Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151526.roa
File:                     AS151526.roa (raw, json)
Hash identifier:          8y2IU2Y1jnpG/tBaBy9rfzqzbB6gT7JxJl8Gmq5ckwI=
Subject key identifier:   20:E0:47:40:70:14:E5:C8:A4:74:0F:4A:2A:89:78:8F:27:25:3E:54
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6E76C914D9A136E9026958FAC7BB953FD2364FB4
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151526.roa
Signing time:             Sat 02 May 2026 21:18:19 +0000
ROA not before:           Sat 02 May 2026 21:13:19 +0000
ROA not after:            Sat 01 May 2027 21:18:19 +0000
asID:                     151526
IP address blocks:        103.249.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:76:c9:14:d9:a1:36:e9:02:69:58:fa:c7:bb:95:3f:d2:36:4f:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:13:19 2026 GMT
            Not After : May  1 21:18:19 2027 GMT
        Subject: CN=20E047407014E5C8A4740F4A2A89788F27253E54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cf:4b:86:b8:6c:f5:ae:eb:48:5c:0e:df:81:
                    fd:bb:38:52:26:49:d1:9b:cd:4e:7e:18:50:d4:e6:
                    69:ac:09:1d:ea:ef:5b:ff:84:ec:e4:40:5c:24:85:
                    90:3c:6d:9a:45:25:42:04:b8:2a:b9:bd:3a:b0:72:
                    19:dd:d0:81:b6:d9:45:50:a9:b6:76:ab:34:a7:f5:
                    20:4e:5c:77:51:07:f6:a4:a5:36:99:dd:ef:e8:12:
                    f7:60:c6:df:58:8c:f0:19:db:9e:e2:38:c5:7c:14:
                    23:3d:65:a2:5b:bf:90:ae:78:b0:bf:c4:f1:b4:9f:
                    fe:f5:d0:e4:59:c5:03:97:45:12:74:6c:30:bf:23:
                    a0:f2:8c:50:72:5b:00:4a:4e:93:ef:04:ac:f3:0c:
                    e5:84:4d:14:92:e0:6f:ae:54:2c:04:2b:59:f5:18:
                    a1:97:f1:c2:4d:30:1b:13:91:31:0d:40:db:8c:58:
                    13:ff:61:9b:ca:2c:17:6d:d1:4a:a6:fc:b2:a4:fa:
                    19:b6:4b:d7:5f:62:8b:de:15:e3:7d:2d:8e:3d:78:
                    1d:1f:84:dc:10:f6:a2:af:31:35:9d:67:26:8d:fc:
                    c7:2e:ad:aa:09:c4:a3:ea:c2:6f:0b:62:56:5e:d1:
                    7d:5a:3b:ab:4e:4f:88:83:5f:56:bc:e1:6b:ba:92:
                    67:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E0:47:40:70:14:E5:C8:A4:74:0F:4A:2A:89:78:8F:27:25:3E:54
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151526.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.249.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:71:bc:41:78:b5:c6:f2:b2:df:c6:db:9c:ea:13:af:9e:c5:
         5b:12:f2:ac:de:43:78:cb:2b:ae:f0:80:a0:d3:0c:96:11:39:
         4a:9c:3c:05:8b:79:e3:f7:68:57:b6:1a:4d:47:fc:4b:0c:0d:
         17:4a:90:79:c0:35:49:08:71:8b:8d:e3:51:e4:3b:c3:cd:d5:
         de:f8:90:85:22:58:e2:8d:75:f1:b3:6a:d5:f5:40:9c:93:a5:
         48:df:54:f0:22:7b:50:a4:6f:b8:e5:b5:52:2a:2e:aa:6c:6e:
         3e:e5:3f:9d:31:12:74:5a:8e:ed:0f:0a:ef:4d:cf:06:21:dc:
         e6:d5:02:74:d1:10:03:f1:16:18:a0:d9:60:2e:70:1a:d7:3c:
         5a:e0:8a:43:a9:3b:d1:97:ff:16:55:0f:4f:95:db:ea:bd:10:
         6b:8d:ab:e5:c2:43:eb:84:63:07:6c:dd:cd:c6:a3:01:9b:69:
         35:7a:f7:30:9b:1e:2f:f0:ea:58:03:47:02:58:0b:2e:a7:36:
         8c:33:e4:ca:18:6a:00:a9:b9:8a:7a:ba:83:cd:52:79:3f:29:
         49:59:8d:8b:1c:8b:5e:87:32:f4:33:8d:b6:41:a5:35:c4:f4:
         64:be:16:fb:62:da:b2:d7:0b:e0:19:02:22:36:da:81:97:6d:
         3f:3c:9a:62
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUbnbJFNmhNukCaVj6x7uVP9I2T7QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTMxOVoX
DTI3MDUwMTIxMTgxOVowMzExMC8GA1UEAxMoMjBFMDQ3NDA3MDE0RTVDOEE0NzQw
RjRBMkE4OTc4OEYyNzI1M0U1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7PS4a4bPWu60hcDt+B/bs4UiZJ0ZvNTn4YUNTmaawJHervW/+E7ORAXCSF
kDxtmkUlQgS4Krm9OrByGd3QgbbZRVCptnarNKf1IE5cd1EH9qSlNpnd7+gS92DG
31iM8BnbnuI4xXwUIz1lolu/kK54sL/E8bSf/vXQ5FnFA5dFEnRsML8joPKMUHJb
AEpOk+8ErPMM5YRNFJLgb65ULAQrWfUYoZfxwk0wGxORMQ1A24xYE/9hm8osF23R
Sqb8sqT6GbZL119ii94V430tjj14HR+E3BD2oq8xNZ1nJo38xy6tqgnEo+rCbwti
Vl7RfVo7q05PiINfVrzha7qSZ6cCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQg4EdA
cBTlyKR0D0oqiXiPJyU+VDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNTI2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ/niMA0GCSqGSIb3DQEBCwUAA4IBAQAhcbxBeLXG8rLfxtuc6hOvnsVb
EvKs3kN4yyuu8ICg0wyWETlKnDwFi3nj92hXthpNR/xLDA0XSpB5wDVJCHGLjeNR
5DvDzdXe+JCFIljijXXxs2rV9UCck6VI31TwIntQpG+45bVSKi6qbG4+5T+dMRJ0
Wo7tDwrvTc8GIdzm1QJ00RAD8RYYoNlgLnAa1zxa4IpDqTvRl/8WVQ9PldvqvRBr
javlwkPrhGMHbN3NxqMBm2k1evcwmx4v8OpYA0cCWAsupzaMM+TKGGoAqbmKerqD
zVJ5PylJWY2LHItehzL0M422QaU1xPRkvhb7Ytqy1wvgGQIiNtqBl20/PJpi
-----END CERTIFICATE-----