Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS138842.roa
File:                     AS138842.roa (raw, json)
Hash identifier:          CHGHGzGm1IWDOWGUHUvvZGsrMktT37uogQJobyAleHg=
Subject key identifier:   40:4D:D3:0F:C7:60:79:AB:0E:C2:3E:A2:74:F7:6E:C4:61:2A:8F:42
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       21D60606D505834927B2D1B8C7D08D3DAA148D28
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138842.roa
Signing time:             Sat 02 May 2026 09:24:17 +0000
ROA not before:           Sat 02 May 2026 09:19:17 +0000
ROA not after:            Sat 01 May 2027 09:24:17 +0000
asID:                     138842
IP address blocks:        160.19.32.0/23 maxlen: 24
                          160.25.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:d6:06:06:d5:05:83:49:27:b2:d1:b8:c7:d0:8d:3d:aa:14:8d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:17 2026 GMT
            Not After : May  1 09:24:17 2027 GMT
        Subject: CN=404DD30FC76079AB0EC23EA274F76EC4612A8F42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:64:19:4c:64:35:da:29:cf:47:52:43:53:c2:
                    eb:c2:c5:b6:35:d4:d5:54:7e:a9:03:82:06:3e:2f:
                    cc:96:6b:14:d3:a4:0b:0e:7d:cc:8a:47:35:56:c9:
                    76:65:eb:b4:13:00:d2:b9:81:c9:f3:64:a0:21:ac:
                    2b:2d:4f:ab:4a:12:d4:4d:a8:63:1d:69:80:2b:15:
                    ef:fe:39:2a:31:3e:51:e9:fa:f0:71:43:0d:b0:5d:
                    3e:ca:d4:f7:da:ea:d6:26:59:1a:e0:f7:39:2b:73:
                    7d:41:25:e0:4a:86:9f:59:0a:7a:39:fd:52:c4:09:
                    fc:3f:29:79:7f:58:3e:10:c5:e5:96:81:3b:bc:36:
                    74:5b:69:0f:70:0c:61:1a:c6:8f:14:dc:dd:01:1d:
                    90:40:5f:f8:67:f9:d8:d4:08:0c:ac:18:ba:0a:05:
                    dd:09:36:a4:4c:c4:9d:1d:18:97:aa:62:60:cb:1c:
                    75:ac:42:53:26:84:a7:31:56:f3:60:50:4c:66:3c:
                    48:67:28:f6:3f:1b:bd:81:fa:1d:d1:f8:08:89:e6:
                    a5:48:91:67:8b:ad:ba:aa:02:92:a7:36:9f:2f:bb:
                    a7:ac:ed:6e:05:3d:5c:05:71:62:ec:e2:5f:26:c6:
                    e0:dc:5e:bd:6a:17:9a:aa:5a:2e:a8:c6:63:7c:ca:
                    dc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4D:D3:0F:C7:60:79:AB:0E:C2:3E:A2:74:F7:6E:C4:61:2A:8F:42
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.32.0/23
                  160.25.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:cf:a3:b9:df:53:1f:50:8c:ba:4d:7b:d7:95:2b:5a:08:4d:
         1e:28:09:f3:39:ce:de:a9:6e:cf:f3:89:3e:90:1e:77:8b:85:
         f3:8b:f4:98:33:35:a6:85:9b:31:df:de:02:b7:53:e2:4a:3b:
         01:e4:8a:38:a3:0f:09:0b:47:56:20:84:89:db:57:51:83:8a:
         4e:dd:bd:82:c4:88:b4:1d:92:f0:f9:4b:90:d4:f1:79:04:e3:
         a8:b8:c4:bb:01:8d:bb:93:8b:b2:54:3b:06:c6:df:5e:bf:8e:
         83:d4:01:61:5c:11:a3:91:a6:3c:9c:29:c7:f2:2a:0f:09:a8:
         59:94:a7:b5:00:c3:bc:88:10:e0:d1:8f:cf:73:9b:ba:6f:12:
         75:f5:7c:29:2a:d6:13:98:d6:54:54:b7:a9:d2:87:57:0c:55:
         13:2e:c3:1c:7e:6f:14:c4:65:63:a7:90:b2:7e:b6:36:78:60:
         8b:d2:36:97:98:f4:b4:c6:94:bc:54:ee:aa:54:9a:ec:7b:72:
         7b:1e:0e:db:0f:bb:27:35:23:9a:d0:81:f7:da:ce:a4:45:c8:
         f3:11:2d:b8:b6:76:b0:78:ea:73:f5:43:91:ff:af:93:50:cd:
         ae:41:8f:fb:b7:87:3d:a4:36:01:33:79:7b:98:08:39:6e:73:
         1c:2a:f1:75
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUIdYGBtUFg0knstG4x9CNPaoUjSgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxN1oX
DTI3MDUwMTA5MjQxN1owMzExMC8GA1UEAxMoNDA0REQzMEZDNzYwNzlBQjBFQzIz
RUEyNzRGNzZFQzQ2MTJBOEY0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZkGUxkNdopz0dSQ1PC68LFtjXU1VR+qQOCBj4vzJZrFNOkCw59zIpHNVbJ
dmXrtBMA0rmByfNkoCGsKy1Pq0oS1E2oYx1pgCsV7/45KjE+Uen68HFDDbBdPsrU
99rq1iZZGuD3OStzfUEl4EqGn1kKejn9UsQJ/D8peX9YPhDF5ZaBO7w2dFtpD3AM
YRrGjxTc3QEdkEBf+Gf52NQIDKwYugoF3Qk2pEzEnR0Yl6piYMscdaxCUyaEpzFW
82BQTGY8SGco9j8bvYH6HdH4CInmpUiRZ4utuqoCkqc2ny+7p6ztbgU9XAVxYuzi
XybG4NxevWoXmqpaLqjGY3zK3BkCAwEAAaOCAdIwggHOMB0GA1UdDgQWBBRATdMP
x2B5qw7CPqJ0927EYSqPQjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM4ODQyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIA
ATAMAwQBoBMgAwQBoBnuMA0GCSqGSIb3DQEBCwUAA4IBAQCQz6O531MfUIy6TXvX
lStaCE0eKAnzOc7eqW7P84k+kB53i4Xzi/SYMzWmhZsx394Ct1PiSjsB5Io4ow8J
C0dWIISJ21dRg4pO3b2CxIi0HZLw+UuQ1PF5BOOouMS7AY27k4uyVDsGxt9ev46D
1AFhXBGjkaY8nCnH8ioPCahZlKe1AMO8iBDg0Y/Pc5u6bxJ19XwpKtYTmNZUVLep
0odXDFUTLsMcfm8UxGVjp5CyfrY2eGCL0jaXmPS0xpS8VO6qVJrse3J7Hg7bD7sn
NSOa0IH32s6kRcjzES24tnaweOpz9UOR/6+TUM2uQY/7t4c9pDYBM3l7mAg5bnMc
KvF1
-----END CERTIFICATE-----