Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS137428.roa
File:                     AS137428.roa (raw, json)
Hash identifier:          dO/mTkNmjC7SvNZhCOcTlm7yC24WSsDNM/8ZKg667FI=
Subject key identifier:   2D:7C:7A:47:25:AE:0A:7D:7E:F2:3E:31:24:59:2B:C0:53:5F:11:15
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       563B34631CF26B6CB6F115D41A5EE2F34F999E1C
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS137428.roa
Signing time:             Sat 02 May 2026 09:25:05 +0000
ROA not before:           Sat 02 May 2026 09:20:05 +0000
ROA not after:            Sat 01 May 2027 09:25:05 +0000
asID:                     137428
IP address blocks:        165.101.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:3b:34:63:1c:f2:6b:6c:b6:f1:15:d4:1a:5e:e2:f3:4f:99:9e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:05 2026 GMT
            Not After : May  1 09:25:05 2027 GMT
        Subject: CN=2D7C7A4725AE0A7D7EF23E3124592BC0535F1115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:03:16:45:8a:5e:54:df:8d:19:14:03:7d:13:
                    e4:fb:0d:44:ec:50:77:2d:a6:2f:21:ee:df:af:f3:
                    69:14:40:9e:b9:b2:eb:ae:34:e8:d0:15:89:6d:88:
                    09:10:3e:23:3b:a6:ab:63:32:d2:07:86:17:86:53:
                    cf:ba:44:6a:7f:99:45:15:06:91:fa:3a:2a:9d:cb:
                    30:d8:88:d6:d8:e3:f1:10:32:8b:43:d6:b6:ed:c6:
                    d4:65:39:f4:26:ff:5a:ec:ee:94:37:82:a6:8a:47:
                    46:1d:eb:c9:f9:65:5d:f6:aa:9d:7f:c2:70:81:4e:
                    f2:c4:04:80:4e:66:45:ac:c5:e3:74:88:04:c1:3d:
                    3e:ae:b8:8b:35:41:79:eb:4c:fa:fb:15:51:fe:9a:
                    73:91:d9:9c:80:83:e8:da:74:5b:b5:0a:02:ea:be:
                    c4:a5:fe:56:ca:a4:45:f2:ae:f6:1b:9e:1f:18:1b:
                    2b:a7:e1:9c:cd:f5:01:e2:e1:7c:04:a5:3b:6f:f6:
                    5e:00:37:75:cc:ca:2f:21:26:eb:bd:fd:30:a1:c6:
                    1f:d9:a2:1b:de:b4:50:8f:f0:cd:27:72:94:b7:27:
                    16:1e:f1:f7:da:88:17:d9:f9:d1:39:74:6f:6c:19:
                    ed:3e:08:08:f2:60:53:d6:d6:67:bf:96:be:d3:26:
                    96:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:7C:7A:47:25:AE:0A:7D:7E:F2:3E:31:24:59:2B:C0:53:5F:11:15
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS137428.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:8d:c2:e2:ad:1d:30:5d:4e:bd:30:e8:6a:cb:aa:ae:4b:f7:
         99:42:59:03:ad:5c:5b:fa:b6:85:2a:1c:cf:f4:db:e6:1b:16:
         eb:1d:fe:88:08:18:23:3f:e4:f3:aa:39:03:5f:a8:21:6b:f0:
         c2:9a:4b:fa:ae:e6:18:b3:f9:fb:73:23:63:19:9b:e1:1d:63:
         ea:ec:75:3c:26:92:22:2b:a2:56:9e:47:29:3d:44:5a:ac:25:
         0c:c8:bb:3d:38:a1:37:e2:82:9e:fa:4e:b3:62:ff:5c:5e:8e:
         94:b9:25:d4:86:8c:25:2b:13:12:4a:d5:f6:91:59:4f:2a:26:
         10:c4:31:5f:d6:b4:53:3e:cb:fe:c5:3f:0b:dc:e1:e0:dc:37:
         66:17:36:42:29:ce:a7:f5:16:0e:60:9e:62:21:1a:00:a8:a5:
         b6:1b:ab:db:03:d7:d9:eb:32:5e:1a:1e:dc:00:9c:db:a5:bf:
         62:27:67:f1:1c:db:d0:57:a3:7f:4a:37:ea:ab:f1:68:7e:3c:
         cc:41:a8:8e:c2:a9:7c:e7:bf:8e:ad:c1:f7:97:b4:23:31:4e:
         d7:d7:c9:e8:d1:ef:81:0a:84:ca:fe:22:ea:21:e9:0d:d8:21:
         7d:84:6a:d9:2b:78:cf:4f:19:8d:bf:79:30:68:24:bc:72:cb:
         38:78:fb:08
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVjs0Yxzya2y28RXUGl7i80+ZnhwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAwNVoX
DTI3MDUwMTA5MjUwNVowMzExMC8GA1UEAxMoMkQ3QzdBNDcyNUFFMEE3RDdFRjIz
RTMxMjQ1OTJCQzA1MzVGMTExNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJUDFkWKXlTfjRkUA30T5PsNROxQdy2mLyHu36/zaRRAnrmy66406NAViW2I
CRA+Izumq2My0geGF4ZTz7pEan+ZRRUGkfo6Kp3LMNiI1tjj8RAyi0PWtu3G1GU5
9Cb/WuzulDeCpopHRh3ryfllXfaqnX/CcIFO8sQEgE5mRazF43SIBME9Pq64izVB
eetM+vsVUf6ac5HZnICD6Np0W7UKAuq+xKX+VsqkRfKu9hueHxgbK6fhnM31AeLh
fASlO2/2XgA3dczKLyEm6739MKHGH9miG960UI/wzSdylLcnFh7x99qIF9n50Tl0
b2wZ7T4ICPJgU9bWZ7+WvtMmlusCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQtfHpH
Ja4KfX7yPjEkWSvAU18RFTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM3NDI4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQApWV9MA0GCSqGSIb3DQEBCwUAA4IBAQCEjcLirR0wXU69MOhqy6quS/eZ
QlkDrVxb+raFKhzP9NvmGxbrHf6ICBgjP+TzqjkDX6gha/DCmkv6ruYYs/n7cyNj
GZvhHWPq7HU8JpIiK6JWnkcpPURarCUMyLs9OKE34oKe+k6zYv9cXo6UuSXUhowl
KxMSStX2kVlPKiYQxDFf1rRTPsv+xT8L3OHg3DdmFzZCKc6n9RYOYJ5iIRoAqKW2
G6vbA9fZ6zJeGh7cAJzbpb9iJ2fxHNvQV6N/Sjfqq/FofjzMQaiOwql857+OrcH3
l7QjMU7X18no0e+BCoTK/iLqIekN2CF9hGrZK3jPTxmNv3kwaCS8css4ePsI
-----END CERTIFICATE-----