Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS138093.roa
File:                     AS138093.roa (raw, json)
Hash identifier:          TZFVlZ/YX0bfpMZai3BT9KoEijua/BaY+8wMSqK7wFA=
Subject key identifier:   FA:7E:63:F4:8B:02:0B:97:39:1C:96:1F:95:00:1E:30:66:96:ED:7F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       115954DADA21778678E8847B3ABA94A4DA70DD4D
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138093.roa
Signing time:             Sat 02 May 2026 08:35:11 +0000
ROA not before:           Sat 02 May 2026 08:30:11 +0000
ROA not after:            Sat 01 May 2027 08:35:11 +0000
asID:                     138093
IP address blocks:        103.160.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:59:54:da:da:21:77:86:78:e8:84:7b:3a:ba:94:a4:da:70:dd:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:11 2026 GMT
            Not After : May  1 08:35:11 2027 GMT
        Subject: CN=FA7E63F48B020B97391C961F95001E306696ED7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9f:95:e9:26:71:f7:56:e4:19:33:d2:00:f3:
                    eb:44:01:06:a0:09:58:ff:7b:bb:db:6e:9c:3c:4a:
                    87:f2:5a:6a:82:ff:c7:5c:65:df:cc:da:45:63:33:
                    d6:95:2b:f9:e0:99:d3:73:f7:c3:90:12:32:22:ce:
                    13:a1:83:43:4c:0a:8f:18:98:d3:b6:da:57:63:64:
                    79:3a:4a:7a:0b:e7:34:64:f6:fc:49:ea:c1:26:de:
                    2a:1b:e6:23:6e:44:07:83:51:91:aa:c8:60:ba:7a:
                    ec:4b:ca:04:7d:55:6b:62:d0:b6:73:24:6e:76:30:
                    ea:f1:55:ea:25:6c:58:2c:eb:36:9d:ea:d1:f5:b2:
                    ee:a7:96:87:6f:d2:cf:b1:7c:3b:96:6f:48:04:d9:
                    dc:b7:91:90:3b:ff:1e:ca:1a:85:4b:04:a3:88:65:
                    e7:8f:4c:05:9b:cb:7a:f1:b3:15:0b:68:26:91:03:
                    d8:43:70:aa:73:23:a4:36:db:da:89:4b:a3:8d:e2:
                    fd:d5:e1:df:c8:0c:fe:78:87:ee:41:a8:d0:d2:df:
                    25:04:53:9f:33:fe:fa:d1:91:71:ec:04:c9:1a:07:
                    94:75:69:d0:22:c1:70:75:48:6b:81:27:c2:d5:4f:
                    f6:46:da:42:57:66:11:bd:e6:33:bd:df:78:fd:97:
                    23:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:7E:63:F4:8B:02:0B:97:39:1C:96:1F:95:00:1E:30:66:96:ED:7F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.160.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:80:06:d4:c4:80:14:ca:49:85:e1:4f:13:69:84:b9:4e:8f:
         aa:8d:28:e2:f4:3b:9e:c3:62:33:8f:45:67:8d:7f:d3:08:20:
         05:c2:0f:9e:b7:d9:d9:08:99:00:ec:a3:3e:e8:3a:73:14:26:
         a8:1c:f4:ab:b4:36:aa:09:53:5a:90:d7:9d:74:50:61:3b:be:
         e2:4c:bf:3c:28:f8:0e:bf:b4:1c:49:26:b4:32:7a:6e:50:95:
         47:49:53:71:2f:48:9c:35:16:27:b9:75:d1:b6:d6:98:21:70:
         44:02:74:9b:a0:bc:78:a7:92:b8:2a:d5:b6:0b:ae:58:71:33:
         b0:68:07:71:d0:a3:aa:a1:f1:4a:b8:bb:95:6f:38:c3:f6:af:
         61:07:e0:a4:23:d0:52:c9:76:de:ec:96:78:68:35:5f:94:e8:
         bd:f0:98:7d:56:d6:1d:df:72:ad:3a:d3:8a:33:62:0c:30:a2:
         ef:28:0a:e6:ee:00:54:d7:3b:6e:ff:b6:a7:32:ee:4f:1c:eb:
         e1:f1:70:e0:98:05:5e:de:19:7f:40:ca:cd:32:ca:01:22:8f:
         3f:d6:1a:5e:83:b0:65:aa:f9:7e:96:08:cc:7d:6d:ba:cb:d3:
         8a:a8:28:ed:bd:46:84:50:1d:12:be:e8:27:b5:e4:7c:35:d9:
         12:cf:9b:00
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEVlU2tohd4Z46IR7OrqUpNpw3U0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAxMVoX
DTI3MDUwMTA4MzUxMVowMzExMC8GA1UEAxMoRkE3RTYzRjQ4QjAyMEI5NzM5MUM5
NjFGOTUwMDFFMzA2Njk2RUQ3RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOflekmcfdW5Bkz0gDz60QBBqAJWP97u9tunDxKh/JaaoL/x1xl38zaRWMz
1pUr+eCZ03P3w5ASMiLOE6GDQ0wKjxiY07baV2NkeTpKegvnNGT2/EnqwSbeKhvm
I25EB4NRkarIYLp67EvKBH1Va2LQtnMkbnYw6vFV6iVsWCzrNp3q0fWy7qeWh2/S
z7F8O5ZvSATZ3LeRkDv/HsoahUsEo4hl549MBZvLevGzFQtoJpED2ENwqnMjpDbb
2olLo43i/dXh38gM/niH7kGo0NLfJQRTnzP++tGRcewEyRoHlHVp0CLBcHVIa4En
wtVP9kbaQldmEb3mM73feP2XI7MCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT6fmP0
iwILlzkclh+VAB4wZpbtfzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM4MDkzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ6CWMA0GCSqGSIb3DQEBCwUAA4IBAQBjgAbUxIAUykmF4U8TaYS5To+q
jSji9Duew2Izj0VnjX/TCCAFwg+et9nZCJkA7KM+6DpzFCaoHPSrtDaqCVNakNed
dFBhO77iTL88KPgOv7QcSSa0MnpuUJVHSVNxL0icNRYnuXXRttaYIXBEAnSboLx4
p5K4KtW2C65YcTOwaAdx0KOqofFKuLuVbzjD9q9hB+CkI9BSyXbe7JZ4aDVflOi9
8Jh9VtYd33KtOtOKM2IMMKLvKArm7gBU1ztu/7anMu5PHOvh8XDgmAVe3hl/QMrN
MsoBIo8/1hpeg7Blqvl+lgjMfW26y9OKqCjtvUaEUB0SvugnteR8NdkSz5sA
-----END CERTIFICATE-----