Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142196.roa
File:                     AS142196.roa (raw, json)
Hash identifier:          mA7OGi7wTgg+eMggPKkSjNS0cIYnx9rsKCxvuMwnfXQ=
Subject key identifier:   70:03:0A:9C:19:B7:EA:50:5A:63:12:75:2C:13:83:3F:5F:7D:4B:60
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       54316578F6581521CBB496BDBDEFFD2ADCFE7F3B
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142196.roa
Signing time:             Sat 02 May 2026 09:22:35 +0000
ROA not before:           Sat 02 May 2026 09:17:35 +0000
ROA not after:            Sat 01 May 2027 09:22:35 +0000
asID:                     142196
IP address blocks:        144.79.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:31:65:78:f6:58:15:21:cb:b4:96:bd:bd:ef:fd:2a:dc:fe:7f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:35 2026 GMT
            Not After : May  1 09:22:35 2027 GMT
        Subject: CN=70030A9C19B7EA505A6312752C13833F5F7D4B60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:94:71:05:6b:1a:31:64:ae:b3:f8:d9:fb:d5:
                    d4:40:d7:43:b8:76:eb:3f:05:8a:83:b3:e6:0c:64:
                    92:c4:1d:95:b3:10:a9:e6:f4:18:f7:9b:3d:9d:7e:
                    29:c3:71:68:0f:07:30:61:74:78:9e:10:d2:9b:a3:
                    d8:cc:27:7b:8e:ea:81:44:f3:0d:c8:9a:87:9a:b6:
                    3a:99:37:32:d4:66:1f:51:cb:30:96:a6:87:71:3d:
                    7d:d8:d8:f7:16:83:c7:a0:fe:47:d7:65:fa:2e:92:
                    27:19:ef:ef:17:58:f0:0a:f8:b6:ee:71:41:55:8f:
                    2c:f5:c8:3b:46:f4:70:95:79:e9:05:a5:5f:a4:f9:
                    d1:ec:ae:2e:d2:30:46:aa:28:c7:a6:35:2a:99:74:
                    ef:2a:af:59:66:04:ea:6e:8e:bc:0d:50:36:98:35:
                    44:b9:b3:d9:2b:8e:41:5c:5c:a5:15:52:6e:fd:31:
                    17:f5:1d:58:6c:43:54:75:6f:df:a4:2e:4c:63:32:
                    68:ba:5a:e4:36:19:ea:3a:76:5c:97:dd:c8:4f:15:
                    4b:fa:80:17:db:a7:47:88:45:7d:12:28:e2:4b:40:
                    f5:ff:7a:92:65:51:bf:9b:bc:6b:93:14:ec:46:e5:
                    d2:b5:ed:76:d3:ea:27:20:46:13:45:c4:6f:56:b7:
                    b2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:03:0A:9C:19:B7:EA:50:5A:63:12:75:2C:13:83:3F:5F:7D:4B:60
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:62:2a:a4:1f:52:17:35:5d:59:7a:c1:7c:76:35:9c:d0:cc:
         87:6f:aa:fd:eb:c9:fc:ac:81:35:71:27:e6:1f:13:ac:fb:6e:
         f6:18:4e:00:97:71:b5:4c:35:03:23:5f:51:d2:78:3a:ad:30:
         77:7e:d8:a9:8b:41:17:5e:f5:65:e8:d8:5d:b2:5b:e3:74:79:
         ed:2d:21:e6:cc:8e:7f:00:24:0d:53:c0:2e:16:85:71:e1:2e:
         72:65:eb:33:2b:e3:f2:8f:8a:0d:2c:cd:09:15:fd:3a:2e:80:
         f5:65:15:0f:60:85:53:1d:7b:a7:a1:8f:1b:8b:00:ab:34:a0:
         51:54:5f:21:15:12:73:de:07:74:51:14:7f:80:24:dc:50:9f:
         d9:ea:4b:6b:a2:c6:4d:58:9b:d8:54:ef:4b:74:ca:db:9a:70:
         24:ac:c2:03:64:5d:ef:b4:26:11:1a:dc:8a:e5:d5:74:c3:81:
         a0:5e:c1:27:48:fe:f6:42:95:19:4c:16:b6:6e:94:a3:5f:03:
         76:b7:cc:a0:37:8e:8b:44:b7:a6:78:70:d9:3b:d9:d4:f4:92:
         42:6b:b3:31:13:76:e0:f2:cb:46:89:52:84:61:98:12:64:06:
         2e:f6:3b:e8:b2:d3:7e:ea:f4:8a:81:11:65:03:2e:de:70:21:
         98:d5:ad:0a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVDFlePZYFSHLtJa9ve/9Ktz+fzswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTczNVoX
DTI3MDUwMTA5MjIzNVowMzExMC8GA1UEAxMoNzAwMzBBOUMxOUI3RUE1MDVBNjMx
Mjc1MkMxMzgzM0Y1RjdENEI2MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqUcQVrGjFkrrP42fvV1EDXQ7h26z8FioOz5gxkksQdlbMQqeb0GPebPZ1+
KcNxaA8HMGF0eJ4Q0puj2Mwne47qgUTzDciah5q2Opk3MtRmH1HLMJamh3E9fdjY
9xaDx6D+R9dl+i6SJxnv7xdY8Ar4tu5xQVWPLPXIO0b0cJV56QWlX6T50eyuLtIw
Rqoox6Y1Kpl07yqvWWYE6m6OvA1QNpg1RLmz2SuOQVxcpRVSbv0xF/UdWGxDVHVv
36QuTGMyaLpa5DYZ6jp2XJfdyE8VS/qAF9unR4hFfRIo4ktA9f96kmVRv5u8a5MU
7Ebl0rXtdtPqJyBGE0XEb1a3sjsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRwAwqc
GbfqUFpjEnUsE4M/X31LYDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMTk2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBkE/yMA0GCSqGSIb3DQEBCwUAA4IBAQA3YiqkH1IXNV1ZesF8djWc0MyH
b6r968n8rIE1cSfmHxOs+272GE4Al3G1TDUDI19R0ng6rTB3ftipi0EXXvVl6Nhd
slvjdHntLSHmzI5/ACQNU8AuFoVx4S5yZeszK+Pyj4oNLM0JFf06LoD1ZRUPYIVT
HXunoY8biwCrNKBRVF8hFRJz3gd0URR/gCTcUJ/Z6ktrosZNWJvYVO9LdMrbmnAk
rMIDZF3vtCYRGtyK5dV0w4GgXsEnSP72QpUZTBa2bpSjXwN2t8ygN46LRLemeHDZ
O9nU9JJCa7MxE3bg8stGiVKEYZgSZAYu9jvostN+6vSKgRFlAy7ecCGY1a0K
-----END CERTIFICATE-----