Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS150990.roa
File:                     AS150990.roa (raw, json)
Hash identifier:          79819h/Iwp6q3gE1Qa2Xt0u5CR9Wd+rV5Rdvk8iOVSo=
Subject key identifier:   C1:29:C3:EC:5E:57:12:BD:FC:C9:04:0D:05:F8:FE:5B:BF:6C:AC:7F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3342EA4E71A612F9FE6D6192D396FBF828B34DAC
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150990.roa
Signing time:             Sat 02 May 2026 09:21:30 +0000
ROA not before:           Sat 02 May 2026 09:16:30 +0000
ROA not after:            Sat 01 May 2027 09:21:30 +0000
asID:                     150990
IP address blocks:        103.196.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:42:ea:4e:71:a6:12:f9:fe:6d:61:92:d3:96:fb:f8:28:b3:4d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:30 2026 GMT
            Not After : May  1 09:21:30 2027 GMT
        Subject: CN=C129C3EC5E5712BDFCC9040D05F8FE5BBF6CAC7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:37:ee:46:c2:e9:7a:8b:ec:28:3e:48:25:5f:
                    3f:b8:f7:e1:4c:b7:0a:9e:b3:a9:c3:af:c3:2f:5e:
                    10:d6:9c:b3:ca:49:22:53:bc:89:8c:58:0a:fd:8f:
                    50:ae:61:f3:60:a3:2f:52:d0:9d:72:2f:2c:f5:ff:
                    8e:61:c1:f3:ac:0f:b0:ec:a4:6a:2c:bf:3b:68:b9:
                    7d:b3:1b:3a:e7:36:9f:e6:35:55:9a:a3:46:7e:e6:
                    f1:41:5a:0c:78:44:fe:fb:9b:d0:49:7e:21:2d:b1:
                    fe:25:4e:25:eb:fa:9c:57:e9:d6:fe:e1:5b:fa:d2:
                    27:84:d6:d7:2f:b6:85:19:de:15:b2:45:80:79:15:
                    40:b0:e9:f6:d5:9e:e4:90:bb:e8:03:7e:71:10:26:
                    2d:06:c3:66:2a:46:47:67:d0:9e:55:b4:c7:e3:59:
                    96:f9:31:ab:9d:db:ae:c7:87:8d:16:16:58:f2:4b:
                    cb:ec:94:41:b0:ec:f1:31:93:82:3a:4f:7f:c5:a8:
                    b7:e7:8f:a1:64:b6:32:60:d9:bd:b7:b3:7f:0a:e3:
                    4c:f2:ce:60:7f:78:26:0c:2a:c0:2f:4c:70:3f:a4:
                    e7:1d:a3:a5:e8:1b:cd:7d:c2:33:59:ca:73:9a:ef:
                    ad:a5:64:ff:1e:30:dc:17:91:da:a7:2f:98:61:bf:
                    bd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:29:C3:EC:5E:57:12:BD:FC:C9:04:0D:05:F8:FE:5B:BF:6C:AC:7F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS150990.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.196.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:3e:8b:52:ff:76:01:99:0a:49:f6:cf:88:4e:19:70:c4:66:
         44:30:3e:16:b6:a4:f1:be:62:76:61:68:81:3b:31:80:77:32:
         a6:8e:8d:dd:e6:0c:1e:8e:1c:9c:9d:02:6c:12:96:94:93:1a:
         aa:f3:14:e0:65:d2:4b:56:59:e2:55:bf:69:83:cf:8d:b5:8e:
         f2:b5:d0:28:50:4c:b6:04:8c:0c:5a:46:3c:75:4c:29:b1:57:
         f4:1d:87:c4:11:c9:d6:d5:c5:c0:a8:17:56:8c:10:ea:42:39:
         47:23:4e:ce:a4:84:f8:dd:e3:7d:23:8b:8a:cb:01:11:8e:16:
         09:56:92:e4:97:41:ad:a0:ca:ad:cb:b9:27:4f:47:5b:b2:4f:
         48:d6:ea:9c:6a:36:d7:10:02:b8:fd:d0:5f:ad:64:b0:10:3f:
         ce:e1:75:a4:c8:10:bf:e5:c0:dc:58:28:3b:21:f2:36:e8:9d:
         08:d9:b6:2a:2d:48:7b:f0:5b:e3:59:6b:2c:7f:b4:09:06:06:
         a6:9a:5b:f8:4a:c0:42:dd:ff:bc:f0:0e:a8:0b:90:9f:d1:14:
         0a:30:c5:36:1d:31:eb:0c:7a:3e:91:14:8f:a5:4e:b8:95:6e:
         c7:92:03:a7:2d:c1:f8:5b:87:c5:aa:05:3d:b7:c2:ca:0b:d1:
         4e:bf:33:c0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUM0LqTnGmEvn+bWGS05b7+CizTawwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTYzMFoX
DTI3MDUwMTA5MjEzMFowMzExMC8GA1UEAxMoQzEyOUMzRUM1RTU3MTJCREZDQzkw
NDBEMDVGOEZFNUJCRjZDQUM3RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKw37kbC6XqL7Cg+SCVfP7j34Uy3Cp6zqcOvwy9eENacs8pJIlO8iYxYCv2P
UK5h82CjL1LQnXIvLPX/jmHB86wPsOykaiy/O2i5fbMbOuc2n+Y1VZqjRn7m8UFa
DHhE/vub0El+IS2x/iVOJev6nFfp1v7hW/rSJ4TW1y+2hRneFbJFgHkVQLDp9tWe
5JC76AN+cRAmLQbDZipGR2fQnlW0x+NZlvkxq53brseHjRYWWPJLy+yUQbDs8TGT
gjpPf8Wot+ePoWS2MmDZvbezfwrjTPLOYH94JgwqwC9McD+k5x2jpegbzX3CM1nK
c5rvraVk/x4w3BeR2qcvmGG/vV8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTBKcPs
XlcSvfzJBA0F+P5bv2ysfzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUwOTkwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ8SyMA0GCSqGSIb3DQEBCwUAA4IBAQA9PotS/3YBmQpJ9s+IThlwxGZE
MD4WtqTxvmJ2YWiBOzGAdzKmjo3d5gwejhycnQJsEpaUkxqq8xTgZdJLVlniVb9p
g8+NtY7ytdAoUEy2BIwMWkY8dUwpsVf0HYfEEcnW1cXAqBdWjBDqQjlHI07OpIT4
3eN9I4uKywERjhYJVpLkl0GtoMqty7knT0dbsk9I1uqcajbXEAK4/dBfrWSwED/O
4XWkyBC/5cDcWCg7IfI26J0I2bYqLUh78FvjWWssf7QJBgammlv4SsBC3f+88A6o
C5Cf0RQKMMU2HTHrDHo+kRSPpU64lW7HkgOnLcH4W4fFqgU9t8LKC9FOvzPA
-----END CERTIFICATE-----