Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150284.roa
File:                     AS150284.roa (raw, json)
Hash identifier:          zT+J7Zshk8YQgsytsoA8B8CRMHphH6abOK6gMTv15ug=
Subject key identifier:   55:CA:82:3C:E0:ED:AF:13:54:47:00:96:F3:67:0B:E0:51:4A:6F:DD
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       382B4685162B4D60C5358BA69D776AE0ABF04A65
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150284.roa
Signing time:             Sat 02 May 2026 08:37:13 +0000
ROA not before:           Sat 02 May 2026 08:32:13 +0000
ROA not after:            Sat 01 May 2027 08:37:13 +0000
asID:                     150284
IP address blocks:        203.96.230.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:2b:46:85:16:2b:4d:60:c5:35:8b:a6:9d:77:6a:e0:ab:f0:4a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:32:13 2026 GMT
            Not After : May  1 08:37:13 2027 GMT
        Subject: CN=55CA823CE0EDAF1354470096F3670BE0514A6FDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:59:4c:7e:e7:3e:2a:b8:c1:b5:71:e5:05:0b:
                    2c:7c:3e:0c:84:ef:91:cc:b4:77:ea:46:35:3b:01:
                    6d:23:71:64:38:fe:79:04:7e:e1:83:c8:9b:57:ad:
                    2a:b6:a8:17:aa:f5:7d:bc:8f:9f:7b:42:9c:a3:7d:
                    d4:52:43:7d:d7:76:fd:e6:b4:43:31:b2:7e:63:69:
                    53:82:76:36:5a:66:02:10:0e:48:f9:1e:45:cd:a4:
                    4c:53:46:30:e4:8d:65:a3:ec:dc:95:78:3d:ec:b8:
                    64:5a:db:35:f7:e7:f4:a7:ca:01:26:69:93:8e:57:
                    c5:41:68:43:4e:20:35:bd:a1:9a:fa:91:96:9d:73:
                    88:ee:4d:a1:ad:31:a4:bb:50:03:fc:bd:61:70:bb:
                    fe:a4:f3:83:7f:89:b7:71:b4:ff:41:79:84:cb:37:
                    d6:51:08:fa:23:f1:1d:67:6f:a2:8b:79:aa:a4:40:
                    11:1b:56:0c:c5:e7:84:f7:48:30:3a:4d:12:77:89:
                    c3:0f:e4:0d:a2:43:c1:02:c1:96:b5:64:49:33:b4:
                    09:94:bf:f9:9f:13:e4:72:23:ae:c8:d8:4e:41:b5:
                    a8:9c:47:56:27:66:f1:b4:5b:46:da:e2:4d:87:bc:
                    b1:24:f0:b9:46:66:56:42:1c:46:93:a4:a9:fd:99:
                    5d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CA:82:3C:E0:ED:AF:13:54:47:00:96:F3:67:0B:E0:51:4A:6F:DD
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150284.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.96.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:ac:01:f5:25:d5:f0:a3:f0:4f:f7:96:af:1f:47:73:74:bd:
         cb:d1:d3:af:cf:97:b5:27:76:3a:1d:1c:4c:0f:b4:44:d2:c4:
         9f:b8:be:39:ed:ad:ac:36:26:5c:59:aa:cd:c8:b9:d9:e6:04:
         ce:c1:61:54:c2:3b:82:38:b4:02:41:8d:bc:79:f1:5d:77:f9:
         d6:c8:09:67:5f:21:50:b9:dd:3a:bb:0e:1c:70:72:bc:50:ad:
         2e:e6:31:7f:d2:97:18:8c:14:e6:0e:1f:5a:db:d2:08:9c:10:
         d7:13:ea:77:57:03:b0:73:39:8a:f6:b2:8e:05:f0:c7:b3:00:
         4c:0d:66:04:64:db:6c:df:8a:46:16:db:96:9f:bf:12:2a:4e:
         39:3a:71:35:74:51:a9:dc:02:b7:cb:28:56:86:89:f0:28:85:
         bf:a7:dd:75:1b:28:11:bd:a5:c5:0f:69:fd:d5:46:78:b2:91:
         f8:7d:7c:44:dc:25:c0:c7:b6:07:ae:26:7f:13:aa:98:a8:92:
         8c:99:74:3b:31:e6:eb:bf:c2:7f:19:f6:44:71:6d:5c:42:da:
         f4:78:f4:c2:a1:d7:3d:2f:b9:a6:16:97:91:5c:e6:88:80:3b:
         35:e2:5a:c5:6f:1a:b3:32:bd:7c:67:66:33:09:aa:6c:92:fa:
         fc:73:ba:c1
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOCtGhRYrTWDFNYumnXdq4KvwSmUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzIxM1oX
DTI3MDUwMTA4MzcxM1owMzExMC8GA1UEAxMoNTVDQTgyM0NFMEVEQUYxMzU0NDcw
MDk2RjM2NzBCRTA1MTRBNkZERDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKxZTH7nPiq4wbVx5QULLHw+DITvkcy0d+pGNTsBbSNxZDj+eQR+4YPIm1et
KraoF6r1fbyPn3tCnKN91FJDfdd2/ea0QzGyfmNpU4J2NlpmAhAOSPkeRc2kTFNG
MOSNZaPs3JV4Pey4ZFrbNffn9KfKASZpk45XxUFoQ04gNb2hmvqRlp1ziO5Noa0x
pLtQA/y9YXC7/qTzg3+Jt3G0/0F5hMs31lEI+iPxHWdvoot5qqRAERtWDMXnhPdI
MDpNEneJww/kDaJDwQLBlrVkSTO0CZS/+Z8T5HIjrsjYTkG1qJxHVidm8bRbRtri
TYe8sSTwuUZmVkIcRpOkqf2ZXa8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRVyoI8
4O2vE1RHAJbzZwvgUUpv3TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwMjg0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBy2DmMA0GCSqGSIb3DQEBCwUAA4IBAQAqrAH1JdXwo/BP95avH0dzdL3L
0dOvz5e1J3Y6HRxMD7RE0sSfuL457a2sNiZcWarNyLnZ5gTOwWFUwjuCOLQCQY28
efFdd/nWyAlnXyFQud06uw4ccHK8UK0u5jF/0pcYjBTmDh9a29IInBDXE+p3VwOw
czmK9rKOBfDHswBMDWYEZNts34pGFtuWn78SKk45OnE1dFGp3AK3yyhWhonwKIW/
p911GygRvaXFD2n91UZ4spH4fXxE3CXAx7YHriZ/E6qYqJKMmXQ7Mebrv8J/GfZE
cW1cQtr0ePTCodc9L7mmFpeRXOaIgDs14lrFbxqzMr18Z2YzCapskvr8c7rB
-----END CERTIFICATE-----