Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141639.roa
File:                     AS141639.roa (raw, json)
Hash identifier:          LqRd3TC6F7I8e0E2SVdH3702IkufybLvVSAQj2lXD6Q=
Subject key identifier:   2A:0A:83:76:29:B7:97:7C:70:27:C9:DD:87:48:E8:69:D0:4F:82:0A
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       52B478BD15A8DD35DCB2E44F647FA13C3B08A760
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141639.roa
Signing time:             Sat 02 May 2026 09:26:03 +0000
ROA not before:           Sat 02 May 2026 09:21:03 +0000
ROA not after:            Sat 01 May 2027 09:26:03 +0000
asID:                     141639
IP address blocks:        2001:df3:2b40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:b4:78:bd:15:a8:dd:35:dc:b2:e4:4f:64:7f:a1:3c:3b:08:a7:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:03 2026 GMT
            Not After : May  1 09:26:03 2027 GMT
        Subject: CN=2A0A837629B7977C7027C9DD8748E869D04F820A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:02:de:0d:b9:f1:09:52:2c:1e:a9:75:aa:c5:
                    ba:60:4e:57:70:de:a1:9c:b0:37:96:d8:52:9a:c7:
                    d8:ca:b3:36:74:6a:bc:3c:7a:63:4b:97:fa:f2:50:
                    52:15:78:02:06:c1:c2:ae:8e:55:bd:36:25:8b:dd:
                    7a:fc:41:87:e8:06:ee:4c:dd:e5:6c:d0:34:07:eb:
                    a5:6c:1e:01:b8:6c:07:1f:42:4a:f4:63:51:28:66:
                    87:b4:82:7b:f7:8b:a6:8a:5b:04:bf:82:7a:cd:02:
                    3c:81:87:52:a6:f6:6b:cc:68:5e:f8:89:bd:2c:9d:
                    c4:bd:f0:13:15:f5:54:8d:c6:98:fd:fa:96:88:2c:
                    01:a1:c5:97:d4:26:44:d0:92:4f:66:ae:92:74:41:
                    52:81:f6:b9:f1:dc:10:04:7c:75:08:e2:28:46:f3:
                    f6:d3:9d:c0:73:5c:a6:8b:30:14:2d:4f:cf:4a:f3:
                    b2:63:2e:32:e6:d3:d0:9f:44:f9:c8:7b:2a:ba:56:
                    f7:65:2a:be:af:ee:79:99:0a:bd:30:eb:0a:cf:83:
                    8a:24:d8:b3:ac:af:88:81:6c:ea:f3:ea:a3:1d:c3:
                    47:78:44:46:37:e2:f2:14:f8:cb:0b:5a:37:45:91:
                    62:74:73:60:e8:6c:69:8e:bc:d8:06:f0:b0:56:3c:
                    b7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0A:83:76:29:B7:97:7C:70:27:C9:DD:87:48:E8:69:D0:4F:82:0A
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:2b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:00:c3:64:d3:c2:71:5b:d0:6c:b9:db:ef:71:0d:4f:7a:a4:
         d9:fa:e0:52:85:1a:97:7b:96:24:63:c4:b9:d6:19:93:48:6b:
         ca:87:78:61:de:59:b8:4a:26:ec:11:29:61:05:86:b3:b0:d1:
         a2:17:9b:82:f7:f6:cb:a4:6e:44:d4:f6:11:98:1b:8b:21:e0:
         63:7f:24:c8:7e:53:af:cb:96:25:98:e7:3e:8e:77:a1:c6:dc:
         65:02:dc:71:e6:29:07:3b:ee:b2:24:5a:a9:d5:39:80:d2:40:
         00:c7:cc:0d:e8:b9:ed:f1:4d:7f:1d:ab:9a:39:19:4b:b0:78:
         8f:c0:42:af:1a:15:d8:0a:e6:55:97:d2:7a:54:ec:80:da:85:
         99:2b:04:4c:2b:59:d2:fb:2e:86:f7:38:1c:bb:5f:47:44:ed:
         69:13:7d:8d:a7:c4:2a:8a:a6:04:72:07:da:3b:cb:e7:b4:7d:
         6b:3d:74:a0:50:a5:eb:3f:5f:ef:79:20:59:e6:77:3f:74:ce:
         8b:18:8c:94:7c:7a:46:7d:da:12:36:71:f1:0b:2f:bb:8e:90:
         01:93:90:00:2c:66:2e:fc:c9:4a:c2:f8:29:70:41:df:fa:67:
         b0:b6:b5:14:d7:4a:da:71:ba:6d:78:8a:4f:72:d1:62:1b:e2:
         db:fa:cf:9a
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUUrR4vRWo3TXcsuRPZH+hPDsIp2AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEwM1oX
DTI3MDUwMTA5MjYwM1owMzExMC8GA1UEAxMoMkEwQTgzNzYyOUI3OTc3QzcwMjdD
OUREODc0OEU4NjlEMDRGODIwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOEC3g258QlSLB6pdarFumBOV3DeoZywN5bYUprH2MqzNnRqvDx6Y0uX+vJQ
UhV4AgbBwq6OVb02JYvdevxBh+gG7kzd5WzQNAfrpWweAbhsBx9CSvRjUShmh7SC
e/eLpopbBL+Ces0CPIGHUqb2a8xoXviJvSydxL3wExX1VI3GmP36logsAaHFl9Qm
RNCST2auknRBUoH2ufHcEAR8dQjiKEbz9tOdwHNcposwFC1Pz0rzsmMuMubT0J9E
+ch7KrpW92Uqvq/ueZkKvTDrCs+DiiTYs6yviIFs6vPqox3DR3hERjfi8hT4ywta
N0WRYnRzYOhsaY682AbwsFY8t7kCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBQqCoN2
KbeXfHAnyd2HSOhp0E+CCjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxNjM5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN8ytAMA0GCSqGSIb3DQEBCwUAA4IBAQBZAMNk08JxW9BsudvvcQ1P
eqTZ+uBShRqXe5YkY8S51hmTSGvKh3hh3lm4SibsESlhBYazsNGiF5uC9/bLpG5E
1PYRmBuLIeBjfyTIflOvy5YlmOc+jnehxtxlAtxx5ikHO+6yJFqp1TmA0kAAx8wN
6Lnt8U1/HauaORlLsHiPwEKvGhXYCuZVl9J6VOyA2oWZKwRMK1nS+y6G9zgcu19H
RO1pE32Np8QqiqYEcgfaO8vntH1rPXSgUKXrP1/veSBZ5nc/dM6LGIyUfHpGfdoS
NnHxCy+7jpABk5AALGYu/MlKwvgpcEHf+mewtrUU10racbpteIpPctFiG+Lb+s+a
-----END CERTIFICATE-----