Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151536.roa
File:                     AS151536.roa (raw, json)
Hash identifier:          LyFBHYjR4H0klWp7NQc0niQ/G8wPPqyvwTODLs05OVY=
Subject key identifier:   5D:6F:FE:A2:D9:76:F3:47:53:DD:52:31:D4:21:11:18:2A:24:8B:C8
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       1A0020CF88AA4671299DADE637E4CC32AC99574C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151536.roa
Signing time:             Sat 02 May 2026 21:17:28 +0000
ROA not before:           Sat 02 May 2026 21:12:28 +0000
ROA not after:            Sat 01 May 2027 21:17:28 +0000
asID:                     151536
IP address blocks:        103.244.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:00:20:cf:88:aa:46:71:29:9d:ad:e6:37:e4:cc:32:ac:99:57:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:12:28 2026 GMT
            Not After : May  1 21:17:28 2027 GMT
        Subject: CN=5D6FFEA2D976F34753DD5231D42111182A248BC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:6e:45:7e:54:16:4b:b0:f7:3a:fd:6f:c0:22:
                    f6:63:04:e6:10:1e:fa:2e:2e:1d:cc:fa:02:b8:5d:
                    d7:d9:3b:04:d3:0c:8e:21:60:75:05:21:8e:b9:6b:
                    d8:54:0e:8b:37:ee:29:3a:19:15:86:71:4f:dd:e8:
                    03:19:92:61:b4:3a:1f:9a:2e:e2:34:a0:36:e5:ab:
                    6b:75:30:70:0c:88:e0:6a:d1:d4:7c:10:a3:da:6d:
                    51:90:86:40:9d:4b:43:c3:21:a8:33:45:1b:f3:85:
                    1b:f2:e1:dd:62:ed:ed:24:5a:5c:95:1a:45:6e:5a:
                    f8:85:b5:cd:90:96:ec:e5:42:e8:4d:2a:1d:9d:bc:
                    11:18:d7:22:cd:ec:e4:34:ec:85:f1:0e:81:e5:d0:
                    3d:87:6a:50:d1:fe:5d:a6:c6:65:57:74:09:08:f9:
                    56:27:78:eb:53:a7:7d:be:16:11:8f:33:2a:43:a1:
                    91:b4:5e:1a:00:3c:35:d5:84:93:bd:d8:2f:0c:da:
                    f0:e7:20:0b:ea:f9:b3:77:3d:d7:a5:f1:29:88:2c:
                    fc:1d:d1:3b:13:54:6b:72:7c:50:4e:0e:1e:fe:93:
                    e2:15:74:89:15:f9:e5:e4:84:bb:5e:0c:4a:0b:e2:
                    f2:59:5f:a3:0b:01:3d:bb:4b:d5:23:b5:42:32:a8:
                    db:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:6F:FE:A2:D9:76:F3:47:53:DD:52:31:D4:21:11:18:2A:24:8B:C8
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.244.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:f2:ba:b4:a2:43:45:bb:00:78:d1:75:87:12:79:7a:db:20:
         0a:f7:8a:18:bb:58:73:65:3f:e0:15:18:73:72:62:cd:43:d8:
         b7:7d:9f:71:fb:e2:71:58:45:68:19:f4:41:18:35:b5:3f:9a:
         d1:c5:4f:00:b7:c2:21:5d:e2:61:15:45:be:95:66:c3:5a:9d:
         8c:63:0b:bf:5b:35:33:34:45:dc:0f:27:f2:09:d8:26:d7:8e:
         b8:5f:51:65:bd:ef:49:60:9d:37:fe:9d:1f:83:3f:1e:f7:e4:
         0c:0c:87:bb:d0:61:5c:44:6b:fc:d5:07:e5:4b:8e:7c:29:ec:
         8e:4c:14:06:b0:07:e7:65:21:77:6f:ed:49:3a:2c:88:af:6e:
         56:07:65:47:57:79:39:87:2c:71:b8:8a:c4:40:d4:a7:0f:43:
         31:d7:51:8f:7b:50:96:fa:e1:71:ff:8b:14:2b:ff:22:cb:50:
         d8:d3:be:86:2f:8d:12:64:df:66:77:b0:03:c6:4c:c7:74:d0:
         51:99:13:3b:95:29:8a:96:4d:0c:48:c1:01:b2:12:67:43:a6:
         63:7d:31:26:6e:e3:3b:ae:20:ed:4d:bc:3e:af:c0:dd:3f:b2:
         66:91:94:9b:0a:dc:86:39:59:ea:2a:e8:08:b2:b0:9a:d7:c3:
         b9:76:4e:d8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUGgAgz4iqRnEpna3mN+TMMqyZV0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTIyOFoX
DTI3MDUwMTIxMTcyOFowMzExMC8GA1UEAxMoNUQ2RkZFQTJEOTc2RjM0NzUzREQ1
MjMxRDQyMTExMTgyQTI0OEJDODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN9uRX5UFkuw9zr9b8Ai9mME5hAe+i4uHcz6Arhd19k7BNMMjiFgdQUhjrlr
2FQOizfuKToZFYZxT93oAxmSYbQ6H5ou4jSgNuWra3UwcAyI4GrR1HwQo9ptUZCG
QJ1LQ8MhqDNFG/OFG/Lh3WLt7SRaXJUaRW5a+IW1zZCW7OVC6E0qHZ28ERjXIs3s
5DTshfEOgeXQPYdqUNH+XabGZVd0CQj5Vid461Onfb4WEY8zKkOhkbReGgA8NdWE
k73YLwza8OcgC+r5s3c916XxKYgs/B3ROxNUa3J8UE4OHv6T4hV0iRX55eSEu14M
Sgvi8llfowsBPbtL1SO1QjKo20kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRdb/6i
2XbzR1PdUjHUIREYKiSLyDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNTM2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ/QXMA0GCSqGSIb3DQEBCwUAA4IBAQA18rq0okNFuwB40XWHEnl62yAK
94oYu1hzZT/gFRhzcmLNQ9i3fZ9x++JxWEVoGfRBGDW1P5rRxU8At8IhXeJhFUW+
lWbDWp2MYwu/WzUzNEXcDyfyCdgm1464X1Flve9JYJ03/p0fgz8e9+QMDIe70GFc
RGv81QflS458KeyOTBQGsAfnZSF3b+1JOiyIr25WB2VHV3k5hyxxuIrEQNSnD0Mx
11GPe1CW+uFx/4sUK/8iy1DY076GL40SZN9md7ADxkzHdNBRmRM7lSmKlk0MSMEB
shJnQ6ZjfTEmbuM7riDtTbw+r8DdP7JmkZSbCtyGOVnqKugIsrCa18O5dk7Y
-----END CERTIFICATE-----