Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141654.roa
File:                     AS141654.roa (raw, json)
Hash identifier:          SHxS6bUIpY94qRZwClErvUz/tF1VJ3PU8BmOqu6bwl0=
Subject key identifier:   D0:19:12:2E:95:2F:F9:B3:89:75:25:EA:2A:36:43:AD:C6:C7:58:21
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       326AF849E12D7CF84384968D2D3CB1E863CAC0B2
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141654.roa
Signing time:             Sat 02 May 2026 09:19:48 +0000
ROA not before:           Sat 02 May 2026 09:14:48 +0000
ROA not after:            Sat 01 May 2027 09:19:48 +0000
asID:                     141654
IP address blocks:        103.162.144.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:6a:f8:49:e1:2d:7c:f8:43:84:96:8d:2d:3c:b1:e8:63:ca:c0:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:14:48 2026 GMT
            Not After : May  1 09:19:48 2027 GMT
        Subject: CN=D019122E952FF9B3897525EA2A3643ADC6C75821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b1:46:14:a2:ab:12:20:fb:09:45:0b:d0:7a:
                    01:69:8c:e9:84:ac:da:e3:83:6f:ad:d5:c5:a0:21:
                    7d:65:3e:a6:34:c8:a1:36:93:4a:d8:d3:08:4c:2f:
                    fb:ee:12:d4:6f:91:4f:1c:71:cc:15:a3:ec:91:3a:
                    c7:b1:30:1b:39:be:3b:f3:eb:d0:47:bf:89:9b:32:
                    d5:e3:63:13:95:91:e5:eb:70:97:d8:b3:2d:7b:e3:
                    aa:c8:f6:98:58:31:53:3f:f1:55:16:e9:ab:a0:bf:
                    ee:68:4d:e6:db:c6:f0:f0:59:0c:e3:c8:1c:31:6a:
                    c9:7b:0f:ef:d8:71:e3:8b:05:1f:5b:5c:ba:62:46:
                    e7:4c:09:e3:9f:0c:84:92:3d:85:5b:1f:43:bf:0b:
                    b4:5b:fc:d0:76:1e:83:2e:c7:d5:32:d0:65:f8:61:
                    bc:ae:83:1c:03:75:2d:a4:68:ec:a0:aa:51:0d:df:
                    9a:76:16:ed:0d:af:f2:8e:8b:4f:8f:eb:6e:9a:e2:
                    c6:ac:7b:d8:ac:12:ae:2e:9d:98:25:60:fc:7e:f8:
                    01:eb:61:71:e5:6a:74:2a:6b:29:70:98:ee:0d:5b:
                    ac:be:33:e4:f0:c4:6f:e4:9f:d2:22:f6:cf:a6:e3:
                    10:a7:95:c5:ba:97:44:0f:9b:98:4a:a5:ba:ce:7e:
                    5a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:19:12:2E:95:2F:F9:B3:89:75:25:EA:2A:36:43:AD:C6:C7:58:21
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.162.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:99:0a:ff:36:eb:2e:56:2e:df:f8:fc:c8:e0:94:27:93:19:
         5f:7b:93:63:8f:05:c7:f9:25:15:ae:24:0d:cf:ff:4a:54:47:
         82:db:79:9d:e4:0c:b4:d2:57:e3:a3:de:22:0e:aa:d4:ae:71:
         2b:e2:9e:db:1f:1c:f0:86:8a:15:eb:58:46:cb:70:9d:32:ed:
         83:21:a3:d4:96:ab:8b:67:04:8a:bc:a2:67:41:06:5f:38:f2:
         3f:9b:86:12:e9:74:ed:6c:46:84:ab:b7:80:a9:cd:a2:a9:77:
         57:9e:2d:57:28:43:8f:3e:40:d6:5d:27:f8:f2:ab:9e:54:67:
         ac:6e:08:a8:61:13:a7:88:a4:6d:35:98:5b:f2:05:39:39:f3:
         d2:1c:8c:a8:22:1f:49:4c:a0:c0:3c:62:47:b6:5d:18:41:3f:
         6e:88:93:88:77:cf:2d:a7:7b:de:41:35:6d:cc:08:4d:84:2c:
         4c:f2:34:3c:c3:1a:0c:28:30:b5:67:06:29:96:f2:43:90:aa:
         05:3c:fc:da:86:69:66:4f:e9:50:1c:0f:a5:2a:ef:00:74:56:
         1c:cf:f3:be:30:9d:38:16:e1:a2:78:cb:2f:03:18:12:08:f4:
         b3:cf:09:f0:e1:8e:e6:1f:e9:4f:fe:06:9c:aa:12:ea:61:38:
         1b:5f:53:74
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUMmr4SeEtfPhDhJaNLTyx6GPKwLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTQ0OFoX
DTI3MDUwMTA5MTk0OFowMzExMC8GA1UEAxMoRDAxOTEyMkU5NTJGRjlCMzg5NzUy
NUVBMkEzNjQzQURDNkM3NTgyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ6xRhSiqxIg+wlFC9B6AWmM6YSs2uODb63VxaAhfWU+pjTIoTaTStjTCEwv
++4S1G+RTxxxzBWj7JE6x7EwGzm+O/Pr0Ee/iZsy1eNjE5WR5etwl9izLXvjqsj2
mFgxUz/xVRbpq6C/7mhN5tvG8PBZDOPIHDFqyXsP79hx44sFH1tcumJG50wJ458M
hJI9hVsfQ78LtFv80HYegy7H1TLQZfhhvK6DHAN1LaRo7KCqUQ3fmnYW7Q2v8o6L
T4/rbprixqx72KwSri6dmCVg/H74AethceVqdCprKXCY7g1brL4z5PDEb+Sf0iL2
z6bjEKeVxbqXRA+bmEqlus5+WokCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTQGRIu
lS/5s4l1JeoqNkOtxsdYITAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxNjU0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ6KQMA0GCSqGSIb3DQEBCwUAA4IBAQA1mQr/NusuVi7f+PzI4JQnkxlf
e5NjjwXH+SUVriQNz/9KVEeC23md5Ay00lfjo94iDqrUrnEr4p7bHxzwhooV61hG
y3CdMu2DIaPUlquLZwSKvKJnQQZfOPI/m4YS6XTtbEaEq7eAqc2iqXdXni1XKEOP
PkDWXSf48queVGesbgioYROniKRtNZhb8gU5OfPSHIyoIh9JTKDAPGJHtl0YQT9u
iJOId88tp3veQTVtzAhNhCxM8jQ8wxoMKDC1ZwYplvJDkKoFPPzahmlmT+lQHA+l
Ku8AdFYcz/O+MJ04FuGieMsvAxgSCPSzzwnw4Y7mH+lP/gacqhLqYTgbX1N0
-----END CERTIFICATE-----