Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS137341.roa
File:                     AS137341.roa (raw, json)
Hash identifier:          2qWexXSSIdFpCTXC9YZqMTW+KwiIutCI58EECUZKQOc=
Subject key identifier:   7F:FD:96:8E:4C:12:02:79:6C:F1:DF:CE:F4:1A:ED:A3:27:42:B3:6D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       467304F0F5400D634298D8C5F98459E75072FE13
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS137341.roa
Signing time:             Sat 02 May 2026 09:21:56 +0000
ROA not before:           Sat 02 May 2026 09:16:56 +0000
ROA not after:            Sat 01 May 2027 09:21:56 +0000
asID:                     137341
IP address blocks:        103.28.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:73:04:f0:f5:40:0d:63:42:98:d8:c5:f9:84:59:e7:50:72:fe:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:16:56 2026 GMT
            Not After : May  1 09:21:56 2027 GMT
        Subject: CN=7FFD968E4C1202796CF1DFCEF41AEDA32742B36D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3d:2d:2a:71:9b:fb:1b:12:d7:a6:0d:ed:73:
                    72:9f:d9:15:5f:cc:96:6d:ea:13:b8:e2:7f:5f:77:
                    89:e7:de:f8:3a:cd:02:69:ed:e5:52:c5:84:e4:ae:
                    74:32:29:44:44:ed:67:87:f7:08:ab:77:99:31:57:
                    6c:75:bc:e8:40:f5:89:23:f8:68:d8:bb:29:52:a8:
                    8c:46:9d:a4:95:ac:8f:1a:92:b4:52:35:09:15:02:
                    f2:2e:1d:fa:7e:da:89:fb:3a:78:f2:d5:6b:91:2a:
                    b2:b7:cc:bc:f4:5d:d9:09:7f:06:3f:28:36:fe:83:
                    a3:fa:fd:fe:10:18:de:1d:a9:9f:2b:22:06:cd:57:
                    bc:f9:5d:4b:9d:ad:eb:70:e3:a2:8a:87:d3:cf:79:
                    02:1b:bb:6e:77:15:9e:30:05:fe:4a:07:6c:1b:20:
                    19:8d:d7:e6:0e:51:1f:ae:a5:0d:a5:9d:fe:14:61:
                    44:7a:4c:05:a9:cf:82:06:31:23:cc:c3:a6:98:39:
                    4f:59:bf:6b:d0:ad:d6:d6:da:38:a9:00:a5:23:cb:
                    79:61:5a:4c:56:92:1e:dd:94:38:4a:06:a0:72:2b:
                    5d:a9:37:04:43:34:22:8e:21:96:2b:95:d1:a7:e3:
                    75:91:48:d0:fb:8a:23:06:63:5e:3b:ab:b7:e5:ea:
                    ba:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:FD:96:8E:4C:12:02:79:6C:F1:DF:CE:F4:1A:ED:A3:27:42:B3:6D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS137341.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.28.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:e2:c2:0c:0f:40:bc:a6:75:c4:30:c1:93:32:11:d2:cd:99:
         41:36:25:9c:4f:39:55:55:4c:71:78:0a:0f:55:8f:65:de:84:
         22:a9:a3:7d:8a:33:0d:9a:f7:e8:0f:cb:e1:f1:47:d8:03:2e:
         00:e7:ce:76:fa:ac:de:5c:75:8a:f9:6b:fa:93:a5:12:48:a0:
         71:c0:88:0b:d5:a9:60:bc:b9:ad:6d:77:e5:39:c4:39:63:ae:
         16:c3:f2:8f:46:3a:97:81:7c:5c:90:53:e2:6a:c6:8a:61:89:
         4e:c6:a8:36:89:f1:5a:89:6a:1a:f8:e3:0d:f7:dc:01:c4:41:
         db:6d:44:d0:08:af:9a:36:78:9a:a0:de:83:2d:b7:18:fb:c3:
         87:04:64:6d:ce:ec:15:39:98:5d:fc:2d:79:91:02:a4:8a:13:
         86:88:a5:87:d4:f7:dd:af:42:26:8f:6e:0f:ae:ec:4a:87:e2:
         48:64:d6:3e:c5:72:be:d6:83:70:f0:50:de:02:6d:4e:db:4e:
         14:da:86:6e:a2:53:5d:bd:e7:66:f3:2d:1b:85:48:79:c9:da:
         1e:a0:86:4f:34:85:8f:da:4e:84:95:03:74:97:92:ff:fe:36:
         6e:f1:a1:ab:b5:bc:d5:10:45:5a:1e:93:d2:76:dd:a3:a9:86:
         fe:b7:f5:d2
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIURnME8PVADWNCmNjF+YRZ51By/hMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTY1NloX
DTI3MDUwMTA5MjE1NlowMzExMC8GA1UEAxMoN0ZGRDk2OEU0QzEyMDI3OTZDRjFE
RkNFRjQxQUVEQTMyNzQyQjM2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALc9LSpxm/sbEtemDe1zcp/ZFV/Mlm3qE7jif193iefe+DrNAmnt5VLFhOSu
dDIpRETtZ4f3CKt3mTFXbHW86ED1iSP4aNi7KVKojEadpJWsjxqStFI1CRUC8i4d
+n7aifs6ePLVa5EqsrfMvPRd2Ql/Bj8oNv6Do/r9/hAY3h2pnysiBs1XvPldS52t
63DjooqH0895Ahu7bncVnjAF/koHbBsgGY3X5g5RH66lDaWd/hRhRHpMBanPggYx
I8zDppg5T1m/a9Ct1tbaOKkApSPLeWFaTFaSHt2UOEoGoHIrXak3BEM0Io4hliuV
0afjdZFI0PuKIwZjXjurt+XqugkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR//ZaO
TBICeWzx3870Gu2jJ0KzbTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM3MzQxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZxwWMA0GCSqGSIb3DQEBCwUAA4IBAQCN4sIMD0C8pnXEMMGTMhHSzZlB
NiWcTzlVVUxxeAoPVY9l3oQiqaN9ijMNmvfoD8vh8UfYAy4A5852+qzeXHWK+Wv6
k6USSKBxwIgL1algvLmtbXflOcQ5Y64Ww/KPRjqXgXxckFPiasaKYYlOxqg2ifFa
iWoa+OMN99wBxEHbbUTQCK+aNniaoN6DLbcY+8OHBGRtzuwVOZhd/C15kQKkihOG
iKWH1Pfdr0Imj24PruxKh+JIZNY+xXK+1oNw8FDeAm1O204U2oZuolNdvedm8y0b
hUh5ydoeoIZPNIWP2k6ElQN0l5L//jZu8aGrtbzVEEVaHpPSdt2jqYb+t/XS
-----END CERTIFICATE-----