Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS141631.roa
File:                     AS141631.roa (raw, json)
Hash identifier:          OUpH4wihf9UjAyZVOWFCb7iKpnB4Wq8fiJ0J4R5GiYU=
Subject key identifier:   9A:07:4B:4E:81:EF:E7:00:4A:E0:66:09:33:9F:73:12:A0:33:02:76
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       4AE6EACF52ABD13F05A3A405FDE34799D97A2681
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141631.roa
Signing time:             Sat 02 May 2026 09:22:36 +0000
ROA not before:           Sat 02 May 2026 09:17:36 +0000
ROA not after:            Sat 01 May 2027 09:22:36 +0000
asID:                     141631
IP address blocks:        157.15.246.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:e6:ea:cf:52:ab:d1:3f:05:a3:a4:05:fd:e3:47:99:d9:7a:26:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:36 2026 GMT
            Not After : May  1 09:22:36 2027 GMT
        Subject: CN=9A074B4E81EFE7004AE06609339F7312A0330276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:98:4b:8d:cd:47:b5:18:35:6a:16:a1:63:35:
                    dd:23:f5:c6:ba:a4:90:2d:4f:d9:80:71:95:4e:33:
                    7c:8e:a3:45:fa:16:e4:f0:8b:59:47:58:dc:d1:93:
                    a9:e3:ec:7a:22:a4:3a:1a:b8:c0:e2:66:ba:22:9b:
                    1e:bb:03:6f:e3:79:07:1a:e9:c8:81:33:bb:71:e6:
                    8e:d4:73:b5:e9:48:27:61:1e:5b:5c:ec:b5:cf:c2:
                    c0:00:2c:28:41:9e:69:44:3e:47:26:b0:d5:91:83:
                    49:f5:fa:0e:9f:d5:96:eb:f9:7e:a3:2e:8d:20:5d:
                    64:71:89:0a:8f:61:71:08:78:a5:f4:b3:38:7b:3e:
                    7b:6c:92:03:be:c2:cf:c8:15:2c:59:85:51:ff:a8:
                    16:81:08:b5:4d:1e:f8:a9:23:ca:31:39:37:ad:a9:
                    9d:54:da:4a:1c:a0:f8:e3:3a:c0:d4:ef:b4:e9:cd:
                    38:d0:79:44:28:be:61:25:4c:be:d3:71:9a:76:c2:
                    63:2a:4d:7f:b0:51:b2:fb:81:7f:3f:d7:d8:2f:55:
                    27:89:53:48:00:03:14:3c:53:9c:66:38:4b:3f:d6:
                    5c:cd:7b:7a:f5:06:09:10:22:c2:97:4c:cb:d3:fb:
                    2c:52:99:a9:b2:20:a6:4c:4d:25:08:62:3b:88:e0:
                    a2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:07:4B:4E:81:EF:E7:00:4A:E0:66:09:33:9F:73:12:A0:33:02:76
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:4c:38:07:0d:a0:e8:de:f7:70:5e:2e:6a:08:94:b0:ad:c4:
         86:2d:78:27:3f:bc:c5:e5:4a:6a:90:c0:ad:3b:e3:8c:c8:fd:
         df:22:70:8e:9d:d5:8c:1b:4b:3d:7c:9f:ec:39:24:d7:cc:bf:
         7f:af:54:71:f3:5b:6b:29:cd:8e:9b:62:b7:b2:b3:cc:e0:fc:
         05:08:f5:55:2c:42:be:12:d9:28:3d:5d:32:45:c4:12:7e:6a:
         97:d9:7e:e7:c8:5d:b7:ae:55:c9:4c:d5:ce:cd:12:60:0c:76:
         a1:45:2c:e1:1f:b1:8b:2b:09:d2:b0:32:3a:6d:a6:28:42:23:
         2a:f1:1f:41:0c:08:b6:72:ec:e3:73:a9:4f:ed:88:0e:e4:1a:
         7a:26:11:73:8a:8f:72:42:72:16:0e:1f:3e:96:60:be:a5:36:
         57:bd:cc:b2:89:4b:aa:8f:7d:05:ca:e4:02:24:95:f8:c6:12:
         1a:fb:91:ef:af:ce:46:38:2c:79:fa:83:11:15:87:96:ba:aa:
         8a:ff:8e:58:47:c5:46:91:d9:fb:a8:cb:f4:4f:25:ad:62:78:
         21:7a:86:88:0b:37:3a:2e:f1:25:9f:28:41:07:a4:dc:2d:0d:
         d8:77:f3:a0:c6:88:00:62:a1:5e:a4:38:c1:ef:97:6c:88:18:
         64:e7:48:62
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUSubqz1Kr0T8Fo6QF/eNHmdl6JoEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczNloX
DTI3MDUwMTA5MjIzNlowMzExMC8GA1UEAxMoOUEwNzRCNEU4MUVGRTcwMDRBRTA2
NjA5MzM5RjczMTJBMDMzMDI3NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJmYS43NR7UYNWoWoWM13SP1xrqkkC1P2YBxlU4zfI6jRfoW5PCLWUdY3NGT
qePseiKkOhq4wOJmuiKbHrsDb+N5BxrpyIEzu3HmjtRztelIJ2EeW1zstc/CwAAs
KEGeaUQ+Ryaw1ZGDSfX6Dp/Vluv5fqMujSBdZHGJCo9hcQh4pfSzOHs+e2ySA77C
z8gVLFmFUf+oFoEItU0e+KkjyjE5N62pnVTaShyg+OM6wNTvtOnNONB5RCi+YSVM
vtNxmnbCYypNf7BRsvuBfz/X2C9VJ4lTSAADFDxTnGY4Sz/WXM17evUGCRAiwpdM
y9P7LFKZqbIgpkxNJQhiO4jgotECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSaB0tO
ge/nAErgZgkzn3MSoDMCdjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQxNjMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQ/2MA0GCSqGSIb3DQEBCwUAA4IBAQCcTDgHDaDo3vdwXi5qCJSwrcSG
LXgnP7zF5UpqkMCtO+OMyP3fInCOndWMG0s9fJ/sOSTXzL9/r1Rx81trKc2Om2K3
srPM4PwFCPVVLEK+EtkoPV0yRcQSfmqX2X7nyF23rlXJTNXOzRJgDHahRSzhH7GL
KwnSsDI6baYoQiMq8R9BDAi2cuzjc6lP7YgO5Bp6JhFzio9yQnIWDh8+lmC+pTZX
vcyyiUuqj30FyuQCJJX4xhIa+5Hvr85GOCx5+oMRFYeWuqqK/45YR8VGkdn7qMv0
TyWtYngheoaICzc6LvElnyhBB6TcLQ3Yd/OgxogAYqFepDjB75dsiBhk50hi
-----END CERTIFICATE-----