Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS138011.roa
File:                     AS138011.roa (raw, json)
Hash identifier:          f6DGvlZ/vAIebEtt53fCw8BAom368hjkOunSwsv09uM=
Subject key identifier:   15:00:37:CE:0E:34:2C:82:64:C5:C0:34:D2:0D:81:85:28:3C:18:E0
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5457852E0936AACA1898D102C61DC2CDC6C89EE0
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138011.roa
Signing time:             Sat 02 May 2026 09:27:17 +0000
ROA not before:           Sat 02 May 2026 09:22:17 +0000
ROA not after:            Sat 01 May 2027 09:27:17 +0000
asID:                     138011
IP address blocks:        2001:df6:7940::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:57:85:2e:09:36:aa:ca:18:98:d1:02:c6:1d:c2:cd:c6:c8:9e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:17 2026 GMT
            Not After : May  1 09:27:17 2027 GMT
        Subject: CN=150037CE0E342C8264C5C034D20D8185283C18E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:32:8c:f4:67:4e:18:3d:71:a4:63:2b:c1:
                    3d:b1:29:c7:31:bb:05:09:3f:63:fb:26:0c:a7:9c:
                    a6:45:33:eb:d8:3d:b0:b3:48:df:f3:8b:7a:1c:ac:
                    a2:2c:89:78:8a:e8:65:6b:f4:f6:e9:1a:27:8a:f9:
                    74:8c:51:86:d4:d5:30:6b:27:5e:a9:9f:00:39:50:
                    f9:b2:78:b0:5e:27:8c:df:f1:d1:3a:51:c0:28:12:
                    4b:74:2e:f3:99:29:3d:a1:b1:0e:d4:5a:74:9d:43:
                    dd:e6:11:3f:71:fd:0f:21:e0:38:93:40:64:0c:7b:
                    91:ef:a9:40:0c:08:55:b6:d7:1c:a9:2a:03:d3:6e:
                    cc:cb:f6:ff:44:dc:e0:31:48:53:6b:14:09:e2:44:
                    f3:4c:77:97:45:dd:60:19:62:31:ac:3c:d0:81:97:
                    80:eb:b4:69:98:31:4e:ed:5e:17:20:b6:45:97:68:
                    d1:56:5a:38:d6:aa:33:ac:33:5b:a2:de:df:8c:ed:
                    4a:a9:32:b8:6a:35:bf:fc:dd:67:4a:62:4f:cf:9b:
                    0e:0b:9f:30:41:be:0f:72:50:d7:5f:2e:1d:0c:99:
                    31:d3:dc:c9:e8:9b:42:9f:af:40:72:22:1a:b0:5f:
                    eb:d2:89:54:ee:67:93:cb:51:82:ac:01:0d:60:00:
                    c1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:00:37:CE:0E:34:2C:82:64:C5:C0:34:D2:0D:81:85:28:3C:18:E0
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138011.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:7940::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:58:28:0b:c0:b8:65:5b:83:5e:bd:e2:26:cb:c5:e9:bd:9f:
         41:a8:e7:a1:ee:3b:f8:9d:b6:59:9a:98:b2:b0:d2:03:a9:71:
         9e:85:a8:22:35:4c:22:c6:0b:26:92:56:76:e2:fd:a8:ac:1e:
         f4:6e:0e:29:c7:a8:df:20:49:56:94:cf:cd:ff:6e:8b:67:cd:
         37:da:46:cd:01:d5:74:47:49:37:f7:d4:93:78:b1:5c:52:11:
         01:7f:17:5a:07:b2:86:9d:10:d5:fe:de:47:e7:f3:0f:ee:2f:
         d1:30:f7:73:01:cb:9d:31:f9:09:34:74:8e:bd:06:9a:93:1e:
         a7:74:c6:65:f4:83:85:c4:61:e9:52:03:20:c2:b2:db:91:a3:
         33:6c:9b:66:cf:53:a1:9b:b1:09:68:5c:e5:3f:d1:8d:30:b5:
         b1:f2:cf:cc:05:e2:1e:05:85:2f:03:3f:86:66:ee:23:81:aa:
         f2:8d:0c:2d:50:dd:38:c4:b6:e3:b1:61:ec:e6:fe:8f:9a:85:
         1e:6c:9d:a9:20:3f:9b:66:4b:c7:ed:f2:64:b9:98:1b:23:9c:
         a9:ec:e2:12:ae:87:d2:28:99:39:7f:e6:9c:f0:0f:ec:df:59:
         e2:b9:1e:89:42:eb:08:51:7a:60:9f:06:36:1b:0c:95:83:cb:
         38:6a:78:e2
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUVFeFLgk2qsoYmNECxh3CzcbInuAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIxN1oX
DTI3MDUwMTA5MjcxN1owMzExMC8GA1UEAxMoMTUwMDM3Q0UwRTM0MkM4MjY0QzVD
MDM0RDIwRDgxODUyODNDMThFMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK26Moz0Z04YPXGkYyvBPbEpxzG7BQk/Y/smDKecpkUz69g9sLNI3/OLehys
oiyJeIroZWv09ukaJ4r5dIxRhtTVMGsnXqmfADlQ+bJ4sF4njN/x0TpRwCgSS3Qu
85kpPaGxDtRadJ1D3eYRP3H9DyHgOJNAZAx7ke+pQAwIVbbXHKkqA9NuzMv2/0Tc
4DFIU2sUCeJE80x3l0XdYBliMaw80IGXgOu0aZgxTu1eFyC2RZdo0VZaONaqM6wz
W6Le34ztSqkyuGo1v/zdZ0piT8+bDgufMEG+D3JQ118uHQyZMdPcyeibQp+vQHIi
GrBf69KJVO5nk8tRgqwBDWAAwYECAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQVADfO
DjQsgmTFwDTSDYGFKDwY4DAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM4MDExLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9nlAMA0GCSqGSIb3DQEBCwUAA4IBAQAxWCgLwLhlW4NeveImy8Xp
vZ9BqOeh7jv4nbZZmpiysNIDqXGehagiNUwixgsmklZ24v2orB70bg4px6jfIElW
lM/N/26LZ8032kbNAdV0R0k399STeLFcUhEBfxdaB7KGnRDV/t5H5/MP7i/RMPdz
AcudMfkJNHSOvQaakx6ndMZl9IOFxGHpUgMgwrLbkaMzbJtmz1Ohm7EJaFzlP9GN
MLWx8s/MBeIeBYUvAz+GZu4jgaryjQwtUN04xLbjsWHs5v6PmoUebJ2pID+bZkvH
7fJkuZgbI5yp7OISrofSKJk5f+ac8A/s31niuR6JQusIUXpgnwY2GwyVg8s4anji
-----END CERTIFICATE-----