Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS45700.roa
File:                     AS45700.roa (raw, json)
Hash identifier:          atUFFrUBZzEN82gP7zfwahaz3qo0UQHnEt3E8JgE9yg=
Subject key identifier:   CC:B2:09:8B:B2:5F:83:AF:71:A0:D3:85:05:C3:69:59:38:CC:00:82
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       595F41CD1F93AADC094F057A6A37C9C281A9EDDF
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS45700.roa
Signing time:             Sat 02 May 2026 09:24:21 +0000
ROA not before:           Sat 02 May 2026 09:19:21 +0000
ROA not after:            Sat 01 May 2027 09:24:21 +0000
asID:                     45700
IP address blocks:        161.248.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 May 2026 20:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:5f:41:cd:1f:93:aa:dc:09:4f:05:7a:6a:37:c9:c2:81:a9:ed:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 09:19:21 2026 GMT
            Not After : May  1 09:24:21 2027 GMT
        Subject: CN=CCB2098BB25F83AF71A0D38505C3695938CC0082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:18:b4:bc:db:f7:b7:52:e0:58:28:73:d8:2b:
                    05:de:43:d6:47:1b:1e:b0:a5:23:24:11:9e:ea:6e:
                    9e:a3:a9:c2:cb:41:6e:9a:47:60:ba:3f:b8:68:c2:
                    04:56:fb:d1:fb:d0:99:fa:ca:d2:9a:a3:16:e5:47:
                    ec:1b:8c:96:f1:1a:44:24:09:64:f1:58:4c:a2:26:
                    7f:e7:2a:13:b8:b2:e5:4d:ff:66:f7:5b:56:89:9f:
                    ad:26:70:0e:b8:35:c1:a8:0e:a7:87:fe:24:f2:96:
                    ba:ab:15:cb:05:44:8b:28:13:04:b3:44:70:01:e8:
                    28:f7:25:33:f6:0f:0d:59:42:d9:3f:13:97:6c:72:
                    a4:cf:5b:bf:b4:05:d7:e1:38:84:f8:34:ad:87:88:
                    3e:02:59:44:0a:f0:4c:db:1b:8f:2f:2c:6b:34:bb:
                    b4:dc:54:ef:9c:26:dc:10:ce:cc:c0:f8:92:e7:a7:
                    6e:03:d3:07:cb:9e:60:ac:fc:f9:31:ba:af:46:9b:
                    ba:fa:22:67:77:05:1d:29:bc:70:2f:43:1a:14:6b:
                    97:b0:af:2b:04:ee:5e:15:9c:92:24:da:ac:86:2e:
                    6e:33:b6:4f:46:43:72:13:7e:ea:c0:fb:e1:65:31:
                    26:d5:7c:58:d9:d9:ef:4b:5f:f0:bb:d1:9e:37:cd:
                    36:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B2:09:8B:B2:5F:83:AF:71:A0:D3:85:05:C3:69:59:38:CC:00:82
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS45700.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:d4:44:0a:26:e5:41:be:cb:8a:d2:e6:0b:57:57:d4:8d:11:
         60:3d:66:36:8a:7c:d6:a7:6b:4c:1b:7a:43:1e:d3:ec:db:00:
         bf:ae:b3:02:17:c5:4a:92:31:42:88:59:ac:77:bb:c7:38:ce:
         4a:45:da:5f:6c:59:40:25:b7:fc:30:bf:e8:bd:25:88:e3:ee:
         4f:34:ba:47:e2:39:9e:4b:05:d9:63:b3:66:d7:db:d8:0c:43:
         e1:90:3a:9d:91:52:d3:71:cc:34:30:5a:eb:84:16:76:6f:bf:
         57:57:d4:91:d0:df:bb:5b:a8:a1:7a:bd:e9:e8:ad:db:01:d1:
         8a:13:cf:04:1e:cf:fd:18:f7:92:45:3a:75:68:40:c9:6f:03:
         8f:ee:e8:14:3e:e7:d7:6f:7a:12:f5:96:09:d3:26:6b:4f:9e:
         e3:59:46:d2:e3:af:28:47:d9:93:fd:d4:e4:02:4d:48:9b:24:
         67:88:6b:cc:dd:57:c2:24:e8:64:01:93:57:aa:69:12:e5:db:
         79:34:13:3f:37:18:9c:c9:31:50:f1:9d:a1:5f:a3:2c:d3:6d:
         2f:0f:d5:c6:6e:e0:64:c0:91:a5:66:88:8b:64:a9:48:a1:af:
         2d:27:26:2d:29:4c:fd:e3:fa:9f:38:65:c5:9a:96:4c:7e:71:
         73:ea:c2:e8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUWV9BzR+TqtwJTwV6ajfJwoGp7d8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjA5MTkyMVoX
DTI3MDUwMTA5MjQyMVowMzExMC8GA1UEAxMoQ0NCMjA5OEJCMjVGODNBRjcxQTBE
Mzg1MDVDMzY5NTkzOENDMDA4MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8YtLzb97dS4Fgoc9grBd5D1kcbHrClIyQRnupunqOpwstBbppHYLo/uGjC
BFb70fvQmfrK0pqjFuVH7BuMlvEaRCQJZPFYTKImf+cqE7iy5U3/ZvdbVomfrSZw
Drg1wagOp4f+JPKWuqsVywVEiygTBLNEcAHoKPclM/YPDVlC2T8Tl2xypM9bv7QF
1+E4hPg0rYeIPgJZRArwTNsbjy8sazS7tNxU75wm3BDOzMD4kuenbgPTB8ueYKz8
+TG6r0abuvoiZ3cFHSm8cC9DGhRrl7CvKwTuXhWckiTarIYubjO2T0ZDchN+6sD7
4WUxJtV8WNnZ70tf8LvRnjfNNusCAwEAAaOCAcswggHHMB0GA1UdDgQWBBTMsgmL
sl+Dr3Gg04UFw2lZOMwAgjAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTNDU3MDAucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGh+AwwDQYJKoZIhvcNAQELBQADggEBAAHURAom5UG+y4rS5gtXV9SNEWA9
ZjaKfNana0wbekMe0+zbAL+uswIXxUqSMUKIWax3u8c4zkpF2l9sWUAlt/wwv+i9
JYjj7k80ukfiOZ5LBdljs2bX29gMQ+GQOp2RUtNxzDQwWuuEFnZvv1dX1JHQ37tb
qKF6venordsB0YoTzwQez/0Y95JFOnVoQMlvA4/u6BQ+59dvehL1lgnTJmtPnuNZ
RtLjryhH2ZP91OQCTUibJGeIa8zdV8Ik6GQBk1eqaRLl23k0Ez83GJzJMVDxnaFf
oyzTbS8P1cZu4GTAkaVmiItkqUihry0nJi0pTP3j+p84ZcWalkx+cXPqwug=
-----END CERTIFICATE-----