Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142257.roa
File:                     AS142257.roa (raw, json)
Hash identifier:          lfS5hjhE7WINs/Cuq1DOOZL6DpfOu4cbtLwkOg8bsT4=
Subject key identifier:   A9:06:D2:97:A4:B8:AD:05:D9:00:9E:B1:D2:81:98:39:36:CA:B4:88
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       036F46BB4708A7EC30557628FF54F1F6CE33C072
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142257.roa
Signing time:             Sat 02 May 2026 09:25:04 +0000
ROA not before:           Sat 02 May 2026 09:20:04 +0000
ROA not after:            Sat 01 May 2027 09:25:04 +0000
asID:                     142257
IP address blocks:        192.189.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:6f:46:bb:47:08:a7:ec:30:55:76:28:ff:54:f1:f6:ce:33:c0:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:20:04 2026 GMT
            Not After : May  1 09:25:04 2027 GMT
        Subject: CN=A906D297A4B8AD05D9009EB1D281983936CAB488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a0:b9:88:75:cb:cd:e5:cf:38:c8:30:c6:70:
                    dc:b0:07:b9:8d:6b:21:82:9a:c6:ef:94:f4:4e:ce:
                    88:9e:2b:54:7a:07:f5:de:30:a8:a7:50:1d:97:37:
                    76:60:28:b9:35:da:84:2a:ff:09:81:f5:59:aa:77:
                    da:c2:54:88:c4:7a:33:f2:49:74:09:48:22:3b:4f:
                    02:70:f0:53:b0:99:62:0f:0f:8b:2d:9c:92:a8:c3:
                    fe:85:48:c9:e6:0a:da:7c:71:79:34:83:13:05:9d:
                    e3:2d:2c:43:4f:41:df:35:f0:07:0a:c4:ba:79:97:
                    fd:ea:57:a4:6f:b6:0c:94:bd:82:5d:9f:f9:95:36:
                    6e:d8:ef:f6:85:99:6f:fb:e2:d9:db:0c:0c:df:e2:
                    c4:ad:f3:f6:d2:41:49:b5:0f:01:9f:f5:57:4a:94:
                    0d:96:a9:ab:80:e5:41:0f:20:06:60:9d:ab:a0:0f:
                    23:90:ae:da:16:ca:5f:00:66:af:f5:0c:e9:8b:ca:
                    90:b5:1f:0a:25:1c:ee:8e:94:fe:a5:9f:dd:b1:88:
                    3a:f8:f7:f0:d1:07:3f:2a:07:ea:48:10:75:d8:6f:
                    49:26:c3:3c:c3:bf:b0:0f:3b:17:be:39:81:60:2f:
                    93:46:cf:e7:67:00:8f:e5:98:88:6e:1b:fd:8e:8d:
                    b0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:06:D2:97:A4:B8:AD:05:D9:00:9E:B1:D2:81:98:39:36:CA:B4:88
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f3:05:df:2c:39:21:11:34:40:bb:57:4b:9a:1f:dc:f5:73:
         e2:d3:4a:10:59:4f:18:d2:73:98:7b:48:a9:6f:ac:44:97:05:
         ee:7a:c1:41:d7:e6:ae:12:30:79:6e:c1:30:5f:4c:e0:5f:e5:
         99:44:bf:e5:0b:bd:69:c1:af:25:6d:38:5b:60:06:5a:da:ca:
         92:ae:53:14:5e:3b:4c:af:50:b4:17:bf:85:4b:ba:cc:58:d7:
         d2:06:8f:41:8d:cd:b6:cf:5f:d0:08:c4:ca:cb:0e:d5:be:95:
         44:28:22:1c:4a:24:e5:e6:59:90:c5:66:40:60:b9:c1:86:a9:
         b9:db:6d:f7:ab:ef:1d:ca:5f:4b:6d:f1:ca:8a:af:c1:f9:53:
         e7:90:56:b4:ac:91:b2:da:7f:af:bd:cc:9a:5d:1a:60:94:38:
         07:dc:7a:5e:9c:a2:39:c9:3d:f0:4a:e9:3e:21:cb:f9:10:9e:
         44:95:c3:fe:27:0d:29:f4:26:f2:35:b8:bc:76:44:82:9a:dc:
         bb:e5:d3:9f:c1:08:30:c3:65:c4:ef:a9:db:4b:f3:4e:09:92:
         e8:ab:9a:ff:a0:58:b2:dd:4c:49:70:75:0f:b8:b3:a6:49:cd:
         22:4f:d4:4f:d2:a6:7b:40:92:48:e9:d7:a0:ea:64:d2:17:d5:
         d4:47:99:5d
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUA29Gu0cIp+wwVXYo/1Tx9s4zwHIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MjAwNFoX
DTI3MDUwMTA5MjUwNFowMzExMC8GA1UEAxMoQTkwNkQyOTdBNEI4QUQwNUQ5MDA5
RUIxRDI4MTk4MzkzNkNBQjQ4ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+guYh1y83lzzjIMMZw3LAHuY1rIYKaxu+U9E7OiJ4rVHoH9d4wqKdQHZc3
dmAouTXahCr/CYH1Wap32sJUiMR6M/JJdAlIIjtPAnDwU7CZYg8Piy2ckqjD/oVI
yeYK2nxxeTSDEwWd4y0sQ09B3zXwBwrEunmX/epXpG+2DJS9gl2f+ZU2btjv9oWZ
b/vi2dsMDN/ixK3z9tJBSbUPAZ/1V0qUDZapq4DlQQ8gBmCdq6API5Cu2hbKXwBm
r/UM6YvKkLUfCiUc7o6U/qWf3bGIOvj38NEHPyoH6kgQddhvSSbDPMO/sA87F745
gWAvk0bP52cAj+WYiG4b/Y6NsGsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSpBtKX
pLitBdkAnrHSgZg5Nsq0iDAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMjU3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAwL1eMA0GCSqGSIb3DQEBCwUAA4IBAQBY8wXfLDkhETRAu1dLmh/c9XPi
00oQWU8Y0nOYe0ipb6xElwXuesFB1+auEjB5bsEwX0zgX+WZRL/lC71pwa8lbThb
YAZa2sqSrlMUXjtMr1C0F7+FS7rMWNfSBo9Bjc22z1/QCMTKyw7VvpVEKCIcSiTl
5lmQxWZAYLnBhqm52233q+8dyl9LbfHKiq/B+VPnkFa0rJGy2n+vvcyaXRpglDgH
3HpenKI5yT3wSuk+Icv5EJ5ElcP+Jw0p9CbyNbi8dkSCmty75dOfwQgww2XE76nb
S/NOCZLoq5r/oFiy3UxJcHUPuLOmSc0iT9RP0qZ7QJJI6deg6mTSF9XUR5ld
-----END CERTIFICATE-----