Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151601.roa
File:                     AS151601.roa (raw, json)
Hash identifier:          ktqnsugHcU6Z7PzG6797nSdD0dgAwhIdil+qY/bKI4o=
Subject key identifier:   17:06:D8:9B:14:06:1F:47:E7:CF:CC:51:54:F2:A5:39:32:C4:90:31
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       17A9D8B053AFC683ECD79DADFC5BA7D32A616B06
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151601.roa
Signing time:             Sat 02 May 2026 21:19:25 +0000
ROA not before:           Sat 02 May 2026 21:14:25 +0000
ROA not after:            Sat 01 May 2027 21:19:25 +0000
asID:                     151601
IP address blocks:        103.67.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:a9:d8:b0:53:af:c6:83:ec:d7:9d:ad:fc:5b:a7:d3:2a:61:6b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:14:25 2026 GMT
            Not After : May  1 21:19:25 2027 GMT
        Subject: CN=1706D89B14061F47E7CFCC5154F2A53932C49031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b4:67:67:ba:1b:12:98:3b:a9:68:bf:b6:62:
                    39:ed:ab:aa:96:4b:97:6b:4d:09:65:0d:44:f4:10:
                    9f:88:8f:ba:52:f5:29:b0:01:12:4e:d5:fd:ad:8d:
                    91:99:9a:1e:d3:78:40:c1:ba:bc:de:71:09:71:75:
                    18:35:2c:e2:a7:bd:ac:5d:e8:f7:f3:e7:0f:d2:9c:
                    c1:38:da:83:64:15:7f:1d:4e:8c:ff:4f:64:f8:9e:
                    52:63:35:70:e0:6f:e3:0d:21:28:f0:cf:ce:2f:b6:
                    0e:2d:f4:79:11:e9:42:59:80:92:57:30:37:b8:32:
                    97:81:e7:1a:3a:25:93:35:f0:1a:b1:bd:33:f2:84:
                    53:dd:5d:09:db:ea:82:11:2e:da:14:c4:e1:2b:2d:
                    6a:b4:1a:1e:fb:ec:44:4c:32:21:42:f0:c8:83:0a:
                    31:d2:72:90:23:bf:c3:9e:5d:ba:50:aa:d8:47:38:
                    a1:f9:5e:68:63:f5:18:09:8a:f8:80:fc:08:b1:61:
                    d0:07:09:58:a9:90:37:09:4d:7b:7d:93:9c:5b:d3:
                    bc:6f:cc:39:5d:de:b1:f3:d1:48:1b:22:05:f6:12:
                    ff:00:c3:d8:c1:52:b0:94:d4:bd:22:f7:b1:86:0a:
                    70:a0:44:10:e4:ec:11:31:49:58:81:4c:96:96:75:
                    d8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:06:D8:9B:14:06:1F:47:E7:CF:CC:51:54:F2:A5:39:32:C4:90:31
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151601.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.67.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:59:92:fb:c2:6c:a7:e6:9a:62:a7:ac:4d:fd:89:f7:c1:6c:
         1c:bc:e3:1d:ff:eb:3c:4e:81:06:6a:87:42:46:2f:c6:9a:81:
         94:ca:11:65:95:3a:ee:5c:c0:df:6c:2a:13:4e:9a:b6:61:1c:
         63:4f:80:b5:ea:82:58:a6:92:39:30:2d:92:d6:02:81:93:06:
         59:27:c9:73:d2:a0:de:fd:40:c1:af:b3:8c:b5:3e:7d:51:ea:
         e2:57:39:e0:39:a5:31:20:53:0d:21:0d:9c:c9:a6:20:9f:8a:
         84:7b:46:73:9f:4b:30:37:f8:5c:b0:23:00:5c:c1:9c:75:85:
         d2:52:63:43:e6:cf:f1:72:03:38:28:ab:64:e2:a4:dc:ee:02:
         d4:65:ea:ed:7a:1d:19:54:2f:c8:c4:be:df:10:ff:ae:6a:8d:
         ab:3b:23:83:93:44:30:0c:0a:6b:06:f5:71:b6:95:e9:37:3b:
         f3:75:0d:4e:c0:06:28:8d:6c:50:b1:7e:9d:c9:6a:75:50:1e:
         ae:3f:2b:93:7d:f9:a9:97:d8:c4:63:ab:ef:1b:07:58:6b:35:
         4d:aa:dc:12:94:2e:c4:5f:41:a2:f0:94:2b:3b:c3:26:da:27:
         20:00:c9:d1:05:3c:0e:68:0d:f3:86:96:ca:b3:0f:8e:c2:80:
         d0:97:51:f0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUF6nYsFOvxoPs152t/Fun0yphawYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTQyNVoX
DTI3MDUwMTIxMTkyNVowMzExMC8GA1UEAxMoMTcwNkQ4OUIxNDA2MUY0N0U3Q0ZD
QzUxNTRGMkE1MzkzMkM0OTAzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMO0Z2e6GxKYO6lov7ZiOe2rqpZLl2tNCWUNRPQQn4iPulL1KbABEk7V/a2N
kZmaHtN4QMG6vN5xCXF1GDUs4qe9rF3o9/PnD9KcwTjag2QVfx1OjP9PZPieUmM1
cOBv4w0hKPDPzi+2Di30eRHpQlmAklcwN7gyl4HnGjolkzXwGrG9M/KEU91dCdvq
ghEu2hTE4SstarQaHvvsREwyIULwyIMKMdJykCO/w55dulCq2Ec4ofleaGP1GAmK
+ID8CLFh0AcJWKmQNwlNe32TnFvTvG/MOV3esfPRSBsiBfYS/wDD2MFSsJTUvSL3
sYYKcKBEEOTsETFJWIFMlpZ12N8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQXBtib
FAYfR+fPzFFU8qU5MsSQMTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxNjAxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ0MwMA0GCSqGSIb3DQEBCwUAA4IBAQCQWZL7wmyn5ppip6xN/Yn3wWwc
vOMd/+s8ToEGaodCRi/GmoGUyhFllTruXMDfbCoTTpq2YRxjT4C16oJYppI5MC2S
1gKBkwZZJ8lz0qDe/UDBr7OMtT59UeriVzngOaUxIFMNIQ2cyaYgn4qEe0Zzn0sw
N/hcsCMAXMGcdYXSUmND5s/xcgM4KKtk4qTc7gLUZerteh0ZVC/IxL7fEP+uao2r
OyODk0QwDAprBvVxtpXpNzvzdQ1OwAYojWxQsX6dyWp1UB6uPyuTffmpl9jEY6vv
GwdYazVNqtwSlC7EX0Gi8JQrO8Mm2icgAMnRBTwOaA3zhpbKsw+OwoDQl1Hw
-----END CERTIFICATE-----