Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS140966.roa
File:                     AS140966.roa (raw, json)
Hash identifier:          QLmepkYJ7fU9gQlbyJsTVrWkNyhJhoZ7K7z4jdbAEDY=
Subject key identifier:   D6:3D:CB:3C:3D:3C:79:38:22:A1:D0:C2:F6:F9:DA:5F:4C:F6:4D:23
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       3784DF072B0D46F824FC2CCCCA3A4330901F1942
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS140966.roa
Signing time:             Sat 02 May 2026 09:22:32 +0000
ROA not before:           Sat 02 May 2026 09:17:32 +0000
ROA not after:            Sat 01 May 2027 09:22:32 +0000
asID:                     140966
IP address blocks:        144.79.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:84:df:07:2b:0d:46:f8:24:fc:2c:cc:ca:3a:43:30:90:1f:19:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:32 2026 GMT
            Not After : May  1 09:22:32 2027 GMT
        Subject: CN=D63DCB3C3D3C793822A1D0C2F6F9DA5F4CF64D23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:7c:aa:7d:c6:aa:09:0b:7f:4c:e0:bd:94:
                    68:84:0d:89:ee:f5:b8:34:8d:ad:77:26:66:c9:2e:
                    d3:6a:83:e5:85:37:11:00:b1:45:2c:7a:ed:30:d4:
                    a3:8d:1f:64:13:a5:45:e3:00:e3:76:ec:d7:a7:33:
                    0b:0a:c2:21:d0:4b:fe:32:32:5d:85:5d:09:2c:03:
                    c0:d5:68:f3:07:14:26:2e:cd:c8:3a:d8:5e:de:5a:
                    e2:8b:ae:53:16:9a:b2:86:c2:96:a8:2e:19:de:17:
                    7e:95:7e:82:0b:b7:f9:d8:f9:3a:d0:7a:a1:1b:f6:
                    7f:15:bf:ce:8e:96:db:a6:0b:c9:2f:eb:a6:17:4d:
                    82:a2:b5:f2:a5:eb:3c:69:d9:bb:49:37:5c:23:80:
                    a1:ae:7c:a6:34:e0:dd:96:15:44:61:15:58:56:1d:
                    61:91:84:c3:c1:77:c8:97:03:40:53:ce:be:f0:d8:
                    31:e7:fb:67:63:ce:c2:38:33:7d:16:36:97:8c:3a:
                    2b:45:1f:7d:d8:e1:b0:09:7d:33:7f:0d:5e:f2:24:
                    2a:f7:3d:11:c5:ff:18:ff:5d:e5:50:0c:21:a3:3b:
                    de:a0:98:e1:f1:f6:b9:36:97:c9:b7:93:ad:60:cd:
                    f0:c4:18:61:6e:e4:bd:74:19:ff:d0:09:4d:6e:ad:
                    a6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3D:CB:3C:3D:3C:79:38:22:A1:D0:C2:F6:F9:DA:5F:4C:F6:4D:23
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS140966.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:60:68:e8:25:d0:45:e7:0a:18:3e:e4:d3:9e:fd:96:71:a3:
         ae:1f:07:ae:9e:f3:e2:5d:24:18:f2:22:ac:07:9f:1e:06:41:
         01:43:1a:9c:13:3a:d7:47:ab:e1:22:c9:60:fb:3b:b4:dd:96:
         b0:f9:18:21:51:db:90:14:41:03:24:e0:7c:e7:8c:5d:0a:00:
         27:79:da:11:54:6e:1f:9a:bf:02:1f:9e:f2:ae:21:01:88:07:
         d5:6f:44:29:46:94:a6:bc:60:a9:1c:52:df:7c:d1:6d:00:34:
         7d:66:77:63:21:e5:f3:53:97:3a:39:b6:2b:6c:63:49:06:9f:
         ad:87:fb:8f:5c:e6:9b:a4:11:5e:32:f9:15:cd:73:2a:a0:42:
         69:40:04:45:0e:a4:61:01:c1:76:9c:77:ed:a4:a8:81:c5:1b:
         fc:f6:bd:f5:3f:b9:29:84:5b:f4:40:5e:1a:d9:e1:87:91:22:
         cf:46:ea:c0:ea:ca:fa:52:17:ea:d1:d0:ff:e7:1c:98:96:4e:
         1f:7a:2b:c3:98:a9:73:1d:27:aa:0d:19:97:a8:af:3f:44:36:
         30:9c:06:2c:4b:bb:2e:af:1b:08:20:27:14:5e:18:75:fe:34:
         43:2d:70:97:da:0f:99:e5:d4:ee:6f:5d:f6:f3:bd:59:4a:1d:
         53:24:ec:96
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUN4TfBysNRvgk/CzMyjpDMJAfGUIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczMloX
DTI3MDUwMTA5MjIzMlowMzExMC8GA1UEAxMoRDYzRENCM0MzRDNDNzkzODIyQTFE
MEMyRjZGOURBNUY0Q0Y2NEQyMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuifKp9xqoJC39M4L2UaIQNie71uDSNrXcmZsku02qD5YU3EQCxRSx67TDU
o40fZBOlReMA43bs16czCwrCIdBL/jIyXYVdCSwDwNVo8wcUJi7NyDrYXt5a4ouu
UxaasobClqguGd4XfpV+ggu3+dj5OtB6oRv2fxW/zo6W26YLyS/rphdNgqK18qXr
PGnZu0k3XCOAoa58pjTg3ZYVRGEVWFYdYZGEw8F3yJcDQFPOvvDYMef7Z2POwjgz
fRY2l4w6K0UffdjhsAl9M38NXvIkKvc9EcX/GP9d5VAMIaM73qCY4fH2uTaXybeT
rWDN8MQYYW7kvXQZ/9AJTW6tpnECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTWPcs8
PTx5OCKh0ML2+dpfTPZNIzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQwOTY2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE/LMA0GCSqGSIb3DQEBCwUAA4IBAQALYGjoJdBF5woYPuTTnv2WcaOu
HweunvPiXSQY8iKsB58eBkEBQxqcEzrXR6vhIslg+zu03Zaw+RghUduQFEEDJOB8
54xdCgAnedoRVG4fmr8CH57yriEBiAfVb0QpRpSmvGCpHFLffNFtADR9ZndjIeXz
U5c6ObYrbGNJBp+th/uPXOabpBFeMvkVzXMqoEJpQARFDqRhAcF2nHftpKiBxRv8
9r31P7kphFv0QF4a2eGHkSLPRurA6sr6Uhfq0dD/5xyYlk4feivDmKlzHSeqDRmX
qK8/RDYwnAYsS7surxsIICcUXhh1/jRDLXCX2g+Z5dTub132871ZSh1TJOyW
-----END CERTIFICATE-----