Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149734.roa
File:                     AS149734.roa (raw, json)
Hash identifier:          YVZV8Fk+sdOczvgjvz/mZfbYQ0vZX8ohFWvzgd7nqH0=
Subject key identifier:   E4:CD:72:72:67:18:4B:DC:4B:D4:29:B5:EC:A0:A0:76:D4:41:E9:2A
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3CD9B8B222DD272A9FB57FCD292F122DD5BEA145
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149734.roa
Signing time:             Sat 02 May 2026 09:21:03 +0000
ROA not before:           Sat 02 May 2026 09:16:03 +0000
ROA not after:            Sat 01 May 2027 09:21:03 +0000
asID:                     149734
IP address blocks:        103.188.176.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:d9:b8:b2:22:dd:27:2a:9f:b5:7f:cd:29:2f:12:2d:d5:be:a1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:03 2026 GMT
            Not After : May  1 09:21:03 2027 GMT
        Subject: CN=E4CD727267184BDC4BD429B5ECA0A076D441E92A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1a:8b:55:e7:52:32:b8:a7:10:a2:73:17:41:
                    4d:2f:51:87:94:94:c8:4c:a0:4a:87:b2:71:93:c6:
                    83:3b:8d:16:18:8e:26:c8:0d:4e:58:53:9c:34:8d:
                    3a:2c:6e:6b:b4:b3:99:86:0d:7a:3c:2b:eb:a4:80:
                    cc:e5:49:85:6c:a9:48:c2:33:82:9e:fc:9d:85:25:
                    49:a6:24:3b:07:02:87:b1:a4:f6:16:be:e3:2d:72:
                    f2:c5:b5:02:8b:66:56:1f:55:0d:7f:5e:1f:4a:c2:
                    34:0b:46:3b:b0:06:10:29:8a:6d:84:a6:8d:43:4a:
                    7e:e4:04:f8:ee:f4:e0:eb:bf:5c:88:6d:57:9a:3e:
                    ec:89:5d:fe:2d:b2:28:82:f6:5a:24:de:9c:87:91:
                    67:34:4e:11:f1:dd:4c:bf:61:b4:d0:f0:d7:3f:f8:
                    52:ad:10:95:29:ad:af:f3:1e:e1:e6:f7:d4:71:e9:
                    73:3f:48:c1:aa:84:ee:90:1c:79:d4:58:2d:8b:04:
                    46:34:a6:7e:40:9f:d3:66:c0:ed:ad:98:f8:8c:33:
                    f7:bc:9e:fb:22:f6:c2:b6:58:d2:96:2c:c5:2d:45:
                    9a:7a:8f:aa:70:8b:7e:e1:97:c4:c4:d0:de:58:de:
                    50:cf:85:37:ea:a6:1f:29:c8:76:b0:ab:7d:56:28:
                    f2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:CD:72:72:67:18:4B:DC:4B:D4:29:B5:EC:A0:A0:76:D4:41:E9:2A
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.188.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:eb:57:d7:64:17:be:51:7e:8c:b7:06:c8:a6:b6:89:87:7f:
         7e:be:94:1a:e2:2c:fe:14:d4:9a:4a:57:e5:e0:79:b5:dc:80:
         22:c6:3c:8d:b8:b0:f7:a5:6b:90:fb:dc:5d:7c:b2:f9:48:17:
         2a:29:da:11:5d:07:3f:d4:17:69:8b:d4:22:6f:9b:ca:4b:58:
         ae:9a:a8:a4:0f:69:6d:b0:ad:32:31:99:e5:95:d0:55:f0:19:
         9c:49:cc:7d:03:89:ce:c4:3d:ba:3c:c6:c1:b3:f7:b8:4f:47:
         3d:c5:10:2b:3f:38:7e:d2:63:59:51:cb:c3:40:5a:07:c5:3d:
         ec:b4:e2:33:a3:92:96:a0:06:76:c6:98:6d:ac:13:1b:d4:b2:
         5f:43:1f:93:86:1d:72:fe:58:e1:cf:a2:63:cb:54:b6:8c:05:
         8b:a6:cb:18:a6:60:d0:8e:5f:27:22:2f:c8:91:45:a4:a3:68:
         eb:ae:60:ad:68:d1:a6:f6:f2:88:61:c7:f4:cc:02:1b:80:42:
         8e:f6:8c:cb:17:ea:18:b2:4d:8b:ea:db:51:3b:3e:20:98:47:
         88:fa:e6:3c:7e:3f:4f:a1:9b:3a:4e:e0:ef:fd:cd:29:46:e0:
         04:f7:17:a5:7b:a8:82:38:1f:e9:9f:64:f9:84:5c:35:a1:83:
         d8:38:57:fc
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPNm4siLdJyqftX/NKS8SLdW+oUUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYwM1oX
DTI3MDUwMTA5MjEwM1owMzExMC8GA1UEAxMoRTRDRDcyNzI2NzE4NEJEQzRCRDQy
OUI1RUNBMEEwNzZENDQxRTkyQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4ai1XnUjK4pxCicxdBTS9Rh5SUyEygSoeycZPGgzuNFhiOJsgNTlhTnDSN
Oixua7SzmYYNejwr66SAzOVJhWypSMIzgp78nYUlSaYkOwcCh7Gk9ha+4y1y8sW1
AotmVh9VDX9eH0rCNAtGO7AGECmKbYSmjUNKfuQE+O704Ou/XIhtV5o+7Ild/i2y
KIL2WiTenIeRZzROEfHdTL9htNDw1z/4Uq0QlSmtr/Me4eb31HHpcz9IwaqE7pAc
edRYLYsERjSmfkCf02bA7a2Y+Iwz97ye+yL2wrZY0pYsxS1FmnqPqnCLfuGXxMTQ
3ljeUM+FN+qmHynIdrCrfVYo8mECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTkzXJy
ZxhL3EvUKbXsoKB21EHpKjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5NzM0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ7ywMA0GCSqGSIb3DQEBCwUAA4IBAQAE61fXZBe+UX6MtwbIpraJh39+
vpQa4iz+FNSaSlfl4Hm13IAixjyNuLD3pWuQ+9xdfLL5SBcqKdoRXQc/1Bdpi9Qi
b5vKS1iumqikD2ltsK0yMZnlldBV8BmcScx9A4nOxD26PMbBs/e4T0c9xRArPzh+
0mNZUcvDQFoHxT3stOIzo5KWoAZ2xphtrBMb1LJfQx+Thh1y/ljhz6Jjy1S2jAWL
pssYpmDQjl8nIi/IkUWko2jrrmCtaNGm9vKIYcf0zAIbgEKO9ozLF+oYsk2L6ttR
Oz4gmEeI+uY8fj9PoZs6TuDv/c0pRuAE9xele6iCOB/pn2T5hFw1oYPYOFf8
-----END CERTIFICATE-----