Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141104.roa
File:                     AS141104.roa (raw, json)
Hash identifier:          heTsmyAiEJX5tpBkgYcI7RCvzcWHa9rtOmd5MpwLMYo=
Subject key identifier:   02:30:32:E9:54:41:03:15:F4:E2:69:1F:E8:05:DC:87:2C:02:12:EB
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       285DC352E622D6CB1853CE687888F5189B77941B
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141104.roa
Signing time:             Sat 02 May 2026 21:14:20 +0000
ROA not before:           Sat 02 May 2026 21:09:20 +0000
ROA not after:            Sat 01 May 2027 21:14:20 +0000
asID:                     141104
IP address blocks:        103.156.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:5d:c3:52:e6:22:d6:cb:18:53:ce:68:78:88:f5:18:9b:77:94:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:09:20 2026 GMT
            Not After : May  1 21:14:20 2027 GMT
        Subject: CN=023032E954410315F4E2691FE805DC872C0212EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:83:4b:3b:d5:ab:36:ab:ed:d5:ab:47:71:f0:
                    d6:8d:2b:3a:e5:0e:9b:d4:e1:8d:0d:03:a0:c2:59:
                    ca:a9:3e:4a:7c:54:2b:4a:33:30:ae:76:b6:a5:77:
                    4e:03:06:fc:55:f8:74:38:d9:ca:03:06:e2:54:31:
                    0e:77:43:b3:8b:78:7c:10:41:3c:d0:4e:c2:68:3b:
                    76:dd:86:f1:85:96:0c:a6:d8:0b:e1:ec:d3:7b:81:
                    c9:37:43:6d:62:63:df:76:a8:fa:67:2f:39:69:24:
                    60:e9:0e:9e:6d:a4:c9:93:8f:42:90:9b:c8:ef:8e:
                    9c:15:92:28:31:a6:28:8d:08:db:dd:c1:92:f2:9e:
                    18:30:cb:9a:c6:df:13:93:1a:0d:c0:fe:84:9f:65:
                    a4:77:fc:68:b5:ff:82:f5:96:20:9f:b8:6f:ed:ff:
                    92:43:41:ed:ea:42:29:6d:ba:69:04:6f:89:d1:c9:
                    c8:eb:d8:81:46:97:f4:2f:29:4c:04:e6:71:92:c6:
                    c3:2c:c2:ab:1f:c8:1b:e5:af:85:91:ea:e5:bf:2a:
                    e9:5e:d9:3e:c6:99:d8:5b:d5:d1:c4:67:94:86:ed:
                    b7:25:9c:9d:29:b6:cb:1b:9a:67:f3:5e:0a:2f:1e:
                    1a:7a:b4:2b:ab:9d:43:07:dd:53:29:b1:42:2c:55:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:30:32:E9:54:41:03:15:F4:E2:69:1F:E8:05:DC:87:2C:02:12:EB
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141104.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.156.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:5c:30:96:f0:5e:6c:6b:4f:e9:32:80:af:2b:9a:d2:ff:28:
         29:de:ae:0f:41:48:c1:7d:e0:e7:cc:1b:5e:67:46:c8:2a:e9:
         91:5a:fa:7e:7a:50:c0:44:2e:1a:42:53:5e:5f:67:fc:13:11:
         98:33:9b:a0:5c:4b:7e:94:44:5d:30:81:61:78:98:cd:55:90:
         44:09:30:10:f3:fc:cf:4b:83:e9:db:0b:7a:75:91:a1:77:50:
         19:ed:0c:ad:08:1a:b6:2a:09:34:a3:2d:71:d1:4f:f0:82:b3:
         49:bc:8f:18:41:5d:8b:b6:8b:07:4d:6c:75:5c:f7:90:fe:47:
         db:fc:1a:9a:48:76:2c:48:e3:ab:66:15:7d:b0:b7:a9:9b:03:
         b2:e0:83:c5:1e:e3:53:4e:01:81:cd:80:08:f8:be:61:6f:c3:
         09:9f:6d:5e:0a:ed:3f:50:77:bc:78:c8:6d:78:90:27:77:77:
         e7:4a:fc:c3:63:45:e9:4f:43:2d:24:79:d2:2f:80:fa:f5:4a:
         47:bd:ce:7e:b8:cb:ff:39:83:1f:06:21:d8:71:26:cd:d4:de:
         5c:72:ff:d1:e4:46:93:a7:ac:34:42:46:2d:a7:8c:bc:57:62:
         bd:48:d7:35:32:a2:1f:12:23:46:a8:c0:54:97:17:7c:c3:5d:
         86:d0:80:ed
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKF3DUuYi1ssYU85oeIj1GJt3lBswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMDkyMFoX
DTI3MDUwMTIxMTQyMFowMzExMC8GA1UEAxMoMDIzMDMyRTk1NDQxMDMxNUY0RTI2
OTFGRTgwNURDODcyQzAyMTJFQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSDSzvVqzar7dWrR3Hw1o0rOuUOm9ThjQ0DoMJZyqk+SnxUK0ozMK52tqV3
TgMG/FX4dDjZygMG4lQxDndDs4t4fBBBPNBOwmg7dt2G8YWWDKbYC+Hs03uByTdD
bWJj33ao+mcvOWkkYOkOnm2kyZOPQpCbyO+OnBWSKDGmKI0I293BkvKeGDDLmsbf
E5MaDcD+hJ9lpHf8aLX/gvWWIJ+4b+3/kkNB7epCKW26aQRvidHJyOvYgUaX9C8p
TATmcZLGwyzCqx/IG+WvhZHq5b8q6V7ZPsaZ2FvV0cRnlIbttyWcnSm2yxuaZ/Ne
Ci8eGnq0K6udQwfdUymxQixVne0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQCMDLp
VEEDFfTiaR/oBdyHLAIS6zAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxMTA0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ5z+MA0GCSqGSIb3DQEBCwUAA4IBAQBRXDCW8F5sa0/pMoCvK5rS/ygp
3q4PQUjBfeDnzBteZ0bIKumRWvp+elDARC4aQlNeX2f8ExGYM5ugXEt+lERdMIFh
eJjNVZBECTAQ8/zPS4Pp2wt6dZGhd1AZ7QytCBq2Kgk0oy1x0U/wgrNJvI8YQV2L
tosHTWx1XPeQ/kfb/BqaSHYsSOOrZhV9sLepmwOy4IPFHuNTTgGBzYAI+L5hb8MJ
n21eCu0/UHe8eMhteJAnd3fnSvzDY0XpT0MtJHnSL4D69UpHvc5+uMv/OYMfBiHY
cSbN1N5ccv/R5EaTp6w0QkYtp4y8V2K9SNc1MqIfEiNGqMBUlxd8w12G0IDt
-----END CERTIFICATE-----