Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140445.roa
File:                     AS140445.roa (raw, json)
Hash identifier:          wZPF3UpZZdcSz2rfuWiEtQ11ikeIqjOnknf2bEtUknU=
Subject key identifier:   63:21:AA:09:52:0C:6C:E2:BD:B7:3D:83:5B:51:43:D7:73:D5:DC:06
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       7FCE5823073F3C8173B148B947CE7A93BE0F638C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140445.roa
Signing time:             Sat 02 May 2026 21:29:39 +0000
ROA not before:           Sat 02 May 2026 21:24:39 +0000
ROA not after:            Sat 01 May 2027 21:29:39 +0000
asID:                     140445
IP address blocks:        202.92.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:ce:58:23:07:3f:3c:81:73:b1:48:b9:47:ce:7a:93:be:0f:63:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:24:39 2026 GMT
            Not After : May  1 21:29:39 2027 GMT
        Subject: CN=6321AA09520C6CE2BDB73D835B5143D773D5DC06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:28:f3:5a:9c:d0:7f:03:e0:b3:ac:c8:09:30:
                    b9:d0:70:db:00:f4:fa:de:08:e6:2d:17:f2:bd:8a:
                    19:09:5b:9c:47:43:35:5b:49:f7:ef:c1:64:e2:ca:
                    30:22:3e:ce:d5:61:50:cd:3e:a3:ad:a0:8e:5d:af:
                    78:7a:4d:01:8c:15:28:5c:17:5d:03:52:ef:db:9b:
                    cf:4b:d3:4b:f3:0f:b3:90:10:c8:1e:d8:54:0f:77:
                    18:f4:47:d6:69:15:60:65:52:1b:93:94:09:9a:fd:
                    b5:18:9a:4c:d3:8c:57:33:06:f8:3f:2a:67:50:ce:
                    4a:23:88:71:aa:78:00:42:8a:30:b3:72:6b:f7:6b:
                    24:a2:fe:bc:eb:ec:01:15:ed:f0:61:42:72:96:d2:
                    69:06:1d:d3:a1:9b:25:40:8b:1a:ef:ca:86:a6:45:
                    b4:77:20:ff:ce:21:00:12:5c:59:f1:84:dc:bd:ae:
                    75:eb:a9:89:e5:99:b3:49:90:c8:ac:e4:85:4a:8b:
                    98:8c:19:ec:1e:50:ee:3b:f0:2a:ce:23:b4:0f:03:
                    0f:a1:ca:f0:c7:bd:b3:93:45:c8:82:a6:a4:eb:de:
                    dc:f3:a0:b3:dc:b5:72:46:43:21:30:60:22:b2:e7:
                    5c:1d:5f:2f:4b:9b:8c:f0:9e:30:00:f2:c5:57:17:
                    30:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:21:AA:09:52:0C:6C:E2:BD:B7:3D:83:5B:51:43:D7:73:D5:DC:06
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.92.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:6c:d1:08:e2:8e:62:de:4d:10:1a:a6:48:b0:21:94:64:27:
         f4:4c:a9:cc:3d:02:d0:a1:3b:ac:d6:e3:db:d2:f6:7e:ea:f5:
         47:c7:d3:d0:eb:c9:dc:bb:0c:05:1e:63:3b:ed:44:03:21:2d:
         85:93:78:f9:5d:b0:e7:ad:34:cd:f7:f1:20:2f:72:9b:ca:c7:
         cc:f9:9e:58:d7:b2:b8:c4:57:21:75:a9:ea:f7:aa:e8:45:45:
         a4:aa:4c:6a:e8:73:4a:b3:f3:d8:f9:16:0d:74:e2:c8:88:08:
         9d:fc:f5:93:1a:1a:66:d4:d4:62:32:e4:32:27:7e:18:ed:94:
         fa:c2:e5:60:58:23:3d:2f:7a:c1:ea:b1:55:2c:0b:57:f9:1b:
         ef:8a:0d:2f:ec:b1:33:a4:08:3f:4b:7a:b6:f5:c4:87:be:f3:
         c6:94:be:22:3f:2e:e3:50:81:27:b2:98:02:9b:70:5c:6d:33:
         ed:81:21:df:5b:3d:13:51:c3:c5:1c:ca:f9:ea:15:08:ae:3d:
         58:e1:a2:9c:18:db:e8:ac:15:81:0d:96:53:4f:df:7a:3a:51:
         96:8a:d4:25:cb:db:45:21:72:83:b3:cb:9b:ba:1c:b4:c1:ea:
         63:92:8a:1e:a1:59:32:ee:ce:2c:3f:c0:6a:15:be:a0:48:3f:
         47:dc:e5:a5
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUf85YIwc/PIFzsUi5R856k74PY4wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMjQzOVoX
DTI3MDUwMTIxMjkzOVowMzExMC8GA1UEAxMoNjMyMUFBMDk1MjBDNkNFMkJEQjcz
RDgzNUI1MTQzRDc3M0Q1REMwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4o81qc0H8D4LOsyAkwudBw2wD0+t4I5i0X8r2KGQlbnEdDNVtJ9+/BZOLK
MCI+ztVhUM0+o62gjl2veHpNAYwVKFwXXQNS79ubz0vTS/MPs5AQyB7YVA93GPRH
1mkVYGVSG5OUCZr9tRiaTNOMVzMG+D8qZ1DOSiOIcap4AEKKMLNya/drJKL+vOvs
ARXt8GFCcpbSaQYd06GbJUCLGu/KhqZFtHcg/84hABJcWfGE3L2udeupieWZs0mQ
yKzkhUqLmIwZ7B5Q7jvwKs4jtA8DD6HK8Me9s5NFyIKmpOve3POgs9y1ckZDITBg
IrLnXB1fL0ubjPCeMADyxVcXMD8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRjIaoJ
Ugxs4r23PYNbUUPXc9XcBjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwNDQ1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAylzMMA0GCSqGSIb3DQEBCwUAA4IBAQCUbNEI4o5i3k0QGqZIsCGUZCf0
TKnMPQLQoTus1uPb0vZ+6vVHx9PQ68ncuwwFHmM77UQDIS2Fk3j5XbDnrTTN9/Eg
L3KbysfM+Z5Y17K4xFchdanq96roRUWkqkxq6HNKs/PY+RYNdOLIiAid/PWTGhpm
1NRiMuQyJ34Y7ZT6wuVgWCM9L3rB6rFVLAtX+Rvvig0v7LEzpAg/S3q29cSHvvPG
lL4iPy7jUIEnspgCm3BcbTPtgSHfWz0TUcPFHMr56hUIrj1Y4aKcGNvorBWBDZZT
T996OlGWitQly9tFIXKDs8ubuhy0wepjkooeoVky7s4sP8BqFb6gSD9H3OWl
-----END CERTIFICATE-----