Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS132651.roa
File:                     AS132651.roa (raw, json)
Hash identifier:          1Ft3S6YWrTZEQ/Gh33oLrXqRFh+3XtRh587vdjq6JKc=
Subject key identifier:   FA:89:23:5F:4C:71:C1:8B:0D:14:6D:90:6C:82:BB:3C:EB:CF:25:64
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       467E7A707EE8C026074C6A3AA0DECBABE899FA1C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS132651.roa
Signing time:             Sat 02 May 2026 18:40:05 +0000
ROA not before:           Sat 02 May 2026 18:35:05 +0000
ROA not after:            Sat 01 May 2027 18:40:05 +0000
asID:                     132651
IP address blocks:        175.184.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:7e:7a:70:7e:e8:c0:26:07:4c:6a:3a:a0:de:cb:ab:e8:99:fa:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 18:35:05 2026 GMT
            Not After : May  1 18:40:05 2027 GMT
        Subject: CN=FA89235F4C71C18B0D146D906C82BB3CEBCF2564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:9c:c9:a4:e5:22:02:91:96:90:c2:2d:67:
                    a7:b2:bd:a0:6a:b9:a6:86:40:ce:5b:8f:27:5b:b6:
                    31:58:d3:6b:0b:51:73:3f:db:17:f3:a4:0e:92:25:
                    c2:de:0f:a1:3b:53:51:27:56:05:0f:03:29:96:37:
                    c0:6e:8f:d3:7c:f6:19:b6:d9:c3:36:f7:a8:75:e6:
                    2a:49:27:dd:ac:92:21:5d:ab:58:33:90:c4:b1:21:
                    31:61:d7:77:84:1a:f5:40:b1:4e:34:e4:a5:c3:a2:
                    d6:44:8a:07:1b:4b:56:08:b0:1c:10:6d:35:c4:40:
                    3a:3f:c9:95:68:e0:d3:94:c0:58:02:1d:ef:4d:e3:
                    15:b8:14:42:d4:70:5c:6f:82:96:b3:4b:e6:97:fe:
                    dc:1e:cd:5a:b7:ee:c8:e7:de:57:72:0e:67:cc:f5:
                    60:6c:8b:e9:b2:f7:5e:1c:23:c9:a7:57:ba:be:f7:
                    69:ca:48:7d:e2:c1:68:5d:3a:e2:05:c8:be:30:c9:
                    95:26:72:d4:98:09:2b:f6:2a:71:c9:62:b2:48:11:
                    96:45:e8:9b:2c:bf:48:20:66:a6:fb:f0:f0:58:27:
                    b6:d2:8e:28:6d:88:0e:fc:49:1e:96:1c:99:12:5e:
                    27:af:37:18:ba:92:bd:24:c1:34:a1:19:a7:b0:9b:
                    d7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:89:23:5F:4C:71:C1:8B:0D:14:6D:90:6C:82:BB:3C:EB:CF:25:64
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS132651.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.184.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:36:70:3e:40:d3:f7:60:e3:93:77:66:00:ac:75:b0:03:d3:
         e3:93:ca:4d:2b:f6:cd:f1:25:74:14:63:ed:75:6e:ce:6f:95:
         06:0d:e2:ee:45:89:9f:a5:3a:6d:24:dd:07:2e:21:91:78:24:
         fa:7a:cb:2f:da:0e:45:31:9a:3c:a9:e2:3b:c7:44:21:ce:e5:
         15:55:ef:fb:da:0c:8c:e8:3a:89:7d:fe:05:a1:5c:8c:67:2e:
         e7:a7:6a:c1:85:09:db:69:d7:54:2f:71:2f:46:b1:cd:e7:e7:
         b7:98:be:5c:70:c4:02:00:a6:c3:39:9d:6f:dd:84:44:b2:8a:
         ad:73:28:29:e3:42:2a:5d:80:fb:44:0c:1b:91:15:85:8c:29:
         ed:d7:2b:0a:56:99:4c:07:d5:13:2f:46:36:13:9b:de:4b:40:
         25:b1:d0:d0:2c:e1:fe:a3:5c:a3:7f:ef:96:df:fa:91:ec:d3:
         89:da:9a:e5:3f:1e:d2:0c:6b:a1:16:ca:73:6b:32:b2:8e:2f:
         64:64:8f:df:b6:52:33:72:58:16:cc:6a:a6:0c:18:48:33:ee:
         be:b3:cd:ed:43:57:de:3b:cd:44:8a:4c:67:04:65:6d:6b:4d:
         ee:e9:99:8a:bc:fb:a1:75:65:25:d2:d9:0c:97:e4:13:a5:c8:
         a2:5b:28:12
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIURn56cH7owCYHTGo6oN7Lq+iZ+hwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjE4MzUwNVoX
DTI3MDUwMTE4NDAwNVowMzExMC8GA1UEAxMoRkE4OTIzNUY0QzcxQzE4QjBEMTQ2
RDkwNkM4MkJCM0NFQkNGMjU2NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqHnMmk5SICkZaQwi1np7K9oGq5poZAzluPJ1u2MVjTawtRcz/bF/OkDpIl
wt4PoTtTUSdWBQ8DKZY3wG6P03z2GbbZwzb3qHXmKkkn3aySIV2rWDOQxLEhMWHX
d4Qa9UCxTjTkpcOi1kSKBxtLVgiwHBBtNcRAOj/JlWjg05TAWAId703jFbgUQtRw
XG+ClrNL5pf+3B7NWrfuyOfeV3IOZ8z1YGyL6bL3XhwjyadXur73acpIfeLBaF06
4gXIvjDJlSZy1JgJK/YqccliskgRlkXomyy/SCBmpvvw8FgnttKOKG2IDvxJHpYc
mRJeJ683GLqSvSTBNKEZp7Cb1/0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT6iSNf
THHBiw0UbZBsgrs8688lZDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTMyNjUxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQCr7jsMA0GCSqGSIb3DQEBCwUAA4IBAQB1NnA+QNP3YOOTd2YArHWwA9Pj
k8pNK/bN8SV0FGPtdW7Ob5UGDeLuRYmfpTptJN0HLiGReCT6essv2g5FMZo8qeI7
x0QhzuUVVe/72gyM6DqJff4FoVyMZy7np2rBhQnbaddUL3EvRrHN5+e3mL5ccMQC
AKbDOZ1v3YREsoqtcygp40IqXYD7RAwbkRWFjCnt1ysKVplMB9UTL0Y2E5veS0Al
sdDQLOH+o1yjf++W3/qR7NOJ2prlPx7SDGuhFspzazKyji9kZI/ftlIzclgWzGqm
DBhIM+6+s83tQ1feO81EikxnBGVta03u6ZmKvPuhdWUl0tkMl+QTpciiWygS
-----END CERTIFICATE-----