Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS136882.roa
File:                     AS136882.roa (raw, json)
Hash identifier:          WQcKJojVna4xn6PDnOyCq4YfFmtv0Ooo2yq+vjOQ5f0=
Subject key identifier:   88:61:C5:20:63:94:B6:57:3D:DF:65:7E:CD:2D:4B:A3:B3:CA:36:1C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       32A09CE8601101698044221AF463641D3F334E6B
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS136882.roa
Signing time:             Sat 02 May 2026 08:35:20 +0000
ROA not before:           Sat 02 May 2026 08:30:20 +0000
ROA not after:            Sat 01 May 2027 08:35:20 +0000
asID:                     136882
IP address blocks:        103.105.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a0:9c:e8:60:11:01:69:80:44:22:1a:f4:63:64:1d:3f:33:4e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:20 2026 GMT
            Not After : May  1 08:35:20 2027 GMT
        Subject: CN=8861C5206394B6573DDF657ECD2D4BA3B3CA361C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:90:27:16:0e:1e:e7:cb:1a:28:eb:fd:20:0f:
                    98:45:98:22:19:51:c7:00:ff:02:cd:47:23:bb:33:
                    ba:60:db:e0:f1:17:ff:a4:57:c3:7f:b8:cb:f8:5e:
                    53:03:95:bc:1b:2d:df:34:b5:b8:8e:04:1c:70:7b:
                    c8:af:71:d9:35:dc:09:3d:59:27:2d:70:29:3d:e8:
                    59:b9:07:0d:59:5b:48:25:19:cb:fb:24:c5:c8:7d:
                    c2:11:b0:78:93:64:f8:c8:64:f0:8a:b1:58:26:62:
                    34:8f:91:12:2a:ab:ad:9b:6d:37:0f:c5:54:4f:b3:
                    85:df:d4:2d:dc:33:15:6b:e1:fc:8d:be:47:64:b3:
                    9b:69:df:78:de:ca:57:26:01:f3:0c:61:d1:ee:3e:
                    ee:69:c8:fe:15:aa:be:0a:13:5c:cf:4a:d3:a1:5a:
                    b8:b9:c0:25:72:9a:10:dd:d5:ec:f1:4a:5a:bd:4a:
                    b7:9f:15:29:cd:48:0e:c8:4a:16:0d:44:37:60:ea:
                    6b:d4:03:fa:b9:c1:85:ed:99:2c:88:89:c5:71:99:
                    8a:67:c1:fe:03:7f:38:c3:15:40:b3:cd:af:90:e2:
                    0b:7b:41:2c:c3:07:30:cf:8a:55:59:1d:db:8a:01:
                    6f:d3:6b:aa:0b:db:13:2f:6d:04:65:67:7e:f4:f4:
                    65:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:61:C5:20:63:94:B6:57:3D:DF:65:7E:CD:2D:4B:A3:B3:CA:36:1C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS136882.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.105.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:f6:8a:a0:6a:ff:8c:a5:45:ac:59:15:c7:6b:a6:82:6e:8b:
         e6:73:d6:ba:57:b1:96:2f:23:84:f9:d1:da:51:2d:a4:51:89:
         d3:fb:2c:a1:0c:9d:64:3b:af:1d:81:bc:df:3b:94:68:36:f4:
         5e:3e:1a:02:0d:d9:e5:6a:1a:82:23:07:66:7b:96:64:cc:3f:
         6a:f7:42:98:51:0a:4e:92:84:8b:d1:f8:9f:26:4e:1c:23:9c:
         69:60:7a:72:3f:d0:ea:88:36:99:33:43:8b:cc:15:43:e7:a1:
         b1:33:46:ce:1c:2e:65:58:ca:24:4b:69:93:f1:fc:25:7d:f4:
         38:3a:d7:3c:49:b2:77:06:fd:be:5c:55:61:b7:e0:86:4a:1e:
         94:52:26:b7:46:8c:12:a3:93:61:08:e2:f8:24:25:71:ab:23:
         92:ab:b5:e1:03:9d:7b:fc:b5:7c:b2:71:c3:6e:84:4a:da:ae:
         0e:d1:9b:a4:71:58:42:ef:e6:4b:d3:66:ab:66:f9:46:31:22:
         dd:aa:5c:c5:35:96:3d:0f:35:6f:54:ca:79:ff:b2:8b:08:3e:
         e3:e0:f3:df:68:f1:9b:9a:3e:83:ff:cc:a0:29:d3:48:4d:2f:
         eb:89:f9:fb:2d:0f:31:95:5d:e2:2f:d9:95:f5:0b:17:93:62:
         6d:a3:6b:52
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUMqCc6GARAWmARCIa9GNkHT8zTmswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAyMFoX
DTI3MDUwMTA4MzUyMFowMzExMC8GA1UEAxMoODg2MUM1MjA2Mzk0QjY1NzNEREY2
NTdFQ0QyRDRCQTNCM0NBMzYxQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSQJxYOHufLGijr/SAPmEWYIhlRxwD/As1HI7szumDb4PEX/6RXw3+4y/he
UwOVvBst3zS1uI4EHHB7yK9x2TXcCT1ZJy1wKT3oWbkHDVlbSCUZy/skxch9whGw
eJNk+Mhk8IqxWCZiNI+REiqrrZttNw/FVE+zhd/ULdwzFWvh/I2+R2Szm2nfeN7K
VyYB8wxh0e4+7mnI/hWqvgoTXM9K06FauLnAJXKaEN3V7PFKWr1Kt58VKc1IDshK
Fg1EN2Dqa9QD+rnBhe2ZLIiJxXGZimfB/gN/OMMVQLPNr5DiC3tBLMMHMM+KVVkd
24oBb9NrqgvbEy9tBGVnfvT0ZU8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSIYcUg
Y5S2Vz3fZX7NLUujs8o2HDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM2ODgyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ2mOMA0GCSqGSIb3DQEBCwUAA4IBAQBT9oqgav+MpUWsWRXHa6aCbovm
c9a6V7GWLyOE+dHaUS2kUYnT+yyhDJ1kO68dgbzfO5RoNvRePhoCDdnlahqCIwdm
e5ZkzD9q90KYUQpOkoSL0fifJk4cI5xpYHpyP9DqiDaZM0OLzBVD56GxM0bOHC5l
WMokS2mT8fwlffQ4Otc8SbJ3Bv2+XFVht+CGSh6UUia3RowSo5NhCOL4JCVxqyOS
q7XhA517/LV8snHDboRK2q4O0ZukcVhC7+ZL02arZvlGMSLdqlzFNZY9DzVvVMp5
/7KLCD7j4PPfaPGbmj6D/8ygKdNITS/rifn7LQ8xlV3iL9mV9QsXk2Jto2tS
-----END CERTIFICATE-----