Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS147173.roa
File:                     AS147173.roa (raw, json)
Hash identifier:          z+hlx598yd2EJ0dmwwKCIOi04dBEqZFSB955HChYYls=
Subject key identifier:   64:CB:4E:46:97:EA:81:FE:B2:93:27:7C:DC:13:4B:86:5C:DB:09:D2
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       1988050361DF4D5969CC4C9004E07C7BC6A4D3A1
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS147173.roa
Signing time:             Sat 02 May 2026 09:22:51 +0000
ROA not before:           Sat 02 May 2026 09:17:51 +0000
ROA not after:            Sat 01 May 2027 09:22:51 +0000
asID:                     147173
IP address blocks:        138.252.44.0/23 maxlen: 24
                          138.252.44.0/24 maxlen: 24
                          138.252.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:88:05:03:61:df:4d:59:69:cc:4c:90:04:e0:7c:7b:c6:a4:d3:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:17:51 2026 GMT
            Not After : May  1 09:22:51 2027 GMT
        Subject: CN=64CB4E4697EA81FEB293277CDC134B865CDB09D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b1:12:42:fd:26:47:40:7e:a6:03:1d:9a:d5:
                    7f:9d:e6:ac:37:da:50:29:b0:1d:91:82:a3:f9:8b:
                    98:4e:72:45:83:90:f8:ec:cc:60:b4:32:a9:1e:33:
                    44:e4:75:48:99:d8:30:de:f0:86:ee:18:a8:b0:20:
                    10:7d:df:8e:ec:56:73:83:e3:69:ba:56:fd:49:c9:
                    93:a4:b8:5a:54:ed:9e:6c:27:17:28:99:57:33:d3:
                    d2:33:5a:21:56:07:4a:ff:f0:d9:f1:c1:d6:46:4a:
                    bb:14:c3:06:9a:7d:f6:70:41:19:ea:88:77:3f:a5:
                    9b:75:7b:a4:c4:40:d7:5c:f2:9f:32:58:04:98:fd:
                    31:fe:d4:1a:43:73:f9:80:2b:fe:44:1f:b1:45:48:
                    85:26:bc:b4:10:6c:49:45:ab:51:be:c5:70:be:90:
                    8e:fb:35:ef:c4:9a:bb:2c:20:6f:97:5d:fd:6a:d6:
                    95:47:f6:df:b6:66:ef:10:89:85:a7:ca:f5:55:04:
                    e4:b2:b4:83:28:7b:ad:72:f9:e2:3e:b8:16:7e:a6:
                    ca:43:4b:d8:99:2d:c2:a7:b6:64:41:78:d0:9b:59:
                    e5:83:fc:f4:d3:d9:43:2d:09:a6:9f:0b:c3:18:27:
                    62:6b:47:98:94:3a:bc:91:43:01:00:38:8b:5f:c1:
                    71:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CB:4E:46:97:EA:81:FE:B2:93:27:7C:DC:13:4B:86:5C:DB:09:D2
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS147173.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.252.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:17:da:ee:48:e7:87:bb:2c:15:fc:6e:17:47:26:dc:21:16:
         e7:ba:01:3f:3f:44:0a:96:14:e8:80:29:47:ab:4a:a9:d7:21:
         ed:e4:e3:50:92:0b:29:7b:3d:66:81:d3:29:cd:e4:86:f5:d0:
         5c:d7:60:d8:26:c2:8c:21:60:a7:28:23:1c:9c:0e:42:6b:66:
         94:70:98:6c:a4:e0:1e:90:ac:99:81:8c:0b:78:81:4e:7f:99:
         2c:7b:cd:57:c9:31:27:4b:8a:1f:f7:55:10:e0:33:3e:76:8c:
         1c:54:3a:f1:ad:1e:16:55:ee:32:6b:9a:b5:28:45:56:da:5f:
         25:00:22:60:56:89:ca:b8:8a:72:4d:15:7f:b9:d5:a2:40:af:
         ea:31:64:8d:35:5c:f4:8a:ca:a2:cc:7f:8c:e6:22:50:d6:4f:
         16:2e:82:31:38:09:78:58:c2:6c:ed:e7:4b:cb:aa:14:c8:fd:
         53:42:10:a9:51:3c:2d:d0:6b:be:af:e7:1b:04:3a:b2:f8:7b:
         dd:88:a6:64:a0:b8:e8:f4:5d:fc:07:69:8f:96:a7:bd:0c:99:
         63:4f:78:b9:77:77:b2:32:e7:d4:a9:a6:a6:93:75:e0:e5:d7:
         78:2c:cc:11:ad:58:8c:77:ba:48:9e:66:1a:c7:0d:94:10:24:
         26:f2:8d:f8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUGYgFA2HfTVlpzEyQBOB8e8ak06EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTc1MVoX
DTI3MDUwMTA5MjI1MVowMzExMC8GA1UEAxMoNjRDQjRFNDY5N0VBODFGRUIyOTMy
NzdDREMxMzRCODY1Q0RCMDlEMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANKxEkL9JkdAfqYDHZrVf53mrDfaUCmwHZGCo/mLmE5yRYOQ+OzMYLQyqR4z
ROR1SJnYMN7whu4YqLAgEH3fjuxWc4PjabpW/UnJk6S4WlTtnmwnFyiZVzPT0jNa
IVYHSv/w2fHB1kZKuxTDBpp99nBBGeqIdz+lm3V7pMRA11zynzJYBJj9Mf7UGkNz
+YAr/kQfsUVIhSa8tBBsSUWrUb7FcL6Qjvs178Sauywgb5dd/WrWlUf237Zm7xCJ
hafK9VUE5LK0gyh7rXL54j64Fn6mykNL2Jktwqe2ZEF40JtZ5YP89NPZQy0Jpp8L
wxgnYmtHmJQ6vJFDAQA4i1/BcfcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRky05G
l+qB/rKTJ3zcE0uGXNsJ0jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTQ3MTczLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBivwsMA0GCSqGSIb3DQEBCwUAA4IBAQAtF9ruSOeHuywV/G4XRybcIRbn
ugE/P0QKlhTogClHq0qp1yHt5ONQkgspez1mgdMpzeSG9dBc12DYJsKMIWCnKCMc
nA5Ca2aUcJhspOAekKyZgYwLeIFOf5kse81XyTEnS4of91UQ4DM+dowcVDrxrR4W
Ve4ya5q1KEVW2l8lACJgVonKuIpyTRV/udWiQK/qMWSNNVz0isqizH+M5iJQ1k8W
LoIxOAl4WMJs7edLy6oUyP1TQhCpUTwt0Gu+r+cbBDqy+HvdiKZkoLjo9F38B2mP
lqe9DJljT3i5d3eyMufUqaamk3Xg5dd4LMwRrViMd7pInmYaxw2UECQm8o34
-----END CERTIFICATE-----