Route Origin Authorization
$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS24203.roa
File: AS24203.roa (raw, json)
Hash identifier: Bs0bzxuDh66y+NXMRYsV3NKKvvdwmYKV7/J2NwYbEpU=
Subject key identifier: F9:1C:1B:E2:C9:11:40:CF:70:9F:1E:05:54:47:E9:E8:44:CE:95:FA
Certificate issuer: /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial: 6A9D8979605328D4325C6837000046A116C69795
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access: rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS24203.roa
Signing time: Sat 02 May 2026 09:23:49 +0000
ROA not before: Sat 02 May 2026 09:18:49 +0000
ROA not after: Sat 01 May 2027 09:23:49 +0000
asID: 24203
IP address blocks: 157.85.192.0/19 maxlen: 19
157.85.192.0/24 maxlen: 24
157.85.193.0/24 maxlen: 24
157.85.194.0/24 maxlen: 24
157.85.195.0/24 maxlen: 24
157.85.196.0/24 maxlen: 24
157.85.199.0/24 maxlen: 24
157.85.200.0/24 maxlen: 24
157.85.201.0/24 maxlen: 24
157.85.202.0/24 maxlen: 24
157.85.203.0/24 maxlen: 24
157.85.204.0/24 maxlen: 24
157.85.205.0/24 maxlen: 24
157.85.210.0/24 maxlen: 24
157.85.214.0/24 maxlen: 24
157.85.215.0/24 maxlen: 24
157.85.216.0/24 maxlen: 24
157.85.217.0/24 maxlen: 24
157.85.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 03 May 2026 20:26:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:9d:89:79:60:53:28:d4:32:5c:68:37:00:00:46:a1:16:c6:97:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Validity
Not Before: May 2 09:18:49 2026 GMT
Not After : May 1 09:23:49 2027 GMT
Subject: CN=F91C1BE2C91140CF709F1E055447E9E844CE95FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b0:b3:53:d1:47:ca:46:72:9f:45:d0:78:ba:
15:53:bf:27:6c:50:78:03:60:6f:13:8f:0a:d4:e2:
7e:c6:c2:c5:29:f5:9b:1e:f7:31:13:3b:33:57:65:
7e:02:18:37:dc:d9:91:c3:a7:87:b0:df:6b:b8:8d:
15:f8:00:1e:be:e0:df:e2:52:ef:4e:51:40:70:24:
2b:bd:36:c5:3e:b0:e2:06:d3:fa:0a:0c:71:fd:1c:
a5:02:41:54:d2:27:e0:dc:0e:05:37:fa:de:4e:df:
c9:1c:5d:cf:a6:b7:7c:a6:a7:14:08:66:04:2d:8e:
ce:ee:ee:c7:b5:9d:94:33:97:ca:d5:6c:8f:4b:7e:
1a:6b:54:2f:95:db:db:cf:73:6d:8b:44:2e:d7:be:
19:0b:5d:c2:ca:17:e1:c1:a5:01:91:df:0a:11:dc:
cd:90:63:58:8f:25:c8:41:72:08:c8:b0:aa:d4:1f:
87:38:3a:46:36:fb:c5:2f:d2:8c:ed:2f:1f:07:51:
61:03:c3:0b:67:04:d5:03:1d:4e:eb:4a:6c:39:e0:
72:46:d4:11:32:62:14:7a:a7:71:97:4e:1f:69:23:
81:ce:f0:30:bd:b8:1c:9d:58:d3:aa:27:3a:c8:cb:
53:bb:7b:00:fa:78:82:ad:67:ab:c7:d5:f5:14:33:
37:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:1C:1B:E2:C9:11:40:CF:70:9F:1E:05:54:47:E9:E8:44:CE:95:FA
X509v3 Authority Key Identifier:
keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS24203.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
157.85.192.0/19
Signature Algorithm: sha256WithRSAEncryption
a5:f2:ff:4d:95:f8:7f:77:8b:35:67:81:a8:c1:a5:c0:a7:f8:
f5:8d:0f:59:ae:b5:1e:32:39:c1:52:67:9d:4b:e6:0a:90:1c:
cf:61:b1:8e:42:7e:0b:ff:95:c7:65:92:24:0f:d1:35:70:0b:
a2:03:20:25:02:71:b1:1d:b2:0d:81:c6:b9:9f:96:6b:22:eb:
f3:ed:df:5e:5c:64:56:2c:ec:09:88:49:b9:38:fe:61:bf:d7:
2a:f3:3a:17:11:db:1c:48:61:5e:64:26:14:7d:ed:5c:44:33:
d8:de:9c:46:7b:10:75:9a:5b:18:67:16:d1:e7:3f:35:55:67:
3f:a7:5c:c8:bd:0c:c5:10:57:e7:7c:9b:d1:3f:98:18:b9:64:
6f:a0:22:9f:01:eb:7b:b3:e3:9a:28:5c:53:6d:9e:80:09:b0:
71:dc:9f:1e:ad:0c:d2:e0:a4:5f:a3:8f:8b:e7:26:85:28:d4:
3d:6e:69:b1:f4:0d:1d:f0:b1:bf:ed:0b:0a:97:d5:c7:73:b8:
d2:d3:1b:18:7d:08:79:55:bf:06:a9:ac:2c:b6:19:15:44:24:
0c:51:09:3a:3a:81:e9:c6:d1:93:b1:9a:af:17:af:96:b3:e3:
19:ca:59:0a:f8:b1:72:69:57:bc:ec:6b:4d:b5:14:b9:8c:d1:
cc:1f:95:15
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUap2JeWBTKNQyXGg3AABGoRbGl5UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTg0OVoX
DTI3MDUwMTA5MjM0OVowMzExMC8GA1UEAxMoRjkxQzFCRTJDOTExNDBDRjcwOUYx
RTA1NTQ0N0U5RTg0NENFOTVGQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGws1PRR8pGcp9F0Hi6FVO/J2xQeANgbxOPCtTifsbCxSn1mx73MRM7M1dl
fgIYN9zZkcOnh7Dfa7iNFfgAHr7g3+JS705RQHAkK702xT6w4gbT+goMcf0cpQJB
VNIn4NwOBTf63k7fyRxdz6a3fKanFAhmBC2Ozu7ux7WdlDOXytVsj0t+GmtUL5Xb
289zbYtELte+GQtdwsoX4cGlAZHfChHczZBjWI8lyEFyCMiwqtQfhzg6Rjb7xS/S
jO0vHwdRYQPDC2cE1QMdTutKbDngckbUETJiFHqncZdOH2kjgc7wML24HJ1Y06on
OsjLU7t7APp4gq1nq8fV9RQzN7cCAwEAAaOCAcswggHHMB0GA1UdDgQWBBT5HBvi
yRFAz3CfHgVUR+noRM6V+jAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMjQyMDMucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWdVcAwDQYJKoZIhvcNAQELBQADggEBAKXy/02V+H93izVngajBpcCn+PWN
D1mutR4yOcFSZ51L5gqQHM9hsY5Cfgv/lcdlkiQP0TVwC6IDICUCcbEdsg2Bxrmf
lmsi6/Pt315cZFYs7AmISbk4/mG/1yrzOhcR2xxIYV5kJhR97VxEM9jenEZ7EHWa
WxhnFtHnPzVVZz+nXMi9DMUQV+d8m9E/mBi5ZG+gIp8B63uz45ooXFNtnoAJsHHc
nx6tDNLgpF+jj4vnJoUo1D1uabH0DR3wsb/tCwqX1cdzuNLTGxh9CHlVvwaprCy2
GRVEJAxRCTo6genG0ZOxmq8Xr5az4xnKWQr4sXJpV7zsa021FLmM0cwflRU=
-----END CERTIFICATE-----
Generated at Sat May 2 21:04:48 2026 by rpki-client