Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151576.roa
File:                     AS151576.roa (raw, json)
Hash identifier:          nO+Fl3WblunKuB8LLz1x1PWUpkp+ShTPKT5urldg9is=
Subject key identifier:   B2:F3:38:44:84:FA:39:F6:1E:63:03:59:83:ED:DA:1A:AE:2F:5D:11
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       50D2ABC92FD128AB22236A1B98D3F5FEC0C524E2
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151576.roa
Signing time:             Sat 02 May 2026 08:35:59 +0000
ROA not before:           Sat 02 May 2026 08:30:59 +0000
ROA not after:            Sat 01 May 2027 08:35:59 +0000
asID:                     151576
IP address blocks:        103.76.108.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:d2:ab:c9:2f:d1:28:ab:22:23:6a:1b:98:d3:f5:fe:c0:c5:24:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:59 2026 GMT
            Not After : May  1 08:35:59 2027 GMT
        Subject: CN=B2F3384484FA39F61E63035983EDDA1AAE2F5D11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:39:21:6c:90:46:4c:0d:4e:68:4b:38:83:58:
                    1a:7b:54:7a:66:ec:5f:24:fc:a6:2a:cf:14:57:27:
                    48:4e:e0:a8:7f:47:58:8b:7f:92:a0:9d:0d:7d:5b:
                    aa:c4:4e:82:69:71:05:28:f6:ab:58:be:d8:e3:e6:
                    ed:e5:e6:cd:1f:f0:02:ab:eb:c4:97:05:21:55:b3:
                    97:23:42:ae:88:b3:ff:88:9d:2e:55:f8:d3:d9:73:
                    e1:06:ef:7a:8a:99:ad:ee:be:5c:56:81:98:f3:e7:
                    8a:86:c2:74:89:ec:87:fd:19:74:22:d5:cf:d8:13:
                    47:9b:7e:af:42:87:12:2c:45:58:59:4c:f8:6a:62:
                    84:fa:6b:1a:c9:97:3c:99:1a:14:aa:b8:89:35:64:
                    bf:c2:b4:78:11:47:8b:9f:30:48:d2:37:64:ac:a8:
                    b3:e0:21:b1:2b:4a:75:a9:6e:2d:92:0d:3b:ef:6d:
                    5e:ca:f8:dc:6d:7e:6f:f8:a7:f5:d5:0e:2a:eb:5b:
                    39:ac:32:cd:49:92:c3:88:df:65:59:8a:38:40:c4:
                    90:c8:b1:88:2f:5a:eb:9e:dc:b9:45:97:54:15:f8:
                    39:a6:c4:19:87:29:e0:b5:1b:16:a6:c5:46:b5:3e:
                    bf:84:49:9a:89:f7:ec:40:5d:6c:df:ce:9d:fb:29:
                    2c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F3:38:44:84:FA:39:F6:1E:63:03:59:83:ED:DA:1A:AE:2F:5D:11
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151576.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:14:cc:ca:2f:a6:0b:9a:b4:64:8d:5d:69:42:1e:7b:db:c4:
         82:47:fe:4b:29:55:18:a8:2f:57:44:b5:9a:3f:e2:ee:94:c9:
         ff:67:21:46:42:95:29:39:d6:42:a8:d6:88:4a:62:aa:18:3c:
         2c:20:9b:c5:f2:09:15:d1:3b:e1:36:0b:4f:66:05:56:ef:6a:
         69:1e:70:ff:4f:88:19:ab:cf:97:8f:de:26:c6:55:24:96:e5:
         2d:9d:41:70:1f:59:39:c4:8c:06:3a:08:0c:3a:08:10:ff:19:
         52:e6:e5:c6:3f:07:88:07:d0:f7:cb:c1:c1:a2:20:a4:31:98:
         ef:17:86:eb:a6:3c:3e:f7:78:b7:49:2d:f7:08:cc:5d:39:00:
         18:8f:7a:7a:20:26:ce:81:84:09:1b:83:b2:0e:0d:1f:5b:47:
         a5:91:f6:67:88:b3:74:e5:dc:7c:aa:86:d9:b5:22:ba:d3:5a:
         0b:2f:7d:a9:52:f8:02:f9:b7:76:1d:b3:d6:c8:5b:40:bc:d9:
         7c:31:ec:a9:24:ed:f6:c9:34:01:75:61:a4:7e:6b:73:bc:f2:
         da:d6:96:f3:12:16:e3:a4:a5:ba:e2:c8:77:7f:06:d6:45:04:
         a7:f0:c3:a5:da:81:5d:cf:69:3f:69:a9:89:7c:3e:aa:42:76:
         98:e5:f3:29
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUNKryS/RKKsiI2obmNP1/sDFJOIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzA1OVoX
DTI3MDUwMTA4MzU1OVowMzExMC8GA1UEAxMoQjJGMzM4NDQ4NEZBMzlGNjFFNjMw
MzU5ODNFRERBMUFBRTJGNUQxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMk5IWyQRkwNTmhLOINYGntUembsXyT8pirPFFcnSE7gqH9HWIt/kqCdDX1b
qsROgmlxBSj2q1i+2OPm7eXmzR/wAqvrxJcFIVWzlyNCroiz/4idLlX409lz4Qbv
eoqZre6+XFaBmPPniobCdInsh/0ZdCLVz9gTR5t+r0KHEixFWFlM+GpihPprGsmX
PJkaFKq4iTVkv8K0eBFHi58wSNI3ZKyos+AhsStKdaluLZINO+9tXsr43G1+b/in
9dUOKutbOawyzUmSw4jfZVmKOEDEkMixiC9a657cuUWXVBX4OabEGYcp4LUbFqbF
RrU+v4RJmon37EBdbN/OnfspLIsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSy8zhE
hPo59h5jA1mD7doari9dETAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNTc2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ0xsMA0GCSqGSIb3DQEBCwUAA4IBAQCRFMzKL6YLmrRkjV1pQh5728SC
R/5LKVUYqC9XRLWaP+LulMn/ZyFGQpUpOdZCqNaISmKqGDwsIJvF8gkV0TvhNgtP
ZgVW72ppHnD/T4gZq8+Xj94mxlUkluUtnUFwH1k5xIwGOggMOggQ/xlS5uXGPweI
B9D3y8HBoiCkMZjvF4brpjw+93i3SS33CMxdOQAYj3p6ICbOgYQJG4OyDg0fW0el
kfZniLN05dx8qobZtSK601oLL32pUvgC+bd2HbPWyFtAvNl8MeypJO32yTQBdWGk
fmtzvPLa1pbzEhbjpKW64sh3fwbWRQSn8MOl2oFdz2k/aamJfD6qQnaY5fMp
-----END CERTIFICATE-----