EeVurIqFi64MqqEubcYWVT7Salk8DdaFt7z
xaTbo+yxht211C2MyqQ/28WNrTCTRKj6D6nvSC8DJf4RunSzzfmGFUET8R6Ha+P/
I6zYsap0x9X3631+bwFzLijVAMHHG2mTMdwUldTnx4n07YaLTE1mretInnntGb/m
vPFAdqnioSp/9oEqSQRQzYpnG/LvsxovB8WaBNizUUWyWy1PQSLAtO0UIOgNdslM
2gxS7T7wEINXeodPhtUxjY72/PECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQbHk78
1Mu6a+vPYHEWn7Q11kxYrDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5NzE1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8RFAMA0GCSqGSIb3DQEBCwUAA4IBAQCBXdrqEOfRWoYhQ3wHWSMB
r2zrm3rpMYMpy7OVQDcKg5ICNZ0wFRPoeTi/yzzZq1Qlj+wON9xdwmwMjlhH4yEO
CC+9xrai0peTxT3rTS1j6kxKwk5UswcXBYdnrHyNSgay8AtzGtbC6XILXV5Du3Dx
bBAXipULwpoHc5gQKQ19ekVLuI6TeI/F7Z3QtXEhfo82QcnzOxuGRR1SHLR2o2jD
ZIP8TDCa0bfBvJfS6zr3yIqRrgL15ex6OSx9NuCzy9pIJlYzSSP06xFURB0Ft4bI
TmZz5Rt4d33Am29qCBz2u4Okptdcvy3ivOQAEWIdZswSxQFQlZmuOryDJQa0gpWK
-----END CERTIFICATE-----