Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150253.roa
File:                     AS150253.roa (raw, json)
Hash identifier:          6F4ay8KwfqCGyNfNF/Vvs5HjYj4qnqW3iJU/8Eixg+E=
Subject key identifier:   13:89:AC:F2:1A:14:57:76:B4:08:53:FB:54:56:88:B3:98:CE:66:2F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       385E387A265E85C370B0B8176B04FC6957409027
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150253.roa
Signing time:             Sat 02 May 2026 09:20:31 +0000
ROA not before:           Sat 02 May 2026 09:15:31 +0000
ROA not after:            Sat 01 May 2027 09:20:31 +0000
asID:                     150253
IP address blocks:        103.176.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:5e:38:7a:26:5e:85:c3:70:b0:b8:17:6b:04:fc:69:57:40:90:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:31 2026 GMT
            Not After : May  1 09:20:31 2027 GMT
        Subject: CN=1389ACF21A145776B40853FB545688B398CE662F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:95:6a:15:8d:2a:36:73:75:8e:1a:c3:7a:
                    18:fb:59:60:2f:d9:f9:9e:5b:be:d1:de:12:e8:55:
                    2e:52:5c:6c:30:61:71:bc:46:e4:dd:97:fa:43:78:
                    8f:7d:5e:1e:93:15:16:f2:e4:5d:9c:b0:1b:3c:5f:
                    47:57:14:68:cb:59:b2:ee:43:7b:9f:5c:9c:e8:73:
                    b0:8e:99:b7:59:61:20:f4:66:5d:c3:8e:68:20:55:
                    ed:c0:8f:0e:4d:09:00:0b:54:13:96:29:22:00:de:
                    3a:85:13:ce:8e:88:a7:51:17:39:e3:db:64:f7:11:
                    b4:9f:80:7a:9e:c6:f5:91:ba:3e:10:4a:7b:aa:d7:
                    84:3d:61:25:0a:32:90:50:be:73:9d:ea:3f:aa:7d:
                    55:07:29:b8:97:99:55:66:4d:70:5a:58:bb:72:00:
                    fc:42:05:40:2e:ef:15:64:ac:69:cd:8b:21:f7:98:
                    fa:7c:b1:4b:a4:75:96:e3:1f:fb:4b:4e:bf:9b:74:
                    1b:de:2f:6f:20:b7:3b:ec:f1:5b:b5:1e:07:c8:e2:
                    64:63:63:c0:91:90:d7:f7:2c:1a:f9:8d:4f:21:e2:
                    57:fd:87:54:1a:5f:13:d0:fd:f3:8d:3e:d6:d5:21:
                    3f:dc:36:46:f0:2b:2b:f2:bc:13:4b:8d:97:89:11:
                    7b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:89:AC:F2:1A:14:57:76:B4:08:53:FB:54:56:88:B3:98:CE:66:2F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150253.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.176.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:92:7f:75:25:62:39:76:0c:65:2d:6c:17:25:48:75:29:62:
         d8:d9:68:cd:20:93:bd:d1:03:a8:a5:fd:e8:54:f2:d1:0a:08:
         0d:a4:92:56:d9:fd:5c:eb:26:4d:8e:45:48:d5:6d:7c:93:01:
         66:c8:c8:8a:a6:be:36:2d:2f:a9:f4:94:58:39:13:a7:de:f1:
         6a:f4:bc:71:8e:e0:59:50:e2:c3:c8:37:55:28:f5:78:1c:78:
         2a:7e:fa:3f:04:44:94:30:fc:f2:df:6e:3b:58:0a:68:0b:5e:
         12:84:cf:f3:a2:58:f9:f9:95:d8:75:ae:78:18:e3:e7:3f:0e:
         09:5c:a7:5c:b9:2a:b7:29:15:4c:e3:5d:ad:49:c3:58:18:42:
         41:3c:53:bf:f9:f4:40:80:00:6f:63:9a:64:d4:fe:d3:c9:34:
         4a:8c:b6:f6:71:e2:c9:6a:80:74:98:ae:2f:7b:ed:9e:26:83:
         fa:00:b5:4e:ad:af:b3:b4:22:3f:b2:58:f9:4a:7a:9a:5f:89:
         f2:ab:eb:50:3c:7b:88:c1:7c:00:b5:da:9a:6c:0b:91:94:9c:
         3e:28:cb:e3:7d:86:99:f5:8d:2e:fa:54:40:d5:10:97:e1:45:
         11:8b:88:ee:37:f1:b0:f8:a6:f1:1a:22:75:bc:a5:65:2c:90:
         db:69:cd:8c
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOF44eiZehcNwsLgXawT8aVdAkCcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTUzMVoX
DTI3MDUwMTA5MjAzMVowMzExMC8GA1UEAxMoMTM4OUFDRjIxQTE0NTc3NkI0MDg1
M0ZCNTQ1Njg4QjM5OENFNjYyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJElWoVjSo2c3WOGsN6GPtZYC/Z+Z5bvtHeEuhVLlJcbDBhcbxG5N2X+kN4
j31eHpMVFvLkXZywGzxfR1cUaMtZsu5De59cnOhzsI6Zt1lhIPRmXcOOaCBV7cCP
Dk0JAAtUE5YpIgDeOoUTzo6Ip1EXOePbZPcRtJ+Aep7G9ZG6PhBKe6rXhD1hJQoy
kFC+c53qP6p9VQcpuJeZVWZNcFpYu3IA/EIFQC7vFWSsac2LIfeY+nyxS6R1luMf
+0tOv5t0G94vbyC3O+zxW7UeB8jiZGNjwJGQ1/csGvmNTyHiV/2HVBpfE9D9840+
1tUhP9w2RvArK/K8E0uNl4kRe5MCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQTiazy
GhRXdrQIU/tUVoizmM5mLzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwMjUzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ7BqMA0GCSqGSIb3DQEBCwUAA4IBAQCUkn91JWI5dgxlLWwXJUh1KWLY
2WjNIJO90QOopf3oVPLRCggNpJJW2f1c6yZNjkVI1W18kwFmyMiKpr42LS+p9JRY
OROn3vFq9LxxjuBZUOLDyDdVKPV4HHgqfvo/BESUMPzy3247WApoC14ShM/zolj5
+ZXYda54GOPnPw4JXKdcuSq3KRVM412tScNYGEJBPFO/+fRAgABvY5pk1P7TyTRK
jLb2ceLJaoB0mK4ve+2eJoP6ALVOra+ztCI/slj5SnqaX4nyq+tQPHuIwXwAtdqa
bAuRlJw+KMvjfYaZ9Y0u+lRA1RCX4UURi4juN/Gw+KbxGiJ1vKVlLJDbac2M
-----END CERTIFICATE-----