Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS135476.roa
File:                     AS135476.roa (raw, json)
Hash identifier:          pImFtR7zuKwFM80+DolwGnawSQxZ7s0ExNiaNxeh27w=
Subject key identifier:   34:FB:7C:B9:52:FF:28:A9:0B:37:B3:85:51:B0:B7:96:B1:C3:66:6C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       7363000AFC8375E6B5BCE67DFFA1A02C287FE8C1
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135476.roa
Signing time:             Sat 02 May 2026 21:20:09 +0000
ROA not before:           Sat 02 May 2026 21:15:09 +0000
ROA not after:            Sat 01 May 2027 21:20:09 +0000
asID:                     135476
IP address blocks:        103.75.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:63:00:0a:fc:83:75:e6:b5:bc:e6:7d:ff:a1:a0:2c:28:7f:e8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:15:09 2026 GMT
            Not After : May  1 21:20:09 2027 GMT
        Subject: CN=34FB7CB952FF28A90B37B38551B0B796B1C3666C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6c:d0:40:f5:b7:50:e2:46:cb:5f:e9:06:f1:
                    23:47:7b:cf:16:d6:76:2c:87:d3:c3:c7:33:5e:73:
                    93:50:ec:11:68:e6:46:19:e8:97:d5:03:08:23:a0:
                    4c:27:a2:57:f8:19:c2:bb:4c:72:22:28:99:86:6b:
                    ce:dd:7d:e0:14:11:b6:bb:0b:f2:4c:9e:98:ab:79:
                    c5:22:5e:21:b7:7d:26:0e:fd:f0:3f:44:f6:46:1d:
                    c3:4e:cd:ac:79:18:33:3f:7d:f5:80:a0:ce:3a:ac:
                    e6:44:57:25:99:e1:32:e8:2b:52:90:4c:37:15:15:
                    64:23:4f:52:60:d0:2c:42:3f:5a:96:f8:d4:c8:be:
                    8e:bd:46:c0:df:ec:0e:9e:65:52:df:e6:5b:d1:1f:
                    75:2f:ff:35:2c:86:c4:02:c3:b7:ef:66:ed:2e:d6:
                    5e:a5:b7:64:a7:bf:37:b2:b3:8e:cf:d1:d3:86:40:
                    55:8b:16:3a:b9:12:c4:88:57:4b:5d:74:9e:9a:c8:
                    65:66:04:13:f3:d7:c5:97:05:fd:e2:cc:80:12:44:
                    a3:af:26:62:50:85:97:87:6a:85:05:e4:d2:d7:04:
                    cf:24:b3:6d:7e:9e:c7:3b:6e:f9:66:09:16:53:ed:
                    8e:6e:6c:60:63:13:cc:d1:d7:13:02:2a:a0:88:eb:
                    4d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FB:7C:B9:52:FF:28:A9:0B:37:B3:85:51:B0:B7:96:B1:C3:66:6C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135476.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.75.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:c3:2a:9b:4a:5b:76:bb:80:78:41:ed:62:e0:24:af:36:
         92:af:d6:94:08:c0:fc:42:85:cf:7a:0c:36:fc:c9:27:d6:a9:
         39:f8:ea:e4:29:9a:38:d6:6a:85:e0:06:af:6c:af:79:31:96:
         f6:0b:af:d6:7e:df:8d:f3:52:b9:15:2f:a1:5b:c1:25:95:f8:
         57:0c:c0:99:bd:8e:6b:09:97:f8:0b:56:07:1c:83:46:e7:10:
         ae:1a:c3:e4:ed:71:30:85:b7:95:d1:b3:b7:fd:67:76:d8:f1:
         a9:73:dd:54:f9:7f:93:ce:b9:f8:72:8a:a0:2d:39:f7:08:6f:
         60:48:ba:3a:3d:b5:51:af:22:8a:4a:75:66:5b:2a:e8:29:11:
         11:ad:eb:ce:09:3d:27:ea:90:e1:24:d5:26:aa:7d:ee:d8:2b:
         b2:10:4c:c7:6b:59:9a:07:98:7f:cf:f0:01:53:4b:82:dc:45:
         4c:ce:d7:08:52:2d:36:f3:a4:be:76:45:a4:f1:00:54:40:30:
         db:b3:cc:a0:9e:1d:f0:65:a6:6b:4d:b3:44:7f:53:b8:74:b3:
         2e:63:37:36:fd:cd:07:2a:19:5f:07:f1:ce:f3:af:21:34:52:
         11:ad:38:3f:d3:d4:93:15:a3:ba:8a:f8:51:1b:3f:18:d4:10:
         d2:00:da:05
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUc2MACvyDdea1vOZ9/6GgLCh/6MEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMTUwOVoX
DTI3MDUwMTIxMjAwOVowMzExMC8GA1UEAxMoMzRGQjdDQjk1MkZGMjhBOTBCMzdC
Mzg1NTFCMEI3OTZCMUMzNjY2QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANps0ED1t1DiRstf6QbxI0d7zxbWdiyH08PHM15zk1DsEWjmRhnol9UDCCOg
TCeiV/gZwrtMciIomYZrzt194BQRtrsL8kyemKt5xSJeIbd9Jg798D9E9kYdw07N
rHkYMz999YCgzjqs5kRXJZnhMugrUpBMNxUVZCNPUmDQLEI/Wpb41Mi+jr1GwN/s
Dp5lUt/mW9EfdS//NSyGxALDt+9m7S7WXqW3ZKe/N7Kzjs/R04ZAVYsWOrkSxIhX
S110nprIZWYEE/PXxZcF/eLMgBJEo68mYlCFl4dqhQXk0tcEzySzbX6exztu+WYJ
FlPtjm5sYGMTzNHXEwIqoIjrTeUCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQ0+3y5
Uv8oqQs3s4VRsLeWscNmbDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM1NDc2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ0syMA0GCSqGSIb3DQEBCwUAA4IBAQCVosMqm0pbdruAeEHtYuAkrzaS
r9aUCMD8QoXPegw2/Mkn1qk5+OrkKZo41mqF4AavbK95MZb2C6/Wft+N81K5FS+h
W8EllfhXDMCZvY5rCZf4C1YHHING5xCuGsPk7XEwhbeV0bO3/Wd22PGpc91U+X+T
zrn4coqgLTn3CG9gSLo6PbVRryKKSnVmWyroKRERrevOCT0n6pDhJNUmqn3u2Cuy
EEzHa1maB5h/z/ABU0uC3EVMztcIUi0286S+dkWk8QBUQDDbs8ygnh3wZaZrTbNE
f1O4dLMuYzc2/c0HKhlfB/HO868hNFIRrTg/09STFaO6ivhRGz8Y1BDSANoF
-----END CERTIFICATE-----