Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS139257.roa
File:                     AS139257.roa (raw, json)
Hash identifier:          a3kZvFtD/6BuUTuLtYp6oZeuK/LXevKhA3VKZ6Gq+k8=
Subject key identifier:   E9:D2:97:AF:D9:D4:3F:5D:77:DF:4A:82:06:22:46:B2:AE:25:B5:A3
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       1FFFE032B1307768D23C92FFF20E5B31A2C906F9
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139257.roa
Signing time:             Sat 02 May 2026 09:27:09 +0000
ROA not before:           Sat 02 May 2026 09:22:09 +0000
ROA not after:            Sat 01 May 2027 09:27:09 +0000
asID:                     139257
IP address blocks:        2001:df6:57c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:ff:e0:32:b1:30:77:68:d2:3c:92:ff:f2:0e:5b:31:a2:c9:06:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:22:09 2026 GMT
            Not After : May  1 09:27:09 2027 GMT
        Subject: CN=E9D297AFD9D43F5D77DF4A82062246B2AE25B5A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:44:77:55:c0:f3:9f:fe:e1:00:7a:d1:06:6b:
                    f0:7b:e8:6f:11:d0:31:b8:62:6f:e8:c5:c1:90:43:
                    26:f8:fb:3f:00:e1:dc:ac:1b:91:4f:90:21:09:2a:
                    9b:ae:39:ea:d5:a4:ed:6b:3c:89:80:54:05:9c:0c:
                    a4:ad:c2:c9:fe:04:92:50:56:b4:ce:00:d3:80:1a:
                    91:88:84:c9:52:60:49:a9:e2:78:39:38:80:64:47:
                    55:97:6d:23:b6:f9:ec:2a:c7:70:32:d7:70:ad:7b:
                    6a:20:b3:65:2e:ae:7c:69:c0:a2:e2:1a:1c:3d:69:
                    3a:51:9c:57:81:d0:6e:08:74:cc:4d:b7:82:b8:98:
                    d0:41:63:49:06:b2:ce:e3:db:e2:d1:58:79:43:86:
                    43:f0:51:ea:06:a2:78:f8:f8:a9:cb:5a:d6:59:c0:
                    e7:d5:fd:73:8e:b2:33:7b:cd:63:16:34:c9:6d:98:
                    44:cd:17:c9:2f:39:1f:22:94:64:86:1e:66:c4:91:
                    5e:cc:e2:80:3b:c5:24:06:3b:e6:c1:4f:83:47:f6:
                    be:4c:00:38:9f:d5:3b:8d:76:f5:c0:67:b1:db:78:
                    06:59:8b:1c:d0:58:1f:81:ec:31:15:d5:f3:e5:b7:
                    18:f6:dc:5b:bb:17:22:c4:2c:bf:5d:7a:f5:43:21:
                    10:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D2:97:AF:D9:D4:3F:5D:77:DF:4A:82:06:22:46:B2:AE:25:B5:A3
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:57c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:76:22:3e:2e:50:65:15:9e:eb:f6:ab:77:2e:fe:66:10:57:
         04:9d:09:0d:02:e8:e1:17:f2:50:98:25:85:e3:23:c4:1f:73:
         66:73:ac:6b:be:5d:a3:d7:a1:f4:b6:8f:bd:be:64:66:34:ba:
         d3:95:42:fd:e0:9c:36:00:8a:77:c3:83:9f:e7:62:8b:6c:ec:
         c0:5c:59:c5:0e:16:f1:6e:a4:b1:c9:82:02:6c:48:e9:fb:e1:
         7a:bb:31:b3:2b:79:80:6b:4b:38:f9:db:45:fe:7b:53:cf:58:
         6a:3d:3d:3d:19:36:c0:37:06:75:40:95:df:36:31:ac:dd:b8:
         8a:4d:fb:c7:ab:3c:7c:f2:06:61:f3:0a:df:9b:70:bb:18:e5:
         a4:58:2c:71:9c:bf:71:b8:55:97:3c:a4:3f:7c:c7:fd:86:7a:
         e8:89:27:83:e0:81:67:87:25:d2:a2:dc:48:36:2c:3c:6c:ec:
         ce:d5:56:87:39:be:80:84:b5:dc:46:96:3a:3f:e3:39:56:b4:
         ba:1e:5d:56:41:4a:07:44:07:d2:28:20:3e:a7:c4:30:ab:5a:
         49:dc:cf:f9:21:76:3f:e2:b8:67:6d:e8:65:e1:96:5a:f1:4c:
         b1:11:f1:d1:6d:b0:98:1e:c7:07:7f:81:98:46:e9:e0:80:e2:
         3f:6d:ca:92
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUH//gMrEwd2jSPJL/8g5bMaLJBvkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjIwOVoX
DTI3MDUwMTA5MjcwOVowMzExMC8GA1UEAxMoRTlEMjk3QUZEOUQ0M0Y1RDc3REY0
QTgyMDYyMjQ2QjJBRTI1QjVBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFEd1XA85/+4QB60QZr8HvobxHQMbhib+jFwZBDJvj7PwDh3KwbkU+QIQkq
m6456tWk7Ws8iYBUBZwMpK3Cyf4EklBWtM4A04AakYiEyVJgSanieDk4gGRHVZdt
I7b57CrHcDLXcK17aiCzZS6ufGnAouIaHD1pOlGcV4HQbgh0zE23griY0EFjSQay
zuPb4tFYeUOGQ/BR6gaiePj4qcta1lnA59X9c46yM3vNYxY0yW2YRM0XyS85HyKU
ZIYeZsSRXszigDvFJAY75sFPg0f2vkwAOJ/VO4129cBnsdt4BlmLHNBYH4HsMRXV
8+W3GPbcW7sXIsQsv1169UMhEIUCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBTp0pev
2dQ/XXffSoIGIkayriW1ozAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM5MjU3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9lfAMA0GCSqGSIb3DQEBCwUAA4IBAQCOdiI+LlBlFZ7r9qt3Lv5m
EFcEnQkNAujhF/JQmCWF4yPEH3Nmc6xrvl2j16H0to+9vmRmNLrTlUL94Jw2AIp3
w4Of52KLbOzAXFnFDhbxbqSxyYICbEjp++F6uzGzK3mAa0s4+dtF/ntTz1hqPT09
GTbANwZ1QJXfNjGs3biKTfvHqzx88gZh8wrfm3C7GOWkWCxxnL9xuFWXPKQ/fMf9
hnroiSeD4IFnhyXSotxINiw8bOzO1VaHOb6AhLXcRpY6P+M5VrS6Hl1WQUoHRAfS
KCA+p8Qwq1pJ3M/5IXY/4rhnbehl4ZZa8UyxEfHRbbCYHscHf4GYRunggOI/bcqS
-----END CERTIFICATE-----