Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142171.roa
File:                     AS142171.roa (raw, json)
Hash identifier:          KmY7ZKIJ4fk+xSN45KLSkhvqxjqOtmCUj0B33c2RICY=
Subject key identifier:   AD:E3:93:1B:E2:4F:F3:54:F7:CB:91:E3:55:76:8C:2B:30:34:0C:C0
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0E580A0FA39CDF2E26C30E37061D47399541892D
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142171.roa
Signing time:             Sat 02 May 2026 09:22:32 +0000
ROA not before:           Sat 02 May 2026 09:17:32 +0000
ROA not after:            Sat 01 May 2027 09:22:32 +0000
asID:                     142171
IP address blocks:        144.79.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:58:0a:0f:a3:9c:df:2e:26:c3:0e:37:06:1d:47:39:95:41:89:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:32 2026 GMT
            Not After : May  1 09:22:32 2027 GMT
        Subject: CN=ADE3931BE24FF354F7CB91E355768C2B30340CC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bb:79:0c:01:7a:a2:31:af:d3:7f:be:2f:10:
                    26:90:55:3e:5f:ea:61:81:8b:75:b2:ec:fd:90:48:
                    75:a6:cd:58:18:a6:4b:d3:d6:5b:e1:ba:0d:6d:10:
                    6b:e5:e0:9e:7a:c9:de:b8:78:25:44:a1:84:01:7d:
                    f6:c1:8f:e2:31:47:8d:f3:fe:9e:1d:e7:1b:3b:c1:
                    28:26:e9:26:cc:63:62:23:46:62:a5:3e:a4:b6:0c:
                    66:1e:f4:61:d4:c5:71:0b:dc:5d:0c:69:ad:6d:68:
                    6b:37:7c:91:9b:0e:1b:1c:3c:b1:2a:60:ab:d6:1a:
                    06:a5:a6:69:a4:8f:e2:80:3c:61:46:2b:9a:5a:cb:
                    78:6c:3f:e6:5e:55:89:25:ff:7b:f9:d0:ff:92:10:
                    cc:91:45:a4:54:56:51:b2:21:23:c8:e3:c9:b7:0b:
                    ea:02:70:d9:c0:bf:24:0d:41:31:7d:2d:de:3c:d2:
                    f4:62:15:fb:41:3d:a6:6a:ff:69:54:a2:52:a7:c1:
                    39:68:87:2b:a6:0d:ea:db:f2:e3:2f:06:45:81:35:
                    14:30:79:94:b6:22:61:e2:9a:5b:1e:b4:2b:48:3f:
                    b1:a6:6b:3d:ca:94:1c:94:82:f0:2a:cd:5a:44:b4:
                    2a:dc:89:af:84:53:5d:c8:f2:cf:54:64:15:81:b9:
                    44:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E3:93:1B:E2:4F:F3:54:F7:CB:91:E3:55:76:8C:2B:30:34:0C:C0
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:fd:a5:87:c7:0a:4e:1d:c2:a4:10:e5:3f:74:3d:a3:46:88:
         cc:24:f1:79:b8:16:3c:2c:4a:f9:f0:23:23:0c:11:1a:4c:a5:
         5a:3c:78:69:c0:f1:32:ed:cb:a5:b7:d2:65:62:1d:d8:66:8c:
         3c:3c:b1:d1:92:ab:2d:74:c3:69:95:9d:7f:b5:5f:63:5c:29:
         a0:ea:5b:3f:df:90:b8:c2:3b:f4:33:9e:36:2c:65:2d:b4:16:
         54:a1:5a:05:ca:db:3b:a0:b5:27:4a:be:79:c6:d0:34:5c:81:
         a8:c1:62:96:f0:2f:92:27:be:c4:cc:4a:5b:c7:93:16:0d:f7:
         96:f0:6e:9f:8d:40:28:34:e9:e9:49:7a:25:b5:21:6b:eb:f0:
         f1:b5:39:49:57:dc:6c:5d:af:03:60:71:33:80:98:50:93:ad:
         b5:0c:7c:b4:e0:74:44:72:84:5c:d3:cc:6c:0e:3a:a8:31:7e:
         6f:43:eb:bc:ca:23:1e:16:7f:f1:ec:8d:96:ae:e7:d8:2d:ce:
         db:ee:5b:90:c6:17:2a:89:84:98:7f:1d:50:e5:33:0d:eb:23:
         2c:d8:dd:65:89:2b:5f:96:69:86:c8:dd:86:80:d6:51:c4:00:
         3e:22:73:df:fd:17:4c:79:fa:ee:52:99:c5:dd:59:71:e1:94:
         1c:aa:6b:1d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDlgKD6Oc3y4mww43Bh1HOZVBiS0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczMloX
DTI3MDUwMTA5MjIzMlowMzExMC8GA1UEAxMoQURFMzkzMUJFMjRGRjM1NEY3Q0I5
MUUzNTU3NjhDMkIzMDM0MENDMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+7eQwBeqIxr9N/vi8QJpBVPl/qYYGLdbLs/ZBIdabNWBimS9PWW+G6DW0Q
a+XgnnrJ3rh4JUShhAF99sGP4jFHjfP+nh3nGzvBKCbpJsxjYiNGYqU+pLYMZh70
YdTFcQvcXQxprW1oazd8kZsOGxw8sSpgq9YaBqWmaaSP4oA8YUYrmlrLeGw/5l5V
iSX/e/nQ/5IQzJFFpFRWUbIhI8jjybcL6gJw2cC/JA1BMX0t3jzS9GIV+0E9pmr/
aVSiUqfBOWiHK6YN6tvy4y8GRYE1FDB5lLYiYeKaWx60K0g/saZrPcqUHJSC8CrN
WkS0KtyJr4RTXcjyz1RkFYG5RDECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSt45Mb
4k/zVPfLkeNVdowrMDQMwDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMTcxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAkE/KMA0GCSqGSIb3DQEBCwUAA4IBAQAz/aWHxwpOHcKkEOU/dD2jRojM
JPF5uBY8LEr58CMjDBEaTKVaPHhpwPEy7cult9JlYh3YZow8PLHRkqstdMNplZ1/
tV9jXCmg6ls/35C4wjv0M542LGUttBZUoVoFyts7oLUnSr55xtA0XIGowWKW8C+S
J77EzEpbx5MWDfeW8G6fjUAoNOnpSXoltSFr6/DxtTlJV9xsXa8DYHEzgJhQk621
DHy04HREcoRc08xsDjqoMX5vQ+u8yiMeFn/x7I2WrufYLc7b7luQxhcqiYSYfx1Q
5TMN6yMs2N1liStflmmGyN2GgNZRxAA+InPf/RdMefruUpnF3Vlx4ZQcqmsd
-----END CERTIFICATE-----