Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142216.roa
File:                     AS142216.roa (raw, json)
Hash identifier:          30USAGw2XsO34Rd1feMkhp9FtZGxOtzJ4GTJLzGN57Q=
Subject key identifier:   EB:F7:24:0B:94:28:74:E8:8A:9C:B1:EB:45:76:48:44:D4:6B:5B:26
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       2F0A951EDAC1B44ABCE2350E5A7385F5ADCBE19E
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142216.roa
Signing time:             Sat 02 May 2026 09:23:06 +0000
ROA not before:           Sat 02 May 2026 09:18:06 +0000
ROA not after:            Sat 01 May 2027 09:23:06 +0000
asID:                     142216
IP address blocks:        144.79.136.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:0a:95:1e:da:c1:b4:4a:bc:e2:35:0e:5a:73:85:f5:ad:cb:e1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:06 2026 GMT
            Not After : May  1 09:23:06 2027 GMT
        Subject: CN=EBF7240B942874E88A9CB1EB45764844D46B5B26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:25:70:ff:74:b7:ea:8a:e7:21:3c:0a:40:
                    5f:20:75:f8:3e:85:ee:94:ed:1a:0f:2b:86:89:71:
                    c4:e1:90:cb:ae:1c:0f:e8:01:63:b4:bb:30:c6:5d:
                    4e:b9:ea:a7:62:1f:b8:8e:94:b0:ab:81:72:09:ab:
                    5d:84:9d:bd:b9:c6:ec:48:45:f7:1d:60:0e:de:7b:
                    bb:b5:e3:cc:c6:f0:80:8c:38:aa:0c:cd:9e:b3:94:
                    e4:a1:5a:f1:e4:87:1d:aa:a3:67:6f:9c:a0:5a:21:
                    5b:5f:b6:fc:7e:2f:d2:d7:d3:fe:38:8f:37:e4:c5:
                    1d:cc:c6:4d:e7:7a:54:10:e6:01:11:32:37:ac:b6:
                    8c:59:db:92:64:5d:22:e8:3c:78:11:5f:83:36:64:
                    38:50:d3:05:ef:fa:42:03:a9:49:cc:e3:06:cd:4b:
                    19:7c:e7:6d:4d:2d:83:08:68:bb:29:cf:06:59:54:
                    fb:c7:bf:a6:a0:be:a6:a9:5e:5e:17:67:90:bb:5a:
                    ed:db:64:3f:39:a8:ec:2c:3b:02:f0:0b:e8:13:5e:
                    55:7c:d9:17:b4:fd:e6:6c:75:3e:d6:e7:e3:6f:39:
                    a5:1a:9f:85:d9:29:80:90:cb:0a:08:62:b6:7c:b6:
                    23:0b:5f:6d:57:b3:1d:2a:c6:df:32:a1:93:7f:30:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:F7:24:0B:94:28:74:E8:8A:9C:B1:EB:45:76:48:44:D4:6B:5B:26
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142216.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.79.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:fd:6b:2b:c5:8d:c8:0a:f4:97:d7:33:b8:81:53:3e:1a:e4:
         fd:4c:10:0c:d1:8e:5d:d0:6e:52:b7:ae:eb:fe:02:0e:20:71:
         63:b8:e7:a3:12:14:10:04:d3:92:ab:b9:0f:3e:a1:5e:95:18:
         d5:b0:cc:43:90:ab:f2:2b:40:a9:a5:13:8d:a9:24:78:0d:b1:
         9b:1a:a5:34:95:33:e6:e2:55:76:31:6b:32:30:33:f7:e7:1a:
         ce:9a:f7:0e:fd:8b:ed:4d:a5:d3:a9:47:c9:ac:97:03:6e:eb:
         a8:85:f6:a0:46:c0:a4:65:47:9b:7d:dd:73:25:21:d3:af:0f:
         a0:3a:a6:72:42:82:cb:06:a5:1a:4e:2f:9b:46:c6:9f:8b:14:
         e2:3c:48:65:4d:81:a2:1d:d3:63:81:30:df:61:9e:c3:23:c8:
         c5:d3:ef:72:bf:eb:52:6b:49:36:1f:6d:09:23:d8:9e:91:6b:
         34:05:a7:d2:13:d4:e8:f7:3d:2a:c3:3e:c3:d8:54:e3:b9:5d:
         2b:64:50:c6:57:8f:82:70:e6:cd:50:d0:a6:6c:5e:52:44:72:
         17:59:65:58:bb:48:ae:02:4d:d4:e1:0d:43:61:cb:95:ee:6d:
         8b:da:1d:97:70:92:c5:54:5e:a7:b4:c7:5f:e3:33:b8:d7:16:
         b2:0c:11:60
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIULwqVHtrBtEq84jUOWnOF9a3L4Z4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTgwNloX
DTI3MDUwMTA5MjMwNlowMzExMC8GA1UEAxMoRUJGNzI0MEI5NDI4NzRFODhBOUNC
MUVCNDU3NjQ4NDRENDZCNUIyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALD5JXD/dLfqiuchPApAXyB1+D6F7pTtGg8rholxxOGQy64cD+gBY7S7MMZd
Trnqp2IfuI6UsKuBcgmrXYSdvbnG7EhF9x1gDt57u7XjzMbwgIw4qgzNnrOU5KFa
8eSHHaqjZ2+coFohW1+2/H4v0tfT/jiPN+TFHczGTed6VBDmAREyN6y2jFnbkmRd
Iug8eBFfgzZkOFDTBe/6QgOpSczjBs1LGXznbU0tgwhouynPBllU+8e/pqC+pqle
XhdnkLta7dtkPzmo7Cw7AvAL6BNeVXzZF7T95mx1Ptbn4285pRqfhdkpgJDLCghi
tny2IwtfbVezHSrG3zKhk38wcm0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTr9yQL
lCh06IqcsetFdkhE1GtbJjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMjE2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBkE+IMA0GCSqGSIb3DQEBCwUAA4IBAQBz/WsrxY3ICvSX1zO4gVM+GuT9
TBAM0Y5d0G5St67r/gIOIHFjuOejEhQQBNOSq7kPPqFelRjVsMxDkKvyK0CppRON
qSR4DbGbGqU0lTPm4lV2MWsyMDP35xrOmvcO/YvtTaXTqUfJrJcDbuuohfagRsCk
ZUebfd1zJSHTrw+gOqZyQoLLBqUaTi+bRsafixTiPEhlTYGiHdNjgTDfYZ7DI8jF
0+9yv+tSa0k2H20JI9iekWs0BafSE9To9z0qwz7D2FTjuV0rZFDGV4+CcObNUNCm
bF5SRHIXWWVYu0iuAk3U4Q1DYcuV7m2L2h2XcJLFVF6ntMdf4zO41xayDBFg
-----END CERTIFICATE-----