Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS139233.roa
File:                     AS139233.roa (raw, json)
Hash identifier:          tRf5JNXI6Ax0sKV3eOCHmK7fgoDOy82xCKBeqQOYp8A=
Subject key identifier:   D1:A0:FE:88:03:26:EA:DD:6D:78:C6:D8:61:FC:B2:D3:E0:67:DA:6D
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       578F843802A15C0F169CA32809FA89B840E75419
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139233.roa
Signing time:             Sat 02 May 2026 09:23:01 +0000
ROA not before:           Sat 02 May 2026 09:18:01 +0000
ROA not after:            Sat 01 May 2027 09:23:01 +0000
asID:                     139233
IP address blocks:        162.4.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:8f:84:38:02:a1:5c:0f:16:9c:a3:28:09:fa:89:b8:40:e7:54:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:01 2026 GMT
            Not After : May  1 09:23:01 2027 GMT
        Subject: CN=D1A0FE880326EADD6D78C6D861FCB2D3E067DA6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:07:32:b5:15:8f:f1:68:b2:eb:0e:f3:60:95:
                    42:21:81:c5:08:f0:84:ad:e1:4f:64:6e:20:26:24:
                    74:8b:ab:7e:48:af:82:c7:73:a8:55:f8:66:77:ce:
                    13:63:69:14:93:a8:9b:38:f3:df:ff:85:ab:e0:dc:
                    58:08:ac:d5:a3:dc:a3:87:09:59:3f:a5:4b:1b:17:
                    4c:a0:37:e7:a0:cd:5f:f3:9b:10:d1:ad:37:90:f1:
                    fc:2f:51:79:d8:44:85:bf:a2:93:e2:6f:d8:76:72:
                    70:ef:20:bb:5c:7d:23:ca:65:23:9f:58:22:14:98:
                    61:6d:70:2a:65:46:ec:db:23:dd:cd:d7:41:10:77:
                    06:d9:82:f7:b5:78:9e:66:da:ec:81:fa:2a:97:ed:
                    39:5c:f5:73:84:fd:14:ae:42:18:87:58:67:f9:33:
                    bb:a6:90:67:0d:8e:c6:6c:3c:b2:7d:a6:7c:b5:92:
                    fc:32:f1:e9:f3:22:d6:e1:a2:9c:c9:94:38:b4:ac:
                    94:73:7f:bf:6a:a9:62:c0:47:0a:e8:e5:1b:af:c5:
                    7c:7e:29:05:e9:d0:73:d2:7e:11:65:03:13:12:4f:
                    02:52:41:aa:b8:7c:0a:e5:65:50:49:c6:34:e3:c6:
                    22:54:34:2c:3d:15:c4:73:0e:01:d7:30:61:4d:51:
                    6c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A0:FE:88:03:26:EA:DD:6D:78:C6:D8:61:FC:B2:D3:E0:67:DA:6D
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:c0:a7:43:98:c7:67:d8:df:d7:45:cf:8c:13:e6:47:eb:1f:
         1c:e9:1b:3a:c6:07:71:87:a0:8e:da:b6:5e:92:fe:33:b2:dc:
         80:47:46:17:c1:5d:58:59:f1:7b:73:c3:1e:4f:84:18:7e:5f:
         ce:6c:9c:b6:9c:de:be:55:50:f9:2d:88:48:7d:db:b9:03:f4:
         95:c2:df:55:0c:5f:72:9a:65:93:e4:0e:c4:0e:f9:ec:1b:68:
         21:71:e2:b3:05:66:be:9a:2d:4d:ce:e2:36:d2:6f:56:ca:87:
         d5:9c:88:ba:bd:95:ed:7b:24:62:c2:80:6a:f3:60:22:a7:24:
         2d:9d:19:98:7d:ed:16:83:16:bf:13:b9:11:7e:5f:8b:1b:63:
         d4:9a:4a:1f:71:6f:65:54:99:ef:36:80:48:f1:05:92:26:c9:
         10:5a:b2:75:18:8d:5d:44:da:20:b0:c9:32:8e:46:24:23:dc:
         57:90:c7:b1:13:2b:c5:cb:dd:97:94:8e:fb:d7:77:74:91:aa:
         81:72:50:cc:eb:48:80:d6:01:23:d2:c0:3c:bd:25:d2:91:12:
         bd:94:d4:33:66:a5:4a:31:00:87:c7:d2:24:80:dc:81:9b:e4:
         5a:5f:78:3b:05:3c:d1:32:18:53:50:b2:37:1c:b1:2e:eb:8b:
         c0:c1:0e:10
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUV4+EOAKhXA8WnKMoCfqJuEDnVBkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwMVoX
DTI3MDUwMTA5MjMwMVowMzExMC8GA1UEAxMoRDFBMEZFODgwMzI2RUFERDZENzhD
NkQ4NjFGQ0IyRDNFMDY3REE2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0HMrUVj/FosusO82CVQiGBxQjwhK3hT2RuICYkdIurfkivgsdzqFX4ZnfO
E2NpFJOomzjz3/+Fq+DcWAis1aPco4cJWT+lSxsXTKA356DNX/ObENGtN5Dx/C9R
edhEhb+ik+Jv2HZycO8gu1x9I8plI59YIhSYYW1wKmVG7Nsj3c3XQRB3BtmC97V4
nmba7IH6KpftOVz1c4T9FK5CGIdYZ/kzu6aQZw2Oxmw8sn2mfLWS/DLx6fMi1uGi
nMmUOLSslHN/v2qpYsBHCujlG6/FfH4pBenQc9J+EWUDExJPAlJBqrh8CuVlUEnG
NOPGIlQ0LD0VxHMOAdcwYU1RbHkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTRoP6I
Aybq3W14xthh/LLT4GfabTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM5MjMzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBogQeMA0GCSqGSIb3DQEBCwUAA4IBAQAOwKdDmMdn2N/XRc+ME+ZH6x8c
6Rs6xgdxh6CO2rZekv4zstyAR0YXwV1YWfF7c8MeT4QYfl/ObJy2nN6+VVD5LYhI
fdu5A/SVwt9VDF9ymmWT5A7EDvnsG2ghceKzBWa+mi1NzuI20m9WyofVnIi6vZXt
eyRiwoBq82AipyQtnRmYfe0Wgxa/E7kRfl+LG2PUmkofcW9lVJnvNoBI8QWSJskQ
WrJ1GI1dRNogsMkyjkYkI9xXkMexEyvFy92XlI7713d0kaqBclDM60iA1gEj0sA8
vSXSkRK9lNQzZqVKMQCHx9IkgNyBm+RaX3g7BTzRMhhTULI3HLEu64vAwQ4Q
-----END CERTIFICATE-----