Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS137245.roa
File:                     AS137245.roa (raw, json)
Hash identifier:          NPaBeuOXn8/cDGPrxvWeJHdObzZwJvPOSDdmYCnubL0=
Subject key identifier:   74:A1:C9:64:91:96:86:F0:7F:E8:DC:2A:D0:6A:6B:E1:7A:E0:50:26
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       54DDCE9BE366CDDA8D88A5A9E32485E5472E162E
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS137245.roa
Signing time:             Sat 02 May 2026 09:23:16 +0000
ROA not before:           Sat 02 May 2026 09:18:16 +0000
ROA not after:            Sat 01 May 2027 09:23:16 +0000
asID:                     137245
IP address blocks:        144.79.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:dd:ce:9b:e3:66:cd:da:8d:88:a5:a9:e3:24:85:e5:47:2e:16:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:16 2026 GMT
            Not After : May  1 09:23:16 2027 GMT
        Subject: CN=74A1C964919686F07FE8DC2AD06A6BE17AE05026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8e:77:43:30:03:ec:0a:70:37:63:08:f1:3e:
                    56:ac:31:62:56:f2:80:db:7a:cf:fe:38:69:6d:12:
                    ba:91:62:f1:61:1e:1a:c6:d2:bd:99:28:58:d4:ab:
                    f9:9d:d2:f5:72:f2:1f:16:0d:c1:8f:c2:ea:ea:bc:
                    b5:7f:d2:b6:96:a1:d5:07:a7:28:e8:92:66:3c:3a:
                    01:0e:99:aa:b8:46:92:e6:5e:1d:08:d5:1c:bd:df:
                    ad:17:38:fe:6b:bc:06:34:9d:43:72:e0:8a:82:2d:
                    52:20:ae:ef:92:f6:4b:f0:0f:e6:65:4b:e5:c0:ac:
                    b3:3f:b2:b8:3d:53:0a:93:46:81:02:f8:3f:78:f9:
                    1f:e7:60:6b:b0:e7:83:a4:1b:3d:02:8b:47:c2:e3:
                    e2:ea:f3:a9:a8:64:90:c9:ca:5f:8d:de:10:20:91:
                    4d:bc:c6:c0:f5:7b:cc:69:99:94:0f:5d:56:01:0f:
                    93:7d:b3:35:6f:3e:68:d2:5c:73:f1:4b:d2:66:77:
                    9d:5e:c4:cd:6f:2e:0a:8e:d7:14:75:bc:d5:0d:90:
                    61:d6:d8:30:46:87:f9:62:6e:fd:99:4e:5f:e3:7b:
                    cb:de:32:8a:0b:20:e3:77:8f:a5:63:f4:08:06:88:
                    07:a1:fc:41:72:42:25:9a:9a:bb:63:0d:b3:c6:e8:
                    5c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A1:C9:64:91:96:86:F0:7F:E8:DC:2A:D0:6A:6B:E1:7A:E0:50:26
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS137245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:3a:3d:a6:7c:a0:9a:a3:b2:56:2b:be:ed:e2:69:14:d5:ab:
         d7:9b:cf:b2:9b:f9:82:f2:5f:9e:9f:af:98:86:e1:63:ff:b2:
         ec:cc:a3:29:c4:d1:29:a0:bd:d0:61:43:e0:b0:db:5e:37:79:
         8c:c0:3c:f6:d8:62:50:77:23:49:5a:9d:09:c2:e6:14:3c:70:
         4a:4c:cf:72:8a:f2:ea:e0:b2:4b:2e:e3:2f:58:01:e7:34:1c:
         1d:f3:29:77:85:36:e9:b8:91:75:61:e0:6e:a6:cc:6a:5b:41:
         31:ea:0b:4b:5e:98:47:b5:13:e0:a0:77:43:2b:69:27:58:ea:
         80:66:44:41:8b:33:bb:80:ef:86:2e:e2:7c:d9:c1:9f:58:9d:
         e3:95:1e:64:6a:25:f9:fd:47:cd:59:83:64:c6:be:a1:7e:ca:
         a0:6e:c1:ae:ef:61:40:a5:50:d1:ea:2b:48:1c:dd:8e:09:58:
         5e:35:ab:5a:63:08:59:43:ae:49:31:cb:99:60:73:2a:fa:66:
         9b:7d:b8:de:c4:db:19:61:1c:55:94:ca:a6:81:e4:64:27:f9:
         61:47:87:c3:e2:b1:bf:37:4f:76:f3:d0:b5:76:35:c9:ef:36:
         ba:21:04:ae:a4:05:08:b2:06:af:91:ca:c8:91:de:27:af:f0:
         67:be:5d:0a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVN3Om+NmzdqNiKWp4ySF5UcuFi4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgxNloX
DTI3MDUwMTA5MjMxNlowMzExMC8GA1UEAxMoNzRBMUM5NjQ5MTk2ODZGMDdGRThE
QzJBRDA2QTZCRTE3QUUwNTAyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANeOd0MwA+wKcDdjCPE+VqwxYlbygNt6z/44aW0SupFi8WEeGsbSvZkoWNSr
+Z3S9XLyHxYNwY/C6uq8tX/Stpah1QenKOiSZjw6AQ6ZqrhGkuZeHQjVHL3frRc4
/mu8BjSdQ3LgioItUiCu75L2S/AP5mVL5cCssz+yuD1TCpNGgQL4P3j5H+dga7Dn
g6QbPQKLR8Lj4urzqahkkMnKX43eECCRTbzGwPV7zGmZlA9dVgEPk32zNW8+aNJc
c/FL0mZ3nV7EzW8uCo7XFHW81Q2QYdbYMEaH+WJu/ZlOX+N7y94yigsg43ePpWP0
CAaIB6H8QXJCJZqau2MNs8boXJMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR0oclk
kZaG8H/o3CrQamvheuBQJjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM3MjQ1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE9BMA0GCSqGSIb3DQEBCwUAA4IBAQACOj2mfKCao7JWK77t4mkU1avX
m8+ym/mC8l+en6+YhuFj/7LszKMpxNEpoL3QYUPgsNteN3mMwDz22GJQdyNJWp0J
wuYUPHBKTM9yivLq4LJLLuMvWAHnNBwd8yl3hTbpuJF1YeBupsxqW0Ex6gtLXphH
tRPgoHdDK2knWOqAZkRBizO7gO+GLuJ82cGfWJ3jlR5kaiX5/UfNWYNkxr6hfsqg
bsGu72FApVDR6itIHN2OCVheNataYwhZQ65JMcuZYHMq+mabfbjexNsZYRxVlMqm
geRkJ/lhR4fD4rG/N09289C1djXJ7za6IQSupAUIsgavkcrIkd4nr/Bnvl0K
-----END CERTIFICATE-----