Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS138091.roa
File:                     AS138091.roa (raw, json)
Hash identifier:          8VTm0xCIeXnXsy2PYSBda9xOZYEeOnC06utLsQQ2OZo=
Subject key identifier:   A2:F9:44:08:55:B0:E3:E7:60:7D:C1:F0:B3:63:47:05:5D:2C:B5:AA
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       24BC5C55D39218626FCB17CB61E2485B63BA358B
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138091.roa
Signing time:             Sat 02 May 2026 09:24:01 +0000
ROA not before:           Sat 02 May 2026 09:19:01 +0000
ROA not after:            Sat 01 May 2027 09:24:01 +0000
asID:                     138091
IP address blocks:        157.20.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:bc:5c:55:d3:92:18:62:6f:cb:17:cb:61:e2:48:5b:63:ba:35:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:01 2026 GMT
            Not After : May  1 09:24:01 2027 GMT
        Subject: CN=A2F9440855B0E3E7607DC1F0B36347055D2CB5AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:81:91:2e:f7:a4:f1:3a:cf:47:0f:d1:d6:8b:
                    77:cd:15:8c:47:1d:67:8a:b6:58:a1:9b:25:6f:4c:
                    8e:d1:07:94:b4:3e:23:af:7c:9f:32:4b:b4:48:49:
                    87:b5:45:c2:de:bc:5d:4b:74:2e:f7:b8:e0:29:76:
                    23:28:9f:49:1b:cf:ae:0a:14:fa:f5:65:80:70:52:
                    75:cb:d9:7e:df:d1:08:c0:4b:27:6e:9b:7c:0d:31:
                    a9:b3:fe:f3:02:43:90:ec:c5:b1:39:60:f4:24:63:
                    aa:b1:b9:c6:45:fe:2c:cd:d2:a2:2e:5e:50:7c:ef:
                    ae:2f:1d:55:e7:66:77:56:53:61:55:65:77:43:95:
                    e8:f4:66:1c:33:a4:de:ae:4c:55:53:cf:1e:32:29:
                    95:ff:a0:4c:b3:d1:3f:a8:6c:96:74:2c:4d:d6:a8:
                    1f:37:58:3f:5e:e6:90:56:6e:cf:f8:3b:26:fb:48:
                    5d:a5:5a:a1:33:13:93:d6:7b:a8:03:c4:df:09:0b:
                    80:f6:74:2c:48:da:d7:bd:92:4d:21:7b:0c:28:a7:
                    48:67:28:73:ad:75:0d:34:03:37:64:c7:f9:e2:f6:
                    84:8e:90:a9:66:ae:89:5d:60:19:9c:42:bf:45:a5:
                    ec:49:01:ee:61:d0:b7:d6:f9:97:97:62:0c:4d:e6:
                    32:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F9:44:08:55:B0:E3:E7:60:7D:C1:F0:B3:63:47:05:5D:2C:B5:AA
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.20.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:53:b7:04:3b:8f:4a:c6:da:7c:0f:8b:b7:3e:e3:bc:02:be:
         fb:f0:99:ec:16:67:2f:c2:b6:b3:4a:e7:85:f8:b2:12:53:85:
         a5:45:90:38:72:fa:50:9a:41:40:9b:be:e8:09:dc:b6:d7:f6:
         74:89:5c:df:90:2b:fb:22:3f:8a:27:aa:a0:bf:5a:34:f4:62:
         60:91:53:80:d4:29:ec:83:20:81:77:f6:09:4e:99:06:89:a6:
         cc:2d:db:68:38:67:52:7f:f9:c2:38:96:38:8b:d7:c1:5c:f6:
         62:0a:ad:08:d9:ec:b0:96:34:8e:90:0c:15:e3:68:18:cb:53:
         e1:7f:79:9e:d5:c2:1c:6b:7c:4c:6d:2f:bb:1d:0d:32:9c:a6:
         d0:85:3c:1a:09:3b:8b:c8:06:4a:23:91:93:e4:05:e3:b9:ff:
         5a:ea:d4:78:11:06:79:70:f7:77:aa:8f:1f:ff:29:8e:89:a3:
         cf:d9:cb:dd:af:5f:da:e8:29:6a:e1:bd:05:c0:01:8b:28:67:
         3d:1f:43:7c:95:c2:d5:c4:b2:54:95:65:da:95:36:39:d4:67:
         b4:fd:be:9e:48:44:40:d6:ff:8f:b0:0e:87:d0:6a:9e:fe:cf:
         51:07:b6:f7:92:d2:2e:d1:6b:94:c9:38:c1:bf:8a:53:ce:03:
         43:7c:43:a1
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJLxcVdOSGGJvyxfLYeJIW2O6NYswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkwMVoX
DTI3MDUwMTA5MjQwMVowMzExMC8GA1UEAxMoQTJGOTQ0MDg1NUIwRTNFNzYwN0RD
MUYwQjM2MzQ3MDU1RDJDQjVBQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMiBkS73pPE6z0cP0daLd80VjEcdZ4q2WKGbJW9MjtEHlLQ+I698nzJLtEhJ
h7VFwt68XUt0Lve44Cl2IyifSRvPrgoU+vVlgHBSdcvZft/RCMBLJ26bfA0xqbP+
8wJDkOzFsTlg9CRjqrG5xkX+LM3Soi5eUHzvri8dVedmd1ZTYVVld0OV6PRmHDOk
3q5MVVPPHjIplf+gTLPRP6hslnQsTdaoHzdYP17mkFZuz/g7JvtIXaVaoTMTk9Z7
qAPE3wkLgPZ0LEja172STSF7DCinSGcoc611DTQDN2TH+eL2hI6QqWauiV1gGZxC
v0Wl7EkB7mHQt9b5l5diDE3mMj8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSi+UQI
VbDj52B9wfCzY0cFXSy1qjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM4MDkxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnRTzMA0GCSqGSIb3DQEBCwUAA4IBAQAIU7cEO49Kxtp8D4u3PuO8Ar77
8JnsFmcvwrazSueF+LISU4WlRZA4cvpQmkFAm77oCdy21/Z0iVzfkCv7Ij+KJ6qg
v1o09GJgkVOA1CnsgyCBd/YJTpkGiabMLdtoOGdSf/nCOJY4i9fBXPZiCq0I2eyw
ljSOkAwV42gYy1Phf3me1cIca3xMbS+7HQ0ynKbQhTwaCTuLyAZKI5GT5AXjuf9a
6tR4EQZ5cPd3qo8f/ymOiaPP2cvdr1/a6Clq4b0FwAGLKGc9H0N8lcLVxLJUlWXa
lTY51Ge0/b6eSERA1v+PsA6H0Gqe/s9RB7b3ktIu0WuUyTjBv4pTzgNDfEOh
-----END CERTIFICATE-----