Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS141982.roa
File:                     AS141982.roa (raw, json)
Hash identifier:          8OV6D/3fDXHtnULE8tBvAVIuNTbhxYyGUohMMMFQgwA=
Subject key identifier:   FD:CA:ED:70:A2:F8:B9:31:07:58:09:30:59:72:F6:AC:6F:4B:A8:7E
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       7ECD9D9EC7942AA5D27D8243C7E19B1BE83743C8
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141982.roa
Signing time:             Sat 02 May 2026 17:31:52 +0000
ROA not before:           Sat 02 May 2026 17:26:52 +0000
ROA not after:            Sat 01 May 2027 17:31:52 +0000
asID:                     141982
IP address blocks:        103.167.68.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:cd:9d:9e:c7:94:2a:a5:d2:7d:82:43:c7:e1:9b:1b:e8:37:43:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 17:26:52 2026 GMT
            Not After : May  1 17:31:52 2027 GMT
        Subject: CN=FDCAED70A2F8B931075809305972F6AC6F4BA87E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f2:63:6c:3a:a7:df:8e:b7:a7:bf:b3:ae:84:
                    c5:9d:40:e7:b8:02:e0:93:4d:63:c8:70:4d:3c:79:
                    dc:56:97:fe:54:fd:6a:74:30:d7:ae:3c:ad:73:ca:
                    49:6c:a3:90:02:6c:5e:b5:dc:1e:2f:3b:d6:65:7d:
                    da:10:c0:9d:77:aa:d3:3a:50:57:ab:a5:12:77:78:
                    f0:63:52:d7:6a:d2:c3:c9:c9:84:fd:ef:f4:96:41:
                    e3:aa:92:8b:06:6f:54:1f:1f:84:57:47:6d:f3:f5:
                    4b:22:e4:fd:20:53:06:b7:e5:34:b2:01:88:40:fd:
                    d7:07:dc:c5:88:f5:4b:fe:fc:e9:bc:00:ce:ed:a2:
                    14:46:fb:30:99:0e:79:17:53:34:50:a9:aa:31:e2:
                    fe:c6:4a:7f:c8:d4:c4:95:66:ae:d8:df:b9:9b:8b:
                    c1:cc:e8:b9:2f:a5:40:af:5b:06:2a:2d:0e:c5:bf:
                    e4:80:ff:7e:1e:d5:87:84:f9:dd:70:5c:4f:38:6f:
                    ad:97:11:46:46:68:df:df:80:fa:6d:2d:de:ad:50:
                    f1:c9:7a:aa:b2:9e:38:7c:14:28:61:8d:2b:1b:32:
                    09:2a:90:fd:cb:55:ba:32:03:9a:9d:f9:85:d5:47:
                    33:ff:bd:a8:5f:c3:f4:12:41:94:50:8d:ee:73:e9:
                    56:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:CA:ED:70:A2:F8:B9:31:07:58:09:30:59:72:F6:AC:6F:4B:A8:7E
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS141982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.167.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:e5:f6:5f:70:ba:15:b5:0c:ce:17:26:48:0a:bb:84:79:e8:
         a5:ee:65:97:fa:12:05:91:3e:59:64:2c:cd:9c:b0:ba:be:b5:
         a6:b8:2c:5c:2c:55:3d:fb:b7:2c:2f:47:39:55:c0:a8:4d:f6:
         ae:7e:99:6b:3d:f7:33:3d:78:52:3b:8a:68:24:43:3a:37:1c:
         b4:00:4a:32:f9:80:b2:c8:b3:24:c8:78:89:95:10:0d:78:9a:
         02:a6:df:27:7a:5b:6d:ad:62:db:da:e5:f2:5d:a9:b7:da:8d:
         b9:5f:83:b4:e9:70:a7:d0:b9:78:e2:3f:80:a3:a1:fb:a3:ab:
         38:d9:7b:f1:bc:5f:fc:16:a1:50:e2:84:57:21:4d:79:38:12:
         1e:b3:94:aa:4a:a4:5c:0d:38:54:03:d7:c4:b2:62:1b:a3:18:
         b2:6b:b0:ee:6b:38:3f:11:8a:75:f8:3e:23:25:d3:d4:80:86:
         3c:04:c3:f9:55:c9:18:52:45:19:dd:c0:9e:a0:a2:79:84:a0:
         e8:dc:95:d5:6b:cc:4b:ba:fa:c4:a1:db:d6:2d:e5:c5:2a:3e:
         3b:59:99:96:e8:03:e5:ad:73:c5:37:f7:21:b9:f6:d8:ae:f4:
         45:b1:7f:73:07:e0:d0:92:10:47:50:2f:6a:da:28:d0:ba:f6:
         5c:f6:0e:38
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUfs2dnseUKqXSfYJDx+GbG+g3Q8gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjE3MjY1MloX
DTI3MDUwMTE3MzE1MlowMzExMC8GA1UEAxMoRkRDQUVENzBBMkY4QjkzMTA3NTgw
OTMwNTk3MkY2QUM2RjRCQTg3RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTyY2w6p9+Ot6e/s66ExZ1A57gC4JNNY8hwTTx53FaX/lT9anQw1648rXPK
SWyjkAJsXrXcHi871mV92hDAnXeq0zpQV6ulEnd48GNS12rSw8nJhP3v9JZB46qS
iwZvVB8fhFdHbfP1SyLk/SBTBrflNLIBiED91wfcxYj1S/786bwAzu2iFEb7MJkO
eRdTNFCpqjHi/sZKf8jUxJVmrtjfuZuLwczouS+lQK9bBiotDsW/5ID/fh7Vh4T5
3XBcTzhvrZcRRkZo39+A+m0t3q1Q8cl6qrKeOHwUKGGNKxsyCSqQ/ctVujIDmp35
hdVHM/+9qF/D9BJBlFCN7nPpVu0CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT9yu1w
ovi5MQdYCTBZcvasb0uofjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQxOTgyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ6dEMA0GCSqGSIb3DQEBCwUAA4IBAQBU5fZfcLoVtQzOFyZICruEeeil
7mWX+hIFkT5ZZCzNnLC6vrWmuCxcLFU9+7csL0c5VcCoTfaufplrPfczPXhSO4po
JEM6Nxy0AEoy+YCyyLMkyHiJlRANeJoCpt8nelttrWLb2uXyXam32o25X4O06XCn
0Ll44j+Ao6H7o6s42XvxvF/8FqFQ4oRXIU15OBIes5SqSqRcDThUA9fEsmIboxiy
a7Duazg/EYp1+D4jJdPUgIY8BMP5VckYUkUZ3cCeoKJ5hKDo3JXVa8xLuvrEodvW
LeXFKj47WZmW6APlrXPFN/chufbYrvRFsX9zB+DQkhBHUC9q2ijQuvZc9g44
-----END CERTIFICATE-----