Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS135438.roa
File:                     AS135438.roa (raw, json)
Hash identifier:          8bTALbbNZEaygOmzIR13Bck6E+L4RXIXP2VKjKAZW8U=
Subject key identifier:   15:0B:19:E3:87:DD:7C:E4:EC:4C:FE:21:46:6B:9F:30:87:7C:08:C7
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       50CC02BEAC9A5AE816A71715CCBC0CDD09870072
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS135438.roa
Signing time:             Sat 02 May 2026 09:25:02 +0000
ROA not before:           Sat 02 May 2026 09:20:02 +0000
ROA not after:            Sat 01 May 2027 09:25:02 +0000
asID:                     135438
IP address blocks:        165.101.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:cc:02:be:ac:9a:5a:e8:16:a7:17:15:cc:bc:0c:dd:09:87:00:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:02 2026 GMT
            Not After : May  1 09:25:02 2027 GMT
        Subject: CN=150B19E387DD7CE4EC4CFE21466B9F30877C08C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:79:b1:82:91:c9:25:1e:44:d5:fe:7c:06:93:
                    e6:54:32:f0:5c:04:8e:62:5c:a1:21:d5:e8:bc:a4:
                    f8:f5:c8:54:12:4a:20:c0:dd:3a:ea:89:f9:73:2d:
                    a5:bb:a5:ef:3c:66:0b:93:dc:c0:32:ed:93:2a:79:
                    8b:f9:bf:80:8b:69:13:ab:87:d6:29:3a:4f:d6:10:
                    ca:ba:c0:91:6b:5f:72:84:d2:72:b8:20:0e:b2:49:
                    e1:ea:92:c1:84:06:ef:bf:e5:eb:8a:cc:bf:08:af:
                    04:26:c2:d1:9f:6c:f0:fb:e5:50:c9:f1:eb:c1:0a:
                    ec:4e:89:1e:0b:27:6c:fb:d4:f5:b5:34:dc:5b:2d:
                    95:9e:3b:3f:e2:ad:69:9e:b3:eb:3e:bf:ff:64:3e:
                    35:6f:6f:dd:63:47:39:fd:98:da:b2:22:a6:f0:a9:
                    7c:24:20:9e:c4:77:b8:2f:4c:28:a2:8d:4d:22:93:
                    ba:42:de:a3:60:2d:d8:54:93:c6:13:ef:c9:31:da:
                    05:e2:9c:2b:28:3d:f9:11:36:9d:aa:c9:dd:be:3d:
                    bf:83:a2:d4:5b:23:6f:b4:08:d9:a3:33:34:1c:82:
                    9c:87:66:1d:28:5b:20:3c:ca:de:ba:60:5e:ac:2c:
                    b2:de:78:4b:5c:f3:7d:05:7f:53:b5:b0:ff:07:24:
                    fc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:0B:19:E3:87:DD:7C:E4:EC:4C:FE:21:46:6B:9F:30:87:7C:08:C7
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS135438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:58:60:6f:7f:da:36:0e:ab:4d:97:03:82:ec:02:43:35:74:
         23:ed:7a:59:49:e5:ca:9e:f2:e1:32:e2:3f:a5:26:9a:65:ff:
         48:d8:48:3f:db:62:1d:fb:57:40:23:63:3c:d0:d9:ca:15:13:
         f9:e4:b7:7a:f9:d5:c8:7f:5b:a1:af:86:80:e0:85:be:1c:b1:
         68:28:09:6b:b0:7a:37:0c:cc:ac:e9:d5:97:3e:36:ce:b0:96:
         53:22:d7:a9:34:b5:7d:1a:90:25:05:ad:ef:c7:43:8c:8b:3a:
         f2:99:ee:f0:32:1e:45:10:3e:02:44:aa:cb:e2:7c:75:e9:05:
         39:bb:74:d8:20:de:37:ed:4c:fe:17:fd:2b:0b:f4:fb:f3:64:
         9c:a4:d8:e2:e5:c1:88:fb:5a:e3:fd:a8:24:21:ff:97:6f:ae:
         9b:0e:17:c1:bd:d5:1f:97:dd:92:ee:3d:ac:1e:34:ec:46:85:
         1c:df:2a:44:fc:92:6c:1d:a2:8e:9e:b6:44:be:3b:58:38:bb:
         c5:30:93:9d:f1:9e:c2:32:46:84:be:af:31:79:62:5a:c1:86:
         bf:56:4d:b3:c9:63:32:f6:2a:d1:4f:41:7b:67:87:ed:db:f8:
         d3:a8:5f:0a:45:41:75:cc:a1:9c:ac:6c:ad:5c:90:de:b3:63:
         ff:bd:91:06
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUUMwCvqyaWugWpxcVzLwM3QmHAHIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAwMloX
DTI3MDUwMTA5MjUwMlowMzExMC8GA1UEAxMoMTUwQjE5RTM4N0REN0NFNEVDNENG
RTIxNDY2QjlGMzA4NzdDMDhDNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK15sYKRySUeRNX+fAaT5lQy8FwEjmJcoSHV6Lyk+PXIVBJKIMDdOuqJ+XMt
pbul7zxmC5PcwDLtkyp5i/m/gItpE6uH1ik6T9YQyrrAkWtfcoTScrggDrJJ4eqS
wYQG77/l64rMvwivBCbC0Z9s8PvlUMnx68EK7E6JHgsnbPvU9bU03FstlZ47P+Kt
aZ6z6z6//2Q+NW9v3WNHOf2Y2rIipvCpfCQgnsR3uC9MKKKNTSKTukLeo2At2FST
xhPvyTHaBeKcKyg9+RE2narJ3b49v4Oi1Fsjb7QI2aMzNByCnIdmHShbIDzK3rpg
Xqwsst54S1zzfQV/U7Ww/wck/JsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQVCxnj
h9185OxM/iFGa58wh3wIxzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM1NDM4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBpWXIMA0GCSqGSIb3DQEBCwUAA4IBAQCgWGBvf9o2DqtNlwOC7AJDNXQj
7XpZSeXKnvLhMuI/pSaaZf9I2Eg/22Id+1dAI2M80NnKFRP55Ld6+dXIf1uhr4aA
4IW+HLFoKAlrsHo3DMys6dWXPjbOsJZTItepNLV9GpAlBa3vx0OMizryme7wMh5F
ED4CRKrL4nx16QU5u3TYIN437Uz+F/0rC/T782ScpNji5cGI+1rj/agkIf+Xb66b
DhfBvdUfl92S7j2sHjTsRoUc3ypE/JJsHaKOnrZEvjtYOLvFMJOd8Z7CMkaEvq8x
eWJawYa/Vk2zyWMy9irRT0F7Z4ft2/jTqF8KRUF1zKGcrGytXJDes2P/vZEG
-----END CERTIFICATE-----