Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149897.roa
File:                     AS149897.roa (raw, json)
Hash identifier:          3Fy37LsAZWR5dGmH/TVpRQXgXuPHRVV7PzVkFOzjm5s=
Subject key identifier:   24:C8:45:A1:91:14:B4:41:0D:3E:00:99:52:71:29:9E:A9:11:9F:50
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       214A12CB6A6093F0675C02E638A54422613210B5
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149897.roa
Signing time:             Sat 02 May 2026 21:24:43 +0000
ROA not before:           Sat 02 May 2026 21:19:43 +0000
ROA not after:            Sat 01 May 2027 21:24:43 +0000
asID:                     149897
IP address blocks:        2001:df1:2e40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:4a:12:cb:6a:60:93:f0:67:5c:02:e6:38:a5:44:22:61:32:10:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:19:43 2026 GMT
            Not After : May  1 21:24:43 2027 GMT
        Subject: CN=24C845A19114B4410D3E00995271299EA9119F50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:b8:5e:b7:8a:31:1e:33:44:85:ba:26:c8:d8:
                    af:c0:d2:fd:df:a8:6b:2e:fa:a0:26:ff:e6:d3:2a:
                    bf:c2:b4:05:49:2f:9f:f3:b7:52:8b:17:90:c7:8c:
                    d9:6e:fc:99:cf:cf:83:36:ea:be:bc:4d:53:81:ed:
                    b9:f5:13:38:c8:96:41:71:49:40:eb:49:df:f5:8c:
                    11:fe:b4:cf:c2:02:52:7f:fe:4a:dd:d4:73:5a:b6:
                    eb:78:c4:74:d9:cb:9d:2f:15:e9:68:58:89:20:13:
                    ef:b3:40:8d:0a:94:18:bc:2d:63:bc:38:67:0f:57:
                    29:fd:21:db:01:f3:2f:64:a4:bd:bc:c9:83:8d:46:
                    eb:c0:ab:45:c7:44:2b:ef:26:e5:2b:81:5d:a5:46:
                    d2:fd:53:f8:c3:ce:67:fe:ab:fd:cf:cc:e9:8e:ef:
                    6a:26:5e:f3:f1:b2:93:90:61:16:70:9b:1c:d4:ee:
                    0a:3a:a4:21:a0:8d:0f:d3:79:6f:c8:ac:0d:0d:57:
                    d9:c8:11:8c:be:1b:77:54:d0:8d:44:72:fe:58:b0:
                    f6:86:f4:70:43:6d:67:49:3b:fb:9d:5d:d6:10:e9:
                    db:28:e5:64:f1:ef:22:02:a1:ca:b6:33:5f:33:23:
                    40:cb:db:28:a9:18:17:59:e2:e7:1a:e9:53:ca:71:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C8:45:A1:91:14:B4:41:0D:3E:00:99:52:71:29:9E:A9:11:9F:50
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149897.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:2e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:3d:ca:ac:29:3c:f1:09:37:f7:c9:c7:5d:e1:b7:3a:62:3c:
         96:69:7d:29:34:86:c2:86:ca:c7:b8:44:27:45:db:17:66:c3:
         34:97:0f:cf:d0:bf:15:ca:b3:5f:52:25:14:e1:46:c1:42:3d:
         0d:d1:7c:a1:b2:a8:ec:90:a2:d1:a2:5e:5c:65:b6:1a:62:d1:
         a1:12:ae:8c:4e:43:d8:bd:ce:62:b3:48:4b:62:f0:57:2a:3c:
         1c:cc:ef:d7:76:5d:f9:a9:68:74:c4:c4:c0:77:a3:77:8b:3a:
         b6:e9:48:53:91:9c:bd:99:98:ba:12:52:cd:1c:e6:f1:d8:38:
         33:ce:2e:06:da:af:7a:b1:25:d3:3c:44:12:ec:f3:d2:f5:cc:
         8f:63:aa:73:d2:3c:32:7e:e7:c8:e4:dc:c7:52:22:b8:b2:e6:
         51:cf:95:5f:df:3d:cb:18:db:1c:96:93:60:ad:2f:20:69:c5:
         4c:72:d5:d3:e4:c1:f3:ed:e4:02:d2:16:43:13:50:ff:ad:25:
         72:6a:ef:36:ba:51:3a:48:b6:59:82:bc:a3:c9:44:97:d7:22:
         80:03:74:dd:14:75:10:c7:5c:21:c7:32:f8:da:c2:a5:6d:7e:
         26:d9:b2:d5:f4:08:70:67:84:61:09:28:ee:35:10:d8:e3:b0:
         5d:e9:0f:83
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUIUoSy2pgk/BnXALmOKVEImEyELUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTk0M1oX
DTI3MDUwMTIxMjQ0M1owMzExMC8GA1UEAxMoMjRDODQ1QTE5MTE0QjQ0MTBEM0Uw
MDk5NTI3MTI5OUVBOTExOUY1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO+4XreKMR4zRIW6JsjYr8DS/d+oay76oCb/5tMqv8K0BUkvn/O3UosXkMeM
2W78mc/PgzbqvrxNU4HtufUTOMiWQXFJQOtJ3/WMEf60z8ICUn/+St3Uc1q263jE
dNnLnS8V6WhYiSAT77NAjQqUGLwtY7w4Zw9XKf0h2wHzL2SkvbzJg41G68CrRcdE
K+8m5SuBXaVG0v1T+MPOZ/6r/c/M6Y7vaiZe8/Gyk5BhFnCbHNTuCjqkIaCND9N5
b8isDQ1X2cgRjL4bd1TQjURy/liw9ob0cENtZ0k7+51d1hDp2yjlZPHvIgKhyrYz
XzMjQMvbKKkYF1ni5xrpU8pxt5kCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQkyEWh
kRS0QQ0+AJlScSmeqRGfUDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5ODk3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8S5AMA0GCSqGSIb3DQEBCwUAA4IBAQBnPcqsKTzxCTf3ycdd4bc6
YjyWaX0pNIbChsrHuEQnRdsXZsM0lw/P0L8VyrNfUiUU4UbBQj0N0XyhsqjskKLR
ol5cZbYaYtGhEq6MTkPYvc5is0hLYvBXKjwczO/Xdl35qWh0xMTAd6N3izq26UhT
kZy9mZi6ElLNHObx2Dgzzi4G2q96sSXTPEQS7PPS9cyPY6pz0jwyfufI5NzHUiK4
suZRz5Vf3z3LGNsclpNgrS8gacVMctXT5MHz7eQC0hZDE1D/rSVyau82ulE6SLZZ
gryjyUSX1yKAA3TdFHUQx1whxzL42sKlbX4m2bLV9AhwZ4RhCSjuNRDY47Bd6Q+D
-----END CERTIFICATE-----