Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS139205.roa
File:                     AS139205.roa (raw, json)
Hash identifier:          LVJdSQYAFCPzUvdTgDoiQXpRPLvuJ5f3bMs2wbVg0i0=
Subject key identifier:   C1:DC:9B:C2:6A:C0:F5:92:EB:B7:F3:52:19:58:6A:55:C4:8E:1B:23
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2D1F30A9EDB700FBD8DB906BA02AE0C268A58044
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139205.roa
Signing time:             Sat 02 May 2026 09:22:49 +0000
ROA not before:           Sat 02 May 2026 09:17:49 +0000
ROA not after:            Sat 01 May 2027 09:22:49 +0000
asID:                     139205
IP address blocks:        144.79.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:1f:30:a9:ed:b7:00:fb:d8:db:90:6b:a0:2a:e0:c2:68:a5:80:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:49 2026 GMT
            Not After : May  1 09:22:49 2027 GMT
        Subject: CN=C1DC9BC26AC0F592EBB7F35219586A55C48E1B23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:71:2a:b5:7c:4f:c3:d5:e4:a9:95:e3:cd:d2:
                    aa:b1:09:f7:8a:b9:86:7c:c3:08:68:26:c6:4e:04:
                    3f:3e:06:8d:81:79:14:d3:37:48:e3:8e:66:7e:83:
                    6a:49:b2:f2:4b:ee:78:15:10:ab:7c:83:5f:ff:99:
                    58:65:b6:94:84:be:cd:eb:01:d5:a1:c4:6f:d6:86:
                    a4:4e:5b:cf:b8:68:b1:71:0a:48:98:42:04:e8:e2:
                    56:f3:95:f6:96:09:8b:01:24:69:d1:6e:87:76:cf:
                    9d:e9:ef:73:bc:a3:55:af:0c:c5:d1:be:b3:69:2e:
                    3b:9d:f9:79:40:1f:78:8e:1d:59:9c:75:cf:16:7d:
                    d2:bf:db:62:77:21:a2:bf:12:83:e2:36:1b:a3:13:
                    c4:51:8b:b7:14:40:3e:e7:81:37:af:9e:a6:3f:67:
                    90:3c:25:81:9c:d3:80:c7:c3:e2:6a:49:92:6a:c4:
                    b5:da:e6:af:e7:ff:62:61:dd:97:1a:e0:8b:80:4e:
                    7d:00:b9:f3:33:4d:ad:84:ec:ff:f9:74:27:b4:ba:
                    45:4b:72:0b:ac:69:fd:2f:ce:32:f1:8d:ef:fa:25:
                    4f:a6:2c:5a:6e:e7:0b:f1:7e:4e:36:40:75:a4:bb:
                    97:7b:11:87:30:69:aa:c7:ee:25:0d:fd:a7:f6:e2:
                    62:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DC:9B:C2:6A:C0:F5:92:EB:B7:F3:52:19:58:6A:55:C4:8E:1B:23
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139205.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:40:81:f4:fd:19:70:ec:01:20:9b:bc:72:70:14:e7:fd:a5:
         31:27:a4:df:21:08:51:d3:08:90:4c:78:37:f9:a0:a6:b2:d3:
         32:69:65:24:fd:b8:2c:93:da:2a:ce:85:5a:d0:96:97:91:e3:
         c8:ba:96:16:c0:a8:39:d9:a0:92:d4:0e:fe:bf:42:b6:1a:db:
         ee:35:e9:28:50:f7:6c:f8:ef:58:ae:5c:a2:0a:c6:85:fc:f3:
         7d:fd:c2:d6:14:35:8f:d0:1b:bb:0e:a0:1f:04:15:66:e1:8a:
         d4:91:ca:9c:d9:3a:e4:83:c3:8e:b5:20:59:5c:0c:bc:b7:46:
         f6:e7:05:44:1f:4a:9d:f8:64:cb:4c:fd:f1:12:1f:e0:9b:bd:
         5c:75:2e:a3:d3:91:06:32:ba:88:cc:f4:58:b4:f0:a0:0c:c0:
         60:ec:89:9f:8f:ec:5b:4e:98:8e:12:8e:3b:6c:3d:96:2b:f4:
         da:cf:48:5e:bd:b6:f9:c7:45:4f:5f:1e:3d:51:b5:79:fa:51:
         38:74:15:74:c2:db:e8:17:91:69:d3:7f:99:1d:6a:e0:08:e7:
         da:09:85:33:b3:3c:a5:26:c9:a0:10:0a:7c:76:25:50:e6:a1:
         03:7f:07:a4:fb:71:fa:24:95:dd:a5:07:d7:ca:d8:1a:cf:c0:
         66:09:ef:b6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULR8wqe23APvY25BroCrgwmilgEQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0OVoX
DTI3MDUwMTA5MjI0OVowMzExMC8GA1UEAxMoQzFEQzlCQzI2QUMwRjU5MkVCQjdG
MzUyMTk1ODZBNTVDNDhFMUIyMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRxKrV8T8PV5KmV483SqrEJ94q5hnzDCGgmxk4EPz4GjYF5FNM3SOOOZn6D
akmy8kvueBUQq3yDX/+ZWGW2lIS+zesB1aHEb9aGpE5bz7hosXEKSJhCBOjiVvOV
9pYJiwEkadFuh3bPnenvc7yjVa8MxdG+s2kuO535eUAfeI4dWZx1zxZ90r/bYnch
or8Sg+I2G6MTxFGLtxRAPueBN6+epj9nkDwlgZzTgMfD4mpJkmrEtdrmr+f/YmHd
lxrgi4BOfQC58zNNrYTs//l0J7S6RUtyC6xp/S/OMvGN7/olT6YsWm7nC/F+TjZA
daS7l3sRhzBpqsfuJQ39p/biYtsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTB3JvC
asD1kuu381IZWGpVxI4bIzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM5MjA1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE+uMA0GCSqGSIb3DQEBCwUAA4IBAQA7QIH0/Rlw7AEgm7xycBTn/aUx
J6TfIQhR0wiQTHg3+aCmstMyaWUk/bgsk9oqzoVa0JaXkePIupYWwKg52aCS1A7+
v0K2GtvuNekoUPds+O9YrlyiCsaF/PN9/cLWFDWP0Bu7DqAfBBVm4YrUkcqc2Trk
g8OOtSBZXAy8t0b25wVEH0qd+GTLTP3xEh/gm71cdS6j05EGMrqIzPRYtPCgDMBg
7Imfj+xbTpiOEo47bD2WK/Taz0hevbb5x0VPXx49UbV5+lE4dBV0wtvoF5Fp03+Z
HWrgCOfaCYUzszylJsmgEAp8diVQ5qEDfwek+3H6JJXdpQfXytgaz8BmCe+2
-----END CERTIFICATE-----