Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS141968.roa
File:                     AS141968.roa (raw, json)
Hash identifier:          qlHB0FBKhUATJkt9lRiUUyo8cMEfp3cZ1G2J0uYiuQY=
Subject key identifier:   FA:D3:71:2C:EC:0B:D8:72:73:B5:08:4C:84:80:D9:65:DC:28:42:A3
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       06F8612C083F2D6D59346AAB3E8A97F4F44918BB
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141968.roa
Signing time:             Mon 25 May 2026 05:04:36 +0000
ROA not before:           Mon 25 May 2026 04:59:36 +0000
ROA not after:            Mon 24 May 2027 05:04:36 +0000
asID:                     141968
IP address blocks:        162.4.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 06 Jun 2026 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f8:61:2c:08:3f:2d:6d:59:34:6a:ab:3e:8a:97:f4:f4:49:18:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May 25 04:59:36 2026 GMT
            Not After : May 24 05:04:36 2027 GMT
        Subject: CN=FAD3712CEC0BD87273B5084C8480D965DC2842A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:eb:99:96:87:45:91:cc:ef:eb:04:60:60:0c:
                    46:8b:96:40:1c:06:ec:38:e2:b4:d5:08:7f:8e:5b:
                    e9:1b:a4:57:f0:87:fe:7f:35:b5:db:5f:38:73:3b:
                    bd:46:a9:5e:35:be:39:d5:5c:b9:db:f7:c4:7f:2b:
                    bc:8a:67:40:19:4d:62:c4:f4:4f:8c:fe:1d:67:00:
                    10:f4:b2:c2:0c:e4:c8:b2:cc:08:ee:22:57:0f:3c:
                    a8:1d:ee:0d:38:c6:cd:38:41:e9:0c:8d:14:fe:df:
                    cb:4f:13:a9:c9:f2:4d:0b:43:27:3d:91:6b:c7:d3:
                    9b:a3:89:e5:c8:e9:fc:b0:c5:f2:e9:23:16:0e:d0:
                    59:95:e7:28:66:88:f0:10:d4:bf:b3:64:06:5d:dc:
                    b3:b5:fd:cf:18:4a:af:ab:86:79:24:15:11:29:c0:
                    81:d9:89:d4:42:01:ea:21:66:d1:49:8d:9b:8d:9e:
                    31:31:ad:c5:30:d9:c7:ba:b1:56:e3:d7:b3:32:9b:
                    2b:f2:a6:3e:a4:39:25:a9:b6:f4:61:23:f1:64:33:
                    06:e5:07:67:4c:70:12:20:60:31:6f:59:10:fe:8c:
                    55:46:e6:d8:66:a8:48:88:ce:64:35:3e:d5:6b:20:
                    97:95:65:82:3a:60:68:3e:9a:34:df:34:ee:de:8a:
                    69:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D3:71:2C:EC:0B:D8:72:73:B5:08:4C:84:80:D9:65:DC:28:42:A3
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS141968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.4.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:33:84:9d:0d:b2:12:26:d0:28:97:b4:18:63:46:8c:f2:e5:
         9b:01:5f:cb:31:4e:1c:bc:38:c5:ae:8a:fe:7d:0a:46:ee:b9:
         19:48:2a:c3:0b:a9:f1:b7:ee:c2:e4:55:ab:bb:b5:7f:11:b7:
         12:f3:52:c6:f2:ee:a3:5d:4b:a2:66:95:29:ac:cc:c3:08:5a:
         de:28:a1:2f:da:59:43:ac:43:27:13:8a:f1:09:72:04:67:e0:
         8d:90:54:14:c3:7f:f5:58:18:a2:56:e9:58:71:5d:2d:eb:96:
         66:12:09:1f:ca:76:a9:a7:d4:ac:3e:1d:f6:17:cf:aa:40:b7:
         ff:f6:fb:cf:a6:d7:a3:16:71:66:f2:5c:fb:46:22:33:c5:8d:
         bf:27:d0:62:bb:28:9a:70:7a:01:ef:1e:de:eb:a7:33:b0:b7:
         7e:65:10:40:e9:19:ab:78:6f:c9:a5:62:37:ac:e3:bc:96:4e:
         98:10:85:1e:11:ad:32:ac:f8:85:20:2a:c7:12:eb:d6:49:85:
         0b:84:74:94:98:2a:06:ae:6d:3d:8e:4b:49:72:75:42:b8:ff:
         5f:a5:25:60:40:13:b8:29:e5:de:24:dc:36:a3:07:5c:a3:e8:
         85:2a:79:12:54:98:3d:c5:de:5a:6a:94:e7:b2:8d:52:34:91:
         49:47:ee:77
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBvhhLAg/LW1ZNGqrPoqX9PRJGLswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUyNTA0NTkzNloX
DTI3MDUyNDA1MDQzNlowMzExMC8GA1UEAxMoRkFEMzcxMkNFQzBCRDg3MjczQjUw
ODRDODQ4MEQ5NjVEQzI4NDJBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrrmZaHRZHM7+sEYGAMRouWQBwG7DjitNUIf45b6RukV/CH/n81tdtfOHM7
vUapXjW+OdVcudv3xH8rvIpnQBlNYsT0T4z+HWcAEPSywgzkyLLMCO4iVw88qB3u
DTjGzThB6QyNFP7fy08TqcnyTQtDJz2Ra8fTm6OJ5cjp/LDF8ukjFg7QWZXnKGaI
8BDUv7NkBl3cs7X9zxhKr6uGeSQVESnAgdmJ1EIB6iFm0UmNm42eMTGtxTDZx7qx
VuPXszKbK/KmPqQ5Jam29GEj8WQzBuUHZ0xwEiBgMW9ZEP6MVUbm2GaoSIjOZDU+
1Wsgl5VlgjpgaD6aNN807t6KaT8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT603Es
7AvYcnO1CEyEgNll3ChCozAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQxOTY4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAogQRMA0GCSqGSIb3DQEBCwUAA4IBAQALM4SdDbISJtAol7QYY0aM8uWb
AV/LMU4cvDjFror+fQpG7rkZSCrDC6nxt+7C5FWru7V/EbcS81LG8u6jXUuiZpUp
rMzDCFreKKEv2llDrEMnE4rxCXIEZ+CNkFQUw3/1WBiiVulYcV0t65ZmEgkfynap
p9SsPh32F8+qQLf/9vvPptejFnFm8lz7RiIzxY2/J9BiuyiacHoB7x7e66czsLd+
ZRBA6RmreG/JpWI3rOO8lk6YEIUeEa0yrPiFICrHEuvWSYULhHSUmCoGrm09jktJ
cnVCuP9fpSVgQBO4KeXeJNw2owdco+iFKnkSVJg9xd5aapTnso1SNJFJR+53
-----END CERTIFICATE-----