Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS138131.roa
File:                     AS138131.roa (raw, json)
Hash identifier:          BxBykGhfJmHAA5292uX7nXB9Nl4LI+GhVBd4mdI8tZQ=
Subject key identifier:   32:2D:1B:8A:34:B0:7B:9F:B4:04:17:74:12:88:71:C4:D5:9E:79:C0
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       57D6B0A5E2CE14AAF00949153E03593780B3E158
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138131.roa
Signing time:             Sat 02 May 2026 09:23:47 +0000
ROA not before:           Sat 02 May 2026 09:18:47 +0000
ROA not after:            Sat 01 May 2027 09:23:47 +0000
asID:                     138131
IP address blocks:        160.187.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:d6:b0:a5:e2:ce:14:aa:f0:09:49:15:3e:03:59:37:80:b3:e1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:47 2026 GMT
            Not After : May  1 09:23:47 2027 GMT
        Subject: CN=322D1B8A34B07B9FB4041774128871C4D59E79C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:96:c6:9b:40:f6:03:77:42:e6:60:3f:30:
                    3b:be:c0:27:0a:c9:ef:be:ed:4d:ec:66:90:b8:4e:
                    2c:5d:49:ba:b9:f5:b7:a6:b9:b2:6b:fe:16:da:6a:
                    78:85:bf:a9:a0:a2:a2:0c:cf:13:29:81:f1:dc:18:
                    71:70:9e:5b:d5:0a:dc:17:41:c6:93:27:74:d4:64:
                    29:14:91:59:a9:d3:7c:36:a9:f1:0f:d4:be:42:10:
                    21:f2:5c:ac:c2:f8:47:85:14:ce:6c:43:fb:1a:dc:
                    a6:a2:6e:d6:de:84:e0:f0:de:3a:2f:f1:23:63:9a:
                    d9:3f:49:11:e8:c7:a4:49:7d:d0:22:e3:3d:21:c9:
                    f3:4f:46:17:18:6f:90:96:7f:6a:d3:6d:5d:09:7b:
                    2b:6b:5e:d5:63:af:ad:d9:3a:b7:e7:e4:6f:68:de:
                    e7:f6:06:57:80:1e:5e:e2:c9:23:a4:29:2e:5a:57:
                    52:f8:57:31:3a:04:aa:82:a6:a3:bc:2a:49:08:c5:
                    44:e0:92:26:cf:a4:22:02:bb:a7:70:da:bd:77:6d:
                    08:a0:63:eb:39:71:de:2f:4c:ac:f5:5d:a1:7e:e2:
                    0f:09:02:01:40:d4:7c:89:38:44:d3:ba:d5:a3:98:
                    ab:f1:c5:24:d0:ac:18:b9:06:d6:32:41:90:53:10:
                    2d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:2D:1B:8A:34:B0:7B:9F:B4:04:17:74:12:88:71:C4:D5:9E:79:C0
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.187.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:32:0e:b8:51:17:ce:b0:57:5c:55:69:9d:60:bf:56:5d:14:
         bb:42:b3:e4:4a:40:8f:03:e3:00:55:5f:02:94:ca:40:0f:77:
         59:69:a1:b3:06:5a:b5:f8:ee:a2:1b:d9:9b:c0:d7:bf:98:0d:
         f3:dd:f0:5d:7d:b1:c5:20:63:a6:b3:1f:f4:05:4f:5f:cd:da:
         0d:1f:2d:c0:36:40:fa:05:0d:8f:b2:ec:c5:31:fe:69:41:1b:
         8e:0a:e9:40:0b:17:91:59:bc:03:a3:24:f8:8e:62:20:b5:3a:
         51:3e:79:a4:d4:ec:c6:ab:6d:92:f8:c6:5d:01:25:03:c4:80:
         5b:92:60:ff:08:3e:f6:ea:e1:0b:ce:71:25:7f:fa:d2:f6:de:
         94:c3:0d:19:53:6d:1c:e3:2e:34:bb:d1:10:bb:0d:b5:54:8e:
         25:ab:93:c6:ea:15:9b:19:62:11:2d:bc:46:f7:58:27:f9:8b:
         15:30:2d:e9:5e:90:70:c9:b2:43:77:df:b1:db:37:19:9a:57:
         36:5e:59:cc:4d:1e:15:ce:d7:c3:e1:e2:a3:f8:82:a2:22:b1:
         ea:38:e7:8a:76:69:ae:7a:3d:7f:0c:29:40:4c:07:23:50:cd:
         e9:f4:a7:21:04:75:4c:30:94:a3:a0:9a:65:8f:f5:0e:c9:7f:
         17:25:bc:b8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUV9awpeLOFKrwCUkVPgNZN4Cz4VgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg0N1oX
DTI3MDUwMTA5MjM0N1owMzExMC8GA1UEAxMoMzIyRDFCOEEzNEIwN0I5RkI0MDQx
Nzc0MTI4ODcxQzRENTlFNzlDMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTulsabQPYDd0LmYD8wO77AJwrJ777tTexmkLhOLF1Jurn1t6a5smv+Ftpq
eIW/qaCiogzPEymB8dwYcXCeW9UK3BdBxpMndNRkKRSRWanTfDap8Q/UvkIQIfJc
rML4R4UUzmxD+xrcpqJu1t6E4PDeOi/xI2Oa2T9JEejHpEl90CLjPSHJ809GFxhv
kJZ/atNtXQl7K2te1WOvrdk6t+fkb2je5/YGV4AeXuLJI6QpLlpXUvhXMToEqoKm
o7wqSQjFROCSJs+kIgK7p3DavXdtCKBj6zlx3i9MrPVdoX7iDwkCAUDUfIk4RNO6
1aOYq/HFJNCsGLkG1jJBkFMQLe0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQyLRuK
NLB7n7QEF3QSiHHE1Z55wDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM4MTMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAoLuPMA0GCSqGSIb3DQEBCwUAA4IBAQBhMg64URfOsFdcVWmdYL9WXRS7
QrPkSkCPA+MAVV8ClMpAD3dZaaGzBlq1+O6iG9mbwNe/mA3z3fBdfbHFIGOmsx/0
BU9fzdoNHy3ANkD6BQ2PsuzFMf5pQRuOCulACxeRWbwDoyT4jmIgtTpRPnmk1OzG
q22S+MZdASUDxIBbkmD/CD726uELznElf/rS9t6Uww0ZU20c4y40u9EQuw21VI4l
q5PG6hWbGWIRLbxG91gn+YsVMC3pXpBwybJDd9+x2zcZmlc2XlnMTR4VztfD4eKj
+IKiIrHqOOeKdmmuej1/DClATAcjUM3p9KchBHVMMJSjoJplj/UOyX8XJby4
-----END CERTIFICATE-----