Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS142335.roa
File:                     AS142335.roa (raw, json)
Hash identifier:          aXK8hK9ZvQiLxCPnFrdTiTpTZtuAFYySYlRXy7OIgiU=
Subject key identifier:   4D:4A:4E:8B:02:7F:A5:60:EC:8A:07:51:20:60:76:17:45:5F:27:18
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6D8DC05C5C2319EFE710CE044C8A5E82E1089558
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142335.roa
Signing time:             Sat 02 May 2026 09:26:00 +0000
ROA not before:           Sat 02 May 2026 09:21:00 +0000
ROA not after:            Sat 01 May 2027 09:26:00 +0000
asID:                     142335
IP address blocks:        2001:df3:c140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 03:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:8d:c0:5c:5c:23:19:ef:e7:10:ce:04:4c:8a:5e:82:e1:08:95:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:21:00 2026 GMT
            Not After : May  1 09:26:00 2027 GMT
        Subject: CN=4D4A4E8B027FA560EC8A075120607617455F2718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5c:31:03:8d:6c:14:52:fe:41:d2:15:c8:29:
                    35:b9:65:ff:01:de:a6:b0:c2:16:97:79:08:10:dc:
                    30:9e:bc:52:d8:0a:93:a3:45:ca:69:db:71:1f:41:
                    94:cc:8f:17:71:32:2c:65:86:c1:7b:db:9c:87:b0:
                    ff:f8:a3:66:0a:38:ec:f6:05:09:fc:c5:06:74:c6:
                    66:9a:d1:cc:ca:86:0a:9c:25:1c:1b:38:d7:3a:6d:
                    19:b1:c2:3c:6e:58:39:90:14:8b:25:e8:8d:e9:06:
                    0a:db:61:d5:a1:42:8f:43:26:f4:96:6c:8e:9f:fa:
                    5d:cb:17:48:4d:f1:08:02:b8:a6:64:45:51:db:6d:
                    a3:7e:22:6c:b7:96:5c:29:4f:51:82:e5:1c:9a:30:
                    a9:c7:27:78:8f:af:58:7c:ae:af:70:a3:9e:66:79:
                    d8:e7:a8:48:11:de:4a:fe:e0:4a:48:d9:a1:d5:37:
                    9d:3e:1a:bc:eb:cd:09:2b:2d:2f:65:3c:43:d5:f1:
                    92:85:90:7f:55:79:a1:d1:34:9d:42:77:5a:2c:c4:
                    a0:86:85:b2:17:18:14:b6:29:0a:6e:07:77:4b:56:
                    1b:93:31:4a:8f:5c:15:44:a6:2e:a3:e0:1f:64:5a:
                    ad:e1:9c:d0:a3:6e:6b:54:e2:55:f8:c9:9a:78:67:
                    d0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4A:4E:8B:02:7F:A5:60:EC:8A:07:51:20:60:76:17:45:5F:27:18
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:c140::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:7a:bb:1c:d8:3c:9c:ee:ab:11:9d:dd:18:c3:67:59:d7:7e:
         3e:1b:26:d6:37:21:8a:7d:19:c2:c0:45:92:df:85:5e:13:63:
         bf:92:d2:30:30:66:4b:59:4f:6d:51:b5:af:1e:5f:14:cb:3d:
         96:f8:7c:2a:34:ad:ba:2e:85:0e:66:42:31:b9:f3:57:2d:64:
         9f:72:e3:b4:a0:90:bc:24:ec:99:1f:81:ce:d3:f3:90:db:15:
         39:e1:cc:4d:ae:f8:84:e1:2a:22:f0:4a:50:06:46:97:87:a7:
         43:3d:3b:e1:9a:3f:c3:85:b7:9b:03:7d:12:de:1e:5a:ef:da:
         bc:b3:cc:fd:33:66:28:f1:c3:f9:32:93:27:7a:bd:35:7e:94:
         fe:a4:85:87:ec:0e:e5:26:7b:40:a4:c9:14:f1:7b:ee:da:7a:
         4d:16:fe:b0:17:f2:88:f3:94:83:3a:09:a0:d1:da:92:ce:bc:
         be:a2:e0:da:cf:10:70:16:db:69:1b:07:f2:1c:23:ac:04:c0:
         b5:ed:ca:bc:ed:1b:bc:08:cc:ac:c7:29:b9:f1:04:be:10:e4:
         6f:1c:c3:79:6f:4f:eb:09:bc:c6:6c:ea:e9:39:5c:b9:d4:5f:
         2a:7a:87:21:65:eb:45:0f:a2:5f:33:82:f3:05:43:89:4d:b1:
         04:b2:c0:88
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUbY3AXFwjGe/nEM4ETIpeguEIlVgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MjEwMFoX
DTI3MDUwMTA5MjYwMFowMzExMC8GA1UEAxMoNEQ0QTRFOEIwMjdGQTU2MEVDOEEw
NzUxMjA2MDc2MTc0NTVGMjcxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtcMQONbBRS/kHSFcgpNbll/wHeprDCFpd5CBDcMJ68UtgKk6NFymnbcR9B
lMyPF3EyLGWGwXvbnIew//ijZgo47PYFCfzFBnTGZprRzMqGCpwlHBs41zptGbHC
PG5YOZAUiyXojekGCtth1aFCj0Mm9JZsjp/6XcsXSE3xCAK4pmRFUdtto34ibLeW
XClPUYLlHJowqccneI+vWHyur3CjnmZ52OeoSBHeSv7gSkjZodU3nT4avOvNCSst
L2U8Q9XxkoWQf1V5odE0nUJ3WizEoIaFshcYFLYpCm4Hd0tWG5MxSo9cFUSmLqPg
H2RareGc0KNua1TiVfjJmnhn0NMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRNSk6L
An+lYOyKB1EgYHYXRV8nGDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQyMzM1LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN88FAMA0GCSqGSIb3DQEBCwUAA4IBAQAPersc2Dyc7qsRnd0Yw2dZ
134+GybWNyGKfRnCwEWS34VeE2O/ktIwMGZLWU9tUbWvHl8Uyz2W+HwqNK26LoUO
ZkIxufNXLWSfcuO0oJC8JOyZH4HO0/OQ2xU54cxNrviE4Soi8EpQBkaXh6dDPTvh
mj/DhbebA30S3h5a79q8s8z9M2Yo8cP5MpMner01fpT+pIWH7A7lJntApMkU8Xvu
2npNFv6wF/KI85SDOgmg0dqSzry+ouDazxBwFttpGwfyHCOsBMC17cq87Ru8CMys
xym58QS+EORvHMN5b0/rCbzGbOrpOVy51F8qeochZetFD6JfM4LzBUOJTbEEssCI
-----END CERTIFICATE-----