Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141927.roa
File:                     AS141927.roa (raw, json)
Hash identifier:          wkchfytEBu/tC4mO0sFwdzNiU/v670gldrgAdLKSAoQ=
Subject key identifier:   B0:AB:6C:C3:52:F9:1B:EC:E7:50:71:34:BE:16:67:6C:70:2B:E9:74
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3E4C898A971DFF31A0890CE8FC2C1AB4B07AD2A7
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141927.roa
Signing time:             Sat 02 May 2026 09:20:00 +0000
ROA not before:           Sat 02 May 2026 09:15:00 +0000
ROA not after:            Sat 01 May 2027 09:20:00 +0000
asID:                     141927
IP address blocks:        103.164.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:4c:89:8a:97:1d:ff:31:a0:89:0c:e8:fc:2c:1a:b4:b0:7a:d2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:00 2026 GMT
            Not After : May  1 09:20:00 2027 GMT
        Subject: CN=B0AB6CC352F91BECE7507134BE16676C702BE974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:54:06:0f:c2:36:6a:34:a7:e8:f7:59:84:7d:
                    48:d4:35:ec:de:f5:ac:b2:fd:18:c0:01:70:81:b3:
                    49:d0:06:c0:9c:4b:28:6b:d4:70:85:e2:e5:5a:e4:
                    64:47:7b:90:11:07:4e:c6:e2:a0:4a:3a:b6:74:8e:
                    eb:dc:b0:16:7c:8c:6e:7b:c7:56:20:c9:54:32:07:
                    32:db:23:00:ee:82:e0:67:3b:1b:e6:f7:9c:c4:77:
                    73:e9:21:aa:93:3d:5f:43:be:6d:c7:54:20:a1:31:
                    2b:6f:c4:e5:f9:64:f7:e9:d7:09:3b:c9:f9:18:15:
                    af:f3:c6:cd:ed:8f:7d:89:ee:2a:d4:3a:df:d6:ec:
                    f3:a7:7d:c8:6c:fa:74:a3:0a:47:ed:48:83:54:18:
                    25:81:2f:dc:43:89:6b:38:34:87:fe:31:51:13:86:
                    d6:2a:61:3e:01:75:8f:4e:b2:d5:0e:79:a5:e5:28:
                    bf:a6:a2:f0:9c:a2:7a:4e:0b:7a:8e:48:b3:5c:61:
                    f5:05:db:a2:fd:24:a4:67:7b:07:c6:77:21:c2:15:
                    c1:74:77:28:98:f1:02:15:30:f1:ec:fc:af:16:99:
                    19:69:cf:d4:2b:a5:95:ab:34:4c:de:5a:24:29:c6:
                    97:bf:f3:62:a4:36:ff:0b:30:89:9a:1a:3d:54:cf:
                    b7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:AB:6C:C3:52:F9:1B:EC:E7:50:71:34:BE:16:67:6C:70:2B:E9:74
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141927.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.164.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:c4:99:2a:2e:89:87:91:ec:e1:74:1e:d0:f5:6d:97:61:b0:
         3a:e4:d5:ca:25:9b:b4:b4:ca:eb:d8:51:d5:23:39:89:bf:a4:
         ae:cc:2d:79:b1:66:2d:e0:26:42:9a:49:32:f3:94:96:51:ff:
         c3:25:d3:10:a0:5a:d7:9c:51:f6:0b:17:ca:5f:a4:93:e9:2b:
         76:20:13:8b:a5:09:33:c3:9c:2a:f0:6e:d9:67:ef:9f:01:c2:
         1a:62:f9:27:95:22:32:a6:02:88:0b:f9:4f:c5:95:08:02:62:
         94:e9:13:ca:46:40:9e:6e:0b:a6:c5:68:7c:6b:88:a4:9b:c9:
         02:7e:fd:21:61:9c:93:8f:9c:85:be:22:04:e9:a8:40:1f:03:
         34:06:20:d9:02:c8:ac:f5:20:c9:f1:cf:84:98:a7:e0:46:97:
         f7:a7:f7:11:49:7b:9e:46:26:88:09:fd:4a:4c:e9:52:00:58:
         6c:f7:c5:68:6f:dd:a2:8b:17:bb:ea:f5:8d:3c:7c:30:cc:ea:
         4a:6e:02:e7:8c:57:5b:f0:84:16:f2:15:c4:10:e1:e7:9a:9b:
         e0:5b:5a:51:db:1c:d4:23:f5:7f:cb:d9:a2:cd:d9:87:73:cd:
         fe:87:1d:0b:0e:da:f1:d9:b2:e3:c4:c7:92:34:dc:14:8d:c8:
         9c:ad:b4:b9
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPkyJipcd/zGgiQzo/CwatLB60qcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTUwMFoX
DTI3MDUwMTA5MjAwMFowMzExMC8GA1UEAxMoQjBBQjZDQzM1MkY5MUJFQ0U3NTA3
MTM0QkUxNjY3NkM3MDJCRTk3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxUBg/CNmo0p+j3WYR9SNQ17N71rLL9GMABcIGzSdAGwJxLKGvUcIXi5Vrk
ZEd7kBEHTsbioEo6tnSO69ywFnyMbnvHViDJVDIHMtsjAO6C4Gc7G+b3nMR3c+kh
qpM9X0O+bcdUIKExK2/E5flk9+nXCTvJ+RgVr/PGze2PfYnuKtQ639bs86d9yGz6
dKMKR+1Ig1QYJYEv3EOJazg0h/4xUROG1iphPgF1j06y1Q55peUov6ai8Jyiek4L
eo5Is1xh9QXbov0kpGd7B8Z3IcIVwXR3KJjxAhUw8ez8rxaZGWnP1Cullas0TN5a
JCnGl7/zYqQ2/wswiZoaPVTPtwcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBSwq2zD
Uvkb7OdQcTS+FmdscCvpdDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxOTI3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ6T6MA0GCSqGSIb3DQEBCwUAA4IBAQAKxJkqLomHkezhdB7Q9W2XYbA6
5NXKJZu0tMrr2FHVIzmJv6SuzC15sWYt4CZCmkky85SWUf/DJdMQoFrXnFH2CxfK
X6ST6St2IBOLpQkzw5wq8G7ZZ++fAcIaYvknlSIypgKIC/lPxZUIAmKU6RPKRkCe
bgumxWh8a4ikm8kCfv0hYZyTj5yFviIE6ahAHwM0BiDZAsis9SDJ8c+EmKfgRpf3
p/cRSXueRiaICf1KTOlSAFhs98Vob92iixe76vWNPHwwzOpKbgLnjFdb8IQW8hXE
EOHnmpvgW1pR2xzUI/V/y9mizdmHc83+hx0LDtrx2bLjxMeSNNwUjcicrbS5
-----END CERTIFICATE-----