Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS136816.roa
File:                     AS136816.roa (raw, json)
Hash identifier:          cdt8Y0jEGJYWmRxHMMWXYq7nkvj8GIxqF+mUejNMhKU=
Subject key identifier:   5E:57:45:C6:85:AE:6E:CB:15:11:D5:E0:C2:84:72:F0:32:D0:A0:62
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3E467FF7B91CDB8067589BFE0F70B96C3D5CD2D5
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS136816.roa
Signing time:             Sat 02 May 2026 09:23:25 +0000
ROA not before:           Sat 02 May 2026 09:18:25 +0000
ROA not after:            Sat 01 May 2027 09:23:25 +0000
asID:                     136816
IP address blocks:        138.252.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:46:7f:f7:b9:1c:db:80:67:58:9b:fe:0f:70:b9:6c:3d:5c:d2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:25 2026 GMT
            Not After : May  1 09:23:25 2027 GMT
        Subject: CN=5E5745C685AE6ECB1511D5E0C28472F032D0A062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:92:59:39:90:1a:79:fb:44:c3:9a:46:1f:24:
                    44:88:aa:31:e8:9a:14:7c:0f:ad:68:5a:10:05:8e:
                    4a:1f:87:0d:82:b0:95:83:c6:8d:f5:37:71:07:01:
                    93:eb:c7:96:63:a2:c9:b6:1b:15:59:c3:57:1b:e9:
                    78:9c:d2:7b:c1:ee:50:e9:44:56:62:e6:a5:92:e6:
                    29:ea:3d:94:f0:f4:5b:36:ae:04:81:da:e1:a8:99:
                    c2:a4:de:a3:d1:39:e8:e4:42:4d:ce:c1:8d:b4:9b:
                    d7:47:41:f5:5b:cd:15:33:e5:17:d9:a1:87:bf:91:
                    d5:34:25:2a:63:05:d2:07:4c:38:46:75:8e:b7:54:
                    6d:69:59:96:2a:0e:f2:ae:db:7b:bb:5d:a4:02:e5:
                    63:20:0a:24:20:0b:86:43:e2:28:30:26:d1:80:b6:
                    04:dc:dc:d5:1d:7c:78:bc:7b:12:61:a2:6c:12:56:
                    7e:ca:00:b6:50:3d:24:7e:29:54:20:e0:ff:b3:8e:
                    83:f6:b3:6e:43:e6:68:63:ba:13:e9:16:ee:ea:c2:
                    77:2d:3a:50:8d:1a:58:56:aa:86:4a:d0:7d:cb:83:
                    09:d4:7f:df:b8:55:f1:c2:bb:87:cd:1b:8e:58:87:
                    eb:75:51:ea:ab:e3:a2:97:19:44:e2:cf:90:5d:e0:
                    86:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:57:45:C6:85:AE:6E:CB:15:11:D5:E0:C2:84:72:F0:32:D0:A0:62
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS136816.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:f1:e0:7a:83:d6:aa:b5:7f:86:92:db:58:63:9f:cb:ca:ee:
         1b:90:f4:a1:fb:c6:ac:ff:c4:34:4a:32:94:3e:ff:dc:a5:c3:
         1d:a5:b0:53:84:e7:2d:93:0a:2b:8a:57:cb:19:f1:cf:1d:da:
         38:63:df:35:97:f4:2a:5b:33:6c:82:08:e5:15:51:f3:a7:c0:
         84:8f:57:4c:36:ea:6f:eb:4e:0e:7a:36:74:4f:37:40:b7:b8:
         ee:23:d3:49:e6:8e:d6:32:1e:ca:2b:76:dc:ba:a3:f6:9f:9d:
         e5:5e:bb:fb:bc:f6:5a:0c:46:32:8c:14:8b:fb:d8:63:41:55:
         b8:c7:ef:d3:f0:4d:a0:87:b9:cb:61:3c:d6:98:11:6e:a5:e1:
         7d:e6:5a:bb:41:9d:90:65:af:63:3e:59:1e:76:68:c2:83:8f:
         3d:9d:3b:26:a6:42:1c:eb:45:40:cc:06:32:88:0d:eb:8b:eb:
         97:cf:e5:1f:89:0c:00:08:e7:ad:16:39:5e:cb:b0:12:e4:95:
         c0:02:0a:ba:29:72:a8:6f:b6:9b:60:a5:db:7e:ca:2f:1f:84:
         1e:10:38:25:d8:c4:d9:eb:b5:d8:3d:55:35:53:72:6c:4d:07:
         3c:b5:1f:b8:2e:c4:b1:ba:9a:56:25:3f:73:44:ea:5c:0c:ef:
         21:0c:85:5b
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPkZ/97kc24BnWJv+D3C5bD1c0tUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgyNVoX
DTI3MDUwMTA5MjMyNVowMzExMC8GA1UEAxMoNUU1NzQ1QzY4NUFFNkVDQjE1MTFE
NUUwQzI4NDcyRjAzMkQwQTA2MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIySWTmQGnn7RMOaRh8kRIiqMeiaFHwPrWhaEAWOSh+HDYKwlYPGjfU3cQcB
k+vHlmOiybYbFVnDVxvpeJzSe8HuUOlEVmLmpZLmKeo9lPD0WzauBIHa4aiZwqTe
o9E56ORCTc7BjbSb10dB9VvNFTPlF9mhh7+R1TQlKmMF0gdMOEZ1jrdUbWlZlioO
8q7be7tdpALlYyAKJCALhkPiKDAm0YC2BNzc1R18eLx7EmGibBJWfsoAtlA9JH4p
VCDg/7OOg/azbkPmaGO6E+kW7urCdy06UI0aWFaqhkrQfcuDCdR/37hV8cK7h80b
jliH63VR6qvjopcZROLPkF3ghokCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBReV0XG
ha5uyxUR1eDChHLwMtCgYjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM2ODE2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAivy3MA0GCSqGSIb3DQEBCwUAA4IBAQB58eB6g9aqtX+GkttYY5/Lyu4b
kPSh+8as/8Q0SjKUPv/cpcMdpbBThOctkworilfLGfHPHdo4Y981l/QqWzNsggjl
FVHzp8CEj1dMNupv604OejZ0TzdAt7juI9NJ5o7WMh7KK3bcuqP2n53lXrv7vPZa
DEYyjBSL+9hjQVW4x+/T8E2gh7nLYTzWmBFupeF95lq7QZ2QZa9jPlkedmjCg489
nTsmpkIc60VAzAYyiA3ri+uXz+UfiQwACOetFjley7AS5JXAAgq6KXKob7abYKXb
fsovH4QeEDgl2MTZ67XYPVU1U3JsTQc8tR+4LsSxuppWJT9zROpcDO8hDIVb
-----END CERTIFICATE-----