Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150213.roa
File:                     AS150213.roa (raw, json)
Hash identifier:          6ZrLgTyOfnQscSl71GeGeX7Kw7sW3wtUFIn+k9OmNL8=
Subject key identifier:   4A:8B:4A:1E:54:AF:85:51:B1:4B:78:08:9B:C7:FA:AF:69:3E:8C:A6
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       284B9E92E2004A23450588104AE93E84E8D14B25
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150213.roa
Signing time:             Sat 02 May 2026 21:17:40 +0000
ROA not before:           Sat 02 May 2026 21:12:40 +0000
ROA not after:            Sat 01 May 2027 21:17:40 +0000
asID:                     150213
IP address blocks:        103.246.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:4b:9e:92:e2:00:4a:23:45:05:88:10:4a:e9:3e:84:e8:d1:4b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:12:40 2026 GMT
            Not After : May  1 21:17:40 2027 GMT
        Subject: CN=4A8B4A1E54AF8551B14B78089BC7FAAF693E8CA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d7:b1:60:68:db:aa:96:aa:4f:13:ae:40:2e:
                    cb:64:f9:e3:cc:89:8a:3d:76:0f:61:d6:08:ed:e9:
                    5e:df:97:c5:b4:78:b2:5b:52:21:15:6f:f7:53:2b:
                    72:55:21:bf:1c:e2:b0:ad:3b:4d:f7:9a:77:e3:54:
                    cd:3a:13:0d:52:1b:90:28:c8:1c:1c:00:20:3c:47:
                    da:37:96:28:fa:23:01:71:ec:60:4e:3e:8d:c8:91:
                    82:21:01:d2:29:bf:cf:74:0d:a3:c2:8f:95:c5:c8:
                    15:88:dd:37:8d:1c:45:60:67:48:47:be:0e:35:9c:
                    86:75:b1:24:d0:05:0b:81:69:ec:20:85:ec:c6:bf:
                    08:52:27:9f:e6:20:0f:7e:19:a3:bb:57:7c:ad:d6:
                    7e:60:f7:7e:34:22:48:f0:e0:81:dd:a2:69:83:4f:
                    f1:a1:c6:c0:82:1e:45:0b:f2:cd:62:0f:97:77:23:
                    22:01:0c:b1:3a:a6:a7:f3:72:13:5b:8c:7b:1a:40:
                    46:29:e3:d6:e9:92:96:8b:5d:78:0f:6c:77:b5:af:
                    2d:90:ce:e3:bc:64:f1:4f:71:e9:3f:78:b8:61:f5:
                    6e:03:f1:51:c7:ae:3e:39:ed:e0:fa:65:e7:40:0b:
                    ad:0b:37:dc:f5:b5:91:3d:05:53:66:e8:ac:5f:b1:
                    6f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8B:4A:1E:54:AF:85:51:B1:4B:78:08:9B:C7:FA:AF:69:3E:8C:A6
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.246.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:04:f5:10:12:59:35:98:98:e2:31:93:22:2f:53:84:df:47:
         ff:11:76:07:f5:f2:28:8b:ce:5a:ca:e0:8a:e9:79:58:b4:98:
         8f:c8:b1:6b:ed:b7:69:63:e6:f6:f5:bb:e9:1c:df:ab:36:68:
         e1:d0:1c:2e:4b:e3:24:10:af:19:f2:f8:9f:e3:7f:dc:fc:59:
         ef:bb:b4:41:d6:7e:5e:b4:51:1b:68:7e:70:23:8c:54:1a:f5:
         1f:90:c8:80:51:0c:ed:0d:7d:70:52:09:00:bb:82:0f:e0:f4:
         97:12:87:6d:5f:b6:80:9e:c7:42:f5:2f:39:db:37:67:57:f5:
         b8:76:84:0e:b9:94:61:81:00:04:92:a3:cb:27:64:13:a8:e7:
         b2:c2:98:80:d8:32:93:1f:fc:2c:8f:9a:ac:62:67:dd:1e:87:
         99:f5:9f:ce:76:8f:48:25:53:25:39:e1:0a:aa:68:9c:2e:d2:
         6b:28:1c:f5:c0:4a:9c:15:01:8e:d9:1f:27:24:25:c8:6e:4a:
         6f:29:d5:9e:4e:b2:1d:73:4e:bf:9f:0b:fb:78:d2:1b:c2:84:
         34:52:d0:06:68:13:2e:dc:a3:04:73:ad:e2:23:54:60:1b:2a:
         42:bb:67:9e:5a:7a:94:aa:e6:ee:4f:90:e5:1b:80:d1:9e:19:
         f2:99:db:66
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKEuekuIASiNFBYgQSuk+hOjRSyUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTI0MFoX
DTI3MDUwMTIxMTc0MFowMzExMC8GA1UEAxMoNEE4QjRBMUU1NEFGODU1MUIxNEI3
ODA4OUJDN0ZBQUY2OTNFOENBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHXsWBo26qWqk8TrkAuy2T548yJij12D2HWCO3pXt+XxbR4sltSIRVv91Mr
clUhvxzisK07Tfead+NUzToTDVIbkCjIHBwAIDxH2jeWKPojAXHsYE4+jciRgiEB
0im/z3QNo8KPlcXIFYjdN40cRWBnSEe+DjWchnWxJNAFC4Fp7CCF7Ma/CFInn+Yg
D34Zo7tXfK3WfmD3fjQiSPDggd2iaYNP8aHGwIIeRQvyzWIPl3cjIgEMsTqmp/Ny
E1uMexpARinj1umSlotdeA9sd7WvLZDO47xk8U9x6T94uGH1bgPxUceuPjnt4Ppl
50ALrQs33PW1kT0FU2borF+xb/sCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRKi0oe
VK+FUbFLeAibx/qvaT6MpjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwMjEzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ/ZOMA0GCSqGSIb3DQEBCwUAA4IBAQBNBPUQElk1mJjiMZMiL1OE30f/
EXYH9fIoi85ayuCK6XlYtJiPyLFr7bdpY+b29bvpHN+rNmjh0BwuS+MkEK8Z8vif
43/c/Fnvu7RB1n5etFEbaH5wI4xUGvUfkMiAUQztDX1wUgkAu4IP4PSXEodtX7aA
nsdC9S852zdnV/W4doQOuZRhgQAEkqPLJ2QTqOeywpiA2DKTH/wsj5qsYmfdHoeZ
9Z/Odo9IJVMlOeEKqmicLtJrKBz1wEqcFQGO2R8nJCXIbkpvKdWeTrIdc06/nwv7
eNIbwoQ0UtAGaBMu3KMEc63iI1RgGypCu2eeWnqUqubuT5DlG4DRnhnymdtm
-----END CERTIFICATE-----