Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS134412.roa
File:                     AS134412.roa (raw, json)
Hash identifier:          6E4vcE3gBBfx0llI5DqPzLvE7j7OLmyrgrfWoOh4PxA=
Subject key identifier:   83:2F:F4:73:2D:CA:F7:92:72:44:49:98:CA:D4:D6:A7:54:7B:56:77
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       670F3F4637C39FED86A0385EED2606BAC6531350
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS134412.roa
Signing time:             Sat 02 May 2026 09:25:01 +0000
ROA not before:           Sat 02 May 2026 09:20:01 +0000
ROA not after:            Sat 01 May 2027 09:25:01 +0000
asID:                     134412
IP address blocks:        165.101.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:0f:3f:46:37:c3:9f:ed:86:a0:38:5e:ed:26:06:ba:c6:53:13:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:01 2026 GMT
            Not After : May  1 09:25:01 2027 GMT
        Subject: CN=832FF4732DCAF79272444998CAD4D6A7547B5677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:31:59:27:d3:4d:6a:57:29:3f:34:d3:7e:64:
                    87:d4:3f:6a:28:91:bb:40:3f:3d:52:2e:c8:1b:d5:
                    69:3d:4d:e3:ae:ae:bb:09:01:da:9a:35:1d:f4:30:
                    70:ae:c0:2c:46:8e:da:66:02:94:2a:1f:06:3b:88:
                    b2:5f:4d:19:dc:a4:ec:b1:81:ee:3a:53:f8:67:03:
                    fd:0f:38:e9:3c:f7:64:7d:d6:cd:57:af:50:0d:c5:
                    6b:02:1d:98:e1:e9:de:d7:91:10:99:9a:8f:60:87:
                    a2:e1:3e:3a:7b:19:1e:af:e3:d8:80:78:a4:45:47:
                    26:ee:1d:64:d0:b0:19:85:48:33:57:bf:b5:12:9d:
                    5c:3d:6f:93:8e:b0:7e:b2:21:95:c5:7d:48:e4:ff:
                    36:ec:51:d5:e9:fe:c2:40:96:de:d7:49:01:c9:77:
                    b2:04:94:38:fb:06:d7:82:a9:f7:4e:f8:00:67:e1:
                    cd:50:52:95:b1:d2:29:26:93:46:23:ba:09:81:2c:
                    db:b4:59:da:1e:79:10:04:60:ae:5d:e7:bf:18:3f:
                    be:e2:2c:21:08:11:45:48:ad:45:60:49:6f:0f:5e:
                    8c:f3:8a:13:cd:ca:9c:35:33:ba:e8:ce:8c:ff:b8:
                    a3:86:62:a7:13:46:97:16:71:02:e2:20:8f:c3:ac:
                    72:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:2F:F4:73:2D:CA:F7:92:72:44:49:98:CA:D4:D6:A7:54:7B:56:77
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS134412.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:57:ac:28:5e:be:7c:d6:a1:9d:3a:32:46:a4:17:17:68:b0:
         a4:95:75:6e:ef:8f:4f:52:49:95:1b:b8:64:2e:1e:8e:b5:52:
         a8:a3:14:7f:1e:10:0f:2f:b3:9e:43:cc:8b:c4:a9:f0:aa:fc:
         7f:cb:a0:7f:b9:2a:11:ec:bc:89:96:b8:4a:42:10:34:20:95:
         8e:78:b0:d1:43:bc:16:e7:bc:f4:33:e2:90:83:39:34:09:aa:
         da:60:63:74:74:63:c6:19:d4:ee:90:5d:51:8f:f2:e8:ae:e7:
         a8:6b:f9:51:d4:3e:2a:f5:f8:02:c8:84:90:82:b3:f4:bf:39:
         b9:de:ca:ae:a4:a0:a0:66:53:10:c9:91:b1:66:4d:ca:db:34:
         e1:42:fd:a9:4e:e1:ad:7d:20:3e:75:6e:6f:25:1c:9b:67:38:
         c4:5c:8c:e2:64:8e:04:7e:cd:96:ba:3f:5c:ea:8f:94:c7:61:
         0d:5a:7a:08:dc:f2:01:48:f7:29:eb:42:af:b2:d4:2c:aa:37:
         81:01:79:eb:d7:08:57:17:7f:78:d8:74:86:13:63:78:e7:5e:
         13:dc:99:6a:b2:2f:49:f2:f2:d3:7e:e8:b8:dd:c2:cf:93:89:
         b0:98:83:e8:46:42:8e:04:a6:11:fb:7f:bc:11:1d:80:4f:ff:
         2d:43:aa:0e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUZw8/RjfDn+2GoDhe7SYGusZTE1AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAwMVoX
DTI3MDUwMTA5MjUwMVowMzExMC8GA1UEAxMoODMyRkY0NzMyRENBRjc5MjcyNDQ0
OTk4Q0FENEQ2QTc1NDdCNTY3NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAxWSfTTWpXKT80035kh9Q/aiiRu0A/PVIuyBvVaT1N466uuwkB2po1HfQw
cK7ALEaO2mYClCofBjuIsl9NGdyk7LGB7jpT+GcD/Q846Tz3ZH3WzVevUA3FawId
mOHp3teREJmaj2CHouE+OnsZHq/j2IB4pEVHJu4dZNCwGYVIM1e/tRKdXD1vk46w
frIhlcV9SOT/NuxR1en+wkCW3tdJAcl3sgSUOPsG14Kp9074AGfhzVBSlbHSKSaT
RiO6CYEs27RZ2h55EARgrl3nvxg/vuIsIQgRRUitRWBJbw9ejPOKE83KnDUzuujO
jP+4o4ZipxNGlxZxAuIgj8OscoUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSDL/Rz
Lcr3knJESZjK1NanVHtWdzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM0NDEyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWX3MA0GCSqGSIb3DQEBCwUAA4IBAQCbV6woXr581qGdOjJGpBcXaLCk
lXVu749PUkmVG7hkLh6OtVKooxR/HhAPL7OeQ8yLxKnwqvx/y6B/uSoR7LyJlrhK
QhA0IJWOeLDRQ7wW57z0M+KQgzk0CaraYGN0dGPGGdTukF1Rj/Lorueoa/lR1D4q
9fgCyISQgrP0vzm53squpKCgZlMQyZGxZk3K2zThQv2pTuGtfSA+dW5vJRybZzjE
XIziZI4Efs2Wuj9c6o+Ux2ENWnoI3PIBSPcp60KvstQsqjeBAXnr1whXF3942HSG
E2N4514T3Jlqsi9J8vLTfui43cLPk4mwmIPoRkKOBKYR+3+8ER2AT/8tQ6oO
-----END CERTIFICATE-----