Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151502.roa
File:                     AS151502.roa (raw, json)
Hash identifier:          j3vRH4d5NAgFkMIaGQBs9ukocCBWD53uHTeHeK6rAxU=
Subject key identifier:   76:6E:6C:F4:F0:B4:16:C7:25:7D:C4:CC:F6:70:55:D6:D1:38:E4:0B
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       524D04FA58B7C8C59D7D32CA3FCB591AED379AD8
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151502.roa
Signing time:             Sat 02 May 2026 21:15:58 +0000
ROA not before:           Sat 02 May 2026 21:10:58 +0000
ROA not after:            Sat 01 May 2027 21:15:58 +0000
asID:                     151502
IP address blocks:        103.227.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:4d:04:fa:58:b7:c8:c5:9d:7d:32:ca:3f:cb:59:1a:ed:37:9a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:10:58 2026 GMT
            Not After : May  1 21:15:58 2027 GMT
        Subject: CN=766E6CF4F0B416C7257DC4CCF67055D6D138E40B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:6a:a7:4b:74:8a:12:aa:fa:d6:87:94:26:08:
                    22:3f:79:bf:10:6b:ad:12:b4:28:59:52:55:df:92:
                    f9:09:ea:96:d2:da:ee:d8:c0:de:83:06:a2:52:0b:
                    e7:db:09:73:1a:87:1d:48:62:ac:47:22:5c:4c:68:
                    98:6a:c5:7c:6c:06:ae:8f:3b:c3:e3:70:70:cb:32:
                    22:6d:0a:8f:75:02:5a:eb:33:80:58:19:31:64:a2:
                    79:3f:2e:b7:d9:dd:98:a7:2e:30:cf:fe:3f:45:7e:
                    bd:ef:14:7c:42:ee:2a:8b:55:e6:64:cd:35:b1:a2:
                    89:a4:69:be:01:dc:35:83:bd:65:7e:9b:a3:61:44:
                    cb:6b:71:64:db:47:32:80:4d:19:9d:6a:28:32:57:
                    75:4c:32:92:cd:41:0a:18:a5:98:4f:48:e6:a5:c1:
                    2d:9a:3e:a6:70:cb:d5:6e:28:ba:07:10:e7:71:05:
                    6b:13:1c:03:ec:d7:a8:2f:77:a6:04:ae:14:34:f2:
                    35:5a:8e:63:93:1e:29:98:db:c2:ce:1e:ad:f1:71:
                    cb:2d:31:b3:aa:42:b3:6e:c2:7e:03:f6:42:03:49:
                    9a:4d:6a:6e:09:3a:3e:42:a9:c4:fb:94:9e:6e:cf:
                    5e:2f:ff:ae:07:65:aa:06:b2:c8:c1:e9:0b:38:29:
                    20:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:6E:6C:F4:F0:B4:16:C7:25:7D:C4:CC:F6:70:55:D6:D1:38:E4:0B
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151502.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.227.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:5b:1f:55:b3:e2:0d:51:48:33:88:2e:32:bc:9e:f4:2f:2f:
         8c:59:1c:82:6a:37:44:2d:9b:8b:1d:28:10:8b:ce:36:34:4e:
         c6:47:53:6e:8e:d4:2e:79:17:df:cb:de:c8:57:07:11:0e:a0:
         ba:11:92:66:84:d9:2d:1d:45:66:95:e5:04:96:94:57:29:97:
         00:0d:22:e8:5f:86:21:7f:50:de:84:e4:b5:72:93:bf:d5:2d:
         2e:33:44:89:84:ce:f3:3c:5d:5b:0f:e9:dc:4a:66:5c:39:6e:
         ff:d7:66:43:57:d9:c6:44:9e:46:8b:85:ea:38:10:04:96:ea:
         b4:67:24:c9:a8:0f:0e:f9:4a:fe:ac:70:f2:84:14:14:47:4d:
         fb:0e:e5:56:62:36:a9:2b:69:85:c0:0c:2c:2b:98:2c:14:cf:
         07:6a:f1:7a:cf:e9:53:6d:6e:ef:48:95:32:a8:2e:10:38:4d:
         1e:45:75:8b:3c:bf:eb:84:4b:bc:df:fd:59:88:b3:1c:13:65:
         63:bb:09:2b:e1:b6:9b:84:84:a7:c2:bb:0f:14:66:fb:64:2f:
         c6:81:82:10:6e:fb:ac:30:41:c1:fa:0f:a9:57:cd:0f:05:6c:
         c7:ae:f8:73:8a:30:30:22:24:c2:f1:ee:da:d6:09:95:a1:27:
         76:90:d6:e2
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUk0E+li3yMWdfTLKP8tZGu03mtgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTA1OFoX
DTI3MDUwMTIxMTU1OFowMzExMC8GA1UEAxMoNzY2RTZDRjRGMEI0MTZDNzI1N0RD
NENDRjY3MDU1RDZEMTM4RTQwQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPFqp0t0ihKq+taHlCYIIj95vxBrrRK0KFlSVd+S+QnqltLa7tjA3oMGolIL
59sJcxqHHUhirEciXExomGrFfGwGro87w+NwcMsyIm0Kj3UCWuszgFgZMWSieT8u
t9ndmKcuMM/+P0V+ve8UfELuKotV5mTNNbGiiaRpvgHcNYO9ZX6bo2FEy2txZNtH
MoBNGZ1qKDJXdUwyks1BChilmE9I5qXBLZo+pnDL1W4ougcQ53EFaxMcA+zXqC93
pgSuFDTyNVqOY5MeKZjbws4erfFxyy0xs6pCs27CfgP2QgNJmk1qbgk6PkKpxPuU
nm7PXi//rgdlqgayyMHpCzgpIMECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR2bmz0
8LQWxyV9xMz2cFXW0TjkCzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNTAyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ+MHMA0GCSqGSIb3DQEBCwUAA4IBAQBrWx9Vs+INUUgziC4yvJ70Ly+M
WRyCajdELZuLHSgQi842NE7GR1NujtQueRffy97IVwcRDqC6EZJmhNktHUVmleUE
lpRXKZcADSLoX4Yhf1DehOS1cpO/1S0uM0SJhM7zPF1bD+ncSmZcOW7/12ZDV9nG
RJ5Gi4XqOBAEluq0ZyTJqA8O+Ur+rHDyhBQUR037DuVWYjapK2mFwAwsK5gsFM8H
avF6z+lTbW7vSJUyqC4QOE0eRXWLPL/rhEu83/1ZiLMcE2Vjuwkr4babhISnwrsP
FGb7ZC/GgYIQbvusMEHB+g+pV80PBWzHrvhzijAwIiTC8e7a1gmVoSd2kNbi
-----END CERTIFICATE-----