Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142219.roa
File:                     AS142219.roa (raw, json)
Hash identifier:          Qk+862wiGe3r+aiE5qGi0fOFOVvioV24lm8eWeMtp04=
Subject key identifier:   75:4D:42:94:91:8E:07:DB:88:C4:84:FD:63:38:21:D4:90:D6:03:59
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       34C0603F8262AAE4F96B2FFF4F5F43B48270CE9F
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142219.roa
Signing time:             Sat 02 May 2026 09:25:15 +0000
ROA not before:           Sat 02 May 2026 09:20:15 +0000
ROA not after:            Sat 01 May 2027 09:25:15 +0000
asID:                     142219
IP address blocks:        192.67.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c0:60:3f:82:62:aa:e4:f9:6b:2f:ff:4f:5f:43:b4:82:70:ce:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:15 2026 GMT
            Not After : May  1 09:25:15 2027 GMT
        Subject: CN=754D4294918E07DB88C484FD633821D490D60359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6f:9f:cc:df:07:4e:b8:d0:8e:c5:2a:37:e8:
                    4f:d6:fa:77:90:89:2b:4f:51:54:1a:a5:c6:53:41:
                    d4:0b:06:fc:54:2c:d7:b1:17:3e:b6:1b:e0:65:bf:
                    1d:52:5e:6c:bd:82:c3:ba:f9:ad:02:2d:6e:95:1d:
                    dd:0b:7a:dd:a4:38:26:1b:d2:73:cd:23:56:13:b1:
                    a6:0e:0e:66:ed:7a:64:3c:1f:8b:31:34:a9:5b:08:
                    12:64:7b:e4:20:52:ef:67:11:1f:66:40:72:f0:24:
                    e0:9a:d4:56:f5:b1:ec:06:72:cb:76:c2:bc:df:06:
                    c4:08:57:32:e2:b5:34:5f:81:80:83:d1:64:fa:2d:
                    5b:47:9f:0c:42:10:55:f2:8b:bd:d9:a1:3a:5c:ca:
                    5b:9e:63:99:19:76:c3:e6:1a:c8:19:e1:95:ff:5f:
                    e0:b2:cd:38:d0:11:c7:cf:2a:8c:64:a4:b2:50:41:
                    4a:a0:f7:a3:ad:56:c5:d0:76:c5:3e:74:d5:08:f5:
                    6a:5c:cd:c3:27:6c:a5:74:1e:3b:b6:22:93:09:79:
                    aa:44:8a:7b:d2:94:5b:b7:28:fc:c8:6e:8e:90:a4:
                    7b:52:78:c0:c7:8a:51:9d:16:37:6c:a6:b5:79:9f:
                    e0:d8:71:73:c6:f3:08:20:a4:20:bd:e2:9c:56:7b:
                    4a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4D:42:94:91:8E:07:DB:88:C4:84:FD:63:38:21:D4:90:D6:03:59
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142219.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.67.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:c6:85:07:01:31:04:5f:b7:44:12:86:52:f0:d0:c4:d1:d0:
         b4:a3:38:28:0a:c8:45:73:d3:c0:5f:ae:91:54:05:09:5d:94:
         37:35:3a:21:87:33:f0:c7:fd:04:a8:68:e1:e2:1c:bb:02:a7:
         f1:07:75:03:09:a6:0c:9d:b8:31:95:88:d7:d3:26:73:a8:a2:
         21:a8:d3:39:43:1d:b0:25:96:d5:34:c0:9f:4d:07:b4:d3:da:
         7c:37:32:01:56:8b:9a:96:66:86:60:d1:55:45:45:d4:e6:9c:
         5a:93:08:68:16:be:d3:7e:65:07:01:e2:9b:7b:94:10:c1:cc:
         78:aa:e4:3a:9a:31:67:eb:39:50:5c:17:47:cb:5f:b5:7e:53:
         01:f5:5f:0b:07:2e:2b:f4:fb:19:ad:5f:26:5f:1f:6b:e8:be:
         6b:42:f8:c8:8f:3b:3d:c6:93:59:c1:9e:61:9f:88:01:d3:9e:
         a8:03:1c:c8:d4:9c:98:f4:94:8c:5c:5b:33:18:91:a1:1a:2a:
         e4:81:b6:7c:b2:e7:43:80:4e:0c:9b:9a:e8:24:6f:40:9c:6c:
         71:52:bc:84:df:67:2c:cf:9b:3e:81:6c:a1:17:c1:7b:84:ca:
         ab:04:fc:28:d5:dd:bd:19:36:ae:de:bd:e9:cc:9a:29:3e:b8:
         6c:ac:99:af
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUNMBgP4JiquT5ay//T19DtIJwzp8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAxNVoX
DTI3MDUwMTA5MjUxNVowMzExMC8GA1UEAxMoNzU0RDQyOTQ5MThFMDdEQjg4QzQ4
NEZENjMzODIxRDQ5MEQ2MDM1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxvn8zfB0640I7FKjfoT9b6d5CJK09RVBqlxlNB1AsG/FQs17EXPrYb4GW/
HVJebL2Cw7r5rQItbpUd3Qt63aQ4JhvSc80jVhOxpg4OZu16ZDwfizE0qVsIEmR7
5CBS72cRH2ZAcvAk4JrUVvWx7AZyy3bCvN8GxAhXMuK1NF+BgIPRZPotW0efDEIQ
VfKLvdmhOlzKW55jmRl2w+YayBnhlf9f4LLNONARx88qjGSkslBBSqD3o61WxdB2
xT501Qj1alzNwydspXQeO7Yikwl5qkSKe9KUW7co/MhujpCke1J4wMeKUZ0WN2ym
tXmf4Nhxc8bzCCCkIL3inFZ7SnkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR1TUKU
kY4H24jEhP1jOCHUkNYDWTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMjE5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAwEMBMA0GCSqGSIb3DQEBCwUAA4IBAQBhxoUHATEEX7dEEoZS8NDE0dC0
ozgoCshFc9PAX66RVAUJXZQ3NTohhzPwx/0EqGjh4hy7AqfxB3UDCaYMnbgxlYjX
0yZzqKIhqNM5Qx2wJZbVNMCfTQe009p8NzIBVoualmaGYNFVRUXU5pxakwhoFr7T
fmUHAeKbe5QQwcx4quQ6mjFn6zlQXBdHy1+1flMB9V8LBy4r9PsZrV8mXx9r6L5r
QvjIjzs9xpNZwZ5hn4gB056oAxzI1JyY9JSMXFszGJGhGirkgbZ8sudDgE4Mm5ro
JG9AnGxxUryE32csz5s+gWyhF8F7hMqrBPwo1d29GTau3r3pzJopPrhsrJmv
-----END CERTIFICATE-----