Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS134658.roa
File:                     AS134658.roa (raw, json)
Hash identifier:          +5l+GQvKlRtKDAxy85r1Hu/MKZR8dzSqOm7NkqFaJyA=
Subject key identifier:   20:C3:AD:F4:C8:EE:D4:70:A7:B4:27:82:C6:7E:E6:98:9A:A9:17:DD
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5BA8ACB4F87A45BD76D7CB594A505EC3684F6596
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS134658.roa
Signing time:             Sat 02 May 2026 21:24:45 +0000
ROA not before:           Sat 02 May 2026 21:19:45 +0000
ROA not after:            Sat 01 May 2027 21:24:45 +0000
asID:                     134658
IP address blocks:        2001:df1:32c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:a8:ac:b4:f8:7a:45:bd:76:d7:cb:59:4a:50:5e:c3:68:4f:65:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:19:45 2026 GMT
            Not After : May  1 21:24:45 2027 GMT
        Subject: CN=20C3ADF4C8EED470A7B42782C67EE6989AA917DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e0:d6:c6:cb:4d:0a:98:50:af:d5:b0:c6:3b:
                    51:07:b5:c6:28:b5:fd:b2:a1:63:e6:77:6c:66:8d:
                    ab:5f:c2:9d:8c:fb:4b:b9:d7:01:1d:0e:71:95:e8:
                    55:43:9e:88:0f:76:f9:be:c5:f7:60:23:a5:f8:58:
                    35:e7:76:5c:85:50:08:2f:02:f8:4f:fb:1a:f3:f2:
                    d4:1e:9e:9e:9a:3a:f1:4f:ad:f4:dd:58:d2:8c:44:
                    29:d1:c2:1e:c2:c9:e1:ad:43:84:d9:c0:ed:25:23:
                    45:58:50:db:2c:cb:d4:5c:82:7c:30:cd:5c:80:32:
                    0c:52:1f:05:38:28:da:dc:88:4f:d1:f7:33:68:de:
                    0a:e3:c5:cf:74:68:87:64:cc:c1:2b:c7:41:92:e8:
                    f2:bd:b6:54:22:65:2a:34:c5:74:af:9e:a4:f1:70:
                    53:c9:45:7a:f6:ab:bb:8d:65:9a:a5:94:90:37:3d:
                    22:29:1e:d0:dd:1a:2f:64:de:b6:a7:f4:22:1a:8d:
                    a3:b8:fa:2f:4c:e3:97:34:76:87:9b:dd:89:50:5b:
                    63:52:b2:90:e5:d2:15:e8:60:b8:c4:3d:6a:d1:92:
                    30:e0:bb:e1:cd:22:91:b2:3b:eb:58:99:29:ec:82:
                    86:0b:c3:53:ee:31:f8:cb:cf:33:98:10:bc:50:a9:
                    7e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C3:AD:F4:C8:EE:D4:70:A7:B4:27:82:C6:7E:E6:98:9A:A9:17:DD
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS134658.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:32c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:4b:02:73:79:c7:f9:96:96:fa:a6:04:88:33:10:99:da:0e:
         3d:62:c6:c4:d2:05:a8:ae:46:92:4d:c7:44:1e:ad:8e:78:5b:
         dd:ed:a9:66:24:21:82:8a:da:6b:bd:66:ee:35:a9:c1:2d:64:
         34:df:d3:da:b0:06:04:16:ab:35:a3:0c:25:56:ce:5c:8b:9d:
         04:da:36:49:f3:b0:87:3b:d1:8b:31:10:d1:77:84:a9:29:a2:
         be:bd:01:64:c1:fb:1a:77:c4:86:3f:c8:ae:37:9f:05:84:45:
         3a:84:d2:f3:6d:64:fe:0f:d2:c2:4b:3f:75:e6:db:f3:8b:76:
         18:d9:b2:9a:ee:f8:cb:ff:85:40:e9:de:37:96:b2:64:68:ab:
         54:9e:6c:4c:cb:85:66:ea:01:71:e7:9c:c2:02:50:aa:28:4a:
         26:2b:a0:6a:e2:b5:97:ad:25:db:0d:09:a4:29:08:4c:05:55:
         1c:34:9b:46:ec:4a:eb:2e:a4:94:2e:e6:23:6d:86:fb:ad:07:
         05:fa:e2:d3:66:a0:4a:2b:31:c8:aa:4b:3d:c8:44:5c:fc:90:
         d9:39:b3:0f:e9:ea:42:6a:dd:f8:45:34:0b:6e:46:93:28:34:
         f5:28:8a:42:68:62:8d:0f:1a:f2:35:57:0a:29:8e:bc:2e:71:
         3f:82:46:33
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUW6istPh6Rb1218tZSlBew2hPZZYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTk0NVoX
DTI3MDUwMTIxMjQ0NVowMzExMC8GA1UEAxMoMjBDM0FERjRDOEVFRDQ3MEE3QjQy
NzgyQzY3RUU2OTg5QUE5MTdERDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/g1sbLTQqYUK/VsMY7UQe1xii1/bKhY+Z3bGaNq1/CnYz7S7nXAR0OcZXo
VUOeiA92+b7F92AjpfhYNed2XIVQCC8C+E/7GvPy1B6enpo68U+t9N1Y0oxEKdHC
HsLJ4a1DhNnA7SUjRVhQ2yzL1FyCfDDNXIAyDFIfBTgo2tyIT9H3M2jeCuPFz3Ro
h2TMwSvHQZLo8r22VCJlKjTFdK+epPFwU8lFevaru41lmqWUkDc9Iike0N0aL2Te
tqf0IhqNo7j6L0zjlzR2h5vdiVBbY1KykOXSFehguMQ9atGSMOC74c0ikbI761iZ
KeyChgvDU+4x+MvPM5gQvFCpft8CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQgw630
yO7UcKe0J4LGfuaYmqkX3TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM0NjU4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8TLAMA0GCSqGSIb3DQEBCwUAA4IBAQAmSwJzecf5lpb6pgSIMxCZ
2g49YsbE0gWorkaSTcdEHq2OeFvd7almJCGCitprvWbuNanBLWQ039PasAYEFqs1
owwlVs5ci50E2jZJ87CHO9GLMRDRd4SpKaK+vQFkwfsad8SGP8iuN58FhEU6hNLz
bWT+D9LCSz915tvzi3YY2bKa7vjL/4VA6d43lrJkaKtUnmxMy4Vm6gFx55zCAlCq
KEomK6Bq4rWXrSXbDQmkKQhMBVUcNJtG7ErrLqSULuYjbYb7rQcF+uLTZqBKKzHI
qks9yERc/JDZObMP6epCat34RTQLbkaTKDT1KIpCaGKNDxryNVcKKY68LnE/gkYz
-----END CERTIFICATE-----