Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS152029.roa
File:                     AS152029.roa (raw, json)
Hash identifier:          msAL1cHN8U0578Yg/vsckTppFrxX3zuKjJP5oYOrUiw=
Subject key identifier:   50:EA:49:7C:CA:73:54:B0:A3:40:2F:46:D8:3B:53:1E:72:EC:3C:8D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       12BE6B9ECF0B6FD5B277F539369CD260B0261783
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152029.roa
Signing time:             Sun 03 May 2026 05:54:51 +0000
ROA not before:           Sun 03 May 2026 05:49:51 +0000
ROA not after:            Sun 02 May 2027 05:54:51 +0000
asID:                     152029
IP address blocks:        36.50.56.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:be:6b:9e:cf:0b:6f:d5:b2:77:f5:39:36:9c:d2:60:b0:26:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 05:49:51 2026 GMT
            Not After : May  2 05:54:51 2027 GMT
        Subject: CN=50EA497CCA7354B0A3402F46D83B531E72EC3C8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:85:6b:27:a2:f4:9f:b0:bb:f4:3a:3a:78:63:
                    b2:84:d2:af:ef:89:9c:67:64:49:82:7d:e7:5e:a3:
                    8f:e6:23:41:1e:2e:04:ac:89:62:b4:38:08:2f:4f:
                    cb:62:8f:79:92:d4:ff:cc:49:65:93:b4:28:7c:86:
                    95:c3:61:f3:b8:66:14:69:3c:69:e4:f4:72:f3:6e:
                    b7:9f:23:c9:b3:cc:4e:24:0e:f7:9c:e4:7a:68:a7:
                    c9:54:b5:87:f8:4c:99:f6:67:54:5d:d8:8b:7a:66:
                    d8:e2:47:06:2b:fe:f4:4f:3b:e5:dc:e2:5f:c5:b5:
                    f5:c4:04:57:16:32:d8:da:7a:28:d9:b8:37:bb:37:
                    66:26:c8:4c:53:27:81:93:76:5f:cc:65:c4:87:60:
                    df:f0:10:c7:2f:2a:ed:12:0f:d8:e9:0e:3b:dc:86:
                    da:71:2d:f8:97:1b:23:6e:a0:13:c1:1d:b5:24:b5:
                    8d:dc:98:8a:87:1a:8e:e0:18:e1:d7:41:79:cf:3d:
                    c7:ca:3d:b9:de:de:7f:50:77:26:c1:f7:d2:23:87:
                    5c:4e:03:34:36:98:c7:76:f1:40:4e:c5:41:d7:f2:
                    da:da:26:89:71:9a:68:37:ce:d6:8b:8b:dc:c5:a1:
                    68:53:c4:78:2a:d0:0a:a1:ef:9d:88:97:a6:14:00:
                    2a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EA:49:7C:CA:73:54:B0:A3:40:2F:46:D8:3B:53:1E:72:EC:3C:8D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS152029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:be:df:b3:08:21:a8:6e:62:a7:6c:44:9f:70:da:af:28:43:
         1b:fa:3e:9a:07:74:7f:21:35:5c:96:1c:75:e8:eb:64:f2:e6:
         69:48:a4:a7:40:c9:d2:ef:b3:33:35:55:af:c0:bb:b1:2d:db:
         66:4f:b8:72:19:eb:4a:d5:a8:7c:e5:75:df:f6:2d:2a:84:54:
         3c:ba:e5:ad:f7:3d:ad:42:62:e4:b8:fe:57:f3:ef:b9:9e:83:
         3f:3d:69:38:72:5c:dd:7a:bc:00:de:83:60:5f:7b:11:0a:63:
         38:04:bd:cd:c4:1c:c2:59:1e:d3:23:9f:27:f3:a0:21:1f:ab:
         91:16:e2:3d:f4:02:e9:78:32:8d:c8:ad:11:5d:93:aa:88:57:
         92:a1:db:bc:75:d1:32:3b:be:da:87:f7:04:91:e1:97:e5:d8:
         22:2b:ff:12:94:2f:11:45:44:1e:f6:09:6e:4d:52:17:06:b3:
         6b:cf:cb:c7:3f:45:a0:ff:10:6e:14:e8:eb:45:83:cb:73:42:
         1c:82:be:5f:8b:0e:79:4a:5b:e9:55:02:71:e7:05:6a:2a:13:
         31:c2:be:90:50:90:ec:f4:ac:02:90:e1:47:d3:5f:c3:26:0f:
         83:21:3c:ae:14:16:62:59:d8:c3:b3:56:e6:91:f3:e4:ce:18:
         32:6e:46:70
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEr5rns8Lb9Wyd/U5NpzSYLAmF4MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzA1NDk1MVoX
DTI3MDUwMjA1NTQ1MVowMzExMC8GA1UEAxMoNTBFQTQ5N0NDQTczNTRCMEEzNDAy
RjQ2RDgzQjUzMUU3MkVDM0M4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGFayei9J+wu/Q6OnhjsoTSr++JnGdkSYJ9516jj+YjQR4uBKyJYrQ4CC9P
y2KPeZLU/8xJZZO0KHyGlcNh87hmFGk8aeT0cvNut58jybPMTiQO95zkeminyVS1
h/hMmfZnVF3Yi3pm2OJHBiv+9E875dziX8W19cQEVxYy2Np6KNm4N7s3ZibITFMn
gZN2X8xlxIdg3/AQxy8q7RIP2OkOO9yG2nEt+JcbI26gE8EdtSS1jdyYiocajuAY
4ddBec89x8o9ud7ef1B3JsH30iOHXE4DNDaYx3bxQE7FQdfy2tomiXGaaDfO1ouL
3MWhaFPEeCrQCqHvnYiXphQAKtcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRQ6kl8
ynNUsKNAL0bYO1Mecuw8jTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTUyMDI5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBJDI4MA0GCSqGSIb3DQEBCwUAA4IBAQCcvt+zCCGobmKnbESfcNqvKEMb
+j6aB3R/ITVclhx16Otk8uZpSKSnQMnS77MzNVWvwLuxLdtmT7hyGetK1ah85XXf
9i0qhFQ8uuWt9z2tQmLkuP5X8++5noM/PWk4clzderwA3oNgX3sRCmM4BL3NxBzC
WR7TI58n86AhH6uRFuI99ALpeDKNyK0RXZOqiFeSodu8ddEyO77ah/cEkeGX5dgi
K/8SlC8RRUQe9gluTVIXBrNrz8vHP0Wg/xBuFOjrRYPLc0Icgr5fiw55SlvpVQJx
5wVqKhMxwr6QUJDs9KwCkOFH01/DJg+DITyuFBZiWdjDs1bmkfPkzhgybkZw
-----END CERTIFICATE-----