Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS151996.roa
File:                     AS151996.roa (raw, json)
Hash identifier:          tyWCyW/BcUGrjd8baCL6j7Wslu3iQ7CZIn/GwscrcF0=
Subject key identifier:   4E:38:BE:F1:4A:A2:B2:06:19:9D:3D:1B:52:79:23:30:0D:E9:72:45
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       68BCE4E7D6CD4E77925095E9116D6E08A2215688
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151996.roa
Signing time:             Wed 06 May 2026 08:54:21 +0000
ROA not before:           Wed 06 May 2026 08:49:21 +0000
ROA not after:            Wed 05 May 2027 08:54:21 +0000
asID:                     151996
IP address blocks:        103.67.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:bc:e4:e7:d6:cd:4e:77:92:50:95:e9:11:6d:6e:08:a2:21:56:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  6 08:49:21 2026 GMT
            Not After : May  5 08:54:21 2027 GMT
        Subject: CN=4E38BEF14AA2B206199D3D1B527923300DE97245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a7:30:db:4f:77:66:ee:34:de:2a:bb:dc:03:
                    77:02:7d:5f:01:41:51:9d:45:23:50:76:cc:fc:80:
                    98:5d:5c:7c:97:1c:cb:bc:13:e3:91:31:75:17:23:
                    5e:c3:2a:0e:62:ef:7a:cf:c8:18:ad:5f:25:9d:4c:
                    ef:d8:91:62:73:77:4b:1a:b9:59:81:dd:75:51:ee:
                    ce:86:83:ad:73:8b:f2:38:93:3b:91:43:44:17:7e:
                    ab:e2:6d:26:48:32:5e:3a:5e:d3:38:8c:1f:18:22:
                    bc:0c:96:1e:78:ec:77:83:ea:3a:f1:72:a3:7d:c0:
                    c9:3b:9b:ce:62:e5:9c:a6:01:f7:d5:ee:af:8d:61:
                    94:5b:ab:20:17:f3:cb:ea:80:fd:49:b4:55:85:25:
                    d9:06:f9:83:75:05:e4:6c:06:57:3c:d2:8e:aa:b2:
                    b8:6f:23:06:e6:23:68:5f:7b:7d:c2:56:ba:c9:02:
                    9f:d7:51:5f:68:28:27:b7:17:5f:a8:e5:6f:0b:3a:
                    2d:76:05:3b:bd:8a:3b:e7:20:9c:98:b7:4b:58:8c:
                    7d:b5:da:9d:39:7f:3f:e8:05:74:25:81:ea:2c:65:
                    fc:b4:76:96:c4:58:81:cc:09:6b:c7:6a:a7:1b:b1:
                    d3:81:b0:70:e7:c7:99:42:18:3c:8c:20:90:19:f1:
                    36:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:38:BE:F1:4A:A2:B2:06:19:9D:3D:1B:52:79:23:30:0D:E9:72:45
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS151996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.67.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:63:8d:f2:83:61:26:4d:05:8d:94:d1:b1:62:52:66:17:a5:
         85:39:b8:3a:fb:2e:49:6e:54:ce:fc:22:8b:42:f2:d0:0c:1c:
         02:83:2e:22:ba:18:fc:30:61:3c:e7:69:c6:81:56:93:3b:00:
         f3:9e:69:9a:a6:1d:a3:f2:88:da:e9:fc:17:49:4d:2a:4a:6a:
         12:aa:b0:bc:2d:b7:7a:4a:dc:68:54:52:38:c9:a9:99:ba:72:
         5d:a5:30:d4:c0:dc:78:4e:28:73:b2:82:4c:0d:28:36:94:86:
         9e:0f:3f:11:93:d3:e6:95:94:ef:e4:dd:d8:3c:d9:a2:93:f4:
         b6:12:3b:25:22:2b:45:88:c8:2c:8d:5c:0d:df:7d:d6:e5:f4:
         62:4d:52:ec:fa:5b:7d:53:33:61:41:4e:6c:b1:08:b3:a5:bd:
         29:2d:78:91:55:ba:04:c1:93:b2:9f:e3:35:1c:d8:ad:85:03:
         06:32:5d:4c:4d:c1:7e:e8:53:59:1c:e6:33:82:16:0c:7f:67:
         00:e3:34:7d:a0:77:a7:32:e1:5a:fe:a3:b5:05:9b:53:12:8d:
         e5:07:f8:d0:07:b4:04:5d:46:e9:0e:67:0b:c1:e2:f7:cc:8c:
         0c:76:69:77:07:bc:17:2f:2d:2b:3e:c9:f6:76:b7:f5:bc:77:
         3c:42:d1:ed
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUaLzk59bNTneSUJXpEW1uCKIhVogwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwNjA4NDkyMVoX
DTI3MDUwNTA4NTQyMVowMzExMC8GA1UEAxMoNEUzOEJFRjE0QUEyQjIwNjE5OUQz
RDFCNTI3OTIzMzAwREU5NzI0NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2nMNtPd2buNN4qu9wDdwJ9XwFBUZ1FI1B2zPyAmF1cfJccy7wT45ExdRcj
XsMqDmLves/IGK1fJZ1M79iRYnN3Sxq5WYHddVHuzoaDrXOL8jiTO5FDRBd+q+Jt
JkgyXjpe0ziMHxgivAyWHnjsd4PqOvFyo33AyTubzmLlnKYB99Xur41hlFurIBfz
y+qA/Um0VYUl2Qb5g3UF5GwGVzzSjqqyuG8jBuYjaF97fcJWuskCn9dRX2goJ7cX
X6jlbws6LXYFO72KO+cgnJi3S1iMfbXanTl/P+gFdCWB6ixl/LR2lsRYgcwJa8dq
pxux04GwcOfHmUIYPIwgkBnxNtkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBROOL7x
SqKyBhmdPRtSeSMwDelyRTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUxOTk2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ0NYMA0GCSqGSIb3DQEBCwUAA4IBAQBdY43yg2EmTQWNlNGxYlJmF6WF
Obg6+y5JblTO/CKLQvLQDBwCgy4iuhj8MGE852nGgVaTOwDznmmaph2j8oja6fwX
SU0qSmoSqrC8Lbd6StxoVFI4yamZunJdpTDUwNx4TihzsoJMDSg2lIaeDz8Rk9Pm
lZTv5N3YPNmik/S2EjslIitFiMgsjVwN333W5fRiTVLs+lt9UzNhQU5ssQizpb0p
LXiRVboEwZOyn+M1HNithQMGMl1MTcF+6FNZHOYzghYMf2cA4zR9oHenMuFa/qO1
BZtTEo3lB/jQB7QEXUbpDmcLweL3zIwMdml3B7wXLy0rPsn2drf1vHc8QtHt
-----END CERTIFICATE-----