Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS142359.roa
File:                     AS142359.roa (raw, json)
Hash identifier:          8xZA7udkI4zHj60XEQEOu+Kr8Uvpq5tRYV+82Y3GC+c=
Subject key identifier:   BF:EC:98:8E:EF:0F:75:C3:A6:70:84:6F:54:9B:1E:0E:98:BC:78:03
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2B2C92CE36FB6EBC925C86D4E88D110E9137BC88
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142359.roa
Signing time:             Sat 02 May 2026 09:20:40 +0000
ROA not before:           Sat 02 May 2026 09:15:40 +0000
ROA not after:            Sat 01 May 2027 09:20:40 +0000
asID:                     142359
IP address blocks:        103.170.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:2c:92:ce:36:fb:6e:bc:92:5c:86:d4:e8:8d:11:0e:91:37:bc:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:40 2026 GMT
            Not After : May  1 09:20:40 2027 GMT
        Subject: CN=BFEC988EEF0F75C3A670846F549B1E0E98BC7803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:5b:0d:b0:4b:e7:33:cf:34:cf:f6:4b:12:
                    de:e8:4c:71:19:9c:ac:0c:7c:ef:ac:c3:c3:94:8e:
                    3c:db:b4:6c:2f:20:73:8c:bc:59:08:e9:d9:e9:77:
                    17:79:f6:d4:99:89:aa:ae:e6:6b:92:21:e1:db:72:
                    2f:4a:26:e3:16:5a:7e:f1:f7:c7:7f:d4:69:a2:f8:
                    ec:88:fb:74:88:c1:be:9e:21:d1:8a:3e:3d:8b:ee:
                    df:fb:07:ea:00:b6:f6:be:6b:6d:2d:a2:26:67:a3:
                    fe:f2:08:58:1f:2b:8c:c7:47:a7:70:5c:d2:95:c7:
                    55:a3:d2:07:fa:33:9c:48:32:c6:b2:ec:90:58:a1:
                    be:9a:53:40:08:91:8d:7b:5a:e1:5d:9c:3d:89:e8:
                    71:3a:b8:67:6c:57:69:20:ec:ca:72:0c:47:2a:e3:
                    1e:f3:68:53:0d:c9:5c:28:34:96:d9:32:62:19:f9:
                    1c:df:5a:ad:d6:db:59:dd:10:72:b0:81:99:ea:0c:
                    5d:86:76:dc:b8:f2:76:b9:ed:0a:41:2b:e9:fe:5e:
                    ff:d0:f9:5c:31:4d:bc:dd:56:ec:d4:1b:b8:a8:b4:
                    71:27:66:b2:e7:0c:34:9e:de:16:61:c6:d4:6c:12:
                    e6:40:5b:2c:ec:98:fe:ef:e0:ae:7e:65:47:98:9b:
                    38:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:EC:98:8E:EF:0F:75:C3:A6:70:84:6F:54:9B:1E:0E:98:BC:78:03
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142359.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.170.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:38:f5:19:e1:fe:64:24:36:af:36:61:ec:ea:b2:e1:ba:97:
         dc:19:a0:9b:ee:f0:e8:6b:ca:2d:dd:72:cd:37:0b:37:11:c9:
         83:13:af:84:33:cc:f7:e2:67:16:57:c1:36:93:d5:f3:33:46:
         c1:5e:c0:6f:59:e1:d5:dd:6b:fe:38:b7:08:cd:4d:a2:20:b1:
         63:17:d1:ad:e9:4c:e1:6f:e6:21:95:01:f3:b0:32:7b:bf:f5:
         6f:48:0c:6b:01:42:d3:18:f1:15:08:04:36:9c:94:b3:c5:99:
         18:fb:9c:23:d3:ad:bd:02:b4:0d:eb:56:64:79:05:38:a9:aa:
         e5:73:d8:9a:8b:e8:6a:80:9f:84:60:54:bd:94:e4:ac:34:c7:
         08:b8:2c:66:96:da:a1:51:19:3c:41:78:1d:fe:47:87:70:5f:
         d7:03:c2:cb:b5:c4:3a:38:fe:6b:71:9f:f7:cd:c8:ac:38:91:
         f7:66:b5:a7:40:33:c4:ff:16:85:cd:fe:28:52:fc:d4:8f:06:
         97:f8:73:26:4d:67:73:08:1e:9c:20:c6:27:08:fc:bf:b6:9a:
         5b:c7:f2:5c:d1:cc:d8:29:ed:34:1b:01:96:22:d7:32:e4:c1:
         dc:b2:1b:cb:58:5f:e7:d0:68:c7:91:1e:10:f6:8d:62:7e:5b:
         a7:6b:4f:6a
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKyySzjb7brySXIbU6I0RDpE3vIgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTU0MFoX
DTI3MDUwMTA5MjA0MFowMzExMC8GA1UEAxMoQkZFQzk4OEVFRjBGNzVDM0E2NzA4
NDZGNTQ5QjFFMEU5OEJDNzgwMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJtGWw2wS+czzzTP9ksS3uhMcRmcrAx876zDw5SOPNu0bC8gc4y8WQjp2el3
F3n21JmJqq7ma5Ih4dtyL0om4xZafvH3x3/UaaL47Ij7dIjBvp4h0Yo+PYvu3/sH
6gC29r5rbS2iJmej/vIIWB8rjMdHp3Bc0pXHVaPSB/oznEgyxrLskFihvppTQAiR
jXta4V2cPYnocTq4Z2xXaSDsynIMRyrjHvNoUw3JXCg0ltkyYhn5HN9ardbbWd0Q
crCBmeoMXYZ23LjydrntCkEr6f5e/9D5XDFNvN1W7NQbuKi0cSdmsucMNJ7eFmHG
1GwS5kBbLOyY/u/grn5lR5ibOBECAwEAAaOCAcwwggHIMB0GA1UdDgQWBBS/7JiO
7w91w6ZwhG9Umx4OmLx4AzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQyMzU5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ6oXMA0GCSqGSIb3DQEBCwUAA4IBAQBROPUZ4f5kJDavNmHs6rLhupfc
GaCb7vDoa8ot3XLNNws3EcmDE6+EM8z34mcWV8E2k9XzM0bBXsBvWeHV3Wv+OLcI
zU2iILFjF9Gt6Uzhb+YhlQHzsDJ7v/VvSAxrAULTGPEVCAQ2nJSzxZkY+5wj0629
ArQN61ZkeQU4qarlc9iai+hqgJ+EYFS9lOSsNMcIuCxmltqhURk8QXgd/keHcF/X
A8LLtcQ6OP5rcZ/3zcisOJH3ZrWnQDPE/xaFzf4oUvzUjwaX+HMmTWdzCB6cIMYn
CPy/tppbx/Jc0czYKe00GwGWItcy5MHcshvLWF/n0GjHkR4Q9o1ifluna09q
-----END CERTIFICATE-----