Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142347.roa
File:                     AS142347.roa (raw, json)
Hash identifier:          2ygvsTkVH8jpmTLKIt6sjfuLznxDl4YZdmVlLbdWxXU=
Subject key identifier:   71:2A:AC:A1:57:7B:68:09:C5:5F:2A:10:C6:E4:D8:B8:2F:34:44:19
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       55AB847A100181BE3CFCCDE2E777567E29AB8194
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142347.roa
Signing time:             Sat 02 May 2026 09:24:09 +0000
ROA not before:           Sat 02 May 2026 09:19:09 +0000
ROA not after:            Sat 01 May 2027 09:24:09 +0000
asID:                     142347
IP address blocks:        160.25.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:ab:84:7a:10:01:81:be:3c:fc:cd:e2:e7:77:56:7e:29:ab:81:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:09 2026 GMT
            Not After : May  1 09:24:09 2027 GMT
        Subject: CN=712AACA1577B6809C55F2A10C6E4D8B82F344419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:70:b7:75:0a:cb:93:41:b9:ac:18:f5:a9:a9:
                    0e:0a:34:ff:a6:09:d9:dc:2f:12:a0:76:75:92:63:
                    04:b9:d0:fe:6b:6a:1a:a5:57:6d:96:e8:9d:dd:21:
                    2d:97:03:f8:3c:88:ce:95:fb:2a:8d:c9:f8:e9:71:
                    93:ec:fb:41:bf:57:be:93:48:38:96:28:ef:ca:69:
                    0b:ec:c5:8a:71:ea:de:61:d3:fc:3a:38:a7:01:66:
                    79:77:7d:30:62:da:8d:f8:c4:a7:cc:0a:ff:90:27:
                    df:a0:3d:c0:01:b4:be:fd:1a:39:ea:ab:d8:d2:ad:
                    9f:ce:ef:bd:96:b9:ff:4d:f2:41:58:e8:d6:52:a0:
                    0b:96:f0:2b:12:56:81:ad:12:85:3e:da:3f:21:28:
                    a4:16:1b:6d:b2:44:a6:40:0b:94:ac:50:97:7d:34:
                    79:99:4c:8f:8d:ee:22:d2:5b:cd:1f:a7:7b:e1:a5:
                    62:f6:bf:31:34:ef:39:09:ce:fd:7a:bf:5b:b5:73:
                    9a:19:48:35:25:13:59:7f:2b:c5:d3:fb:72:79:12:
                    f4:10:4a:c4:d9:7c:75:9d:96:ff:a9:71:fd:58:99:
                    0f:15:c1:73:fb:a4:da:0f:5c:30:69:02:2b:08:54:
                    6e:38:6d:0d:30:08:f4:ab:29:a3:70:4c:97:d5:80:
                    5e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:2A:AC:A1:57:7B:68:09:C5:5F:2A:10:C6:E4:D8:B8:2F:34:44:19
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:6b:da:d1:b7:50:0b:59:8b:b3:73:4d:92:d8:33:b9:d8:99:
         85:2a:17:3f:2f:e8:05:e5:fb:8f:f7:cf:b1:9d:a1:c7:93:bc:
         f5:0e:9d:f8:5a:e9:92:d5:c3:5f:48:b9:cc:fe:e1:44:0a:ff:
         1f:90:db:41:a3:c8:f8:11:03:7c:58:ef:9f:75:7d:8c:48:71:
         bf:33:26:74:45:89:1e:6c:85:a4:a2:c2:4a:fe:39:15:df:47:
         05:4f:22:9f:7e:b6:2a:16:36:fe:b9:06:f2:bc:f0:b8:39:91:
         7d:ea:38:7f:0e:62:ac:e6:0e:84:c0:46:d2:60:d4:19:3e:c1:
         39:1b:6a:ff:9f:19:a1:ab:64:2c:42:4b:4d:9c:1c:0a:8e:75:
         59:48:1f:bf:0f:84:da:5c:8c:13:bd:96:dc:eb:46:bd:18:3b:
         ce:da:e0:45:dd:de:7c:85:48:0a:34:cf:de:96:2f:f6:70:86:
         b3:b1:18:6f:0d:b3:9c:d5:14:8f:1f:b9:c4:34:70:c3:16:ce:
         f5:b7:00:cd:30:93:18:67:cc:ce:7d:18:55:a0:b9:8e:8f:05:
         01:50:c8:09:b1:f5:48:40:3d:23:54:d0:1f:0c:e3:8a:65:5a:
         93:73:ae:b4:bd:d6:c7:6b:c7:88:1d:5d:a6:00:a8:76:be:6b:
         39:79:bf:dd
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUVauEehABgb48/M3i53dWfimrgZQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkwOVoX
DTI3MDUwMTA5MjQwOVowMzExMC8GA1UEAxMoNzEyQUFDQTE1NzdCNjgwOUM1NUYy
QTEwQzZFNEQ4QjgyRjM0NDQxOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANVwt3UKy5NBuawY9ampDgo0/6YJ2dwvEqB2dZJjBLnQ/mtqGqVXbZbond0h
LZcD+DyIzpX7Ko3J+Olxk+z7Qb9XvpNIOJYo78ppC+zFinHq3mHT/Do4pwFmeXd9
MGLajfjEp8wK/5An36A9wAG0vv0aOeqr2NKtn87vvZa5/03yQVjo1lKgC5bwKxJW
ga0ShT7aPyEopBYbbbJEpkALlKxQl300eZlMj43uItJbzR+ne+GlYva/MTTvOQnO
/Xq/W7VzmhlINSUTWX8rxdP7cnkS9BBKxNl8dZ2W/6lx/ViZDxXBc/uk2g9cMGkC
KwhUbjhtDTAI9Kspo3BMl9WAXs8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRxKqyh
V3toCcVfKhDG5Ni4LzREGTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMzQ3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBoBnyMA0GCSqGSIb3DQEBCwUAA4IBAQAva9rRt1ALWYuzc02S2DO52JmF
Khc/L+gF5fuP98+xnaHHk7z1Dp34WumS1cNfSLnM/uFECv8fkNtBo8j4EQN8WO+f
dX2MSHG/MyZ0RYkebIWkosJK/jkV30cFTyKffrYqFjb+uQbyvPC4OZF96jh/DmKs
5g6EwEbSYNQZPsE5G2r/nxmhq2QsQktNnBwKjnVZSB+/D4TaXIwTvZbc60a9GDvO
2uBF3d58hUgKNM/eli/2cIazsRhvDbOc1RSPH7nENHDDFs71twDNMJMYZ8zOfRhV
oLmOjwUBUMgJsfVIQD0jVNAfDOOKZVqTc660vdbHa8eIHV2mAKh2vms5eb/d
-----END CERTIFICATE-----