Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS133826.roa
File:                     AS133826.roa (raw, json)
Hash identifier:          o8S4hnoezaNLh8R8uhcbSfKS613FH5v/LkZQn+ECWKE=
Subject key identifier:   71:D5:1E:8A:6F:B4:71:90:D1:04:92:B5:56:49:6D:79:97:F3:EC:72
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       247ED3190BDEBF821A7E500D225E9DE836C9484F
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS133826.roa
Signing time:             Sat 02 May 2026 09:21:48 +0000
ROA not before:           Sat 02 May 2026 09:16:48 +0000
ROA not after:            Sat 01 May 2027 09:21:48 +0000
asID:                     133826
IP address blocks:        103.56.188.0/24 maxlen: 24
                          103.56.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:7e:d3:19:0b:de:bf:82:1a:7e:50:0d:22:5e:9d:e8:36:c9:48:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:48 2026 GMT
            Not After : May  1 09:21:48 2027 GMT
        Subject: CN=71D51E8A6FB47190D10492B556496D7997F3EC72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:27:27:94:e3:b9:d6:ae:e9:92:a6:28:cb:ab:
                    9a:ed:08:73:73:fd:1b:35:d1:3c:81:96:d0:f0:ec:
                    03:4d:b8:0e:38:44:f8:1a:c6:c9:91:6c:20:cb:a2:
                    fa:4a:4c:72:de:3f:57:a1:b5:48:b8:2c:9f:4e:24:
                    b0:7c:ec:a2:86:ac:7e:ce:33:c4:4c:57:95:b4:77:
                    57:1e:a6:4e:da:a7:b6:b0:a9:f9:5c:99:85:53:df:
                    4c:32:24:54:46:b5:4a:fb:ed:3c:7e:35:61:e1:22:
                    86:ed:d9:46:1a:3c:d8:67:21:7b:2f:c3:b8:82:96:
                    c5:58:9d:ff:38:2e:c9:ad:69:e9:98:dd:9e:25:af:
                    64:34:f6:9e:71:37:b5:ab:6f:37:1b:aa:f7:6f:42:
                    6a:ab:8c:75:77:53:26:2b:90:80:fb:db:f8:78:6c:
                    68:e1:00:e3:bb:1f:a0:81:bb:bd:9d:b6:9f:f1:bf:
                    9b:df:f6:ae:6f:c8:94:d5:06:b6:c4:4c:e0:a0:44:
                    15:69:fb:62:dc:5e:5e:6d:ec:a8:9f:44:9f:2b:34:
                    f7:d3:7b:ef:e7:c0:7a:81:fe:03:04:0a:da:4a:2b:
                    e6:5e:46:0a:16:80:69:39:7c:9a:d4:4e:11:6b:90:
                    1e:c4:1e:a4:ea:48:ba:14:ee:2b:33:10:62:8f:4c:
                    2b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D5:1E:8A:6F:B4:71:90:D1:04:92:B5:56:49:6D:79:97:F3:EC:72
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS133826.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.56.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:29:2b:18:a1:a4:03:a9:2b:fa:38:b9:c1:9f:f4:11:a0:22:
         54:dd:50:4d:82:52:7c:d8:a3:5b:9e:4c:b7:81:6e:b4:62:ec:
         de:8e:96:5b:7f:43:6c:cc:29:93:b1:d4:e2:f6:42:e1:f1:b6:
         7b:f1:d5:f4:f5:0b:c8:48:4c:cd:01:03:8a:3e:d2:99:35:de:
         12:55:8a:e3:df:7c:1e:88:e2:e1:6d:cf:cf:47:b2:8c:08:4e:
         bd:4b:d9:57:0b:07:57:c7:66:14:6a:37:52:a1:14:ba:af:88:
         f9:de:09:29:b8:e4:d7:15:df:bf:ce:5c:06:09:aa:06:12:1b:
         f0:84:05:70:7d:28:48:f6:09:79:15:2f:e9:79:99:14:7b:d3:
         7a:b8:33:bd:02:18:57:8d:b5:3d:97:7a:b4:e0:62:57:9c:18:
         c2:66:d9:93:96:5a:f0:47:d7:21:9c:e4:d8:94:91:3e:0c:5d:
         49:8c:16:04:6f:11:1a:56:93:8d:c8:55:76:9b:02:e6:26:c6:
         df:56:2a:46:1a:a7:df:47:ae:79:1c:fd:96:df:bb:47:83:93:
         bd:f9:cf:f9:97:ec:cf:58:dd:12:1f:ff:13:7a:0a:f9:a5:e7:
         c5:dc:bb:19:be:5f:05:46:5a:fa:17:14:af:af:ad:38:33:68:
         60:e9:a3:da
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJH7TGQvev4IaflANIl6d6DbJSE8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTY0OFoX
DTI3MDUwMTA5MjE0OFowMzExMC8GA1UEAxMoNzFENTFFOEE2RkI0NzE5MEQxMDQ5
MkI1NTY0OTZENzk5N0YzRUM3MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwnJ5Tjudau6ZKmKMurmu0Ic3P9GzXRPIGW0PDsA024DjhE+BrGyZFsIMui
+kpMct4/V6G1SLgsn04ksHzsooasfs4zxExXlbR3Vx6mTtqntrCp+VyZhVPfTDIk
VEa1SvvtPH41YeEihu3ZRho82Gchey/DuIKWxVid/zguya1p6ZjdniWvZDT2nnE3
tatvNxuq929CaquMdXdTJiuQgPvb+HhsaOEA47sfoIG7vZ22n/G/m9/2rm/IlNUG
tsRM4KBEFWn7YtxeXm3sqJ9Enys099N77+fAeoH+AwQK2kor5l5GChaAaTl8mtRO
EWuQHsQepOpIuhTuKzMQYo9MK3ECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRx1R6K
b7RxkNEEkrVWSW15l/PscjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTMzODI2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZzi8MA0GCSqGSIb3DQEBCwUAA4IBAQBHKSsYoaQDqSv6OLnBn/QRoCJU
3VBNglJ82KNbnky3gW60YuzejpZbf0NszCmTsdTi9kLh8bZ78dX09QvISEzNAQOK
PtKZNd4SVYrj33weiOLhbc/PR7KMCE69S9lXCwdXx2YUajdSoRS6r4j53gkpuOTX
Fd+/zlwGCaoGEhvwhAVwfShI9gl5FS/peZkUe9N6uDO9AhhXjbU9l3q04GJXnBjC
ZtmTllrwR9chnOTYlJE+DF1JjBYEbxEaVpONyFV2mwLmJsbfVipGGqffR655HP2W
37tHg5O9+c/5l+zPWN0SH/8Tegr5pefF3LsZvl8FRlr6FxSvr604M2hg6aPa
-----END CERTIFICATE-----