Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150493.roa
File:                     AS150493.roa (raw, json)
Hash identifier:          MjtEnVGnQj77y7hWpwT3pRjU9Bvjfm463KjwNs4oZfc=
Subject key identifier:   CF:76:AC:C2:9E:0F:B5:D9:F7:CD:07:B7:B7:A4:B2:48:F0:62:CA:16
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       78AE1EF58B07D94B102A68F7F88DEC183423C193
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150493.roa
Signing time:             Mon 29 Sep 2025 05:00:00 +0000
ROA not before:           Mon 29 Sep 2025 04:55:00 +0000
ROA not after:            Mon 28 Sep 2026 05:00:00 +0000
asID:                     150493
IP address blocks:        2001:df1:e8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 14:07:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ae:1e:f5:8b:07:d9:4b:10:2a:68:f7:f8:8d:ec:18:34:23:c1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Sep 29 04:55:00 2025 GMT
            Not After : Sep 28 05:00:00 2026 GMT
        Subject: CN=CF76ACC29E0FB5D9F7CD07B7B7A4B248F062CA16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:44:cd:77:63:33:8e:bd:a5:c6:12:98:f6:be:
                    02:00:c3:91:02:56:be:87:11:ce:01:dc:82:85:44:
                    4f:f4:6d:8a:f4:d9:8e:bd:d8:ce:72:3f:06:b0:90:
                    2a:24:40:a0:37:5c:d0:06:f1:8f:bc:4a:c5:6b:47:
                    53:00:af:17:71:8b:ee:28:7a:c7:b9:35:ad:b3:bf:
                    d5:7b:e0:2d:c8:e0:61:7e:f8:75:80:66:75:c8:ac:
                    fa:6b:c1:b2:68:1e:75:ea:d3:dd:0d:29:48:30:cf:
                    f8:94:ec:d2:85:ec:f2:c3:a5:96:fe:be:1e:f5:55:
                    91:0d:97:1d:ed:66:89:9f:65:e6:3b:80:36:fc:1d:
                    ba:68:85:29:61:fa:fb:12:fd:34:c6:ba:c4:dc:9b:
                    aa:d2:8b:c3:97:f4:9b:83:a3:f4:50:29:f9:56:b2:
                    30:27:50:3c:97:cc:3b:5f:07:e3:7c:5d:e3:69:84:
                    69:37:62:f8:75:d9:ea:89:b1:6a:56:39:bc:0a:12:
                    e3:c9:34:8a:3e:63:ad:5a:f3:10:16:d1:83:85:6a:
                    aa:7a:98:7e:65:5e:e3:ed:0f:c2:79:65:30:60:c2:
                    21:0b:2d:4c:86:09:22:a7:19:6a:59:f2:29:56:a2:
                    62:c6:49:df:95:ff:2c:57:2f:99:ed:d8:29:a0:90:
                    16:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:76:AC:C2:9E:0F:B5:D9:F7:CD:07:B7:B7:A4:B2:48:F0:62:CA:16
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS150493.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:e8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:1a:f6:61:f7:c8:9a:cd:53:63:ce:88:89:ba:a6:9b:9f:61:
         42:d7:8e:f3:a4:87:97:25:18:1a:12:40:b1:b6:76:15:97:67:
         49:d8:29:b3:ea:32:67:46:dc:b4:d9:2b:a4:ed:69:c1:e7:23:
         fa:38:5e:ea:13:21:13:09:05:8e:9c:d8:5c:72:43:2e:81:e0:
         28:1f:2c:ea:c9:6d:e2:b4:04:da:29:ac:b8:ef:d0:78:ac:36:
         11:f9:3f:db:02:4b:c3:be:b2:45:49:61:c1:b9:22:7f:aa:54:
         35:fa:d4:99:70:5d:fa:1c:e2:06:b3:b2:27:15:be:f3:22:19:
         0f:da:f1:db:f5:fc:b4:75:2e:e4:6b:d7:56:c9:d3:a1:1c:81:
         f2:aa:d0:6a:8d:97:89:71:e5:d3:c8:fb:93:9e:a4:3f:5c:54:
         31:7c:79:9e:16:c4:0e:59:6b:9c:46:77:4f:73:a7:c5:dd:0a:
         70:4d:60:fd:39:76:40:b1:ff:29:d2:78:71:ee:10:3f:c1:0a:
         00:09:91:3c:51:08:e9:3f:fe:2c:08:2b:26:7a:71:4c:b9:63:
         93:ad:a4:c6:a4:91:37:03:a5:aa:bc:5f:d2:85:70:ba:ee:de:
         f8:7b:c3:f0:08:57:1b:de:b2:33:ef:18:37:f4:bf:98:66:dc:
         da:01:3f:a5
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIUeK4e9YsH2UsQKmj3+I3sGDQjwZMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDkyOTA0NTUwMFoX
DTI2MDkyODA1MDAwMFowMzExMC8GA1UEAxMoQ0Y3NkFDQzI5RTBGQjVEOUY3Q0Qw
N0I3QjdBNEIyNDhGMDYyQ0ExNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFEzXdjM469pcYSmPa+AgDDkQJWvocRzgHcgoVET/RtivTZjr3YznI/BrCQ
KiRAoDdc0Abxj7xKxWtHUwCvF3GL7ih6x7k1rbO/1XvgLcjgYX74dYBmdcis+mvB
smgederT3Q0pSDDP+JTs0oXs8sOllv6+HvVVkQ2XHe1miZ9l5juANvwdumiFKWH6
+xL9NMa6xNybqtKLw5f0m4Oj9FAp+VayMCdQPJfMO18H43xd42mEaTdi+HXZ6omx
alY5vAoS48k0ij5jrVrzEBbRg4VqqnqYfmVe4+0PwnllMGDCIQstTIYJIqcZalny
KVaiYsZJ35X/LFcvme3YKaCQFmsCAwEAAaOCAdMwggHPMB0GA1UdDgQWBBTPdqzC
ng+12ffNB7e3pLJI8GLKFjAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE1MDQ5My5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACABDfHowDANBgkqhkiG9w0BAQsFAAOCAQEARxr2YffIms1TY86I
ibqmm59hQteO86SHlyUYGhJAsbZ2FZdnSdgps+oyZ0bctNkrpO1pwecj+jhe6hMh
EwkFjpzYXHJDLoHgKB8s6slt4rQE2imsuO/QeKw2Efk/2wJLw76yRUlhwbkif6pU
NfrUmXBd+hziBrOyJxW+8yIZD9rx2/X8tHUu5GvXVsnToRyB8qrQao2XiXHl08j7
k56kP1xUMXx5nhbEDllrnEZ3T3Onxd0KcE1g/Tl2QLH/KdJ4ce4QP8EKAAmRPFEI
6T/+LAgrJnpxTLljk62kxqSRNwOlqrxf0oVwuu7e+HvD8AhXG96yM+8YN/S/mGbc
2gE/pQ==
-----END CERTIFICATE-----