Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150517.roa
File:                     AS150517.roa (raw, json)
Hash identifier:          oBtT7pvozv/Y2V7jlHf4hGj9m3p4cCRTQUjBiqMXGuQ=
Subject key identifier:   01:16:8C:73:AB:B5:6F:9C:70:3B:3E:50:36:84:C1:E8:8D:59:45:D0
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       227FA1457F3CAB37F3895672A232D038DA870A58
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150517.roa
Signing time:             Sat 02 May 2026 08:36:51 +0000
ROA not before:           Sat 02 May 2026 08:31:51 +0000
ROA not after:            Sat 01 May 2027 08:36:51 +0000
asID:                     150517
IP address blocks:        103.68.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:7f:a1:45:7f:3c:ab:37:f3:89:56:72:a2:32:d0:38:da:87:0a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:31:51 2026 GMT
            Not After : May  1 08:36:51 2027 GMT
        Subject: CN=01168C73ABB56F9C703B3E503684C1E88D5945D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9f:e4:d5:66:0e:8c:9c:04:9c:47:a3:fe:99:
                    b8:bc:4e:38:77:7f:35:64:d4:dc:e7:71:a6:33:82:
                    b4:01:8d:db:49:94:da:7b:11:3e:72:06:77:e3:4a:
                    0f:98:59:26:15:d5:5f:ce:b0:75:21:4b:23:ba:a2:
                    d6:86:c6:38:c8:64:65:fb:73:28:46:e8:55:2f:77:
                    4b:8c:82:d9:7b:73:9f:62:e0:df:0f:fc:da:ae:27:
                    6f:10:11:e7:6d:c4:cc:09:da:8b:13:88:16:86:e5:
                    f9:03:9a:af:90:b6:2c:ab:7d:c6:9e:1c:f2:e8:89:
                    6f:44:6a:90:91:33:2b:33:73:50:bf:53:fe:71:2c:
                    5f:a1:b5:75:62:eb:78:5f:7b:08:2b:ee:eb:7c:2c:
                    39:78:ae:df:a3:47:51:23:23:f8:7f:de:15:9a:2a:
                    90:ae:fd:8b:55:d8:63:6b:2d:26:90:73:ef:ca:88:
                    52:37:5f:cd:9b:cf:3f:3f:52:83:6d:4d:a9:b4:b2:
                    eb:0e:2d:f0:5b:cc:3b:f0:23:20:ee:17:69:30:2b:
                    0d:d3:bf:e0:ee:06:36:84:05:46:31:65:be:bd:91:
                    2c:e1:59:2e:fa:86:5a:c7:f7:39:e4:c1:9b:93:d9:
                    84:bf:f5:6a:f7:98:e1:6b:36:18:55:2f:27:d0:47:
                    5f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:16:8C:73:AB:B5:6F:9C:70:3B:3E:50:36:84:C1:E8:8D:59:45:D0
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:d3:ee:0e:49:ad:67:31:27:0e:3f:c0:2c:6b:32:ca:91:73:
         a3:3b:1c:20:82:82:df:c4:d7:bd:e3:7c:89:d8:e3:ce:16:71:
         7c:26:61:bc:9e:ac:42:1c:ea:47:dd:ae:c0:d7:62:2d:c1:1f:
         78:04:67:58:bc:1b:df:85:ca:e2:e2:4a:28:24:3d:06:0d:a9:
         b6:fe:d3:2e:51:54:53:b0:d0:c2:0a:00:9e:d9:c1:10:18:7c:
         c3:bf:cc:6c:94:87:ae:39:c2:3d:81:d2:43:2a:4a:90:d8:e7:
         24:ad:eb:56:d5:3b:02:39:bb:4b:5f:c9:ff:3b:20:87:32:8e:
         71:10:ad:b6:03:90:62:72:48:96:6f:7a:92:7d:93:5e:16:ca:
         88:73:0e:c0:f2:0c:6a:d2:15:b4:3a:a3:d9:b4:e6:55:b2:c0:
         fd:01:a1:77:a6:ea:f4:03:b4:d1:4d:56:25:7a:c4:4c:2d:9c:
         e1:7c:b1:d9:47:d7:93:52:17:fc:c5:32:1e:3d:27:d3:e5:a5:
         85:8c:48:30:7d:62:19:41:03:e3:02:df:a1:59:2e:a7:43:8e:
         9d:fb:bc:8f:34:23:6d:30:be:8b:3f:6c:79:b0:b5:59:de:86:
         8b:1d:4a:51:dc:ec:7e:e4:8f:fd:80:1e:26:4c:4e:13:9f:72:
         5e:6d:a0:d9
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUIn+hRX88qzfziVZyojLQONqHClgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzE1MVoX
DTI3MDUwMTA4MzY1MVowMzExMC8GA1UEAxMoMDExNjhDNzNBQkI1NkY5QzcwM0Iz
RTUwMzY4NEMxRTg4RDU5NDVEMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyf5NVmDoycBJxHo/6ZuLxOOHd/NWTU3OdxpjOCtAGN20mU2nsRPnIGd+NK
D5hZJhXVX86wdSFLI7qi1obGOMhkZftzKEboVS93S4yC2Xtzn2Lg3w/82q4nbxAR
523EzAnaixOIFobl+QOar5C2LKt9xp4c8uiJb0RqkJEzKzNzUL9T/nEsX6G1dWLr
eF97CCvu63wsOXiu36NHUSMj+H/eFZoqkK79i1XYY2stJpBz78qIUjdfzZvPPz9S
g21NqbSy6w4t8FvMO/AjIO4XaTArDdO/4O4GNoQFRjFlvr2RLOFZLvqGWsf3OeTB
m5PZhL/1aveY4Ws2GFUvJ9BHXwkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQBFoxz
q7VvnHA7PlA2hMHojVlF0DAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwNTE3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ0TWMA0GCSqGSIb3DQEBCwUAA4IBAQCS0+4OSa1nMScOP8AsazLKkXOj
OxwggoLfxNe943yJ2OPOFnF8JmG8nqxCHOpH3a7A12ItwR94BGdYvBvfhcri4koo
JD0GDam2/tMuUVRTsNDCCgCe2cEQGHzDv8xslIeuOcI9gdJDKkqQ2OckretW1TsC
ObtLX8n/OyCHMo5xEK22A5BickiWb3qSfZNeFsqIcw7A8gxq0hW0OqPZtOZVssD9
AaF3pur0A7TRTVYlesRMLZzhfLHZR9eTUhf8xTIePSfT5aWFjEgwfWIZQQPjAt+h
WS6nQ46d+7yPNCNtML6LP2x5sLVZ3oaLHUpR3Ox+5I/9gB4mTE4Tn3JebaDZ
-----END CERTIFICATE-----