Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS139385.roa
File:                     AS139385.roa (raw, json)
Hash identifier:          f1rZb4PaRfoi0rM0hc3nd2QGpTTRXXv/mKTDGkyf53c=
Subject key identifier:   7F:2E:0C:F4:B6:27:DF:A8:DC:DF:A7:A8:90:4A:AA:16:01:AC:09:F7
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       16F1F114D7FFAC4CD89D2893C6A77EDF04F7F929
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139385.roa
Signing time:             Sat 02 May 2026 21:06:33 +0000
ROA not before:           Sat 02 May 2026 21:01:33 +0000
ROA not after:            Sat 01 May 2027 21:06:33 +0000
asID:                     139385
IP address blocks:        103.143.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:f1:f1:14:d7:ff:ac:4c:d8:9d:28:93:c6:a7:7e:df:04:f7:f9:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:01:33 2026 GMT
            Not After : May  1 21:06:33 2027 GMT
        Subject: CN=7F2E0CF4B627DFA8DCDFA7A8904AAA1601AC09F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c6:d7:d8:ab:3d:b6:52:25:d5:db:54:ff:0c:
                    1d:04:cd:72:87:b1:26:db:f3:dc:6a:77:54:f6:1a:
                    f8:8c:e9:44:19:49:dd:aa:32:91:e7:1a:dc:e7:02:
                    80:76:f1:4a:b4:99:9c:9e:af:33:63:57:10:a7:58:
                    ae:ef:ee:0b:07:01:8b:79:8a:bf:91:97:a4:3c:0b:
                    94:56:9f:b8:14:2b:23:ed:21:d3:b9:70:54:43:f5:
                    ea:d9:4a:71:fa:24:69:11:cd:4f:2a:71:5a:d2:d9:
                    3e:8d:fd:e2:74:6f:c2:17:bc:0a:f9:f9:ea:e4:71:
                    f8:1c:78:17:18:c6:93:44:91:83:c8:f4:5e:db:69:
                    dc:bc:e7:5c:72:23:47:ef:3e:55:a7:29:3b:d9:fd:
                    7c:98:22:51:4f:56:fb:44:ce:a4:29:54:10:49:e4:
                    5d:0a:51:7b:0b:cc:3e:65:ff:37:70:fb:68:16:7c:
                    a6:3c:43:0f:6b:d5:e1:82:6c:85:72:cc:1a:e3:f9:
                    26:71:bc:85:ea:65:f6:c1:d5:51:80:bb:f3:41:33:
                    42:1d:df:e2:a0:c7:fb:90:94:44:6d:31:9d:90:56:
                    f1:20:f0:ad:e6:33:dd:97:92:8d:e3:82:49:b4:7a:
                    1d:a1:cd:7a:82:4b:a1:a9:59:a4:7b:92:46:e2:9c:
                    38:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2E:0C:F4:B6:27:DF:A8:DC:DF:A7:A8:90:4A:AA:16:01:AC:09:F7
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139385.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.143.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:7a:ab:be:73:bf:35:a9:0d:68:5d:a5:78:34:b6:7c:f9:da:
         58:8d:32:c0:c3:fa:9e:df:45:0e:08:a9:e9:3d:74:3e:b0:b4:
         9b:72:35:43:6a:ba:90:60:59:5b:16:b9:75:3d:3d:a8:ba:5c:
         ff:37:9a:3a:ab:dc:be:56:41:18:8c:8c:a7:23:10:25:d8:a7:
         2e:05:1e:b1:45:9b:f9:36:d9:aa:b7:de:07:04:56:60:3e:a9:
         50:6e:05:86:3b:d4:07:55:73:d5:db:b0:a1:6b:ad:8c:69:d6:
         33:cc:55:ee:42:11:88:d8:7d:a3:d6:5a:d3:97:8d:4a:72:b2:
         2d:a6:a8:4c:8c:0d:44:08:7b:89:5f:5c:80:bc:f9:b7:a3:f5:
         7d:f6:10:69:ac:f5:72:a8:05:4c:0a:67:d9:96:51:2f:2c:28:
         44:9d:c4:42:6d:89:40:cd:fb:cc:cc:c7:31:3b:20:7c:5d:78:
         75:cd:44:49:5f:61:52:f1:13:c2:55:80:b5:ef:b8:4b:d6:da:
         04:c5:06:0e:cf:35:18:3a:cc:f0:14:e9:eb:6a:74:d1:5c:c2:
         6d:5b:9f:ea:01:cd:b7:35:8e:22:35:30:4c:d6:09:43:9e:85:
         39:24:e5:74:67:ec:ff:f5:51:29:56:64:8e:bd:72:c5:0c:81:
         33:7a:2a:bb
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUFvHxFNf/rEzYnSiTxqd+3wT3+SkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMDEzM1oX
DTI3MDUwMTIxMDYzM1owMzExMC8GA1UEAxMoN0YyRTBDRjRCNjI3REZBOERDREZB
N0E4OTA0QUFBMTYwMUFDMDlGNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJXG19irPbZSJdXbVP8MHQTNcoexJtvz3Gp3VPYa+IzpRBlJ3aoykeca3OcC
gHbxSrSZnJ6vM2NXEKdYru/uCwcBi3mKv5GXpDwLlFafuBQrI+0h07lwVEP16tlK
cfokaRHNTypxWtLZPo394nRvwhe8Cvn56uRx+Bx4FxjGk0SRg8j0Xttp3LznXHIj
R+8+VacpO9n9fJgiUU9W+0TOpClUEEnkXQpRewvMPmX/N3D7aBZ8pjxDD2vV4YJs
hXLMGuP5JnG8hepl9sHVUYC780EzQh3f4qDH+5CURG0xnZBW8SDwreYz3ZeSjeOC
SbR6HaHNeoJLoalZpHuSRuKcOCMCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR/Lgz0
tiffqNzfp6iQSqoWAawJ9zAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM5Mzg1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ48CMA0GCSqGSIb3DQEBCwUAA4IBAQCYequ+c781qQ1oXaV4NLZ8+dpY
jTLAw/qe30UOCKnpPXQ+sLSbcjVDarqQYFlbFrl1PT2oulz/N5o6q9y+VkEYjIyn
IxAl2KcuBR6xRZv5Ntmqt94HBFZgPqlQbgWGO9QHVXPV27Cha62MadYzzFXuQhGI
2H2j1lrTl41KcrItpqhMjA1ECHuJX1yAvPm3o/V99hBprPVyqAVMCmfZllEvLChE
ncRCbYlAzfvMzMcxOyB8XXh1zURJX2FS8RPCVYC177hL1toExQYOzzUYOszwFOnr
anTRXMJtW5/qAc23NY4iNTBM1glDnoU5JOV0Z+z/9VEpVmSOvXLFDIEzeiq7
-----END CERTIFICATE-----