Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS149962.roa
File:                     AS149962.roa (raw, json)
Hash identifier:          Uk/ci17/zGCLPX1f2msx6CGcp87tHXCcqejU25qqWlQ=
Subject key identifier:   66:8C:EC:EF:94:51:7D:68:3A:E6:A1:E2:E5:65:D3:CE:9E:8C:72:D6
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6CAA139CCAB19BAA7F30B220FDF64C819975CDF3
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149962.roa
Signing time:             Sat 02 May 2026 09:19:23 +0000
ROA not before:           Sat 02 May 2026 09:14:23 +0000
ROA not after:            Sat 01 May 2027 09:19:23 +0000
asID:                     149962
IP address blocks:        103.112.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:aa:13:9c:ca:b1:9b:aa:7f:30:b2:20:fd:f6:4c:81:99:75:cd:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:14:23 2026 GMT
            Not After : May  1 09:19:23 2027 GMT
        Subject: CN=668CECEF94517D683AE6A1E2E565D3CE9E8C72D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:95:1d:cc:c9:54:dd:f7:a3:a3:39:a3:ce:ea:
                    2a:b7:40:23:fc:b2:5e:3a:3c:24:0d:2c:5b:4a:bb:
                    15:65:f2:50:75:c7:6d:4e:6f:21:03:5b:da:fa:46:
                    3f:85:b0:fb:e2:56:58:73:31:9f:4d:f1:6e:ca:f4:
                    6c:e6:6f:b8:2c:39:12:e1:8d:22:04:99:24:6a:e5:
                    99:99:c9:00:a6:9a:ba:b0:f3:f2:7a:32:70:ed:66:
                    55:ba:85:9d:e8:0f:dc:61:47:74:40:ff:64:8e:36:
                    83:5e:2c:c9:90:6a:2c:ca:56:49:d5:01:b1:c7:98:
                    76:67:78:9f:d2:f9:6b:eb:f8:09:bf:bc:c3:d0:99:
                    8b:81:5c:a6:d2:6e:60:37:bf:c7:6d:e5:38:99:37:
                    f2:74:02:2d:73:7a:d7:7f:1c:dc:5f:90:77:46:88:
                    6d:1d:f0:30:12:23:b3:17:1b:ef:1d:d0:ea:40:a8:
                    07:bf:85:c2:22:1d:68:ba:ee:57:bc:b4:31:62:ae:
                    31:5d:5a:80:a6:39:a9:d6:e6:aa:e9:21:5b:c7:6a:
                    16:38:42:44:eb:e0:a8:20:1b:ef:04:aa:08:ef:c1:
                    34:dd:94:e5:ec:03:3c:ea:e9:ef:44:b1:cf:4a:5b:
                    61:98:c9:c0:4f:74:73:ba:86:e3:d8:3c:0c:75:8b:
                    f1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8C:EC:EF:94:51:7D:68:3A:E6:A1:E2:E5:65:D3:CE:9E:8C:72:D6
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS149962.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.112.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:2c:2d:af:a9:70:a3:fb:8b:7a:8b:c8:a7:3e:6b:18:a6:dc:
         21:ae:fe:41:ab:7a:1e:46:25:73:97:0a:0c:1c:01:bc:41:7b:
         4c:d0:5c:91:9d:63:da:3a:0a:2a:7f:cc:ac:66:d9:5c:72:4c:
         c0:46:21:0a:fa:77:1c:c9:36:44:02:73:a9:46:bb:16:b8:56:
         67:17:90:c6:f3:c9:13:07:2a:d2:eb:39:88:f7:1e:62:61:7d:
         04:e3:45:77:67:1d:18:68:db:6d:44:59:3c:26:56:8b:7c:d4:
         4e:00:53:84:cd:69:16:29:d3:e2:5b:9b:39:78:69:14:1b:0d:
         b9:5c:4f:1c:5c:01:a5:ae:b9:4f:5a:43:e3:3c:98:d3:a7:2c:
         10:6c:59:08:f8:3c:67:24:ed:1a:01:30:17:ca:5d:4b:39:63:
         19:16:2f:56:25:9d:5f:dd:ab:01:e3:04:24:8c:7f:d5:86:15:
         be:c2:26:f2:5b:72:c1:ac:e9:9c:52:6f:58:2b:29:99:44:3d:
         18:cc:73:c1:30:68:ac:ab:a4:7e:f5:44:1b:94:0a:a0:11:08:
         95:b5:38:03:b6:c0:ed:5e:f6:5f:23:8a:e9:b4:f7:dc:67:86:
         42:79:0b:39:88:e5:09:3e:d3:70:4a:fa:19:45:c0:91:e0:21:
         93:cf:77:3d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUbKoTnMqxm6p/MLIg/fZMgZl1zfMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTQyM1oX
DTI3MDUwMTA5MTkyM1owMzExMC8GA1UEAxMoNjY4Q0VDRUY5NDUxN0Q2ODNBRTZB
MUUyRTU2NUQzQ0U5RThDNzJENjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJKVHczJVN33o6M5o87qKrdAI/yyXjo8JA0sW0q7FWXyUHXHbU5vIQNb2vpG
P4Ww++JWWHMxn03xbsr0bOZvuCw5EuGNIgSZJGrlmZnJAKaaurDz8noycO1mVbqF
negP3GFHdED/ZI42g14syZBqLMpWSdUBsceYdmd4n9L5a+v4Cb+8w9CZi4FcptJu
YDe/x23lOJk38nQCLXN6138c3F+Qd0aIbR3wMBIjsxcb7x3Q6kCoB7+FwiIdaLru
V7y0MWKuMV1agKY5qdbmqukhW8dqFjhCROvgqCAb7wSqCO/BNN2U5ewDPOrp70Sx
z0pbYZjJwE90c7qG49g8DHWL8UUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRmjOzv
lFF9aDrmoeLlZdPOnoxy1jAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ5OTYyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ3DDMA0GCSqGSIb3DQEBCwUAA4IBAQBFLC2vqXCj+4t6i8inPmsYptwh
rv5Bq3oeRiVzlwoMHAG8QXtM0FyRnWPaOgoqf8ysZtlcckzARiEK+nccyTZEAnOp
RrsWuFZnF5DG88kTByrS6zmI9x5iYX0E40V3Zx0YaNttRFk8JlaLfNROAFOEzWkW
KdPiW5s5eGkUGw25XE8cXAGlrrlPWkPjPJjTpywQbFkI+DxnJO0aATAXyl1LOWMZ
Fi9WJZ1f3asB4wQkjH/VhhW+wibyW3LBrOmcUm9YKymZRD0YzHPBMGisq6R+9UQb
lAqgEQiVtTgDtsDtXvZfI4rptPfcZ4ZCeQs5iOUJPtNwSvoZRcCR4CGTz3c9
-----END CERTIFICATE-----