Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS141350.roa
File:                     AS141350.roa (raw, json)
Hash identifier:          jydBz/3QgOn7MPrXu2e6vXF7BIC7B2Vj+nslLr9j66c=
Subject key identifier:   C5:EE:04:07:0B:1A:31:D0:D6:F5:1B:C5:BF:98:0B:9B:24:1B:5B:5A
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       675B6B268314C46F9BB0F30809B31247B355F96B
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141350.roa
Signing time:             Sat 02 May 2026 09:24:18 +0000
ROA not before:           Sat 02 May 2026 09:19:18 +0000
ROA not after:            Sat 01 May 2027 09:24:18 +0000
asID:                     141350
IP address blocks:        161.248.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:5b:6b:26:83:14:c4:6f:9b:b0:f3:08:09:b3:12:47:b3:55:f9:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:18 2026 GMT
            Not After : May  1 09:24:18 2027 GMT
        Subject: CN=C5EE04070B1A31D0D6F51BC5BF980B9B241B5B5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:d6:02:56:af:1d:61:1a:27:e7:58:6c:36:
                    66:48:99:1a:94:6d:6b:d0:c4:30:68:81:da:ff:97:
                    05:b1:92:e8:71:2d:f3:9a:72:5a:b8:22:4c:0a:55:
                    92:a9:a5:f2:28:68:05:93:af:24:d6:78:e1:ea:8c:
                    6a:c3:b1:01:81:52:c2:0a:a6:0e:f0:ab:a0:b5:12:
                    26:49:54:f4:9f:42:d0:c6:9e:cc:e7:dc:08:50:e2:
                    bc:1e:e6:07:fe:3f:c2:7a:bf:f2:57:d8:7b:c7:3d:
                    d7:1f:85:65:25:e6:a3:ef:ee:ca:b8:c3:65:77:54:
                    e8:59:f1:24:08:9e:ab:c1:66:89:b5:5e:de:24:a8:
                    70:84:25:93:cc:06:0e:ff:3c:02:63:32:94:0e:e9:
                    d1:fc:8b:7a:8e:c0:0d:76:e5:14:c3:93:fd:5c:8f:
                    fc:0d:9f:4b:ba:33:66:e1:93:65:d3:10:54:33:e7:
                    28:52:c6:4f:1b:3d:03:cd:21:29:d9:77:b1:44:b3:
                    3c:d5:85:09:c9:df:a9:1b:38:74:5b:5a:0a:be:39:
                    9d:c8:9e:05:63:17:8b:71:89:d3:e7:65:40:ae:e8:
                    01:2f:87:67:85:a1:39:b5:9a:dc:87:e2:25:91:3f:
                    e6:cf:2d:96:50:5d:08:a8:29:65:ae:e7:f1:c8:fc:
                    27:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EE:04:07:0B:1A:31:D0:D6:F5:1B:C5:BF:98:0B:9B:24:1B:5B:5A
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:be:6b:cf:ae:c1:5b:30:83:be:60:84:1b:18:02:bf:7a:b8:
         89:8f:4b:72:62:c7:77:8d:a2:7a:30:e8:fc:3c:b3:95:a2:ec:
         77:ee:aa:0c:4c:e1:90:1f:db:83:ff:60:2b:a1:d4:f2:5d:a7:
         06:25:4f:21:bc:9e:23:97:c1:c9:36:a9:8a:fb:d0:8f:40:61:
         55:9a:2f:3c:32:18:9e:00:62:9e:5e:08:96:31:32:ed:ad:fa:
         47:6b:58:71:df:46:79:c5:38:b8:67:9b:6d:7b:1f:e2:cd:51:
         2f:9c:25:ec:fe:c2:ae:a4:fa:bb:c3:71:03:6c:7c:b7:63:b5:
         5e:94:b6:bc:3f:a5:6b:41:89:55:ba:b7:91:a9:92:d7:5a:ac:
         37:78:c6:5e:66:0e:bf:ad:0a:5c:66:2a:eb:e6:bb:15:6e:67:
         52:d6:68:8b:6b:1b:be:16:92:76:9e:cc:2c:df:7b:98:e7:c7:
         3a:64:cc:a0:23:a1:a3:95:6c:4f:44:01:13:fb:a6:5d:76:ac:
         9c:a7:4e:7b:aa:90:08:2f:7f:0a:a9:d4:d0:9b:bf:59:0d:f3:
         f8:0e:cd:b4:8c:95:06:e6:d7:10:e6:88:3a:71:0d:56:5f:cc:
         db:a6:1c:ca:0c:b4:a3:04:0c:3f:61:70:5e:61:4c:5a:8c:32:
         52:c0:61:20
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUZ1trJoMUxG+bsPMICbMSR7NV+WswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkxOFoX
DTI3MDUwMTA5MjQxOFowMzExMC8GA1UEAxMoQzVFRTA0MDcwQjFBMzFEMEQ2RjUx
QkM1QkY5ODBCOUIyNDFCNUI1QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMI11gJWrx1hGifnWGw2ZkiZGpRta9DEMGiB2v+XBbGS6HEt85pyWrgiTApV
kqml8ihoBZOvJNZ44eqMasOxAYFSwgqmDvCroLUSJklU9J9C0MaezOfcCFDivB7m
B/4/wnq/8lfYe8c91x+FZSXmo+/uyrjDZXdU6FnxJAieq8FmibVe3iSocIQlk8wG
Dv88AmMylA7p0fyLeo7ADXblFMOT/VyP/A2fS7ozZuGTZdMQVDPnKFLGTxs9A80h
Kdl3sUSzPNWFCcnfqRs4dFtaCr45ncieBWMXi3GJ0+dlQK7oAS+HZ4WhObWa3Ifi
JZE/5s8tllBdCKgpZa7n8cj8J0UCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTF7gQH
Cxox0Nb1G8W/mAubJBtbWjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQxMzUwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAofjPMA0GCSqGSIb3DQEBCwUAA4IBAQCVvmvPrsFbMIO+YIQbGAK/eriJ
j0tyYsd3jaJ6MOj8PLOVoux37qoMTOGQH9uD/2ArodTyXacGJU8hvJ4jl8HJNqmK
+9CPQGFVmi88MhieAGKeXgiWMTLtrfpHa1hx30Z5xTi4Z5ttex/izVEvnCXs/sKu
pPq7w3EDbHy3Y7VelLa8P6VrQYlVureRqZLXWqw3eMZeZg6/rQpcZirr5rsVbmdS
1miLaxu+FpJ2nsws33uY58c6ZMygI6GjlWxPRAET+6Zddqycp057qpAIL38KqdTQ
m79ZDfP4Ds20jJUG5tcQ5og6cQ1WX8zbphzKDLSjBAw/YXBeYUxajDJSwGEg
-----END CERTIFICATE-----