Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS141898.roa
File:                     AS141898.roa (raw, json)
Hash identifier:          bpnc4Z5YiLUEpMt5qxFeNwIYtDcTb/pImEhofktlSJ0=
Subject key identifier:   0E:7B:DF:CF:FB:54:3E:47:3E:C8:9A:9E:9C:A3:30:9F:37:ED:90:C4
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       252B184FA55250B0AD7819FD966C7C3D705BA903
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141898.roa
Signing time:             Sat 02 May 2026 09:22:45 +0000
ROA not before:           Sat 02 May 2026 09:17:45 +0000
ROA not after:            Sat 01 May 2027 09:22:45 +0000
asID:                     141898
IP address blocks:        157.10.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:2b:18:4f:a5:52:50:b0:ad:78:19:fd:96:6c:7c:3d:70:5b:a9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:45 2026 GMT
            Not After : May  1 09:22:45 2027 GMT
        Subject: CN=0E7BDFCFFB543E473EC89A9E9CA3309F37ED90C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:75:4b:bb:c0:ef:05:bf:25:7c:95:3b:0a:98:
                    8d:af:e4:ed:ca:00:c5:8c:4a:62:86:7b:2f:3e:a1:
                    76:47:97:0d:9f:6d:2e:30:89:c9:02:c8:c8:35:3d:
                    76:39:0a:e2:b3:95:c0:ba:4b:d4:17:57:88:41:6f:
                    bc:c1:ab:eb:0d:e4:12:ea:51:58:48:82:46:09:03:
                    9c:7f:47:75:94:ae:3d:b9:09:af:e8:df:fd:41:aa:
                    07:8a:ef:42:73:69:41:43:0e:50:f4:54:c2:65:8f:
                    eb:36:27:31:db:3d:14:d0:df:04:79:ad:7a:27:d0:
                    c1:b2:54:e7:18:95:be:10:f6:38:e0:44:ce:c6:70:
                    4f:a6:18:3b:8b:84:1f:96:18:7a:07:c3:99:9e:70:
                    68:3a:1a:0c:84:33:09:66:44:99:37:da:22:60:28:
                    dd:91:b7:59:d9:4b:81:86:80:0c:b6:0c:c1:28:ba:
                    b7:ee:40:38:38:61:18:f7:b3:c2:92:ee:cc:7d:23:
                    a1:90:86:2e:2e:5e:e4:80:9d:45:64:2d:f2:33:9f:
                    5f:fe:c0:7b:f4:8c:36:06:1d:7d:58:9b:a0:18:ad:
                    ac:2a:fc:4e:c1:9a:1e:44:5b:ce:2d:b9:b9:0d:26:
                    65:86:fc:25:63:e0:0c:1b:c9:f5:d1:ba:9a:6a:de:
                    0d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7B:DF:CF:FB:54:3E:47:3E:C8:9A:9E:9C:A3:30:9F:37:ED:90:C4
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:30:db:75:5e:9d:b7:e3:63:72:6f:f5:31:6d:54:e4:63:d9:
         34:74:ae:19:ef:37:55:70:8d:fe:99:9e:20:57:bc:36:a6:46:
         ec:8b:9c:c6:ca:f9:6d:8b:eb:b7:9f:50:b5:6d:a1:30:f2:08:
         63:96:0c:bc:34:b5:e5:2d:49:36:a8:33:3c:fd:76:7d:5f:4c:
         f1:ad:71:41:66:80:2d:9e:8a:1e:41:50:04:ab:ac:47:47:9f:
         1e:76:79:63:fc:9e:2f:53:0a:6e:0d:5c:d0:40:f2:15:da:6b:
         e7:4f:d5:8a:35:a9:cf:53:62:ce:4f:50:43:7b:7a:a7:6b:17:
         93:40:f2:2d:82:d8:f8:f8:e1:0f:01:9d:6f:c4:f8:93:2a:e8:
         0a:02:a2:06:6b:f0:95:72:2b:80:54:20:b3:fd:af:10:19:ce:
         c7:e8:67:f8:82:02:90:5b:20:c5:6b:a0:16:25:8c:4d:eb:5e:
         e7:1b:20:37:43:e2:34:99:59:ce:4e:26:73:34:da:5b:dc:1f:
         8b:b6:61:ac:83:c0:57:6f:6a:09:32:1d:60:f0:90:57:28:b2:
         4c:2a:4d:4c:0e:e0:3b:86:1b:1e:a3:c8:17:9a:6b:9a:f6:61:
         bf:15:94:fb:a7:00:be:5a:eb:31:b5:21:5e:50:f0:02:6f:6d:
         bc:a3:62:49
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJSsYT6VSULCteBn9lmx8PXBbqQMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc0NVoX
DTI3MDUwMTA5MjI0NVowMzExMC8GA1UEAxMoMEU3QkRGQ0ZGQjU0M0U0NzNFQzg5
QTlFOUNBMzMwOUYzN0VEOTBDNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALF1S7vA7wW/JXyVOwqYja/k7coAxYxKYoZ7Lz6hdkeXDZ9tLjCJyQLIyDU9
djkK4rOVwLpL1BdXiEFvvMGr6w3kEupRWEiCRgkDnH9HdZSuPbkJr+jf/UGqB4rv
QnNpQUMOUPRUwmWP6zYnMds9FNDfBHmteifQwbJU5xiVvhD2OOBEzsZwT6YYO4uE
H5YYegfDmZ5waDoaDIQzCWZEmTfaImAo3ZG3WdlLgYaADLYMwSi6t+5AODhhGPez
wpLuzH0joZCGLi5e5ICdRWQt8jOfX/7Ae/SMNgYdfViboBitrCr8TsGaHkRbzi25
uQ0mZYb8JWPgDBvJ9dG6mmreDWcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQOe9/P
+1Q+Rz7Imp6cozCfN+2QxDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQxODk4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnQreMA0GCSqGSIb3DQEBCwUAA4IBAQBCMNt1Xp2342Nyb/UxbVTkY9k0
dK4Z7zdVcI3+mZ4gV7w2pkbsi5zGyvlti+u3n1C1baEw8ghjlgy8NLXlLUk2qDM8
/XZ9X0zxrXFBZoAtnooeQVAEq6xHR58ednlj/J4vUwpuDVzQQPIV2mvnT9WKNanP
U2LOT1BDe3qnaxeTQPItgtj4+OEPAZ1vxPiTKugKAqIGa/CVciuAVCCz/a8QGc7H
6Gf4ggKQWyDFa6AWJYxN617nGyA3Q+I0mVnOTiZzNNpb3B+LtmGsg8BXb2oJMh1g
8JBXKLJMKk1MDuA7hhseo8gXmmua9mG/FZT7pwC+WusxtSFeUPACb228o2JJ
-----END CERTIFICATE-----