Route Origin Authorization
$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS0.roa
File: AS0.roa (raw, json)
Hash identifier: cqJskOG32lm/Eu6+AY+uEwnIEZ1G8Y5PT1CsMLc8AtM=
Subject key identifier: 44:3D:4A:33:01:AF:4A:8A:40:09:88:44:09:F3:B5:72:12:29:BD:E8
Certificate issuer: /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial: 76B6CD825A1D53442E3D1119F0D6F9976D49ABC3
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access: rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS0.roa
Signing time: Sat 02 May 2026 17:22:20 +0000
ROA not before: Sat 02 May 2026 17:17:20 +0000
ROA not after: Sat 01 May 2027 17:22:20 +0000
asID: 0
IP address blocks: 157.10.212.0/23 maxlen: 24
157.10.237.0/24 maxlen: 24
157.15.68.0/24 maxlen: 24
157.15.170.0/23 maxlen: 24
157.20.120.0/23 maxlen: 24
157.20.167.0/24 maxlen: 24
157.20.232.0/24 maxlen: 24
157.66.54.0/23 maxlen: 24
157.66.126.0/23 maxlen: 24
160.19.186.0/23 maxlen: 24
160.20.78.0/24 maxlen: 24
160.20.250.0/24 maxlen: 24
160.22.4.0/23 maxlen: 24
160.22.10.0/23 maxlen: 24
160.22.98.0/23 maxlen: 24
160.22.187.0/24 maxlen: 24
160.22.250.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 03 May 2026 20:26:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:b6:cd:82:5a:1d:53:44:2e:3d:11:19:f0:d6:f9:97:6d:49:ab:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Validity
Not Before: May 2 17:17:20 2026 GMT
Not After : May 1 17:22:20 2027 GMT
Subject: CN=443D4A3301AF4A8A4009884409F3B5721229BDE8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:14:6f:d3:e5:37:ef:a2:9d:41:96:c8:09:76:
a8:3c:02:9f:f1:47:9c:b1:06:12:5b:4f:1c:8a:0e:
be:09:01:54:10:ad:08:08:1b:23:53:f9:85:93:bd:
81:d2:69:a8:59:ed:61:bc:c6:3a:33:23:aa:03:7c:
1b:22:af:80:ef:75:94:e6:ad:74:6f:17:e0:93:69:
a5:43:19:da:71:9c:3f:63:10:34:69:d8:bd:2a:3c:
5f:24:c6:05:9f:cb:54:03:35:42:74:bb:91:fc:be:
62:e4:13:9e:fc:7b:e8:0e:5b:24:07:16:7b:04:99:
bd:bb:68:98:38:28:ce:77:05:67:ae:fb:33:a6:43:
2a:9e:e6:ad:f2:97:9f:91:e6:fa:d8:c4:61:18:0e:
f5:ea:b1:97:81:57:29:26:2c:a2:b1:23:53:72:c4:
0d:26:ae:69:b2:3c:d4:4a:10:21:9a:0c:c2:c2:b1:
ec:19:77:e6:77:fb:90:13:46:85:fd:55:8f:d8:55:
c8:2a:49:9c:1d:97:74:ed:41:95:0a:ce:39:bc:62:
fe:b2:a2:e0:df:db:55:a3:97:2d:ce:38:56:72:6b:
20:7b:05:d4:72:eb:6d:d6:5b:b1:20:66:27:d6:1b:
82:05:77:cf:29:6d:27:88:31:96:9e:c4:94:b1:1b:
9a:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3D:4A:33:01:AF:4A:8A:40:09:88:44:09:F3:B5:72:12:29:BD:E8
X509v3 Authority Key Identifier:
keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS0.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
157.10.212.0/23
157.10.237.0/24
157.15.68.0/24
157.15.170.0/23
157.20.120.0/23
157.20.167.0/24
157.20.232.0/24
157.66.54.0/23
157.66.126.0/23
160.19.186.0/23
160.20.78.0/24
160.20.250.0/24
160.22.4.0/23
160.22.10.0/23
160.22.98.0/23
160.22.187.0/24
160.22.250.0/23
Signature Algorithm: sha256WithRSAEncryption
7e:2a:aa:44:63:04:f3:89:96:4a:48:7e:3a:bd:c3:5e:09:4d:
a3:5e:d6:23:f0:30:96:47:e8:04:8f:d5:0b:92:d1:ef:b7:1b:
cd:44:74:d9:66:29:e4:b2:47:91:77:e1:90:36:d4:ef:0c:5c:
ec:ac:a9:ad:a5:ba:44:c2:d5:39:6c:b6:49:7c:cc:27:ca:9a:
6c:d5:d1:42:51:3a:8b:fc:ad:90:9a:f9:1a:aa:f9:57:4e:7b:
73:42:34:00:74:82:30:26:1e:05:fa:85:55:4b:31:c8:fc:b2:
e7:0f:a3:b8:a4:e7:09:ca:68:f0:0c:d9:f3:61:56:8f:21:f8:
7d:a0:ea:60:27:17:2d:fd:e3:3f:2f:e5:e5:39:fe:96:d3:cf:
89:66:17:f0:f2:35:d1:28:ab:ff:05:df:cc:e0:a4:28:28:5f:
8b:cd:e3:96:73:cd:d1:2f:f3:e1:dd:58:d9:94:33:2d:d5:84:
04:50:56:81:6b:1a:ec:6d:b4:53:4c:2a:97:41:72:df:ca:f8:
38:9c:b7:3a:82:3e:bf:d6:d7:63:db:60:18:0d:16:b5:5e:a7:
ab:b6:cb:ae:91:0b:af:5c:1b:4b:47:1f:73:d8:32:a4:a3:c0:
f5:68:08:ee:99:6d:78:de:95:41:fa:3d:6a:77:f4:8e:f3:3c:
be:7c:d2:d2
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUdrbNglodU0QuPREZ8Nb5l21Jq8MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjE3MTcyMFoX
DTI3MDUwMTE3MjIyMFowMzExMC8GA1UEAxMoNDQzRDRBMzMwMUFGNEE4QTQwMDk4
ODQ0MDlGM0I1NzIxMjI5QkRFODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0Ub9PlN++inUGWyAl2qDwCn/FHnLEGEltPHIoOvgkBVBCtCAgbI1P5hZO9
gdJpqFntYbzGOjMjqgN8GyKvgO91lOatdG8X4JNppUMZ2nGcP2MQNGnYvSo8XyTG
BZ/LVAM1QnS7kfy+YuQTnvx76A5bJAcWewSZvbtomDgozncFZ677M6ZDKp7mrfKX
n5Hm+tjEYRgO9eqxl4FXKSYsorEjU3LEDSauabI81EoQIZoMwsKx7Bl35nf7kBNG
hf1Vj9hVyCpJnB2XdO1BlQrOObxi/rKi4N/bVaOXLc44VnJrIHsF1HLrbdZbsSBm
J9YbggV3zyltJ4gxlp7ElLEbmqcCAwEAAaOCAicwggIjMB0GA1UdDgQWBBREPUoz
Aa9KikAJiEQJ87VyEim96DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBNBggrBgEFBQcBCwRBMD8wPQYIKwYBBQUHMAuGMXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMC5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjB/BggrBgEFBQcBBwEB/wRwMG4wbAQCAAEwZgME
AZ0K1AMEAJ0K7QMEAJ0PRAMEAZ0PqgMEAZ0UeAMEAJ0UpwMEAJ0U6AMEAZ1CNgME
AZ1CfgMEAaATugMEAKAUTgMEAKAU+gMEAaAWBAMEAaAWCgMEAaAWYgMEAKAWuwME
AaAW+jANBgkqhkiG9w0BAQsFAAOCAQEAfiqqRGME84mWSkh+Or3DXglNo17WI/Aw
lkfoBI/VC5LR77cbzUR02WYp5LJHkXfhkDbU7wxc7KypraW6RMLVOWy2SXzMJ8qa
bNXRQlE6i/ytkJr5Gqr5V057c0I0AHSCMCYeBfqFVUsxyPyy5w+juKTnCcpo8AzZ
82FWjyH4faDqYCcXLf3jPy/l5Tn+ltPPiWYX8PI10Sir/wXfzOCkKChfi83jlnPN
0S/z4d1Y2ZQzLdWEBFBWgWsa7G20U0wql0Fy38r4OJy3OoI+v9bXY9tgGA0WtV6n
q7bLrpELr1wbS0cfc9gypKPA9WgI7plteN6VQfo9anf0jvM8vnzS0g==
-----END CERTIFICATE-----
Generated at Sat May 2 21:03:36 2026 by rpki-client