Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149911.roa
File:                     AS149911.roa (raw, json)
Hash identifier:          myCQwcNJJ2lHjBeheWg2c5COxIX1e8B67yqbSz9C05k=
Subject key identifier:   FE:2E:83:F4:4F:43:7C:0F:A2:40:A6:54:55:51:50:5D:AF:19:23:D8
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5968F0690301D81D563A7F1CD89314B05DBE1FC9
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149911.roa
Signing time:             Sat 02 May 2026 09:21:31 +0000
ROA not before:           Sat 02 May 2026 09:16:31 +0000
ROA not after:            Sat 01 May 2027 09:21:31 +0000
asID:                     149911
IP address blocks:        103.190.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:68:f0:69:03:01:d8:1d:56:3a:7f:1c:d8:93:14:b0:5d:be:1f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:31 2026 GMT
            Not After : May  1 09:21:31 2027 GMT
        Subject: CN=FE2E83F44F437C0FA240A6545551505DAF1923D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fd:cf:37:a7:2f:a4:55:88:f4:ed:ec:27:9b:
                    bb:dd:57:8e:e8:86:db:be:02:54:85:02:32:24:f8:
                    1d:5c:ac:bc:af:e4:f9:eb:06:8e:e4:37:e2:9d:e9:
                    10:17:59:74:6f:28:87:c6:d3:f9:74:e7:9a:17:b3:
                    a9:f6:66:da:95:1a:9c:a6:21:ec:14:2f:6d:7a:99:
                    92:b0:6e:bf:1f:d8:8f:de:be:54:a2:9f:d3:8b:02:
                    2a:30:94:44:98:41:05:e1:ec:79:61:4d:92:ec:46:
                    63:f4:16:58:3b:51:05:7f:05:bf:33:db:e4:62:a5:
                    37:16:9c:c4:6b:0b:4b:da:1f:6d:01:aa:97:6d:c6:
                    1a:f4:f6:fd:17:f6:1f:c6:2e:22:84:17:76:74:98:
                    9d:c0:70:3c:52:2e:86:77:03:7b:c3:f5:0a:74:fe:
                    76:e0:8d:5d:ff:72:d3:42:f1:5f:59:17:38:2f:c6:
                    34:34:80:ed:58:95:dc:74:87:30:90:c3:83:42:b3:
                    55:d3:44:c7:76:c3:33:55:d9:19:b6:3d:f1:6e:89:
                    b4:97:27:88:fa:c3:1e:97:db:d8:11:08:1a:80:fa:
                    6c:b7:37:53:d4:b9:06:f2:ae:d8:9a:90:3b:1e:ff:
                    c4:81:0a:91:89:22:43:59:ac:1b:b5:bc:00:cd:61:
                    7a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:2E:83:F4:4F:43:7C:0F:A2:40:A6:54:55:51:50:5D:AF:19:23:D8
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149911.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.190.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:c4:7b:32:c5:88:26:e0:ad:7a:2d:50:8e:6a:d4:90:86:f2:
         e2:3f:f6:18:83:1a:08:df:8b:87:70:75:ac:13:bd:9c:96:07:
         e1:94:8f:b0:ca:54:f5:6f:31:8a:cf:ee:35:91:b2:76:fb:af:
         54:4f:61:87:86:9f:e4:ac:22:8d:40:82:26:83:9a:c6:71:52:
         fc:9f:55:e8:88:9e:17:c5:28:73:60:58:8d:a4:c6:02:76:b1:
         4d:64:6e:90:e8:9d:35:9a:90:bf:23:75:18:69:05:e9:c3:b5:
         0b:9a:1f:40:f9:3e:36:5c:98:a9:40:4a:be:de:ba:c1:8e:a0:
         b6:09:d7:4a:d1:79:c7:25:25:a5:66:97:11:32:dc:da:06:62:
         8d:97:9e:dc:ba:4b:b2:e8:49:f2:dc:61:1b:cb:47:0f:1a:fc:
         a3:15:df:dc:36:9f:ab:a6:69:a1:ce:ea:19:fa:06:36:3e:30:
         e6:71:c3:85:cc:54:69:cf:42:4f:36:ec:dd:dd:f4:62:54:79:
         41:0b:53:4d:04:1c:43:8e:eb:23:df:a7:d2:46:8d:c4:25:d5:
         40:40:b8:ee:0b:8a:65:52:4b:b9:ab:cc:52:60:62:66:39:dd:
         d7:5c:e6:9c:00:35:1f:9d:e8:20:05:c5:e7:25:45:29:e8:b5:
         70:47:90:da
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUWWjwaQMB2B1WOn8c2JMUsF2+H8kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYzMVoX
DTI3MDUwMTA5MjEzMVowMzExMC8GA1UEAxMoRkUyRTgzRjQ0RjQzN0MwRkEyNDBB
NjU0NTU1MTUwNURBRjE5MjNEODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKT9zzenL6RViPTt7Cebu91XjuiG274CVIUCMiT4HVysvK/k+esGjuQ34p3p
EBdZdG8oh8bT+XTnmhezqfZm2pUanKYh7BQvbXqZkrBuvx/Yj96+VKKf04sCKjCU
RJhBBeHseWFNkuxGY/QWWDtRBX8FvzPb5GKlNxacxGsLS9ofbQGql23GGvT2/Rf2
H8YuIoQXdnSYncBwPFIuhncDe8P1CnT+duCNXf9y00LxX1kXOC/GNDSA7ViV3HSH
MJDDg0KzVdNEx3bDM1XZGbY98W6JtJcniPrDHpfb2BEIGoD6bLc3U9S5BvKu2JqQ
Ox7/xIEKkYkiQ1msG7W8AM1hessCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT+LoP0
T0N8D6JAplRVUVBdrxkj2DAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5OTExLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ75OMA0GCSqGSIb3DQEBCwUAA4IBAQCKxHsyxYgm4K16LVCOatSQhvLi
P/YYgxoI34uHcHWsE72clgfhlI+wylT1bzGKz+41kbJ2+69UT2GHhp/krCKNQIIm
g5rGcVL8n1XoiJ4XxShzYFiNpMYCdrFNZG6Q6J01mpC/I3UYaQXpw7ULmh9A+T42
XJipQEq+3rrBjqC2CddK0XnHJSWlZpcRMtzaBmKNl57cukuy6Eny3GEby0cPGvyj
Fd/cNp+rpmmhzuoZ+gY2PjDmccOFzFRpz0JPNuzd3fRiVHlBC1NNBBxDjusj36fS
Ro3EJdVAQLjuC4plUku5q8xSYGJmOd3XXOacADUfneggBcXnJUUp6LVwR5Da
-----END CERTIFICATE-----