Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151573.roa
File:                     AS151573.roa (raw, json)
Hash identifier:          3eksQuUVyPimiSFIxm91FgVHDn8dwVqAIOxgMv7a1Ns=
Subject key identifier:   9A:2E:D9:17:86:AC:78:5D:E0:DC:D8:4F:90:D0:88:0E:8E:11:E4:5F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       64FF809939074F3404369C708BD87F7435956D0D
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151573.roa
Signing time:             Sat 02 May 2026 08:35:41 +0000
ROA not before:           Sat 02 May 2026 08:30:41 +0000
ROA not after:            Sat 01 May 2027 08:35:41 +0000
asID:                     151573
IP address blocks:        103.26.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ff:80:99:39:07:4f:34:04:36:9c:70:8b:d8:7f:74:35:95:6d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:41 2026 GMT
            Not After : May  1 08:35:41 2027 GMT
        Subject: CN=9A2ED91786AC785DE0DCD84F90D0880E8E11E45F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bc:27:2d:c6:bb:fd:28:ee:4e:85:93:9d:88:
                    0a:c5:74:3b:31:a8:2a:a1:de:89:a3:24:da:8f:a0:
                    e0:e9:c9:74:6a:6e:95:e7:ac:47:56:77:c1:86:55:
                    30:6d:ba:91:ce:68:bd:13:e4:44:94:b6:c6:e1:5e:
                    ec:7a:33:05:9f:73:ef:d5:77:b7:44:8b:66:21:aa:
                    80:88:86:5a:35:da:91:15:ef:6e:d1:5a:65:83:c3:
                    c5:bf:3c:c9:d8:c2:8e:07:46:7d:a2:ff:0c:50:98:
                    a1:1b:e3:e9:e9:77:aa:10:ca:b1:9d:35:f4:46:f9:
                    3b:3a:a8:a9:1f:c3:a4:bf:a6:00:de:34:ce:79:de:
                    38:97:f1:86:ea:2d:4a:73:d8:1c:63:bc:bb:24:74:
                    19:1b:eb:80:c2:a1:9a:c2:99:8d:a5:e6:71:04:ac:
                    81:13:e5:26:4f:95:ed:82:6c:aa:59:8d:38:82:d3:
                    27:33:4c:10:4b:c7:d6:3e:02:8a:84:bb:29:ae:06:
                    fb:f4:03:94:96:8a:36:8c:68:b6:28:02:d4:b9:79:
                    09:b9:a5:48:9b:7e:8c:61:7d:89:2f:f2:2b:0d:53:
                    6d:5e:44:8a:05:f5:0d:fe:7f:a9:9c:61:5a:f3:b9:
                    44:be:c1:29:85:89:09:32:36:7c:c9:f6:ee:db:6e:
                    db:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2E:D9:17:86:AC:78:5D:E0:DC:D8:4F:90:D0:88:0E:8E:11:E4:5F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151573.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.26.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d8:0f:d0:77:c2:5a:86:ad:e5:86:41:d7:b3:db:87:e7:16:
         c7:74:21:d9:02:d2:74:99:28:fd:b8:70:79:07:a9:51:58:a1:
         c6:e0:81:0d:8d:d1:ae:e2:11:8c:c9:95:73:8e:3c:46:45:47:
         25:e0:a4:d1:78:84:62:01:5f:ee:6f:a0:e9:9c:eb:85:d6:3d:
         49:21:08:c2:34:54:4a:b8:4f:95:f6:e7:d0:03:07:1f:ca:51:
         01:c3:98:30:7e:9c:dc:b0:fa:fc:15:a4:25:16:2c:a1:99:75:
         36:51:76:f0:f3:32:b3:6e:cd:ff:bc:10:53:cf:52:ba:31:21:
         0d:c9:da:19:eb:b8:58:75:94:73:e3:cd:6e:53:eb:75:13:ed:
         9b:67:80:59:0b:de:6c:c7:ec:83:05:19:f0:70:37:21:11:c7:
         9e:5e:26:70:14:12:58:29:d7:3a:a8:7d:be:c7:d2:93:e0:bd:
         1b:04:77:d4:a8:46:c9:ab:09:d5:25:93:b7:15:5c:ff:3e:27:
         cd:a4:f3:f3:b1:3d:29:e1:58:50:bc:b5:c3:4e:8b:07:7d:a6:
         a0:5c:e4:e0:f5:26:3c:48:84:b9:ee:a0:d4:c2:27:e4:65:91:
         e3:94:8f:86:67:d7:6c:8f:06:13:ab:a5:06:a0:d7:38:87:3b:
         cb:16:c8:67
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUZP+AmTkHTzQENpxwi9h/dDWVbQ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzA0MVoX
DTI3MDUwMTA4MzU0MVowMzExMC8GA1UEAxMoOUEyRUQ5MTc4NkFDNzg1REUwRENE
ODRGOTBEMDg4MEU4RTExRTQ1RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ68Jy3Gu/0o7k6Fk52ICsV0OzGoKqHeiaMk2o+g4OnJdGpuleesR1Z3wYZV
MG26kc5ovRPkRJS2xuFe7HozBZ9z79V3t0SLZiGqgIiGWjXakRXvbtFaZYPDxb88
ydjCjgdGfaL/DFCYoRvj6el3qhDKsZ019Eb5OzqoqR/DpL+mAN40znneOJfxhuot
SnPYHGO8uyR0GRvrgMKhmsKZjaXmcQSsgRPlJk+V7YJsqlmNOILTJzNMEEvH1j4C
ioS7Ka4G+/QDlJaKNoxotigC1Ll5CbmlSJt+jGF9iS/yKw1TbV5EigX1Df5/qZxh
WvO5RL7BKYWJCTI2fMn27ttu25sCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSaLtkX
hqx4XeDc2E+Q0IgOjhHkXzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNTczLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZxodMA0GCSqGSIb3DQEBCwUAA4IBAQBa2A/Qd8Jahq3lhkHXs9uH5xbH
dCHZAtJ0mSj9uHB5B6lRWKHG4IENjdGu4hGMyZVzjjxGRUcl4KTReIRiAV/ub6Dp
nOuF1j1JIQjCNFRKuE+V9ufQAwcfylEBw5gwfpzcsPr8FaQlFiyhmXU2UXbw8zKz
bs3/vBBTz1K6MSENydoZ67hYdZRz481uU+t1E+2bZ4BZC95sx+yDBRnwcDchEcee
XiZwFBJYKdc6qH2+x9KT4L0bBHfUqEbJqwnVJZO3FVz/PifNpPPzsT0p4VhQvLXD
TosHfaagXOTg9SY8SIS57qDUwifkZZHjlI+GZ9dsjwYTq6UGoNc4hzvLFshn
-----END CERTIFICATE-----