Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS139408.roa
File:                     AS139408.roa (raw, json)
Hash identifier:          /OYQhWvnBnC/Gfz42UwWFYI/SVgfTbBMGmBmZ7wY5nA=
Subject key identifier:   F1:06:9E:26:05:77:C5:DE:0E:67:1D:CC:47:36:05:4C:D0:80:90:E4
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0D890EBA2C15CCFDCA9733E84E2FE90FF62C65C1
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139408.roa
Signing time:             Sat 02 May 2026 09:22:36 +0000
ROA not before:           Sat 02 May 2026 09:17:36 +0000
ROA not after:            Sat 01 May 2027 09:22:36 +0000
asID:                     139408
IP address blocks:        160.22.68.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:89:0e:ba:2c:15:cc:fd:ca:97:33:e8:4e:2f:e9:0f:f6:2c:65:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:36 2026 GMT
            Not After : May  1 09:22:36 2027 GMT
        Subject: CN=F1069E260577C5DE0E671DCC4736054CD08090E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:19:fe:02:06:50:91:66:77:4b:1e:07:70:08:
                    80:8c:4e:87:ec:a2:88:4a:02:da:87:d7:4f:6c:95:
                    f3:fb:5f:0a:c4:8d:0e:0b:03:d0:03:25:0b:45:2d:
                    26:7e:5f:1c:b4:68:70:e7:ed:bf:9a:f3:06:66:8b:
                    cc:64:dc:de:84:08:32:15:9c:5a:8b:ea:b9:ac:f8:
                    f5:bc:0b:f5:88:d3:7d:b9:34:ed:0d:04:55:0b:e8:
                    e7:ce:8a:fe:bd:e2:dc:8e:ad:d5:cd:24:cb:f0:22:
                    e2:36:a1:2b:06:94:6d:89:90:41:1e:25:40:d2:87:
                    b2:55:80:60:8a:4f:44:78:5e:9c:cf:6d:c0:f9:8e:
                    8b:ec:7e:4a:99:e7:9b:d3:db:ea:61:33:38:0b:15:
                    8f:44:b5:2d:b2:4c:06:0f:8f:f5:e2:96:a7:e3:81:
                    3d:1a:b6:05:47:6b:78:98:3c:09:1f:ab:92:65:df:
                    4a:af:f4:62:0d:07:f6:9d:ca:de:5f:58:ba:73:5d:
                    30:d8:fd:cb:09:bf:b4:0f:1b:58:88:fe:94:eb:de:
                    b7:44:da:c0:36:af:ae:4c:7b:7e:b1:04:1d:f5:73:
                    98:8a:93:b7:63:76:4c:30:1f:96:11:70:6b:ec:de:
                    ad:03:1b:bf:1f:91:7c:86:6b:8b:5b:a7:b1:30:d7:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:06:9E:26:05:77:C5:DE:0E:67:1D:CC:47:36:05:4C:D0:80:90:E4
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139408.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:8a:a0:81:5a:46:de:3d:2d:63:a7:05:50:60:41:46:b1:2a:
         84:b1:f5:d7:c1:c1:8c:22:d9:2e:ea:fd:bf:f8:29:3d:3d:d5:
         17:7f:1b:48:2a:a0:26:0e:a8:5d:34:26:6d:69:16:56:28:06:
         f2:23:60:eb:4f:fc:86:c9:1f:b8:86:d1:da:35:aa:92:d7:12:
         26:92:bf:4f:53:4c:62:ef:89:38:e8:6a:f9:e1:de:f6:8d:07:
         66:f2:d6:9e:78:ec:52:9f:ee:81:b3:a7:40:0d:84:85:45:d4:
         b7:d4:fc:d2:bf:f1:1c:ea:ec:c4:45:4e:2a:f8:f0:16:51:fa:
         c3:d7:c7:35:bc:07:98:01:2f:52:ad:b6:cd:1b:f3:af:14:8f:
         53:39:e7:28:af:db:37:cd:4d:bd:b2:85:fc:ec:1d:7a:ae:17:
         98:3f:8a:75:78:29:fd:cc:48:7f:b0:94:80:2a:17:54:ae:73:
         b8:f7:40:69:25:b8:0f:25:38:7a:55:5a:56:91:e0:36:c0:e6:
         1c:e4:7e:ca:29:63:21:31:c0:a5:e5:56:d9:c8:f9:79:0b:56:
         de:8f:d0:30:fd:56:8e:20:8a:d1:32:f7:28:23:2f:ef:52:5a:
         02:87:c0:9d:25:43:d4:19:69:38:b5:2a:f5:0d:fb:8c:ce:0c:
         a0:fe:f9:c0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDYkOuiwVzP3KlzPoTi/pD/YsZcEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczNloX
DTI3MDUwMTA5MjIzNlowMzExMC8GA1UEAxMoRjEwNjlFMjYwNTc3QzVERTBFNjcx
RENDNDczNjA1NENEMDgwOTBFNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgZ/gIGUJFmd0seB3AIgIxOh+yiiEoC2ofXT2yV8/tfCsSNDgsD0AMlC0Ut
Jn5fHLRocOftv5rzBmaLzGTc3oQIMhWcWovquaz49bwL9YjTfbk07Q0EVQvo586K
/r3i3I6t1c0ky/Ai4jahKwaUbYmQQR4lQNKHslWAYIpPRHhenM9twPmOi+x+Spnn
m9Pb6mEzOAsVj0S1LbJMBg+P9eKWp+OBPRq2BUdreJg8CR+rkmXfSq/0Yg0H9p3K
3l9YunNdMNj9ywm/tA8bWIj+lOvet0TawDavrkx7frEEHfVzmIqTt2N2TDAflhFw
a+zerQMbvx+RfIZri1unsTDXw0sCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTxBp4m
BXfF3g5nHcxHNgVM0ICQ5DAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM5NDA4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBZEMA0GCSqGSIb3DQEBCwUAA4IBAQCPiqCBWkbePS1jpwVQYEFGsSqE
sfXXwcGMItku6v2/+Ck9PdUXfxtIKqAmDqhdNCZtaRZWKAbyI2DrT/yGyR+4htHa
NaqS1xImkr9PU0xi74k46Gr54d72jQdm8taeeOxSn+6Bs6dADYSFRdS31PzSv/Ec
6uzERU4q+PAWUfrD18c1vAeYAS9SrbbNG/OvFI9TOecor9s3zU29soX87B16rheY
P4p1eCn9zEh/sJSAKhdUrnO490BpJbgPJTh6VVpWkeA2wOYc5H7KKWMhMcCl5VbZ
yPl5C1bej9Aw/VaOIIrRMvcoIy/vUloCh8CdJUPUGWk4tSr1DfuMzgyg/vnA
-----END CERTIFICATE-----