Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141109.roa
File:                     AS141109.roa (raw, json)
Hash identifier:          8kPODr9+ErsrItx0uJ8T8Hl9pa5rZVIbnXn3CWNUs5I=
Subject key identifier:   32:F8:06:A4:98:39:44:CF:D9:47:D3:B9:C2:0D:B0:8B:B4:60:D8:30
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       66F5D7CCDA10CC8278CD629077E595FB7E8401D8
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141109.roa
Signing time:             Sat 02 May 2026 21:14:43 +0000
ROA not before:           Sat 02 May 2026 21:09:43 +0000
ROA not after:            Sat 01 May 2027 21:14:43 +0000
asID:                     141109
IP address blocks:        103.157.32.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:f5:d7:cc:da:10:cc:82:78:cd:62:90:77:e5:95:fb:7e:84:01:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:09:43 2026 GMT
            Not After : May  1 21:14:43 2027 GMT
        Subject: CN=32F806A4983944CFD947D3B9C20DB08BB460D830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:96:b6:84:b3:85:40:3e:85:f6:e6:c2:8c:2f:
                    f0:7d:3b:c5:10:53:1c:48:f4:f6:9d:1a:e9:08:ba:
                    0d:71:a5:3b:f1:22:7e:c5:6e:25:d2:da:e8:15:fe:
                    9e:2d:13:0e:34:6f:53:2c:1b:fb:1a:f6:da:56:d7:
                    25:7f:16:db:ec:68:94:bd:e1:11:3b:46:6f:29:50:
                    e2:47:ca:10:dd:4a:3a:6c:7e:88:25:dd:44:90:91:
                    33:31:9a:0a:a4:a0:ca:5f:46:b0:83:07:dc:dd:49:
                    47:d0:e3:58:b4:ae:27:ab:ea:54:3d:21:bc:a8:50:
                    00:b1:38:65:db:5c:7a:68:6d:41:fc:fd:e9:c2:92:
                    50:80:31:cf:86:71:1a:1d:63:90:66:df:a9:51:42:
                    2a:6a:9e:89:a4:82:55:1b:e8:80:05:fb:53:eb:d8:
                    ae:9a:56:f4:e4:55:7f:c0:3b:37:fc:8c:c8:8d:a0:
                    0e:f8:26:63:09:36:16:cb:0a:56:ff:a8:0b:c4:fd:
                    6e:de:b3:32:cd:1f:dc:eb:69:23:11:e3:dd:92:a0:
                    d7:43:e3:2d:49:5b:5d:c6:f7:07:7e:3a:07:c4:bd:
                    5a:76:37:1e:00:9f:54:fb:7e:13:3c:f5:01:c9:c6:
                    34:25:de:22:aa:64:0e:ab:b8:db:e6:47:52:18:6b:
                    64:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:F8:06:A4:98:39:44:CF:D9:47:D3:B9:C2:0D:B0:8B:B4:60:D8:30
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141109.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.157.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:46:82:d4:d4:82:c5:0b:2e:db:1e:87:12:28:c4:ba:6e:65:
         aa:1e:1b:17:c8:d4:1a:3c:ff:4a:c6:f5:fb:0d:71:68:8e:20:
         40:6e:32:e2:21:63:9a:8f:f6:55:80:d0:71:16:77:24:5c:a7:
         a3:82:f8:41:43:26:7e:fb:df:6e:d1:7c:4b:07:5e:82:01:13:
         45:4c:bb:75:cc:e1:18:d6:25:35:03:ed:9c:7d:9d:98:4d:d8:
         1b:1a:ba:87:16:dc:5d:5a:fa:fa:eb:c0:90:f5:59:f8:dd:d3:
         05:47:86:13:b6:ed:37:11:c1:69:b0:c0:69:53:3b:58:3f:1e:
         1c:cc:b4:c8:77:dd:1a:2b:a1:ab:d8:cc:3a:d6:34:5b:1b:09:
         04:8c:39:28:b2:39:05:85:43:cd:1a:e0:9e:cf:b1:9f:1e:e7:
         01:0e:e4:cd:34:04:7b:5e:c6:c8:6f:36:73:7c:59:fc:30:fc:
         58:79:75:27:60:b1:b9:8c:c6:58:89:0a:8d:28:12:f1:dc:da:
         39:09:96:28:8e:4f:3e:84:64:c2:b7:20:a9:0e:9c:99:6e:54:
         7c:56:f5:4a:59:f6:2f:d2:8d:85:38:11:fe:dc:07:c1:ed:10:
         2e:a5:8c:e0:17:3e:54:0d:91:d6:e8:47:40:3e:5e:5e:eb:66:
         38:90:98:86
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUZvXXzNoQzIJ4zWKQd+WV+36EAdgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMDk0M1oX
DTI3MDUwMTIxMTQ0M1owMzExMC8GA1UEAxMoMzJGODA2QTQ5ODM5NDRDRkQ5NDdE
M0I5QzIwREIwOEJCNDYwRDgzMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyWtoSzhUA+hfbmwowv8H07xRBTHEj09p0a6Qi6DXGlO/EifsVuJdLa6BX+
ni0TDjRvUywb+xr22lbXJX8W2+xolL3hETtGbylQ4kfKEN1KOmx+iCXdRJCRMzGa
CqSgyl9GsIMH3N1JR9DjWLSuJ6vqVD0hvKhQALE4ZdtcemhtQfz96cKSUIAxz4Zx
Gh1jkGbfqVFCKmqeiaSCVRvogAX7U+vYrppW9ORVf8A7N/yMyI2gDvgmYwk2FssK
Vv+oC8T9bt6zMs0f3OtpIxHj3ZKg10PjLUlbXcb3B346B8S9WnY3HgCfVPt+Ezz1
AcnGNCXeIqpkDqu42+ZHUhhrZKcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQy+Aak
mDlEz9lH07nCDbCLtGDYMDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxMTA5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ50gMA0GCSqGSIb3DQEBCwUAA4IBAQB3RoLU1ILFCy7bHocSKMS6bmWq
HhsXyNQaPP9KxvX7DXFojiBAbjLiIWOaj/ZVgNBxFnckXKejgvhBQyZ++99u0XxL
B16CARNFTLt1zOEY1iU1A+2cfZ2YTdgbGrqHFtxdWvr668CQ9Vn43dMFR4YTtu03
EcFpsMBpUztYPx4czLTId90aK6Gr2Mw61jRbGwkEjDkosjkFhUPNGuCez7GfHucB
DuTNNAR7XsbIbzZzfFn8MPxYeXUnYLG5jMZYiQqNKBLx3No5CZYojk8+hGTCtyCp
DpyZblR8VvVKWfYv0o2FOBH+3AfB7RAupYzgFz5UDZHW6EdAPl5e62Y4kJiG
-----END CERTIFICATE-----