Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140439.roa
File:                     AS140439.roa (raw, json)
Hash identifier:          ra2tByiOLJ/yS5Kqnare5K//g4ugOu4J4m1EJ8Iizhc=
Subject key identifier:   17:09:CB:E3:B5:86:7F:A4:2A:E8:7D:F1:CB:29:E4:86:FA:90:98:5C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       052805E68408844EB4FB0AB6BB0A66CE20EFB543
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140439.roa
Signing time:             Sat 02 May 2026 08:37:19 +0000
ROA not before:           Sat 02 May 2026 08:32:19 +0000
ROA not after:            Sat 01 May 2027 08:37:19 +0000
asID:                     140439
IP address blocks:        103.152.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:28:05:e6:84:08:84:4e:b4:fb:0a:b6:bb:0a:66:ce:20:ef:b5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:32:19 2026 GMT
            Not After : May  1 08:37:19 2027 GMT
        Subject: CN=1709CBE3B5867FA42AE87DF1CB29E486FA90985C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8a:78:38:d4:51:85:7d:bb:51:85:10:2f:54:
                    f2:11:cf:93:b3:64:b8:4c:52:7b:f5:50:c9:a9:7f:
                    45:7d:97:12:31:78:80:49:d4:1b:a4:81:48:ff:95:
                    3f:4b:e5:94:aa:00:95:39:0a:ec:f6:e8:40:e3:2e:
                    d7:4e:5c:24:ad:99:c7:af:8c:9b:de:56:21:38:d8:
                    28:73:3f:ef:15:b7:0e:31:e4:9b:aa:0e:3e:d9:72:
                    78:06:d3:e9:0f:78:93:c3:1e:8b:a2:cd:c4:38:a2:
                    ea:68:00:4c:db:07:94:90:a7:07:67:fc:c8:ab:d4:
                    2c:77:ae:ce:be:54:65:7d:8d:a6:bb:89:ea:51:59:
                    61:cc:23:6d:fc:b0:e2:30:05:fa:ec:e1:aa:e2:f5:
                    a6:54:2c:43:3d:1f:32:c2:49:b6:ea:f6:69:ad:42:
                    f8:f2:d7:91:8b:60:34:41:9a:68:ef:e1:7a:37:51:
                    f1:9c:c3:fa:73:b9:8e:55:07:aa:bb:39:53:7a:42:
                    e0:a8:1e:26:c1:8b:33:39:6c:6f:d3:a6:af:b5:48:
                    c4:1f:a7:68:7a:1e:45:26:63:13:ab:c0:ca:8d:cc:
                    1f:e0:2d:8f:2c:75:e6:73:e7:4a:78:86:f9:43:0c:
                    75:2b:d9:a7:46:b6:b7:88:d6:62:e1:d2:30:96:02:
                    2e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:09:CB:E3:B5:86:7F:A4:2A:E8:7D:F1:CB:29:E4:86:FA:90:98:5C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:37:27:eb:b9:32:1c:0c:8c:90:45:09:e7:c8:7e:0e:3c:9a:
         89:32:59:ea:38:a0:61:04:c1:96:86:21:2f:a1:d2:64:17:c9:
         10:43:21:b2:d1:f8:db:e0:7d:67:5d:57:87:45:ab:f8:17:df:
         c0:93:3f:65:b7:dc:d9:54:f6:0f:85:b4:d9:0c:87:a4:6e:f5:
         36:ed:f4:9f:9e:49:dc:e0:f0:d9:d3:55:34:a4:09:d9:21:f0:
         33:87:03:19:27:2c:7c:a2:61:1e:4e:3e:6a:81:b5:a4:f7:27:
         01:69:01:ec:78:00:6c:a8:3c:19:2e:e3:cd:da:b4:2d:71:99:
         99:7b:dc:0c:55:8f:b2:b0:74:0f:c1:ee:9a:c1:32:aa:d8:1b:
         da:8d:f6:61:72:47:f6:38:09:56:cc:6c:09:3f:06:24:dc:0b:
         d9:49:4f:80:25:88:ce:68:66:4c:b9:a3:76:2d:6a:bd:e0:96:
         7e:c7:ed:c7:06:9b:21:0f:85:c8:58:99:38:7d:8e:ff:20:ee:
         ee:fd:a1:ef:e4:6b:00:67:39:f4:69:86:cc:f4:9f:d1:72:73:
         0a:38:6b:e1:7c:8a:7b:4a:50:c8:23:4a:26:46:91:d7:d9:2a:
         0f:d7:53:3a:2c:8e:26:e8:1d:43:a6:f4:68:45:07:14:ee:46:
         64:48:5f:1c
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUBSgF5oQIhE60+wq2uwpmziDvtUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzIxOVoX
DTI3MDUwMTA4MzcxOVowMzExMC8GA1UEAxMoMTcwOUNCRTNCNTg2N0ZBNDJBRTg3
REYxQ0IyOUU0ODZGQTkwOTg1QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMaKeDjUUYV9u1GFEC9U8hHPk7NkuExSe/VQyal/RX2XEjF4gEnUG6SBSP+V
P0vllKoAlTkK7PboQOMu105cJK2Zx6+Mm95WITjYKHM/7xW3DjHkm6oOPtlyeAbT
6Q94k8Mei6LNxDii6mgATNsHlJCnB2f8yKvULHeuzr5UZX2NpruJ6lFZYcwjbfyw
4jAF+uzhquL1plQsQz0fMsJJtur2aa1C+PLXkYtgNEGaaO/hejdR8ZzD+nO5jlUH
qrs5U3pC4KgeJsGLMzlsb9Omr7VIxB+naHoeRSZjE6vAyo3MH+Atjyx15nPnSniG
+UMMdSvZp0a2t4jWYuHSMJYCLq0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQXCcvj
tYZ/pCroffHLKeSG+pCYXDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwNDM5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ5hsMA0GCSqGSIb3DQEBCwUAA4IBAQBtNyfruTIcDIyQRQnnyH4OPJqJ
MlnqOKBhBMGWhiEvodJkF8kQQyGy0fjb4H1nXVeHRav4F9/Akz9lt9zZVPYPhbTZ
DIekbvU27fSfnknc4PDZ01U0pAnZIfAzhwMZJyx8omEeTj5qgbWk9ycBaQHseABs
qDwZLuPN2rQtcZmZe9wMVY+ysHQPwe6awTKq2BvajfZhckf2OAlWzGwJPwYk3AvZ
SU+AJYjOaGZMuaN2LWq94JZ+x+3HBpshD4XIWJk4fY7/IO7u/aHv5GsAZzn0aYbM
9J/RcnMKOGvhfIp7SlDII0omRpHX2SoP11M6LI4m6B1DpvRoRQcU7kZkSF8c
-----END CERTIFICATE-----