Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS134526.roa
File:                     AS134526.roa (raw, json)
Hash identifier:          lBXKVKKGJ7bSYuOIGmdQFuxphxCW/G2lMX0gurVecgs=
Subject key identifier:   DE:C6:0B:2C:70:CC:7A:5F:6D:88:9E:EC:12:65:D5:46:46:06:CF:20
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5009D888BFB90B6EC8A56B60004AC0C8B43640CC
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS134526.roa
Signing time:             Sat 02 May 2026 09:26:26 +0000
ROA not before:           Sat 02 May 2026 09:21:26 +0000
ROA not after:            Sat 01 May 2027 09:26:26 +0000
asID:                     134526
IP address blocks:        2001:df5:bf40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:09:d8:88:bf:b9:0b:6e:c8:a5:6b:60:00:4a:c0:c8:b4:36:40:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:26 2026 GMT
            Not After : May  1 09:26:26 2027 GMT
        Subject: CN=DEC60B2C70CC7A5F6D889EEC1265D5464606CF20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:df:f1:8f:7f:dc:18:05:3a:bc:db:d9:08:61:
                    f1:7f:41:18:6b:6f:2e:39:d3:26:bf:6f:28:69:5e:
                    2d:6f:ae:98:56:75:db:e5:48:80:2e:26:6a:60:58:
                    ba:6a:d4:48:a0:26:5f:0c:a7:c1:22:c8:aa:65:e1:
                    be:e6:9d:6d:c5:08:8a:af:ac:ef:8f:04:fa:54:da:
                    f2:74:30:69:52:35:2e:c3:af:e1:0e:f6:07:c0:42:
                    67:33:8a:26:80:c8:14:ee:6a:73:7c:d4:bc:c9:6f:
                    7e:7b:b4:fe:b1:dd:f5:d3:63:d4:87:99:d0:98:12:
                    12:1b:85:b4:be:44:cf:8f:63:e5:53:60:d8:e8:fe:
                    9c:a7:fa:c3:b4:2c:dc:d5:94:21:af:d0:44:5e:5c:
                    fb:a8:a1:1c:92:81:ae:d5:15:5f:a9:95:d2:6e:c5:
                    a6:7e:20:9c:fb:09:85:62:b6:de:99:d6:33:ed:f8:
                    d8:8b:bc:72:9b:25:63:3b:e6:e4:0d:c4:29:8c:a9:
                    61:c9:85:da:38:52:2d:aa:7c:41:7d:0a:d8:af:13:
                    df:6a:77:f3:39:9e:4e:46:b3:9d:50:6f:61:24:a9:
                    79:8b:8a:00:32:40:14:f2:70:e0:f4:68:37:a1:1c:
                    20:48:20:4c:65:32:31:49:43:df:53:fd:63:8d:1d:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C6:0B:2C:70:CC:7A:5F:6D:88:9E:EC:12:65:D5:46:46:06:CF:20
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS134526.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:bf40::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:c1:02:de:93:4b:fb:1e:24:2d:0f:bd:e1:a2:be:23:14:e9:
         21:f9:6d:e4:a9:1e:20:1e:ed:63:af:1f:1f:aa:d1:61:50:ea:
         68:93:00:7e:7d:be:85:7a:2e:4f:91:e3:99:0d:ab:c8:69:3a:
         3e:41:c3:6f:53:bc:c6:88:c3:28:4e:88:d0:97:7b:94:42:4e:
         a2:6a:c4:12:63:db:d0:ec:56:d2:bd:4e:24:71:21:9c:4a:ae:
         64:9f:2c:a2:96:7c:b4:f2:e4:f4:59:fe:f5:49:d9:d7:83:56:
         14:5f:50:3f:9f:03:4e:ea:b3:66:0c:51:75:31:18:9d:dc:7b:
         e7:1a:8f:11:f7:71:46:c8:73:9f:4e:2b:d0:1e:c9:a6:ab:44:
         a9:ac:ed:df:5f:01:d9:15:d2:ef:d9:41:eb:ad:a5:b0:59:93:
         99:2f:1e:81:af:8c:bf:f9:fa:41:68:df:61:b7:c5:91:8d:91:
         06:ce:04:8e:09:fb:0e:17:14:59:40:b9:33:0a:20:05:9c:4a:
         34:48:ae:2f:21:f8:c9:fd:d4:d0:f8:70:5f:db:6e:10:45:b8:
         91:85:16:6d:f8:b0:20:b2:42:ad:5e:56:cf:cd:ee:9a:03:33:
         b6:82:cf:f5:44:e6:d5:fe:ea:de:fb:6e:5b:7e:74:56:6c:2c:
         61:48:5b:69
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUUAnYiL+5C27IpWtgAErAyLQ2QMwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEyNloX
DTI3MDUwMTA5MjYyNlowMzExMC8GA1UEAxMoREVDNjBCMkM3MENDN0E1RjZEODg5
RUVDMTI2NUQ1NDY0NjA2Q0YyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3f8Y9/3BgFOrzb2Qhh8X9BGGtvLjnTJr9vKGleLW+umFZ12+VIgC4mamBY
umrUSKAmXwynwSLIqmXhvuadbcUIiq+s748E+lTa8nQwaVI1LsOv4Q72B8BCZzOK
JoDIFO5qc3zUvMlvfnu0/rHd9dNj1IeZ0JgSEhuFtL5Ez49j5VNg2Oj+nKf6w7Qs
3NWUIa/QRF5c+6ihHJKBrtUVX6mV0m7Fpn4gnPsJhWK23pnWM+342Iu8cpslYzvm
5A3EKYypYcmF2jhSLap8QX0K2K8T32p38zmeTkaznVBvYSSpeYuKADJAFPJw4PRo
N6EcIEggTGUyMUlD31P9Y40dum0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTexgss
cMx6X22InuwSZdVGRgbPIDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM0NTI2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9b9AMA0GCSqGSIb3DQEBCwUAA4IBAQAuwQLek0v7HiQtD73hor4j
FOkh+W3kqR4gHu1jrx8fqtFhUOpokwB+fb6Fei5PkeOZDavIaTo+QcNvU7zGiMMo
TojQl3uUQk6iasQSY9vQ7FbSvU4kcSGcSq5knyyilny08uT0Wf71SdnXg1YUX1A/
nwNO6rNmDFF1MRid3HvnGo8R93FGyHOfTivQHsmmq0SprO3fXwHZFdLv2UHrraWw
WZOZLx6Br4y/+fpBaN9ht8WRjZEGzgSOCfsOFxRZQLkzCiAFnEo0SK4vIfjJ/dTQ
+HBf224QRbiRhRZt+LAgskKtXlbPze6aAzO2gs/1RObV/ure+25bfnRWbCxhSFtp
-----END CERTIFICATE-----