Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS139397.roa
File:                     AS139397.roa (raw, json)
Hash identifier:          nWSpGjGRBGaJZsOG5qOr80xHJWkO8dYZdTflBrRKEqM=
Subject key identifier:   78:B9:DA:E3:A3:1A:EC:B3:65:A9:1C:81:C5:04:30:EE:2F:7F:9B:E3
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       79366CF21E97E0A694DAC8EDE7CFD7C84D2DF146
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139397.roa
Signing time:             Sat 02 May 2026 09:22:10 +0000
ROA not before:           Sat 02 May 2026 09:17:10 +0000
ROA not after:            Sat 01 May 2027 09:22:10 +0000
asID:                     139397
IP address blocks:        123.253.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:36:6c:f2:1e:97:e0:a6:94:da:c8:ed:e7:cf:d7:c8:4d:2d:f1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:17:10 2026 GMT
            Not After : May  1 09:22:10 2027 GMT
        Subject: CN=78B9DAE3A31AECB365A91C81C50430EE2F7F9BE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d2:73:b4:53:0e:07:13:b6:c6:62:5f:5d:2f:
                    33:7e:3f:95:04:1e:4c:69:97:b8:6f:07:c3:cd:13:
                    ca:b5:89:b0:8d:5c:d1:c3:46:24:12:70:ff:c5:fb:
                    73:85:4e:e8:ee:4c:50:15:59:58:cd:3b:20:e0:57:
                    99:cd:f0:e9:1a:5e:c5:e7:48:e8:dd:36:3a:ec:6b:
                    ec:e2:3e:12:db:81:dd:e1:b8:63:27:0b:46:e1:bd:
                    41:dc:a5:8c:53:ad:7a:90:d1:28:a0:77:11:15:26:
                    4b:17:21:a3:62:f8:a1:03:34:b7:93:45:e5:67:58:
                    19:c1:e2:3b:83:8c:e6:25:f1:82:78:b8:72:a6:c7:
                    d2:14:fe:cd:85:e3:69:79:ce:59:83:9a:4d:ef:17:
                    a4:e1:9f:1e:58:e5:a1:97:b6:23:86:f2:a3:a1:83:
                    f5:0a:d9:52:4e:6f:eb:a9:77:e7:0d:da:ea:62:40:
                    ab:27:20:f3:b1:ff:bb:23:0d:15:06:75:e9:b2:3d:
                    a5:e6:1b:e5:c2:52:87:ea:ff:81:30:9a:e5:23:69:
                    69:29:3d:95:29:4d:92:8f:b2:48:83:b7:36:62:48:
                    7f:73:df:e5:58:59:3e:19:db:c2:d0:84:f7:29:f3:
                    ed:90:51:d0:d6:49:89:e1:e1:85:41:19:c2:68:53:
                    23:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B9:DA:E3:A3:1A:EC:B3:65:A9:1C:81:C5:04:30:EE:2F:7F:9B:E3
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS139397.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:66:e3:77:d6:23:e9:92:f4:00:74:9e:7f:8a:f2:69:4d:0a:
         39:c8:41:e5:9f:3d:22:c3:aa:27:b3:d7:b3:56:6d:3f:5e:51:
         dc:63:33:db:62:89:0e:90:cd:ba:ec:83:c4:3c:20:ae:99:97:
         6a:54:bc:49:e5:b8:d3:01:99:66:33:e7:79:82:94:9c:56:e5:
         4f:18:20:0e:5a:eb:51:6f:b9:6f:ba:65:6f:64:17:7d:32:6f:
         2a:27:a3:52:0e:fb:c9:f3:8f:4c:82:2e:84:50:67:94:a4:a2:
         49:e0:f4:3e:e2:3b:e8:6c:7f:ee:95:94:3a:a9:34:62:64:5c:
         f1:96:7d:48:8e:38:a1:e1:f0:5f:73:5a:6a:44:42:80:9b:1b:
         22:44:86:68:dd:0e:48:df:d1:59:c4:87:4c:64:07:4b:bc:05:
         4b:4d:a1:d6:cc:8d:09:ca:de:3a:cd:13:6a:79:34:c4:3b:cd:
         b8:fb:9b:ed:ed:ca:37:d3:0e:b7:01:ae:24:ee:dd:95:ab:73:
         0c:83:86:ed:97:0c:57:fa:b9:e3:bc:7a:a0:39:9d:3e:05:2b:
         37:61:5a:3b:c9:f0:38:ea:8f:63:7e:84:f1:bb:37:e9:da:4a:
         e0:67:e8:21:4c:f9:78:0d:32:32:a2:e5:b1:a2:d4:1f:1d:61:
         ef:76:b7:42
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeTZs8h6X4KaU2sjt58/XyE0t8UYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTcxMFoX
DTI3MDUwMTA5MjIxMFowMzExMC8GA1UEAxMoNzhCOURBRTNBMzFBRUNCMzY1QTkx
QzgxQzUwNDMwRUUyRjdGOUJFMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzSc7RTDgcTtsZiX10vM34/lQQeTGmXuG8Hw80TyrWJsI1c0cNGJBJw/8X7
c4VO6O5MUBVZWM07IOBXmc3w6RpexedI6N02Ouxr7OI+EtuB3eG4YycLRuG9Qdyl
jFOtepDRKKB3ERUmSxcho2L4oQM0t5NF5WdYGcHiO4OM5iXxgni4cqbH0hT+zYXj
aXnOWYOaTe8XpOGfHljloZe2I4byo6GD9QrZUk5v66l35w3a6mJAqycg87H/uyMN
FQZ16bI9peYb5cJSh+r/gTCa5SNpaSk9lSlNko+ySIO3NmJIf3Pf5VhZPhnbwtCE
9ynz7ZBR0NZJieHhhUEZwmhTI/cCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR4udrj
oxrss2WpHIHFBDDuL3+b4zAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM5Mzk3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQCe/38MA0GCSqGSIb3DQEBCwUAA4IBAQAOZuN31iPpkvQAdJ5/ivJpTQo5
yEHlnz0iw6ons9ezVm0/XlHcYzPbYokOkM267IPEPCCumZdqVLxJ5bjTAZlmM+d5
gpScVuVPGCAOWutRb7lvumVvZBd9Mm8qJ6NSDvvJ849Mgi6EUGeUpKJJ4PQ+4jvo
bH/ulZQ6qTRiZFzxln1Ijjih4fBfc1pqREKAmxsiRIZo3Q5I39FZxIdMZAdLvAVL
TaHWzI0Jyt46zRNqeTTEO824+5vt7co30w63Aa4k7t2Vq3MMg4btlwxX+rnjvHqg
OZ0+BSs3YVo7yfA46o9jfoTxuzfp2krgZ+ghTPl4DTIyouWxotQfHWHvdrdC
-----END CERTIFICATE-----