Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS135659.roa
File:                     AS135659.roa (raw, json)
Hash identifier:          Nsd6wmQQN2tkzUKgrKhkI7q7rkh2N1w+1fH8eN5CqIs=
Subject key identifier:   F7:C9:82:FB:85:A0:64:C4:1E:A7:72:FD:C7:AF:96:B7:4B:92:CC:5C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5FCB8CA176247F82F774991C4CAC89AA4C7B9A69
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135659.roa
Signing time:             Sat 02 May 2026 08:35:46 +0000
ROA not before:           Sat 02 May 2026 08:30:46 +0000
ROA not after:            Sat 01 May 2027 08:35:46 +0000
asID:                     135659
IP address blocks:        2001:df4:c6c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cb:8c:a1:76:24:7f:82:f7:74:99:1c:4c:ac:89:aa:4c:7b:9a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:46 2026 GMT
            Not After : May  1 08:35:46 2027 GMT
        Subject: CN=F7C982FB85A064C41EA772FDC7AF96B74B92CC5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c4:c1:ba:7d:ef:c2:ef:a4:5a:bf:13:ef:44:
                    b5:77:0c:c2:23:bc:d8:94:9f:0c:6d:92:c4:3d:58:
                    6e:61:83:66:9c:8d:df:2f:bc:48:ad:bb:45:44:46:
                    f5:a1:cb:8d:b8:a3:88:ac:6a:b4:65:17:d4:0d:66:
                    ac:d2:0e:57:9b:f2:eb:7c:c6:dd:98:79:a9:26:92:
                    51:95:ef:b1:13:c1:2d:b7:ea:11:9a:de:f9:6e:f8:
                    db:18:5b:4e:7a:0a:40:43:ec:76:38:b1:5c:3b:fa:
                    28:88:57:36:b0:3e:fc:2a:63:d7:1a:e0:ac:3d:f5:
                    df:80:eb:c3:d3:b2:b3:dd:16:64:0e:a2:7b:d9:c4:
                    89:85:4f:03:25:f5:90:7c:93:fa:2f:56:8a:ca:7b:
                    9d:d4:32:df:16:d7:4f:86:ec:9b:d5:6b:be:2e:26:
                    b0:4c:50:d9:b7:6a:66:52:f3:99:ac:af:1c:85:e2:
                    5e:f3:44:b0:69:58:f1:58:4f:b5:16:6f:8a:0e:74:
                    73:3e:87:db:3d:14:d7:2f:89:b6:25:44:ad:33:98:
                    12:bc:44:2a:1f:e5:2b:b6:e8:e3:f6:f1:0a:03:31:
                    a0:63:8c:a2:80:e5:e8:4e:3b:c6:54:a8:1b:e5:d6:
                    69:47:0a:5b:de:1f:56:34:72:49:32:d1:34:e7:7a:
                    52:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C9:82:FB:85:A0:64:C4:1E:A7:72:FD:C7:AF:96:B7:4B:92:CC:5C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS135659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:c6c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:d0:0b:2a:e0:b4:09:f9:8a:ea:87:2e:96:bc:5a:d5:b6:08:
         2f:e4:02:98:14:a3:85:7e:9b:9f:c1:9b:ac:1a:78:09:56:a8:
         bd:31:d4:c9:53:54:44:46:98:90:d3:66:2d:56:d3:f9:29:07:
         0d:96:da:1a:c4:51:d7:85:a3:a1:d9:94:a4:ee:03:02:61:71:
         9a:9f:a1:d5:01:a5:da:8d:52:6e:90:53:91:54:c6:7c:bc:16:
         71:6b:c7:d1:33:cd:f6:16:64:1a:13:8a:ba:17:f9:cb:ee:47:
         75:0e:16:7f:ad:9d:e5:5b:da:47:d6:d3:82:e9:de:20:05:6e:
         1b:0b:ce:a0:1e:0d:8e:a7:52:0a:e3:cd:31:53:80:59:3b:1b:
         27:7b:7b:a0:14:c7:be:63:64:de:a7:cc:f7:d5:d7:d1:86:21:
         a4:de:b4:01:68:36:6e:bc:a2:6d:6b:3e:06:5f:72:77:da:0f:
         04:9b:ab:84:17:e2:f0:d1:2c:1e:93:05:1e:34:84:ab:06:34:
         52:d6:f3:73:cd:cd:2f:64:52:15:15:10:cc:49:02:a6:91:d4:
         b2:74:99:95:b0:bf:11:e3:36:92:b4:a9:b8:a1:27:7a:8b:b2:
         57:a9:f8:4c:78:23:da:52:99:87:4f:7a:4a:4c:b6:50:bd:0e:
         fa:ff:0d:40
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUX8uMoXYkf4L3dJkcTKyJqkx7mmkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzA0NloX
DTI3MDUwMTA4MzU0NlowMzExMC8GA1UEAxMoRjdDOTgyRkI4NUEwNjRDNDFFQTc3
MkZEQzdBRjk2Qjc0QjkyQ0M1QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANfEwbp978LvpFq/E+9EtXcMwiO82JSfDG2SxD1YbmGDZpyN3y+8SK27RURG
9aHLjbijiKxqtGUX1A1mrNIOV5vy63zG3Zh5qSaSUZXvsRPBLbfqEZre+W742xhb
TnoKQEPsdjixXDv6KIhXNrA+/Cpj1xrgrD3134Drw9Oys90WZA6ie9nEiYVPAyX1
kHyT+i9Wisp7ndQy3xbXT4bsm9Vrvi4msExQ2bdqZlLzmayvHIXiXvNEsGlY8VhP
tRZvig50cz6H2z0U1y+JtiVErTOYErxEKh/lK7bo4/bxCgMxoGOMooDl6E47xlSo
G+XWaUcKW94fVjRySTLRNOd6UhECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBT3yYL7
haBkxB6ncv3Hr5a3S5LMXDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM1NjU5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9MbAMA0GCSqGSIb3DQEBCwUAA4IBAQBu0Asq4LQJ+Yrqhy6WvFrV
tggv5AKYFKOFfpufwZusGngJVqi9MdTJU1RERpiQ02YtVtP5KQcNltoaxFHXhaOh
2ZSk7gMCYXGan6HVAaXajVJukFORVMZ8vBZxa8fRM832FmQaE4q6F/nL7kd1DhZ/
rZ3lW9pH1tOC6d4gBW4bC86gHg2Op1IK480xU4BZOxsne3ugFMe+Y2Tep8z31dfR
hiGk3rQBaDZuvKJtaz4GX3J32g8Em6uEF+Lw0SwekwUeNISrBjRS1vNzzc0vZFIV
FRDMSQKmkdSydJmVsL8R4zaStKm4oSd6i7JXqfhMeCPaUpmHT3pKTLZQvQ76/w1A
-----END CERTIFICATE-----