Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141131.roa
File:                     AS141131.roa (raw, json)
Hash identifier:          M84BrdxGM85YfCtuphunJdssIsZtcibmgR+mVKX6N+s=
Subject key identifier:   DD:C1:B7:A7:1D:7E:93:96:38:FE:EB:3E:DF:5F:BF:A9:8C:56:90:25
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2828D6007A950A539C0D8DC1BD4D36F130445F4C
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141131.roa
Signing time:             Sat 02 May 2026 08:35:46 +0000
ROA not before:           Sat 02 May 2026 08:30:46 +0000
ROA not after:            Sat 01 May 2027 08:35:46 +0000
asID:                     141131
IP address blocks:        103.158.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:28:d6:00:7a:95:0a:53:9c:0d:8d:c1:bd:4d:36:f1:30:44:5f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:46 2026 GMT
            Not After : May  1 08:35:46 2027 GMT
        Subject: CN=DDC1B7A71D7E939638FEEB3EDF5FBFA98C569025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:26:ec:e2:83:cd:75:65:36:42:64:08:1f:5d:
                    30:ab:f1:4a:60:8b:38:36:73:5b:e3:0a:4d:12:94:
                    bd:1a:bc:8f:f9:dd:e2:ce:93:f8:3b:38:9c:3b:61:
                    1b:48:7f:3e:d8:41:4f:62:58:7b:1b:42:4c:a9:f1:
                    dd:05:81:85:72:3b:d6:23:f0:3a:19:9b:5d:a8:52:
                    76:b5:18:f3:97:51:f6:92:bd:2e:54:c2:fe:29:60:
                    b3:6f:f5:10:db:d6:c6:10:65:14:13:d1:2c:89:e6:
                    b4:8a:25:5f:11:66:d7:bc:11:6a:8b:db:67:6c:13:
                    22:d9:eb:da:3d:56:47:ea:31:6d:ea:18:e3:8b:80:
                    1e:d3:cb:c9:87:7e:b6:44:8e:8e:dd:07:56:d1:e4:
                    83:9d:26:b7:b0:16:b8:4a:60:0d:2e:10:56:cc:d9:
                    96:84:22:75:ed:b6:59:fd:5a:02:d6:c1:02:60:23:
                    71:f7:ab:4a:f4:d7:ec:69:b9:e4:b0:cd:82:b8:70:
                    0f:44:40:eb:92:81:83:98:53:8d:e6:0d:45:bd:02:
                    51:4a:cf:d5:5c:6c:fd:45:fb:18:c1:d9:c2:05:c7:
                    a9:1f:9d:db:c3:38:22:da:84:a3:b3:39:e3:11:9b:
                    e0:6e:52:4a:00:25:ea:42:28:04:5f:82:da:01:76:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C1:B7:A7:1D:7E:93:96:38:FE:EB:3E:DF:5F:BF:A9:8C:56:90:25
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.158.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e0:32:5f:1a:dd:a6:6b:17:b8:3c:d6:1d:3b:cd:18:b8:49:
         3d:87:87:e0:23:be:4b:c6:3e:68:dd:bb:6f:04:e5:7e:fd:fe:
         dd:ac:e9:3d:15:cc:ef:08:82:c2:2f:90:ec:33:d7:c6:71:2a:
         99:63:11:94:a0:0b:df:0c:0c:67:e2:30:74:4c:73:22:0c:26:
         fa:9e:74:ee:22:17:6c:19:00:62:fa:1e:e6:c7:01:81:29:46:
         97:83:7b:a9:94:77:63:62:8b:8f:d8:22:ae:3d:43:ff:e8:f6:
         3d:e5:74:64:59:dc:f3:cd:c2:d6:d0:a3:29:22:b7:98:bd:6b:
         82:b1:78:50:de:d8:cd:c7:df:86:e1:3b:dc:d9:5a:16:60:fb:
         79:ac:bb:29:c4:cd:8c:34:55:34:94:8d:a3:05:07:b5:8e:e1:
         0e:06:92:51:73:0d:58:e1:fc:f5:d6:d5:37:2f:ca:3b:48:a3:
         64:8f:5b:bf:d9:e0:3f:b4:9e:01:db:60:61:ca:03:6b:8b:82:
         64:e6:25:b0:4b:49:de:58:4c:12:58:c8:c0:af:e0:e5:49:69:
         e7:f1:65:08:1e:f5:6e:28:c0:60:d6:01:a5:9e:ed:7a:c9:fd:
         81:63:e3:b0:a5:10:60:7a:ff:da:6e:9b:a7:ed:82:6b:9f:d3:
         ee:43:c8:0e
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKCjWAHqVClOcDY3BvU028TBEX0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzA0NloX
DTI3MDUwMTA4MzU0NlowMzExMC8GA1UEAxMoRERDMUI3QTcxRDdFOTM5NjM4RkVF
QjNFREY1RkJGQTk4QzU2OTAyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJAm7OKDzXVlNkJkCB9dMKvxSmCLODZzW+MKTRKUvRq8j/nd4s6T+Ds4nDth
G0h/PthBT2JYextCTKnx3QWBhXI71iPwOhmbXahSdrUY85dR9pK9LlTC/ilgs2/1
ENvWxhBlFBPRLInmtIolXxFm17wRaovbZ2wTItnr2j1WR+oxbeoY44uAHtPLyYd+
tkSOjt0HVtHkg50mt7AWuEpgDS4QVszZloQide22Wf1aAtbBAmAjcferSvTX7Gm5
5LDNgrhwD0RA65KBg5hTjeYNRb0CUUrP1Vxs/UX7GMHZwgXHqR+d28M4ItqEo7M5
4xGb4G5SSgAl6kIoBF+C2gF2p08CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTdwben
HX6Tljj+6z7fX7+pjFaQJTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxMTMxLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ56PMA0GCSqGSIb3DQEBCwUAA4IBAQBD4DJfGt2maxe4PNYdO80YuEk9
h4fgI75Lxj5o3btvBOV+/f7drOk9FczvCILCL5DsM9fGcSqZYxGUoAvfDAxn4jB0
THMiDCb6nnTuIhdsGQBi+h7mxwGBKUaXg3uplHdjYouP2CKuPUP/6PY95XRkWdzz
zcLW0KMpIreYvWuCsXhQ3tjNx9+G4Tvc2VoWYPt5rLspxM2MNFU0lI2jBQe1juEO
BpJRcw1Y4fz11tU3L8o7SKNkj1u/2eA/tJ4B22BhygNri4Jk5iWwS0neWEwSWMjA
r+DlSWnn8WUIHvVuKMBg1gGlnu16yf2BY+OwpRBgev/abpun7YJrn9PuQ8gO
-----END CERTIFICATE-----