Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS135472.roa
File:                     AS135472.roa (raw, json)
Hash identifier:          n0jGyKsVpPuLoryCT23APcshii8ocX68uWhTdJxTK+4=
Subject key identifier:   B1:A0:AB:66:6F:35:5F:21:11:D8:11:E7:74:C7:2D:13:5F:22:EC:F4
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5FCAB9298FAF4232496EA10546BB867B55707134
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135472.roa
Signing time:             Sat 02 May 2026 08:35:01 +0000
ROA not before:           Sat 02 May 2026 08:30:01 +0000
ROA not after:            Sat 01 May 2027 08:35:01 +0000
asID:                     135472
IP address blocks:        2400:fce0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:ca:b9:29:8f:af:42:32:49:6e:a1:05:46:bb:86:7b:55:70:71:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:01 2026 GMT
            Not After : May  1 08:35:01 2027 GMT
        Subject: CN=B1A0AB666F355F2111D811E774C72D135F22ECF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:36:d9:9f:0c:39:82:57:be:8d:6b:60:dc:ab:
                    7d:2c:22:2b:27:e2:8a:10:f6:6e:8b:08:93:c2:29:
                    cf:a8:b7:60:c5:e2:50:39:15:12:f4:2c:f8:a4:c1:
                    2b:1c:c2:b5:fe:9a:eb:ae:9a:37:f8:4d:70:1e:3f:
                    52:e7:28:0e:fd:6b:0e:ff:1a:d0:93:8f:3b:57:0e:
                    4e:5d:5b:48:79:ad:52:67:38:4d:ed:73:6e:f8:fd:
                    58:d7:ed:6c:d0:ea:9c:4b:b6:31:fb:c8:d2:d7:85:
                    b0:15:5a:fb:79:01:bd:e5:7d:dd:38:d9:b2:3f:18:
                    9d:a3:13:b8:e2:69:7b:fd:f5:a9:44:1d:c4:e4:51:
                    db:41:df:f1:9a:21:02:aa:2d:91:0a:af:40:a6:af:
                    8b:7e:3f:56:35:42:53:de:d9:0f:f6:f8:fc:4e:29:
                    91:fa:cf:8a:8d:e2:bd:63:cf:92:b8:8a:0c:bf:22:
                    f0:61:95:e2:8c:3f:bb:ff:b6:97:5e:4e:a1:89:27:
                    cb:17:9e:38:22:ce:b3:8e:58:75:30:51:4a:65:65:
                    69:f3:9b:b1:a8:e2:3b:86:a1:ea:bc:50:8a:e1:d7:
                    22:7c:fc:80:f3:ea:bc:04:7b:a6:70:fa:40:27:8c:
                    81:5d:b8:1d:d7:4b:60:db:b3:a0:db:2e:22:d2:1f:
                    85:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A0:AB:66:6F:35:5F:21:11:D8:11:E7:74:C7:2D:13:5F:22:EC:F4
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135472.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:fce0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:ad:e5:08:43:c4:8b:85:e5:19:6f:49:01:be:a8:dd:a4:d8:
         19:7a:08:86:ed:52:50:5e:c0:0f:99:52:76:81:f2:04:a1:cb:
         99:69:b7:9d:ad:2e:93:37:71:23:fa:09:ab:f0:5a:17:fe:9e:
         2b:72:68:2a:25:f7:fa:ca:83:8d:9a:c4:fb:bc:35:6d:d1:bf:
         9d:2c:ff:b5:8a:5e:30:ec:8f:41:9a:35:ff:f7:e4:a4:ac:d5:
         c9:de:fd:3c:9c:60:1e:fa:37:06:68:a0:cf:97:a4:f1:ff:cc:
         e9:a5:8f:bd:13:70:84:b9:91:c2:da:2b:b6:c6:53:e4:a2:fb:
         90:6e:93:68:7c:79:59:92:e7:88:22:39:48:31:88:84:e3:e5:
         5f:8e:d3:52:71:5d:18:ae:25:72:69:27:ab:e6:f6:32:5b:a3:
         a0:9c:09:2f:46:46:4d:ae:8b:e0:33:93:e9:4d:b0:ac:91:75:
         e9:e3:4d:8a:63:60:1e:95:2f:9b:4b:db:8e:2a:a3:c8:39:fd:
         06:47:c6:2a:52:67:46:68:5c:0f:b5:fa:4f:9c:50:0d:1a:48:
         c4:e4:13:46:c2:10:8f:fb:04:a7:5c:55:0a:cd:ad:ab:94:7e:
         9a:08:a9:55:ed:d9:29:3b:f4:9c:23:36:20:b4:e3:88:c4:87:
         53:ed:55:63
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgIUX8q5KY+vQjJJbqEFRruGe1VwcTQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAwMVoX
DTI3MDUwMTA4MzUwMVowMzExMC8GA1UEAxMoQjFBMEFCNjY2RjM1NUYyMTExRDgx
MUU3NzRDNzJEMTM1RjIyRUNGNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKU22Z8MOYJXvo1rYNyrfSwiKyfiihD2bosIk8Ipz6i3YMXiUDkVEvQs+KTB
KxzCtf6a666aN/hNcB4/UucoDv1rDv8a0JOPO1cOTl1bSHmtUmc4Te1zbvj9WNft
bNDqnEu2MfvI0teFsBVa+3kBveV93TjZsj8YnaMTuOJpe/31qUQdxORR20Hf8Zoh
AqotkQqvQKavi34/VjVCU97ZD/b4/E4pkfrPio3ivWPPkriKDL8i8GGV4ow/u/+2
l15OoYknyxeeOCLOs45YdTBRSmVlafObsajiO4ah6rxQiuHXInz8gPPqvAR7pnD6
QCeMgV24HddLYNuzoNsuItIfhQECAwEAAaOCAc0wggHJMB0GA1UdDgQWBBSxoKtm
bzVfIRHYEed0xy0TXyLs9DAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM1NDcyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIA
AjAHAwUAJAD84DANBgkqhkiG9w0BAQsFAAOCAQEADK3lCEPEi4XlGW9JAb6o3aTY
GXoIhu1SUF7AD5lSdoHyBKHLmWm3na0ukzdxI/oJq/BaF/6eK3JoKiX3+sqDjZrE
+7w1bdG/nSz/tYpeMOyPQZo1//fkpKzVyd79PJxgHvo3Bmigz5ek8f/M6aWPvRNw
hLmRwtortsZT5KL7kG6TaHx5WZLniCI5SDGIhOPlX47TUnFdGK4lcmknq+b2Mluj
oJwJL0ZGTa6L4DOT6U2wrJF16eNNimNgHpUvm0vbjiqjyDn9BkfGKlJnRmhcD7X6
T5xQDRpIxOQTRsIQj/sEp1xVCs2tq5R+mgipVe3ZKTv0nCM2ILTjiMSHU+1VYw==
-----END CERTIFICATE-----