Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150216.roa
File:                     AS150216.roa (raw, json)
Hash identifier:          5WaT9ifVtSfLZIenInkhVU6hJFIdZYfYKRuFVbtU7ZU=
Subject key identifier:   B4:87:6B:A5:7B:CE:7E:2E:D0:16:F3:6A:FF:F7:02:C6:65:31:5B:2C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       1F3575472CAF62415DA31B9FDC3CABF2366F3A8F
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150216.roa
Signing time:             Sat 02 May 2026 09:21:42 +0000
ROA not before:           Sat 02 May 2026 09:16:42 +0000
ROA not after:            Sat 01 May 2027 09:21:42 +0000
asID:                     150216
IP address blocks:        103.4.76.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:35:75:47:2c:af:62:41:5d:a3:1b:9f:dc:3c:ab:f2:36:6f:3a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:42 2026 GMT
            Not After : May  1 09:21:42 2027 GMT
        Subject: CN=B4876BA57BCE7E2ED016F36AFFF702C665315B2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:a8:38:5a:ce:82:2d:99:40:ae:a3:82:75:
                    b4:dc:e8:96:9f:17:9a:a9:e2:1e:e5:fb:6a:bb:e7:
                    4b:83:1a:2e:bd:36:17:2d:ed:13:b3:eb:cc:6b:f6:
                    8f:b6:3a:8b:42:a2:3b:80:46:f6:54:26:06:45:7d:
                    cf:c7:d1:19:7e:08:9e:b3:e4:f5:8c:50:04:f8:1c:
                    6f:0d:73:dd:16:f2:be:1c:01:4c:6a:87:58:b8:78:
                    48:72:d7:6a:37:93:d8:36:dd:03:2b:7f:53:2b:0e:
                    56:92:dd:bc:19:08:7f:a2:79:8c:d5:ad:ed:b2:1e:
                    82:db:94:1b:13:59:bf:a6:8d:36:34:84:58:2b:41:
                    4c:fb:f4:c8:8a:29:7b:1b:2b:ac:0c:11:d1:f0:20:
                    1a:00:46:39:8a:5e:90:31:5d:71:c2:23:f0:a5:22:
                    c3:88:3c:26:bf:7a:fb:c4:11:9b:54:f0:15:78:a8:
                    e7:78:9b:46:b4:49:f2:d8:e4:21:5f:dd:ae:c5:02:
                    74:29:e7:42:af:b0:c5:c9:2c:66:19:79:ba:42:1d:
                    98:1d:d0:29:94:f2:87:ba:d3:f2:29:03:5b:5c:60:
                    42:b0:cd:70:b4:9b:81:6d:5a:8b:67:7c:30:5c:68:
                    48:71:02:b6:1d:ef:ba:7c:81:12:03:07:40:26:e6:
                    81:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:87:6B:A5:7B:CE:7E:2E:D0:16:F3:6A:FF:F7:02:C6:65:31:5B:2C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150216.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.4.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:13:b2:03:0b:c7:89:87:a9:3d:3c:3a:8b:42:29:23:81:92:
         87:d0:1b:50:5c:a9:5b:88:3b:19:22:66:bb:ad:c0:09:48:6b:
         03:15:d2:21:fb:82:8c:28:34:02:00:7a:19:28:9f:e1:c0:f3:
         ff:50:d9:db:f7:df:17:75:e1:7c:d6:b1:8a:2a:43:b7:14:3d:
         71:ce:5f:11:79:5b:b1:12:c1:5e:8e:f4:97:98:d8:a9:22:43:
         19:2f:11:24:aa:c8:5f:67:60:f0:f0:a4:3d:b6:ef:28:48:30:
         f1:7a:9b:8a:a3:d7:59:c1:fe:ae:f1:e6:c8:08:8d:c3:a1:b5:
         70:27:45:7a:6c:57:ba:cb:8c:83:b4:e7:66:14:a1:fc:b1:f8:
         f9:2e:f9:c8:ff:31:a2:d7:ef:cb:bd:ca:18:95:9a:40:e0:9f:
         bd:ac:26:21:26:92:f8:66:62:f8:ae:02:c8:43:e7:c6:a6:1c:
         c1:23:45:5d:5d:0c:6d:30:1a:c8:53:01:8f:cb:5a:fd:d1:a8:
         1f:f8:94:b9:c6:f2:0c:84:96:9c:39:7c:1a:95:0b:bf:a4:52:
         6a:36:34:8b:6e:ae:fb:5e:b4:c0:0c:a7:cd:b2:69:e8:02:50:
         e0:47:51:f0:c1:44:89:cd:ce:3a:50:d1:ca:c4:f9:3e:cc:bf:
         88:da:cc:3d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUHzV1RyyvYkFdoxuf3Dyr8jZvOo8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTY0MloX
DTI3MDUwMTA5MjE0MlowMzExMC8GA1UEAxMoQjQ4NzZCQTU3QkNFN0UyRUQwMTZG
MzZBRkZGNzAyQzY2NTMxNUIyQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOFqDhazoItmUCuo4J1tNzolp8XmqniHuX7arvnS4MaLr02Fy3tE7PrzGv2
j7Y6i0KiO4BG9lQmBkV9z8fRGX4InrPk9YxQBPgcbw1z3RbyvhwBTGqHWLh4SHLX
ajeT2DbdAyt/UysOVpLdvBkIf6J5jNWt7bIegtuUGxNZv6aNNjSEWCtBTPv0yIop
exsrrAwR0fAgGgBGOYpekDFdccIj8KUiw4g8Jr96+8QRm1TwFXio53ibRrRJ8tjk
IV/drsUCdCnnQq+wxcksZhl5ukIdmB3QKZTyh7rT8ikDW1xgQrDNcLSbgW1ai2d8
MFxoSHECth3vunyBEgMHQCbmgaECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBS0h2ul
e85+LtAW82r/9wLGZTFbLDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwMjE2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZwRMMA0GCSqGSIb3DQEBCwUAA4IBAQAzE7IDC8eJh6k9PDqLQikjgZKH
0BtQXKlbiDsZIma7rcAJSGsDFdIh+4KMKDQCAHoZKJ/hwPP/UNnb998XdeF81rGK
KkO3FD1xzl8ReVuxEsFejvSXmNipIkMZLxEkqshfZ2Dw8KQ9tu8oSDDxepuKo9dZ
wf6u8ebICI3DobVwJ0V6bFe6y4yDtOdmFKH8sfj5LvnI/zGi1+/LvcoYlZpA4J+9
rCYhJpL4ZmL4rgLIQ+fGphzBI0VdXQxtMBrIUwGPy1r90agf+JS5xvIMhJacOXwa
lQu/pFJqNjSLbq77XrTADKfNsmnoAlDgR1HwwUSJzc46UNHKxPk+zL+I2sw9
-----END CERTIFICATE-----