Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS141662.roa
File:                     AS141662.roa (raw, json)
Hash identifier:          isGKgTkiepSRuVOnI0K2XVKad7iY6lqzBeJV8CF2tyc=
Subject key identifier:   CA:D6:5A:87:82:D6:03:9F:FD:5D:4E:B0:BE:77:59:AF:B0:54:6A:7C
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       6D3D4603D66F7C04CB7105224AD0688878E5D9C4
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141662.roa
Signing time:             Sat 02 May 2026 09:23:56 +0000
ROA not before:           Sat 02 May 2026 09:18:56 +0000
ROA not after:            Sat 01 May 2027 09:23:56 +0000
asID:                     141662
IP address blocks:        157.66.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:3d:46:03:d6:6f:7c:04:cb:71:05:22:4a:d0:68:88:78:e5:d9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:56 2026 GMT
            Not After : May  1 09:23:56 2027 GMT
        Subject: CN=CAD65A8782D6039FFD5D4EB0BE7759AFB0546A7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:91:55:e6:38:f5:22:59:0a:b0:87:0c:70:75:
                    be:cf:14:fa:85:d1:9b:6d:f8:d4:63:fe:79:ff:71:
                    d5:4e:40:69:4f:76:fa:c5:84:27:d8:2f:58:a6:9c:
                    de:44:67:7d:d3:5d:3d:f1:c3:6a:67:86:15:df:97:
                    26:7a:ba:0b:c6:20:15:0c:11:04:a8:fe:18:78:c6:
                    fd:1c:04:b4:65:9f:40:da:71:90:f4:22:6f:81:f2:
                    ba:46:97:51:08:c9:55:22:53:46:d6:fe:be:cb:80:
                    12:d1:97:7f:26:67:94:3c:a3:9c:f5:23:69:4c:38:
                    da:24:db:3e:49:84:81:d6:9f:39:27:a1:d4:dd:bd:
                    02:c0:6e:57:bb:59:4c:1c:4c:16:08:90:12:6a:a6:
                    21:d1:3b:ad:dd:a2:53:92:a2:92:f5:e5:e3:37:7f:
                    16:68:b1:d5:17:8a:cf:71:ab:0a:df:f1:31:cd:0a:
                    9d:79:07:dd:e9:39:ed:1d:e4:9f:9c:59:ba:34:24:
                    67:73:e3:aa:b5:77:a2:cb:e9:d9:24:0b:a1:c2:15:
                    7a:2a:bd:af:65:8d:6a:f3:cc:85:93:fd:15:4b:8c:
                    6c:58:06:6f:fb:0c:d5:ea:22:fb:30:c1:52:ec:a5:
                    78:25:5b:2e:f1:30:ad:36:6b:00:9b:06:84:86:2a:
                    5c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D6:5A:87:82:D6:03:9F:FD:5D:4E:B0:BE:77:59:AF:B0:54:6A:7C
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:bd:62:e9:7c:5c:ee:08:b0:bb:8b:f8:4c:ae:a3:67:e6:7d:
         87:7b:61:6a:02:58:4d:32:22:4d:13:d1:b5:3f:66:b3:ef:fb:
         6a:17:70:a8:0a:5f:a0:be:66:0a:66:7a:ce:15:1f:b4:e1:da:
         64:ad:b0:07:da:69:c1:e4:6f:de:b0:e8:e5:c8:a3:6b:6d:17:
         6a:7c:c0:26:b0:a4:0c:6a:02:79:2d:ef:19:34:14:b0:a3:74:
         0d:92:62:d1:08:88:19:b8:e1:ba:83:77:f4:16:e9:ee:09:01:
         7b:f9:1e:28:ad:9a:0b:75:5b:b8:e2:ec:8b:88:16:b0:aa:cb:
         44:ae:c9:0f:59:1e:a5:db:5d:8b:1b:1f:ad:32:16:af:b0:2b:
         20:f6:ea:d6:8c:b0:1d:f1:e6:4a:1e:6e:83:21:bf:f3:bf:e6:
         81:ca:f9:7a:62:ad:27:4a:03:88:86:f9:df:a8:aa:cc:e6:7a:
         5b:c2:84:81:87:15:d9:e9:f9:4f:d9:f2:41:4f:32:81:23:06:
         f8:83:d5:fd:0a:1b:08:1d:74:c7:6b:e2:6d:16:43:8b:f1:6b:
         2b:03:d3:07:ec:61:c7:64:bb:ec:40:a3:49:84:50:22:d3:ca:
         f4:f4:9e:43:de:eb:7a:0f:c4:80:41:ba:8b:c3:d5:b3:35:73:
         71:ba:23:22
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUbT1GA9ZvfATLcQUiStBoiHjl2cQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1NloX
DTI3MDUwMTA5MjM1NlowMzExMC8GA1UEAxMoQ0FENjVBODc4MkQ2MDM5RkZENUQ0
RUIwQkU3NzU5QUZCMDU0NkE3QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIeRVeY49SJZCrCHDHB1vs8U+oXRm2341GP+ef9x1U5AaU92+sWEJ9gvWKac
3kRnfdNdPfHDameGFd+XJnq6C8YgFQwRBKj+GHjG/RwEtGWfQNpxkPQib4HyukaX
UQjJVSJTRtb+vsuAEtGXfyZnlDyjnPUjaUw42iTbPkmEgdafOSeh1N29AsBuV7tZ
TBxMFgiQEmqmIdE7rd2iU5KikvXl4zd/Fmix1ReKz3GrCt/xMc0KnXkH3ek57R3k
n5xZujQkZ3PjqrV3osvp2SQLocIVeiq9r2WNavPMhZP9FUuMbFgGb/sM1eoi+zDB
UuyleCVbLvEwrTZrAJsGhIYqXMsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTK1lqH
gtYDn/1dTrC+d1mvsFRqfDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQxNjYyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnUKKMA0GCSqGSIb3DQEBCwUAA4IBAQBKvWLpfFzuCLC7i/hMrqNn5n2H
e2FqAlhNMiJNE9G1P2az7/tqF3CoCl+gvmYKZnrOFR+04dpkrbAH2mnB5G/esOjl
yKNrbRdqfMAmsKQMagJ5Le8ZNBSwo3QNkmLRCIgZuOG6g3f0FunuCQF7+R4orZoL
dVu44uyLiBawqstErskPWR6l212LGx+tMhavsCsg9urWjLAd8eZKHm6DIb/zv+aB
yvl6Yq0nSgOIhvnfqKrM5npbwoSBhxXZ6flP2fJBTzKBIwb4g9X9ChsIHXTHa+Jt
FkOL8WsrA9MH7GHHZLvsQKNJhFAi08r09J5D3ut6D8SAQbqLw9WzNXNxuiMi
-----END CERTIFICATE-----