Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140456.roa
File:                     AS140456.roa (raw, json)
Hash identifier:          ewombgVx46lotCsIRjiPeiKBTuT8rT91xYt8ABmrKUk=
Subject key identifier:   77:3E:9A:C4:E9:6E:45:B0:EA:6C:45:47:D5:43:23:02:F0:D4:0C:9F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3946B4DE5848B087E10B086829AEB7AA741A38BD
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140456.roa
Signing time:             Tue 19 May 2026 06:53:56 +0000
ROA not before:           Tue 19 May 2026 06:48:56 +0000
ROA not after:            Tue 18 May 2027 06:53:56 +0000
asID:                     140456
IP address blocks:        36.50.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Jun 2026 10:27:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:46:b4:de:58:48:b0:87:e1:0b:08:68:29:ae:b7:aa:74:1a:38:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May 19 06:48:56 2026 GMT
            Not After : May 18 06:53:56 2027 GMT
        Subject: CN=773E9AC4E96E45B0EA6C4547D5432302F0D40C9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7b:2f:57:60:27:ba:c7:7b:f0:8e:e2:4a:6c:
                    5e:85:a1:d4:bf:f8:85:35:85:f6:74:77:3a:af:7a:
                    20:78:22:82:38:40:fd:0a:ee:c6:c6:e0:7a:c8:32:
                    7d:0b:54:8a:17:29:b2:07:2b:e9:a4:03:d5:02:d5:
                    16:02:5a:a4:d5:13:f5:8a:b0:f7:ca:2f:b3:7a:e3:
                    d7:4f:9e:63:1c:80:63:fc:88:1e:e0:a7:fa:97:56:
                    d8:8a:82:e7:65:97:3d:71:65:44:16:8c:f4:8a:61:
                    ac:46:e9:4c:f7:2b:9a:64:05:ff:b9:aa:4e:db:8d:
                    a3:9d:ec:20:03:66:dc:64:98:85:32:dc:d2:6c:b7:
                    ca:81:5b:4b:07:6f:a5:15:89:2a:61:2c:1b:27:4f:
                    b0:da:56:0f:dd:37:38:d8:38:fc:0e:20:c9:d5:34:
                    39:cd:f2:ca:94:15:a9:69:39:32:6b:c4:33:cc:50:
                    be:9c:4b:5b:74:2a:2e:6f:ed:63:13:61:36:4d:ee:
                    92:10:28:fe:26:ce:18:62:73:1d:9b:f3:79:2e:a4:
                    df:20:46:c5:a6:c4:ef:47:03:8d:19:c2:c8:7b:f0:
                    2b:46:b7:b9:bc:02:d8:97:a6:09:a0:15:72:2c:d4:
                    70:c7:13:ca:d5:a6:6e:91:a0:55:15:af:b0:d0:0c:
                    70:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3E:9A:C4:E9:6E:45:B0:EA:6C:45:47:D5:43:23:02:F0:D4:0C:9F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140456.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:81:b2:23:dc:f0:f4:26:33:b8:25:eb:6e:87:f2:17:1f:d3:
         65:da:0e:c8:b7:05:11:0b:d8:50:13:58:4e:0f:5d:ef:ba:2a:
         d8:d7:91:da:94:55:9a:05:a9:47:ad:45:61:89:f9:88:a2:a2:
         89:1d:fb:1b:d4:d3:d3:86:cd:86:ba:d3:07:83:aa:97:71:e7:
         fc:35:ae:e5:00:e8:49:c5:e7:80:57:e5:6d:43:14:5d:ec:7f:
         b0:7d:2f:36:63:00:41:53:fd:2e:62:ee:98:e7:7f:31:3d:bb:
         58:1c:d3:91:97:fc:3b:9e:6b:80:18:50:0d:14:71:50:f0:51:
         96:24:72:f3:0f:f3:f7:46:62:71:1e:db:34:15:24:67:b0:b1:
         b1:a2:8e:89:15:41:a0:3f:68:37:ff:d4:97:3d:70:20:95:6f:
         bd:a8:d7:45:28:1d:18:05:54:a8:79:ba:23:97:58:02:ec:4f:
         d2:91:4f:6c:a0:86:e9:a4:89:2b:65:a1:48:0b:34:e5:a7:a7:
         03:56:20:cd:35:a5:c6:e9:89:47:c6:5a:95:a3:c2:b4:fd:2a:
         ab:20:28:1c:1b:ec:81:9d:a3:19:78:45:81:b6:28:18:3b:3b:
         57:9c:ef:9f:6d:cc:f5:a0:64:8c:c9:dc:1e:08:21:1e:c8:31:
         f9:07:30:e8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUOUa03lhIsIfhCwhoKa63qnQaOL0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUxOTA2NDg1NloX
DTI3MDUxODA2NTM1NlowMzExMC8GA1UEAxMoNzczRTlBQzRFOTZFNDVCMEVBNkM0
NTQ3RDU0MzIzMDJGMEQ0MEM5RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL17L1dgJ7rHe/CO4kpsXoWh1L/4hTWF9nR3Oq96IHgigjhA/Qruxsbgesgy
fQtUihcpsgcr6aQD1QLVFgJapNUT9Yqw98ovs3rj10+eYxyAY/yIHuCn+pdW2IqC
52WXPXFlRBaM9IphrEbpTPcrmmQF/7mqTtuNo53sIANm3GSYhTLc0my3yoFbSwdv
pRWJKmEsGydPsNpWD903ONg4/A4gydU0Oc3yypQVqWk5MmvEM8xQvpxLW3QqLm/t
YxNhNk3ukhAo/ibOGGJzHZvzeS6k3yBGxabE70cDjRnCyHvwK0a3ubwC2JemCaAV
cizUcMcTytWmbpGgVRWvsNAMcEkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBR3PprE
6W5FsOpsRUfVQyMC8NQMnzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwNDU2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBJDLYMA0GCSqGSIb3DQEBCwUAA4IBAQBagbIj3PD0JjO4Jetuh/IXH9Nl
2g7ItwURC9hQE1hOD13vuirY15HalFWaBalHrUVhifmIoqKJHfsb1NPThs2GutMH
g6qXcef8Na7lAOhJxeeAV+VtQxRd7H+wfS82YwBBU/0uYu6Y538xPbtYHNORl/w7
nmuAGFANFHFQ8FGWJHLzD/P3RmJxHts0FSRnsLGxoo6JFUGgP2g3/9SXPXAglW+9
qNdFKB0YBVSoebojl1gC7E/SkU9soIbppIkrZaFICzTlp6cDViDNNaXG6YlHxlqV
o8K0/SqrICgcG+yBnaMZeEWBtigYOztXnO+fbcz1oGSMydweCCEeyDH5BzDo
-----END CERTIFICATE-----