Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS139993.roa
File:                     AS139993.roa (raw, json)
Hash identifier:          LNEVQtJZgNg9ms1LKJIL0PEFlr3bqrSodB1H+P8jKvQ=
Subject key identifier:   68:9E:0C:DE:C4:A1:35:0D:C0:67:5B:1E:15:19:24:73:87:E3:30:51
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       616A9BEC397F458C408334F5E367FD7F8F78D0C0
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139993.roa
Signing time:             Sat 02 May 2026 09:22:58 +0000
ROA not before:           Sat 02 May 2026 09:17:58 +0000
ROA not after:            Sat 01 May 2027 09:22:58 +0000
asID:                     139993
IP address blocks:        157.10.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:6a:9b:ec:39:7f:45:8c:40:83:34:f5:e3:67:fd:7f:8f:78:d0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:58 2026 GMT
            Not After : May  1 09:22:58 2027 GMT
        Subject: CN=689E0CDEC4A1350DC0675B1E1519247387E33051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:58:a3:ea:96:8f:46:b7:44:b0:8f:29:90:af:
                    1b:2b:0f:ce:4a:c2:ee:9b:fd:9a:8b:00:b8:c8:9e:
                    33:c2:bc:89:a5:70:09:f4:7a:99:80:ec:d7:ad:5c:
                    b4:a6:44:a1:1a:4a:dc:92:7f:24:54:65:2a:e3:a3:
                    de:5a:c5:97:05:59:96:24:f8:54:1d:64:19:a6:53:
                    c5:41:66:4e:1e:ff:75:c2:0c:18:9d:e6:31:6c:79:
                    2a:7c:74:1c:05:7b:76:d8:01:f2:aa:33:cd:cf:00:
                    f7:2a:96:6a:34:43:e1:54:be:19:05:0b:9b:48:1c:
                    70:6f:81:6a:02:55:ba:c8:7d:22:39:48:a8:43:7f:
                    6b:aa:e2:61:31:37:a4:1e:c5:8d:97:21:ba:6c:98:
                    14:36:9e:9c:e2:6a:21:a1:40:97:13:92:9e:7c:77:
                    64:13:5c:dd:8a:85:86:ad:cd:82:81:d1:7e:fe:dc:
                    88:05:23:38:19:53:b6:58:22:31:ad:cc:7f:a1:ff:
                    47:a3:73:ca:55:e3:20:13:3f:c9:ca:f6:9c:d1:cb:
                    17:9c:23:c9:d8:58:a4:20:b6:6e:c8:48:75:b6:51:
                    c9:83:d4:37:b8:3f:37:53:f4:28:80:66:f8:78:ef:
                    5d:25:dd:73:b1:6b:af:30:bc:c0:d4:44:50:c4:47:
                    e9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9E:0C:DE:C4:A1:35:0D:C0:67:5B:1E:15:19:24:73:87:E3:30:51
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS139993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:aa:87:b4:ee:9f:ab:00:39:7f:01:dc:ca:81:1e:5e:60:11:
         10:94:f1:8c:07:26:60:a5:e6:90:ab:e9:39:f9:48:97:12:ef:
         9f:4b:0a:0d:fe:a6:e5:22:49:4c:8a:7b:f6:4c:e1:ee:7d:36:
         a7:62:5f:84:51:48:32:84:e1:d2:5d:84:5a:d1:24:59:6b:24:
         6b:84:1b:ac:52:0c:ba:13:03:9b:5d:62:12:f6:09:75:b7:a4:
         ef:25:73:88:61:fa:fa:32:b0:74:d2:af:10:2c:0a:e0:b2:2b:
         47:d6:cb:01:45:0d:fd:12:83:3b:2e:6e:69:ac:ef:cb:4e:ce:
         39:2f:52:34:93:3f:31:91:10:9c:94:e7:4e:93:a4:12:3d:f1:
         a7:a5:30:59:df:82:06:52:a9:85:66:52:2e:46:77:7d:e5:af:
         8b:cc:9d:1b:9d:5e:e3:48:42:37:f7:ad:69:64:e9:5a:e3:79:
         e5:ab:7d:86:0e:59:91:8c:ac:4b:71:8e:a7:c5:3f:f8:ed:e6:
         d8:df:c0:d3:f7:4b:cd:0b:f3:83:85:b3:76:64:35:6b:1e:98:
         85:ec:cc:e4:5d:10:5d:67:06:3f:d1:bc:d7:1d:bc:45:ab:19:
         74:75:9c:2e:79:47:5d:ef:11:70:a7:cf:27:1a:b3:0e:df:fd:
         9b:1a:8f:b6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUYWqb7Dl/RYxAgzT142f9f4940MAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1OFoX
DTI3MDUwMTA5MjI1OFowMzExMC8GA1UEAxMoNjg5RTBDREVDNEExMzUwREMwNjc1
QjFFMTUxOTI0NzM4N0UzMzA1MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9Yo+qWj0a3RLCPKZCvGysPzkrC7pv9mosAuMieM8K8iaVwCfR6mYDs161c
tKZEoRpK3JJ/JFRlKuOj3lrFlwVZliT4VB1kGaZTxUFmTh7/dcIMGJ3mMWx5Knx0
HAV7dtgB8qozzc8A9yqWajRD4VS+GQULm0gccG+BagJVush9IjlIqEN/a6riYTE3
pB7FjZchumyYFDaenOJqIaFAlxOSnnx3ZBNc3YqFhq3NgoHRfv7ciAUjOBlTtlgi
Ma3Mf6H/R6NzylXjIBM/ycr2nNHLF5wjydhYpCC2bshIdbZRyYPUN7g/N1P0KIBm
+HjvXSXdc7FrrzC8wNREUMRH6d0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRongze
xKE1DcBnWx4VGSRzh+MwUTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM5OTkzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQq+MA0GCSqGSIb3DQEBCwUAA4IBAQBDqoe07p+rADl/AdzKgR5eYBEQ
lPGMByZgpeaQq+k5+UiXEu+fSwoN/qblIklMinv2TOHufTanYl+EUUgyhOHSXYRa
0SRZayRrhBusUgy6EwObXWIS9gl1t6TvJXOIYfr6MrB00q8QLArgsitH1ssBRQ39
EoM7Lm5prO/LTs45L1I0kz8xkRCclOdOk6QSPfGnpTBZ34IGUqmFZlIuRnd95a+L
zJ0bnV7jSEI3961pZOla43nlq32GDlmRjKxLcY6nxT/47ebY38DT90vNC/ODhbN2
ZDVrHpiF7MzkXRBdZwY/0bzXHbxFqxl0dZwueUdd7xFwp88nGrMO3/2bGo+2
-----END CERTIFICATE-----