Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS135438.roa
File:                     AS135438.roa (raw, json)
Hash identifier:          S1QAYaXjRq0HY5MVRSClIn5+h3CWfppJ1+HaqKYqkNs=
Subject key identifier:   1B:10:CA:4F:2B:18:2B:E6:3D:75:1A:C3:AA:05:A7:0A:97:4B:51:AE
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       745A5E46AD208AF80CD161B80DE4CEA16C0BB606
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135438.roa
Signing time:             Sat 02 May 2026 09:26:17 +0000
ROA not before:           Sat 02 May 2026 09:21:17 +0000
ROA not after:            Sat 01 May 2027 09:26:17 +0000
asID:                     135438
IP address blocks:        2001:df5:dcc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:5a:5e:46:ad:20:8a:f8:0c:d1:61:b8:0d:e4:ce:a1:6c:0b:b6:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:17 2026 GMT
            Not After : May  1 09:26:17 2027 GMT
        Subject: CN=1B10CA4F2B182BE63D751AC3AA05A70A974B51AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:87:b5:be:e1:fe:3c:da:50:b0:34:9b:1b:7e:
                    7a:be:90:d3:ac:7c:2f:50:81:f9:f2:49:b7:a4:6e:
                    56:13:ba:50:4d:8c:4a:7b:8e:b7:d5:9f:3d:78:01:
                    43:da:b1:25:8b:a7:88:1e:6a:0a:86:30:b3:79:8f:
                    c9:23:e7:20:17:5b:b6:a4:8f:5d:34:41:34:d8:ea:
                    3a:6a:aa:37:69:dc:86:5e:7c:4d:26:a5:cf:73:09:
                    96:7f:30:ac:af:ed:48:fb:94:fa:f4:9c:5d:48:3a:
                    f8:d1:7d:ef:58:4e:48:4b:49:b6:e6:e8:85:6c:21:
                    29:30:94:79:ff:a5:1b:ae:01:07:7d:81:4b:fa:8f:
                    26:68:cf:e8:6c:5c:cf:4d:81:1c:d9:18:c9:87:62:
                    f2:ef:ed:18:03:23:50:9a:3c:77:3b:73:01:0c:08:
                    6a:2d:4c:59:94:c9:62:d5:50:a6:83:0a:63:c9:4d:
                    2f:3c:bd:a6:b0:96:52:e8:f0:12:b7:c1:b2:3a:c0:
                    bb:2d:39:7e:15:12:e8:f3:1a:58:96:80:8b:e1:51:
                    9a:17:e3:8a:a3:98:23:dc:41:4b:78:07:39:f9:6e:
                    f8:84:ff:51:36:88:70:55:c2:05:5a:fd:bf:99:ae:
                    34:ae:65:19:06:9f:19:38:79:20:8d:66:db:86:69:
                    63:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:10:CA:4F:2B:18:2B:E6:3D:75:1A:C3:AA:05:A7:0A:97:4B:51:AE
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df5:dcc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:56:af:8d:5a:ca:9a:d5:e0:3d:7d:8a:dc:7d:a3:be:bd:eb:
         8c:ec:58:63:2d:7d:90:42:59:c1:35:d4:8a:23:8b:fd:e2:87:
         b1:fc:ef:97:54:c5:30:42:0b:d0:de:62:87:24:6f:a1:24:f3:
         e6:ef:22:f7:11:e0:3a:ad:33:16:00:6e:1d:2b:d3:b2:4b:62:
         6a:da:ec:dd:f7:b6:7c:47:fb:cd:4c:b3:06:f9:27:61:ca:fc:
         99:ad:2c:11:02:37:d4:d2:10:1c:1f:0b:b6:fe:c6:2b:01:1a:
         c5:ec:87:b1:6b:de:2f:d4:60:78:4a:51:ce:91:aa:fe:e5:8d:
         6d:f0:d3:5b:66:6b:78:5e:61:e4:3a:73:05:67:00:c1:43:4c:
         8e:82:79:35:be:ee:32:3a:aa:8c:84:87:16:c6:c4:3f:69:df:
         50:b4:1b:ba:f7:8e:75:4a:ac:d0:a0:80:21:a7:e8:4d:03:01:
         b5:4c:eb:02:b3:6f:98:30:b0:dd:a0:85:aa:43:69:6b:64:23:
         41:72:14:ab:87:f9:8c:05:3a:e3:ee:2b:ba:db:2c:00:14:16:
         a6:9a:54:8a:e7:f1:ff:32:26:3a:ca:f7:cc:c3:d3:93:98:8b:
         92:d9:2a:90:d7:8d:c0:31:30:c5:2b:2b:4a:b7:8b:93:21:28:
         3d:8a:9d:2c
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUdFpeRq0givgM0WG4DeTOoWwLtgYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjExN1oX
DTI3MDUwMTA5MjYxN1owMzExMC8GA1UEAxMoMUIxMENBNEYyQjE4MkJFNjNENzUx
QUMzQUEwNUE3MEE5NzRCNTFBRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOiHtb7h/jzaULA0mxt+er6Q06x8L1CB+fJJt6RuVhO6UE2MSnuOt9WfPXgB
Q9qxJYuniB5qCoYws3mPySPnIBdbtqSPXTRBNNjqOmqqN2nchl58TSalz3MJln8w
rK/tSPuU+vScXUg6+NF971hOSEtJtubohWwhKTCUef+lG64BB32BS/qPJmjP6Gxc
z02BHNkYyYdi8u/tGAMjUJo8dztzAQwIai1MWZTJYtVQpoMKY8lNLzy9prCWUujw
ErfBsjrAuy05fhUS6PMaWJaAi+FRmhfjiqOYI9xBS3gHOflu+IT/UTaIcFXCBVr9
v5muNK5lGQafGTh5II1m24ZpY7kCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQbEMpP
Kxgr5j11GsOqBacKl0tRrjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM1NDM4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9dzAMA0GCSqGSIb3DQEBCwUAA4IBAQA6Vq+NWsqa1eA9fYrcfaO+
veuM7FhjLX2QQlnBNdSKI4v94oex/O+XVMUwQgvQ3mKHJG+hJPPm7yL3EeA6rTMW
AG4dK9OyS2Jq2uzd97Z8R/vNTLMG+SdhyvyZrSwRAjfU0hAcHwu2/sYrARrF7Iex
a94v1GB4SlHOkar+5Y1t8NNbZmt4XmHkOnMFZwDBQ0yOgnk1vu4yOqqMhIcWxsQ/
ad9QtBu69451SqzQoIAhp+hNAwG1TOsCs2+YMLDdoIWqQ2lrZCNBchSrh/mMBTrj
7iu62ywAFBammlSK5/H/MiY6yvfMw9OTmIuS2SqQ143AMTDFKytKt4uTISg9ip0s
-----END CERTIFICATE-----