Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS142350.roa
File:                     AS142350.roa (raw, json)
Hash identifier:          qEuSCoUJ8pleZdUfHziArtlkdLvNMO3rudXW4YQqPAM=
Subject key identifier:   36:35:AB:21:82:15:A1:B7:62:E6:29:63:49:28:86:41:A5:10:60:9E
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       0EA6C0F7F8E8E342B8B8B9BDDFD6CFF701667378
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142350.roa
Signing time:             Sat 02 May 2026 09:23:54 +0000
ROA not before:           Sat 02 May 2026 09:18:54 +0000
ROA not after:            Sat 01 May 2027 09:23:54 +0000
asID:                     142350
IP address blocks:        157.66.226.0/23 maxlen: 24
                          157.66.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:a6:c0:f7:f8:e8:e3:42:b8:b8:b9:bd:df:d6:cf:f7:01:66:73:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:18:54 2026 GMT
            Not After : May  1 09:23:54 2027 GMT
        Subject: CN=3635AB218215A1B762E6296349288641A510609E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e2:a3:fd:c1:b1:82:6d:2b:65:b5:0a:4e:75:
                    51:1b:7c:4c:7e:cd:3a:63:f7:99:5b:fb:96:65:a7:
                    c0:b9:fe:4b:70:7e:f9:c7:fe:fb:64:93:44:41:55:
                    5e:e8:64:a9:95:11:f2:64:97:b0:90:7e:48:42:fc:
                    a0:34:39:2b:ba:bf:92:32:f8:29:19:ad:60:f2:03:
                    37:ad:90:4b:ab:54:01:da:30:80:9c:2d:60:12:4a:
                    10:4f:b0:00:a8:02:4c:5c:41:24:3f:b3:e5:08:76:
                    de:40:9a:d9:cf:cb:c8:18:be:f8:d1:9b:71:43:d5:
                    f8:aa:1a:42:75:83:93:47:50:df:6a:2c:05:4f:a9:
                    73:cc:8c:fa:82:5d:b3:c5:90:f5:d9:26:5f:3f:38:
                    d2:14:a1:e8:03:ba:24:75:a4:3a:6b:d6:a3:28:e6:
                    f0:99:3f:3b:44:94:9e:90:32:7e:0d:d2:84:bf:b5:
                    fc:38:7e:39:15:5c:ad:51:a1:e0:40:b9:3b:01:bb:
                    6e:8c:a1:24:c4:87:e6:14:d2:32:08:10:c6:db:fb:
                    de:f2:53:98:01:ea:e1:71:42:40:19:3c:ec:cc:fd:
                    40:f8:b4:b9:52:c9:d9:b9:a8:e5:94:eb:4c:af:4d:
                    64:0c:52:69:25:2e:6d:09:6d:91:3f:30:4f:4b:54:
                    8e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:35:AB:21:82:15:A1:B7:62:E6:29:63:49:28:86:41:A5:10:60:9E
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS142350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:53:c7:64:d0:fb:58:e4:c0:ba:f1:1b:96:91:26:71:a0:c9:
         ce:8b:cd:c5:4c:32:4d:28:a3:8c:ec:e7:c5:93:18:ef:3c:36:
         b2:e8:16:17:4c:be:e0:e9:61:64:d3:11:7d:0e:e6:12:4b:c9:
         9a:fc:e4:84:5c:4f:50:44:81:fc:f6:81:13:43:2d:6d:56:d6:
         d4:de:b4:d2:2f:56:49:29:c0:7c:23:b7:5d:76:62:e2:34:e5:
         d9:aa:cf:8e:e0:25:21:46:59:2f:f1:05:91:29:85:d0:97:21:
         87:48:12:e0:8b:17:f3:a3:89:f4:55:da:65:16:fe:22:c2:bb:
         21:94:0b:a2:3d:c9:de:57:bf:fa:bd:87:fd:27:14:c6:4b:25:
         1e:2e:a6:ce:21:7d:ee:cb:28:a7:56:58:c4:fb:19:62:96:1b:
         96:5b:02:89:69:8c:14:97:9e:3a:b8:d8:24:ea:92:1e:76:92:
         2b:4b:96:dc:b2:3b:15:b0:8c:c8:81:c6:ae:cd:b9:9c:c4:1e:
         2e:4c:73:32:99:d5:96:e6:71:47:ed:75:9a:c6:a4:9f:29:41:
         61:4d:fa:1c:87:a9:e7:cf:a3:31:32:10:c2:78:76:a2:32:49:
         59:11:e1:de:14:3e:7f:82:1b:7b:01:b8:be:37:35:dd:8c:55:
         31:3a:74:f4
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDqbA9/jo40K4uLm939bP9wFmc3gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg1NFoX
DTI3MDUwMTA5MjM1NFowMzExMC8GA1UEAxMoMzYzNUFCMjE4MjE1QTFCNzYyRTYy
OTYzNDkyODg2NDFBNTEwNjA5RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO7io/3BsYJtK2W1Ck51URt8TH7NOmP3mVv7lmWnwLn+S3B++cf++2STREFV
XuhkqZUR8mSXsJB+SEL8oDQ5K7q/kjL4KRmtYPIDN62QS6tUAdowgJwtYBJKEE+w
AKgCTFxBJD+z5Qh23kCa2c/LyBi++NGbcUPV+KoaQnWDk0dQ32osBU+pc8yM+oJd
s8WQ9dkmXz840hSh6AO6JHWkOmvWoyjm8Jk/O0SUnpAyfg3ShL+1/Dh+ORVcrVGh
4EC5OwG7boyhJMSH5hTSMggQxtv73vJTmAHq4XFCQBk87Mz9QPi0uVLJ2bmo5ZTr
TK9NZAxSaSUubQltkT8wT0tUjusCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQ2Nash
ghWht2LmKWNJKIZBpRBgnjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQyMzUwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBnULiMA0GCSqGSIb3DQEBCwUAA4IBAQAKU8dk0PtY5MC68RuWkSZxoMnO
i83FTDJNKKOM7OfFkxjvPDay6BYXTL7g6WFk0xF9DuYSS8ma/OSEXE9QRIH89oET
Qy1tVtbU3rTSL1ZJKcB8I7dddmLiNOXZqs+O4CUhRlkv8QWRKYXQlyGHSBLgixfz
o4n0VdplFv4iwrshlAuiPcneV7/6vYf9JxTGSyUeLqbOIX3uyyinVljE+xlilhuW
WwKJaYwUl546uNgk6pIedpIrS5bcsjsVsIzIgcauzbmcxB4uTHMymdWW5nFH7XWa
xqSfKUFhTfoch6nnz6MxMhDCeHaiMklZEeHeFD5/ght7Abi+NzXdjFUxOnT0
-----END CERTIFICATE-----