Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS150985.roa
File:                     AS150985.roa (raw, json)
Hash identifier:          6x5FtDfHidpINb8U5C75LtX5/SDyfFsr8bLC3V1TvmE=
Subject key identifier:   FB:DC:33:8A:A2:C0:80:88:95:0B:A1:C5:C9:CA:6D:2C:53:C5:79:92
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       56D6C87712CD20275591313C1D1F86706429D240
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150985.roa
Signing time:             Sun 03 May 2026 08:16:14 +0000
ROA not before:           Sun 03 May 2026 08:11:14 +0000
ROA not after:            Sun 02 May 2027 08:16:14 +0000
asID:                     150985
IP address blocks:        157.66.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d6:c8:77:12:cd:20:27:55:91:31:3c:1d:1f:86:70:64:29:d2:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 08:11:14 2026 GMT
            Not After : May  2 08:16:14 2027 GMT
        Subject: CN=FBDC338AA2C08088950BA1C5C9CA6D2C53C57992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:be:3a:ba:3f:72:a4:4f:d7:22:91:cd:f8:42:
                    e8:43:4d:d5:4f:c3:61:05:fd:b1:22:1a:63:be:09:
                    e6:d6:43:f0:cd:2e:fc:cd:0b:ce:d3:65:db:d6:3b:
                    80:07:89:32:1d:08:de:ca:1c:40:e1:54:56:b2:89:
                    c3:bc:4a:d9:91:d0:a6:2d:a1:55:14:b8:77:9f:59:
                    23:73:9a:86:7f:da:cb:c8:2d:82:c7:fd:14:f5:66:
                    79:03:15:c8:30:2e:ca:6f:3c:c8:97:d3:89:ec:54:
                    e4:f0:de:78:45:46:80:39:17:24:56:1c:21:36:80:
                    d0:51:ab:43:cb:c2:97:37:14:07:88:04:ce:93:bf:
                    d4:ba:8a:4b:ad:a6:c2:6e:9b:8e:de:ed:e1:41:a5:
                    b2:6b:c8:e2:13:f4:50:2d:fd:6d:f7:4d:7e:85:19:
                    4b:7e:9e:77:79:e0:bc:5f:a9:9f:ab:bf:83:ab:03:
                    65:34:cf:a7:42:f2:02:81:5d:4c:65:f4:82:40:2c:
                    9f:53:c7:06:67:f5:8f:2f:9f:29:78:e0:2a:9f:47:
                    f9:b1:10:da:14:30:5e:f9:6d:f4:1d:02:03:e0:3b:
                    ea:cd:5a:9b:98:60:f7:bf:3d:cc:c3:3a:64:39:70:
                    72:6c:f0:99:e3:c2:d7:ae:c5:82:fc:c7:eb:e0:c9:
                    df:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:DC:33:8A:A2:C0:80:88:95:0B:A1:C5:C9:CA:6D:2C:53:C5:79:92
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS150985.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ea:6c:e7:a4:08:11:96:17:e4:b0:da:ea:9e:b2:d2:0b:ca:
         ad:a2:e6:82:cb:db:5d:f3:b5:fc:9d:01:00:f4:43:bf:df:57:
         d7:60:74:f3:78:85:4b:eb:b5:6c:69:14:b6:cf:95:08:36:e5:
         e8:90:de:84:77:78:3d:24:ea:3f:7f:3b:22:89:0a:b3:5c:58:
         09:d7:6c:f1:4d:98:23:ef:7f:b9:c3:97:b2:e4:ec:70:84:a1:
         58:1d:25:b6:ea:fb:53:a5:a7:9c:5b:aa:73:92:81:13:28:27:
         47:24:31:ad:7e:eb:bd:a5:15:e1:6c:28:a6:61:3c:38:4c:4b:
         bf:7c:6d:bd:38:d6:93:8a:62:28:b2:46:02:25:b2:39:a1:a9:
         7d:d0:43:2e:11:ae:65:d7:93:c8:b1:3f:0f:86:1d:4c:af:8d:
         59:0b:a7:4a:51:4b:ab:23:80:e5:17:19:a3:bc:e9:2a:5b:16:
         f2:69:7a:63:fd:fd:f4:3d:98:bd:ae:07:f6:24:e7:63:21:b9:
         21:a3:bc:32:78:80:80:ea:72:16:20:f8:dd:1c:87:dd:a7:c0:
         4b:86:7f:cd:d7:45:af:17:cf:f3:81:85:d9:b2:78:7c:08:a9:
         a0:82:b1:57:9a:90:dd:07:94:06:2d:a5:f9:77:1e:ee:e7:d7:
         5e:a4:2f:53
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVtbIdxLNICdVkTE8HR+GcGQp0kAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA4MTExNFoX
DTI3MDUwMjA4MTYxNFowMzExMC8GA1UEAxMoRkJEQzMzOEFBMkMwODA4ODk1MEJB
MUM1QzlDQTZEMkM1M0M1Nzk5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMO+Oro/cqRP1yKRzfhC6ENN1U/DYQX9sSIaY74J5tZD8M0u/M0LztNl29Y7
gAeJMh0I3socQOFUVrKJw7xK2ZHQpi2hVRS4d59ZI3Oahn/ay8gtgsf9FPVmeQMV
yDAuym88yJfTiexU5PDeeEVGgDkXJFYcITaA0FGrQ8vClzcUB4gEzpO/1LqKS62m
wm6bjt7t4UGlsmvI4hP0UC39bfdNfoUZS36ed3ngvF+pn6u/g6sDZTTPp0LyAoFd
TGX0gkAsn1PHBmf1jy+fKXjgKp9H+bEQ2hQwXvlt9B0CA+A76s1am5hg9789zMM6
ZDlwcmzwmePC167FgvzH6+DJ36ECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT73DOK
osCAiJULocXJym0sU8V5kjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTUwOTg1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnUI5MA0GCSqGSIb3DQEBCwUAA4IBAQB46mznpAgRlhfksNrqnrLSC8qt
ouaCy9td87X8nQEA9EO/31fXYHTzeIVL67VsaRS2z5UINuXokN6Ed3g9JOo/fzsi
iQqzXFgJ12zxTZgj73+5w5ey5OxwhKFYHSW26vtTpaecW6pzkoETKCdHJDGtfuu9
pRXhbCimYTw4TEu/fG29ONaTimIoskYCJbI5oal90EMuEa5l15PIsT8Phh1Mr41Z
C6dKUUurI4DlFxmjvOkqWxbyaXpj/f30PZi9rgf2JOdjIbkho7wyeICA6nIWIPjd
HIfdp8BLhn/N10WvF8/zgYXZsnh8CKmggrFXmpDdB5QGLaX5dx7u59depC9T
-----END CERTIFICATE-----