Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142170.roa
File:                     AS142170.roa (raw, json)
Hash identifier:          ERNag4x02DLPwNOJuR7Ro38Ejl0wYIooVvSsEdqMpIE=
Subject key identifier:   F2:F4:B5:CF:9D:DC:E4:45:8D:04:D5:BD:DF:82:D3:E9:43:E1:0D:46
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       38ED0A635B64D1DC37ED3C4B55D58D10DF746849
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142170.roa
Signing time:             Sat 02 May 2026 09:22:58 +0000
ROA not before:           Sat 02 May 2026 09:17:58 +0000
ROA not after:            Sat 01 May 2027 09:22:58 +0000
asID:                     142170
IP address blocks:        144.79.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:ed:0a:63:5b:64:d1:dc:37:ed:3c:4b:55:d5:8d:10:df:74:68:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:58 2026 GMT
            Not After : May  1 09:22:58 2027 GMT
        Subject: CN=F2F4B5CF9DDCE4458D04D5BDDF82D3E943E10D46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:04:64:26:ab:af:d6:1b:10:09:10:78:f1:ac:
                    c0:95:a1:36:ab:05:10:4a:6c:c6:91:a2:25:5b:8c:
                    1f:86:33:2b:18:27:75:02:6b:d9:8b:17:91:9e:89:
                    0f:42:ab:91:97:ab:5f:9f:28:9c:6e:d1:ce:fc:3e:
                    9c:30:e2:71:2e:d3:6c:c6:6a:2e:f3:fe:15:59:90:
                    6a:31:a3:7a:16:42:7f:47:ff:7f:09:76:10:b2:1a:
                    de:54:0a:87:e8:6c:e4:94:e5:c7:40:b1:04:80:bd:
                    e9:97:bb:c5:92:85:53:6a:02:81:47:7d:1a:f0:c4:
                    60:ac:b6:04:73:49:23:17:01:d1:9a:e4:91:79:d9:
                    22:57:7f:30:b6:60:18:b8:f3:a4:bf:f2:f6:81:d4:
                    2e:26:54:08:bf:6a:04:1e:b5:3f:5d:50:eb:2b:be:
                    77:ed:8a:c6:37:5a:4b:f9:a0:a4:12:99:01:61:6e:
                    ac:7b:3b:b4:98:5c:0a:26:6b:45:71:48:7a:76:e2:
                    00:d6:02:be:e8:4f:38:1d:49:90:89:d4:35:03:61:
                    63:71:24:8e:4c:3e:05:39:7a:a5:f9:3a:65:7d:1f:
                    2e:cb:18:43:cf:f1:f7:f0:83:05:e5:73:a9:03:ab:
                    91:d9:b9:4e:8d:5f:f4:fa:29:a0:df:46:4c:04:d0:
                    79:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F4:B5:CF:9D:DC:E4:45:8D:04:D5:BD:DF:82:D3:E9:43:E1:0D:46
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:8a:05:d4:83:61:9c:af:7c:48:e0:b0:c5:fc:75:46:50:c1:
         9f:1f:a4:aa:b0:55:f9:4f:59:53:f2:f7:da:e7:6d:d7:bc:de:
         3d:56:5c:12:53:b4:5a:8f:da:8b:9e:b2:6d:01:bb:2d:54:9e:
         8d:c6:bb:2f:82:80:8d:a2:e9:22:9f:fb:c9:4d:a7:a1:d6:e0:
         cf:71:29:d8:b4:03:89:fd:f4:8b:89:52:7a:48:ff:b6:54:7c:
         1d:f5:34:5f:17:76:4c:0f:07:84:0a:a2:0d:20:00:16:60:4c:
         d8:be:7f:3b:ef:09:98:84:48:ef:91:70:49:db:c9:8f:9d:5a:
         a1:e7:b1:e0:04:7b:71:28:b4:4f:25:21:c1:07:6d:f1:47:d9:
         35:25:bf:ee:16:f0:da:f2:7c:07:7a:c6:81:41:75:13:de:ce:
         4b:30:29:b2:b5:cf:59:03:0c:40:e9:89:3d:18:9a:af:98:bd:
         28:51:c8:31:12:a4:cf:5a:fa:e5:b6:c2:b8:6b:72:10:ac:69:
         c0:65:3a:f0:0b:43:f9:b7:3c:ff:35:cb:62:7a:5d:d8:4f:70:
         9d:cd:3e:dd:68:31:e9:b4:90:1f:cf:f4:76:1e:93:be:f4:81:
         6d:ee:d3:19:6c:19:28:0f:f7:5f:e6:9f:3a:24:2d:4c:c0:f1:
         38:36:ad:bd
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOO0KY1tk0dw37TxLVdWNEN90aEkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1OFoX
DTI3MDUwMTA5MjI1OFowMzExMC8GA1UEAxMoRjJGNEI1Q0Y5RERDRTQ0NThEMDRE
NUJEREY4MkQzRTk0M0UxMEQ0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4EZCarr9YbEAkQePGswJWhNqsFEEpsxpGiJVuMH4YzKxgndQJr2YsXkZ6J
D0KrkZerX58onG7Rzvw+nDDicS7TbMZqLvP+FVmQajGjehZCf0f/fwl2ELIa3lQK
h+hs5JTlx0CxBIC96Ze7xZKFU2oCgUd9GvDEYKy2BHNJIxcB0ZrkkXnZIld/MLZg
GLjzpL/y9oHULiZUCL9qBB61P11Q6yu+d+2KxjdaS/mgpBKZAWFurHs7tJhcCiZr
RXFIenbiANYCvuhPOB1JkInUNQNhY3Ekjkw+BTl6pfk6ZX0fLssYQ8/x9/CDBeVz
qQOrkdm5To1f9PopoN9GTATQeRkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTy9LXP
ndzkRY0E1b3fgtPpQ+ENRjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMTcwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE9hMA0GCSqGSIb3DQEBCwUAA4IBAQCDigXUg2Gcr3xI4LDF/HVGUMGf
H6SqsFX5T1lT8vfa523XvN49VlwSU7Raj9qLnrJtAbstVJ6NxrsvgoCNoukin/vJ
Taeh1uDPcSnYtAOJ/fSLiVJ6SP+2VHwd9TRfF3ZMDweECqINIAAWYEzYvn877wmY
hEjvkXBJ28mPnVqh57HgBHtxKLRPJSHBB23xR9k1Jb/uFvDa8nwHesaBQXUT3s5L
MCmytc9ZAwxA6Yk9GJqvmL0oUcgxEqTPWvrltsK4a3IQrGnAZTrwC0P5tzz/Ncti
el3YT3CdzT7daDHptJAfz/R2HpO+9IFt7tMZbBkoD/df5p86JC1MwPE4Nq29
-----END CERTIFICATE-----