Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS140101.roa
File:                     AS140101.roa (raw, json)
Hash identifier:          +zGyEhgRtbE7YGWy2rMvLIwCyW9zbxynCt0qJ1O398M=
Subject key identifier:   C4:3E:B7:47:86:33:D0:ED:75:55:9F:9B:35:8D:5A:C1:96:C6:6C:02
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       23CF0D3C37BBF944A80C3BEF98919560F61D171A
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS140101.roa
Signing time:             Sat 02 May 2026 09:25:13 +0000
ROA not before:           Sat 02 May 2026 09:20:13 +0000
ROA not after:            Sat 01 May 2027 09:25:13 +0000
asID:                     140101
IP address blocks:        165.99.28.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:cf:0d:3c:37:bb:f9:44:a8:0c:3b:ef:98:91:95:60:f6:1d:17:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:13 2026 GMT
            Not After : May  1 09:25:13 2027 GMT
        Subject: CN=C43EB7478633D0ED75559F9B358D5AC196C66C02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7e:2c:1c:79:58:1d:2f:b2:76:b6:91:ad:4c:
                    55:15:50:da:67:a9:36:99:93:cd:3d:f3:d3:fd:08:
                    ac:ea:15:db:b6:59:85:6b:59:18:c2:30:f1:09:cf:
                    da:d1:73:7c:64:4e:e3:c4:4e:2e:63:73:9e:2e:22:
                    99:48:2f:19:9b:84:dd:44:18:26:a9:e7:c8:32:54:
                    64:80:6c:d7:da:43:c5:46:3f:7b:0a:e8:9d:a2:54:
                    a2:62:04:0a:de:2e:be:1b:55:2f:56:d0:e6:01:2e:
                    54:da:c7:86:2c:26:08:d6:98:25:31:c8:73:e1:d8:
                    07:ca:7b:4d:5e:8c:13:f4:9e:67:30:10:dd:b7:f8:
                    a9:33:28:40:b3:ee:6d:8e:dd:2d:81:43:8e:43:40:
                    d9:e8:17:74:18:9a:29:64:0e:9c:d8:8f:29:41:a5:
                    97:ed:4d:36:e8:2d:6f:12:a4:d5:7e:6d:71:f3:5c:
                    33:e8:58:11:cd:89:b5:09:76:22:ad:a0:76:7e:1f:
                    e1:51:2c:93:e3:72:73:1c:70:04:e3:53:1a:78:c6:
                    0e:1c:49:ce:6b:bb:42:c4:5b:29:b6:12:0e:61:66:
                    4b:c2:3a:b1:7a:31:b6:5c:d5:6b:cf:4d:5e:1f:83:
                    87:50:61:ef:ab:a6:bc:9f:04:74:f0:ae:93:b6:57:
                    2a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3E:B7:47:86:33:D0:ED:75:55:9F:9B:35:8D:5A:C1:96:C6:6C:02
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS140101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:74:22:90:05:89:47:f0:f1:f2:db:9a:ab:f6:f7:5a:c2:12:
         7d:81:6a:e4:3e:9b:11:0b:6d:5d:ec:4b:0a:a3:da:c5:4e:10:
         fe:fd:8b:42:db:6d:ca:5b:02:35:b8:eb:d3:59:a5:06:d8:5e:
         c4:6e:fc:54:42:5e:8c:0f:2d:df:1d:85:5c:0c:bd:1e:5c:4e:
         3f:fa:ee:1d:37:2b:16:9d:4e:ee:8c:3f:32:0d:09:29:61:28:
         b1:0c:f4:e3:6c:00:e3:06:2b:c0:a3:cf:09:17:78:82:62:4d:
         e8:ac:18:ba:f5:35:03:22:c4:26:24:7a:2e:13:eb:c5:41:fc:
         82:6e:9f:48:8d:aa:f2:f6:19:93:e0:a5:a3:2b:98:6d:8a:7d:
         a0:40:95:cf:96:6c:55:2d:53:9c:68:9e:64:ad:c4:8b:49:ce:
         99:8d:31:46:bb:0d:27:a1:7a:4d:3a:00:a2:4e:90:7b:d3:27:
         c4:a5:27:74:f6:90:62:1c:b2:49:93:b5:d8:de:b7:1e:62:eb:
         ae:f8:aa:c9:cc:99:0b:b9:4f:67:e2:99:96:2d:4b:4b:80:eb:
         8b:e6:6d:e9:e2:76:ba:29:69:5a:2a:e5:5e:d1:9c:2e:a3:9a:
         48:63:dd:99:66:26:60:93:da:95:21:04:43:ba:b9:ea:08:3d:
         79:a5:f1:7a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUI88NPDe7+USoDDvvmJGVYPYdFxowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxM1oX
DTI3MDUwMTA5MjUxM1owMzExMC8GA1UEAxMoQzQzRUI3NDc4NjMzRDBFRDc1NTU5
RjlCMzU4RDVBQzE5NkM2NkMwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp+LBx5WB0vsna2ka1MVRVQ2mepNpmTzT3z0/0IrOoV27ZZhWtZGMIw8QnP
2tFzfGRO48ROLmNzni4imUgvGZuE3UQYJqnnyDJUZIBs19pDxUY/ewronaJUomIE
Ct4uvhtVL1bQ5gEuVNrHhiwmCNaYJTHIc+HYB8p7TV6ME/SeZzAQ3bf4qTMoQLPu
bY7dLYFDjkNA2egXdBiaKWQOnNiPKUGll+1NNugtbxKk1X5tcfNcM+hYEc2JtQl2
Iq2gdn4f4VEsk+NycxxwBONTGnjGDhxJzmu7QsRbKbYSDmFmS8I6sXoxtlzVa89N
Xh+Dh1Bh76umvJ8EdPCuk7ZXKusCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTEPrdH
hjPQ7XVVn5s1jVrBlsZsAjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQwMTAxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBpWMcMA0GCSqGSIb3DQEBCwUAA4IBAQA/dCKQBYlH8PHy25qr9vdawhJ9
gWrkPpsRC21d7EsKo9rFThD+/YtC223KWwI1uOvTWaUG2F7EbvxUQl6MDy3fHYVc
DL0eXE4/+u4dNysWnU7ujD8yDQkpYSixDPTjbADjBivAo88JF3iCYk3orBi69TUD
IsQmJHouE+vFQfyCbp9Ijary9hmT4KWjK5htin2gQJXPlmxVLVOcaJ5krcSLSc6Z
jTFGuw0noXpNOgCiTpB70yfEpSd09pBiHLJJk7XY3rceYuuu+KrJzJkLuU9n4pmW
LUtLgOuL5m3p4na6KWlaKuVe0Zwuo5pIY92ZZiZgk9qVIQRDurnqCD15pfF6
-----END CERTIFICATE-----