Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140966.roa
File:                     AS140966.roa (raw, json)
Hash identifier:          K3eusNkQVPJgRy/bLzllllKn1O4Bw6vcRZfimNgOFL8=
Subject key identifier:   33:81:A1:9F:2E:A2:24:0A:E8:95:4C:98:F9:1F:5B:1C:18:2B:04:9D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2DB57CC2A9E88E7C0BB64785BB02CC09DF639000
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140966.roa
Signing time:             Sat 02 May 2026 08:36:58 +0000
ROA not before:           Sat 02 May 2026 08:31:58 +0000
ROA not after:            Sat 01 May 2027 08:36:58 +0000
asID:                     140966
IP address blocks:        2001:df6:7f40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:b5:7c:c2:a9:e8:8e:7c:0b:b6:47:85:bb:02:cc:09:df:63:90:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:31:58 2026 GMT
            Not After : May  1 08:36:58 2027 GMT
        Subject: CN=3381A19F2EA2240AE8954C98F91F5B1C182B049D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0e:14:0d:e8:a6:21:f1:c8:8b:05:f5:ce:1c:
                    2d:fb:cf:8d:54:e1:df:b2:fd:1a:60:59:0e:a1:07:
                    75:7b:cb:c4:9a:c4:0f:32:3f:13:bf:43:a9:20:d5:
                    6c:b4:53:42:7f:e1:24:fd:50:24:ea:19:aa:0a:dc:
                    0a:ff:ee:a9:83:f5:53:6f:73:90:aa:26:3c:b5:52:
                    a4:69:53:21:76:12:00:16:bb:5d:95:35:79:e2:a0:
                    6c:5e:63:7a:1c:f3:02:34:4f:3c:64:58:57:20:cb:
                    24:e7:19:3a:10:35:57:6f:16:af:34:3d:ff:c0:b5:
                    df:2f:3c:d9:98:27:ce:ce:92:73:15:f1:bf:48:84:
                    9e:f3:17:76:b7:19:4e:60:2e:3d:ee:db:a4:1c:81:
                    4e:a8:f9:ac:32:95:b9:cc:69:e4:d1:12:f0:72:fb:
                    31:af:75:65:df:26:ee:e2:a8:c7:dc:65:8d:2c:7c:
                    1a:b0:20:84:4a:3f:18:53:f9:80:35:83:09:55:7f:
                    5c:8d:31:7e:07:e4:76:9a:fd:a2:c8:90:a9:26:fe:
                    ac:8a:29:6d:dd:ec:c6:85:78:eb:c7:78:19:fa:98:
                    29:c0:8e:9a:df:f9:52:72:ab:f8:1a:39:27:37:f8:
                    65:8e:28:77:ef:5c:0d:bf:08:b4:d2:9a:bc:88:8c:
                    66:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:81:A1:9F:2E:A2:24:0A:E8:95:4C:98:F9:1F:5B:1C:18:2B:04:9D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140966.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:7f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:c3:cf:ca:ea:4c:57:fa:ca:d9:2b:92:ee:5d:be:fc:7f:74:
         03:a8:ca:67:33:19:1f:a7:e2:20:6f:1e:1c:ad:68:9d:5a:04:
         61:83:dd:a4:59:c6:a4:9d:80:1d:0a:03:d3:11:e9:8c:80:dd:
         1c:3a:4e:54:7b:c7:01:9d:a1:57:8f:4b:0e:80:0e:ec:d6:8f:
         1a:2a:99:67:03:1f:04:f3:6a:e1:7d:54:05:6b:1b:b9:dc:ae:
         b0:77:bd:fc:de:06:ea:e5:7b:7f:cb:2e:f0:2f:0f:45:ba:a5:
         78:cf:22:c1:ab:9a:4c:55:5f:39:f8:b1:c4:f8:b6:77:f1:28:
         d7:c4:d6:ab:f5:e5:52:bc:fb:7d:0e:ee:9e:9a:e1:8b:42:0c:
         19:5c:13:01:03:4e:7d:f8:46:12:9b:e1:08:30:77:cd:35:84:
         63:a7:cb:a4:bc:8c:2f:24:55:64:db:e0:a3:4c:e4:a7:d6:aa:
         29:19:4a:13:7b:c3:90:fe:6f:1a:8f:0e:ee:11:bd:05:a1:5d:
         51:57:c6:a0:0d:9e:7d:5c:f0:c3:11:f6:f5:1c:8e:5f:f8:a8:
         59:f3:a3:99:c4:6c:d9:4a:cd:61:09:cf:71:28:6a:96:50:7f:
         b4:65:5b:1b:d6:91:8e:46:25:fe:29:8e:d6:c7:c4:50:fc:ba:
         11:eb:82:c8
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIULbV8wqnojnwLtkeFuwLMCd9jkAAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzE1OFoX
DTI3MDUwMTA4MzY1OFowMzExMC8GA1UEAxMoMzM4MUExOUYyRUEyMjQwQUU4OTU0
Qzk4RjkxRjVCMUMxODJCMDQ5RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4OFA3opiHxyIsF9c4cLfvPjVTh37L9GmBZDqEHdXvLxJrEDzI/E79DqSDV
bLRTQn/hJP1QJOoZqgrcCv/uqYP1U29zkKomPLVSpGlTIXYSABa7XZU1eeKgbF5j
ehzzAjRPPGRYVyDLJOcZOhA1V28WrzQ9/8C13y882Zgnzs6ScxXxv0iEnvMXdrcZ
TmAuPe7bpByBTqj5rDKVucxp5NES8HL7Ma91Zd8m7uKox9xljSx8GrAghEo/GFP5
gDWDCVV/XI0xfgfkdpr9osiQqSb+rIopbd3sxoV468d4GfqYKcCOmt/5UnKr+Bo5
Jzf4ZY4od+9cDb8ItNKavIiMZjMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQzgaGf
LqIkCuiVTJj5H1scGCsEnTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwOTY2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9n9AMA0GCSqGSIb3DQEBCwUAA4IBAQADw8/K6kxX+srZK5LuXb78
f3QDqMpnMxkfp+Igbx4crWidWgRhg92kWcaknYAdCgPTEemMgN0cOk5Ue8cBnaFX
j0sOgA7s1o8aKplnAx8E82rhfVQFaxu53K6wd7383gbq5Xt/yy7wLw9FuqV4zyLB
q5pMVV85+LHE+LZ38SjXxNar9eVSvPt9Du6emuGLQgwZXBMBA059+EYSm+EIMHfN
NYRjp8ukvIwvJFVk2+CjTOSn1qopGUoTe8OQ/m8ajw7uEb0FoV1RV8agDZ59XPDD
Efb1HI5f+KhZ86OZxGzZSs1hCc9xKGqWUH+0ZVsb1pGORiX+KY7Wx8RQ/LoR64LI
-----END CERTIFICATE-----