Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150966.roa
File:                     AS150966.roa (raw, json)
Hash identifier:          g9/lqjDrNP98H6UI4XtqkjQFp6/QT7Jk4voy8AXKni0=
Subject key identifier:   BB:A0:AD:FB:BF:6B:30:2C:85:0F:3C:87:9E:44:6A:9F:63:97:FC:27
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       4E6A1E3E47EFD66983561118B3ECA2DC238E87AA
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150966.roa
Signing time:             Sat 02 May 2026 08:36:47 +0000
ROA not before:           Sat 02 May 2026 08:31:47 +0000
ROA not after:            Sat 01 May 2027 08:36:47 +0000
asID:                     150966
IP address blocks:        2001:df2:56c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:6a:1e:3e:47:ef:d6:69:83:56:11:18:b3:ec:a2:dc:23:8e:87:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:31:47 2026 GMT
            Not After : May  1 08:36:47 2027 GMT
        Subject: CN=BBA0ADFBBF6B302C850F3C879E446A9F6397FC27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5f:c5:d9:91:bc:99:33:f8:70:56:9c:82:86:
                    d5:e2:e5:67:4e:06:ef:91:9e:14:67:15:e0:7c:5b:
                    01:91:77:07:d6:f4:65:0f:5b:6a:98:29:ac:21:dc:
                    c1:71:86:2f:60:85:02:21:29:5b:5f:4d:dd:53:51:
                    5c:8e:db:06:55:14:3b:af:c9:4e:b6:6e:a9:37:dc:
                    ed:4e:c6:7d:17:b5:01:71:c1:52:5b:70:df:c3:9e:
                    46:24:6f:68:a7:5d:d4:aa:23:16:a0:a3:47:5d:02:
                    df:e3:1f:55:12:69:97:e2:5f:60:14:fc:ee:a8:99:
                    a5:20:6b:a7:fb:a0:3c:38:f6:82:0c:61:e5:f2:6c:
                    27:d1:73:c6:f6:24:06:5d:bc:8b:54:68:ab:5e:75:
                    82:f9:0a:3d:3f:c7:93:84:81:2d:b2:f1:60:09:ec:
                    a4:7e:6d:9e:02:4d:a0:64:e2:a7:91:51:cd:7f:8a:
                    3e:23:36:0e:40:9e:fa:e5:70:2c:a3:7a:75:38:f1:
                    1f:41:70:1b:25:b1:4e:38:77:3a:70:1f:4f:7a:88:
                    04:c1:8d:1b:3b:b7:4c:ed:49:6f:10:45:42:41:53:
                    43:cc:f8:54:e0:08:e8:d3:06:ce:ba:5f:f3:d5:b9:
                    26:20:3b:29:0c:b3:de:ea:91:ca:a5:d2:1b:c3:d1:
                    3a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A0:AD:FB:BF:6B:30:2C:85:0F:3C:87:9E:44:6A:9F:63:97:FC:27
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150966.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df2:56c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:4a:75:32:57:d2:4c:b4:a6:e4:fc:38:fa:74:4b:8b:0d:b9:
         7b:15:3a:9e:ff:91:7e:65:f0:c4:36:de:8d:09:a8:1f:57:81:
         5e:c6:c7:12:3d:2d:48:a7:93:86:fc:1a:44:bd:27:1a:32:b1:
         75:35:7f:63:10:14:e1:fb:87:d2:12:03:8e:6c:6d:30:10:0a:
         b2:99:90:f9:a6:fb:50:99:be:13:b9:44:df:ec:0c:a8:5f:ca:
         7d:85:14:ef:57:88:83:13:58:e4:8a:f0:16:8a:2c:35:1a:22:
         a6:3b:e2:f9:54:5a:7d:6d:ff:4a:68:ac:8b:37:09:0d:fd:93:
         27:43:c4:42:c7:b2:25:7e:45:b2:66:d5:07:31:5c:da:de:20:
         4a:bd:e1:0b:80:e9:31:31:d9:6c:99:52:57:cc:0d:21:9f:e0:
         6b:8f:07:3d:71:3a:9c:c0:c6:45:1f:50:e5:93:c1:a1:ef:6f:
         35:42:9a:d3:57:5d:f3:dd:cb:93:20:99:aa:f1:dd:da:a2:8d:
         c4:8f:d4:fc:5b:ec:f8:78:98:b3:b0:a0:ee:ac:f0:3b:52:c2:
         8c:78:14:90:08:c0:0b:b8:75:c5:0f:b6:e0:1d:c3:35:c8:6b:
         f5:fe:4c:91:6f:9d:12:93:be:d4:f5:ea:0f:b8:8f:23:41:ef:
         4c:31:ec:d9
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUTmoePkfv1mmDVhEYs+yi3COOh6owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzE0N1oX
DTI3MDUwMTA4MzY0N1owMzExMC8GA1UEAxMoQkJBMEFERkJCRjZCMzAyQzg1MEYz
Qzg3OUU0NDZBOUY2Mzk3RkMyNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlfxdmRvJkz+HBWnIKG1eLlZ04G75GeFGcV4HxbAZF3B9b0ZQ9bapgprCHc
wXGGL2CFAiEpW19N3VNRXI7bBlUUO6/JTrZuqTfc7U7GfRe1AXHBUltw38OeRiRv
aKdd1KojFqCjR10C3+MfVRJpl+JfYBT87qiZpSBrp/ugPDj2ggxh5fJsJ9FzxvYk
Bl28i1Roq151gvkKPT/Hk4SBLbLxYAnspH5tngJNoGTip5FRzX+KPiM2DkCe+uVw
LKN6dTjxH0FwGyWxTjh3OnAfT3qIBMGNGzu3TO1JbxBFQkFTQ8z4VOAI6NMGzrpf
89W5JiA7KQyz3uqRyqXSG8PROtMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBS7oK37
v2swLIUPPIeeRGqfY5f8JzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwOTY2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8lbAMA0GCSqGSIb3DQEBCwUAA4IBAQBDSnUyV9JMtKbk/Dj6dEuL
Dbl7FTqe/5F+ZfDENt6NCagfV4FexscSPS1Ip5OG/BpEvScaMrF1NX9jEBTh+4fS
EgOObG0wEAqymZD5pvtQmb4TuUTf7AyoX8p9hRTvV4iDE1jkivAWiiw1GiKmO+L5
VFp9bf9KaKyLNwkN/ZMnQ8RCx7IlfkWyZtUHMVza3iBKveELgOkxMdlsmVJXzA0h
n+Brjwc9cTqcwMZFH1Dlk8Gh7281QprTV13z3cuTIJmq8d3aoo3Ej9T8W+z4eJiz
sKDurPA7UsKMeBSQCMALuHXFD7bgHcM1yGv1/kyRb50Sk77U9eoPuI8jQe9MMezZ
-----END CERTIFICATE-----