Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149891.roa
File:                     AS149891.roa (raw, json)
Hash identifier:          TsWcKhCdizuldiOrsmxX71PrbxAxxfYhbyWd0zuDFh4=
Subject key identifier:   60:8C:67:0B:3C:22:98:5E:ED:60:11:D1:6C:DB:A5:A8:08:27:92:BE
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       08BC888728A183834311A3904A01B3AF211E5CCC
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149891.roa
Signing time:             Sat 02 May 2026 09:21:28 +0000
ROA not before:           Sat 02 May 2026 09:16:28 +0000
ROA not after:            Sat 01 May 2027 09:21:28 +0000
asID:                     149891
IP address blocks:        103.190.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 05 May 2026 16:31:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:bc:88:87:28:a1:83:83:43:11:a3:90:4a:01:b3:af:21:1e:5c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:28 2026 GMT
            Not After : May  1 09:21:28 2027 GMT
        Subject: CN=608C670B3C22985EED6011D16CDBA5A8082792BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:b1:dc:72:5c:7a:a8:29:49:b5:5b:9a:7a:
                    20:27:b2:d9:5e:c5:5b:9d:67:4d:29:41:57:7c:67:
                    62:a7:4a:5f:df:2b:69:a5:2c:a5:18:a8:7f:e6:c6:
                    dc:07:ab:32:cc:70:a9:d0:1e:f5:12:70:cc:1d:34:
                    df:3d:02:43:19:ba:52:b8:f8:ec:dc:e2:06:b7:3f:
                    5d:90:04:36:03:5f:26:f4:25:89:99:e5:b8:5e:82:
                    2a:f9:fd:a6:07:5c:d3:81:20:8a:57:61:6d:a1:d4:
                    3f:85:16:4b:38:d3:97:f5:89:62:5c:47:a1:ad:57:
                    3a:1b:a9:1e:45:41:e6:ac:e7:89:01:78:5a:3c:71:
                    f9:ae:11:0b:66:62:4c:08:66:11:75:9f:10:da:55:
                    56:f3:f5:43:af:50:4b:76:4e:02:4b:81:b1:d8:f4:
                    d3:b2:d7:dc:11:1b:7f:06:17:2d:a0:15:93:17:05:
                    1f:7a:28:91:54:b3:f1:e1:55:ff:b2:8b:05:19:c8:
                    57:6f:8b:62:db:35:84:4c:31:4a:f6:b8:67:ec:24:
                    2e:3e:b9:9a:6e:aa:76:44:64:d2:d3:c9:fb:a6:4d:
                    28:1a:08:21:8e:75:6d:49:e3:57:05:67:a3:9c:49:
                    c8:a6:a0:77:03:46:83:37:36:1f:5c:24:69:c2:e6:
                    a7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8C:67:0B:3C:22:98:5E:ED:60:11:D1:6C:DB:A5:A8:08:27:92:BE
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149891.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.190.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:d9:79:96:03:6b:4d:8c:b3:0d:a0:32:3b:65:11:d9:63:e7:
         30:6c:a1:88:cc:95:32:26:8e:60:d9:87:cf:84:ce:fe:95:87:
         a5:b1:16:2f:7e:bc:3f:ed:4f:4b:40:2e:d4:4f:e0:78:d9:d7:
         ae:92:74:57:e9:7b:b1:7d:86:04:7d:33:90:75:f9:2c:31:84:
         ea:21:f0:8b:ea:08:dc:a7:dc:a7:f3:dc:f9:29:e7:fc:a4:1c:
         0e:b0:c4:bd:2f:3c:bb:d3:84:26:1e:b9:f1:24:09:44:fb:14:
         79:61:30:7e:36:60:b2:f4:41:ed:e9:60:19:fe:72:c0:3e:37:
         0c:9b:62:59:c7:32:73:28:ab:a8:6a:0b:5b:6d:dc:f1:cd:60:
         f4:05:66:ec:65:54:4b:5a:81:f2:e1:16:f1:5c:d0:9e:7a:cc:
         7c:63:cc:2c:41:c4:7b:9d:60:70:5d:de:e6:1b:20:9d:2d:ae:
         79:e1:a0:b1:b6:b8:7e:7a:8e:e0:85:0f:fc:4a:1d:4a:f3:88:
         58:79:25:ca:88:43:a0:f0:f6:fb:ec:25:71:e9:3c:31:98:da:
         6c:70:82:f5:f4:ba:df:48:67:4c:99:b5:f3:69:bb:b8:9c:66:
         20:31:a5:fa:5e:7f:fb:cb:48:97:6f:4a:1f:35:1a:85:e0:7e:
         40:fa:62:10
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUCLyIhyihg4NDEaOQSgGzryEeXMwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYyOFoX
DTI3MDUwMTA5MjEyOFowMzExMC8GA1UEAxMoNjA4QzY3MEIzQzIyOTg1RUVENjAx
MUQxNkNEQkE1QTgwODI3OTJCRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFKsdxyXHqoKUm1W5p6ICey2V7FW51nTSlBV3xnYqdKX98raaUspRiof+bG
3AerMsxwqdAe9RJwzB003z0CQxm6Urj47NziBrc/XZAENgNfJvQliZnluF6CKvn9
pgdc04EgildhbaHUP4UWSzjTl/WJYlxHoa1XOhupHkVB5qzniQF4Wjxx+a4RC2Zi
TAhmEXWfENpVVvP1Q69QS3ZOAkuBsdj007LX3BEbfwYXLaAVkxcFH3ookVSz8eFV
/7KLBRnIV2+LYts1hEwxSva4Z+wkLj65mm6qdkRk0tPJ+6ZNKBoIIY51bUnjVwVn
o5xJyKagdwNGgzc2H1wkacLmp6MCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRgjGcL
PCKYXu1gEdFs26WoCCeSvjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5ODkxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ74eMA0GCSqGSIb3DQEBCwUAA4IBAQAl2XmWA2tNjLMNoDI7ZRHZY+cw
bKGIzJUyJo5g2YfPhM7+lYelsRYvfrw/7U9LQC7UT+B42deuknRX6XuxfYYEfTOQ
dfksMYTqIfCL6gjcp9yn89z5Kef8pBwOsMS9Lzy704QmHrnxJAlE+xR5YTB+NmCy
9EHt6WAZ/nLAPjcMm2JZxzJzKKuoagtbbdzxzWD0BWbsZVRLWoHy4RbxXNCeesx8
Y8wsQcR7nWBwXd7mGyCdLa554aCxtrh+eo7ghQ/8Sh1K84hYeSXKiEOg8Pb77CVx
6TwxmNpscIL19LrfSGdMmbXzabu4nGYgMaX6Xn/7y0iXb0ofNRqF4H5A+mIQ
-----END CERTIFICATE-----