Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS147089.roa
File:                     AS147089.roa (raw, json)
Hash identifier:          1pQfuQOj8vh79kkebcJG18RDPXI7nFRq6w6vMdHbhL4=
Subject key identifier:   30:D1:F3:89:8A:09:FA:77:E2:01:C5:01:7A:B2:93:52:CC:6A:92:74
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3D860EF86F4FA67447B6910F16004D98FCC7AF87
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS147089.roa
Signing time:             Sat 02 May 2026 09:20:44 +0000
ROA not before:           Sat 02 May 2026 09:15:44 +0000
ROA not after:            Sat 01 May 2027 09:20:44 +0000
asID:                     147089
IP address blocks:        103.173.232.0/24 maxlen: 24
                          103.173.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:86:0e:f8:6f:4f:a6:74:47:b6:91:0f:16:00:4d:98:fc:c7:af:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:44 2026 GMT
            Not After : May  1 09:20:44 2027 GMT
        Subject: CN=30D1F3898A09FA77E201C5017AB29352CC6A9274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f6:af:d6:18:25:bc:48:8a:67:e5:0d:78:00:
                    80:08:e9:d3:69:36:cb:78:db:04:d4:8a:0a:60:3d:
                    7e:57:94:09:18:81:68:49:36:35:e0:95:0d:1a:16:
                    7c:e5:66:91:02:af:17:cc:43:bc:af:51:e0:33:f9:
                    76:9f:18:42:63:68:c3:62:53:b3:e4:99:39:dc:38:
                    59:03:89:2c:0e:f4:01:18:3a:a8:7f:7a:f5:e7:e0:
                    2a:a6:70:ea:a0:6d:55:b8:dd:47:3d:ff:c7:87:95:
                    a3:aa:e1:b5:1f:f7:a7:4f:61:eb:b6:06:b2:1d:6f:
                    ec:d5:df:ee:b7:1d:ce:ad:f0:fe:7c:03:6f:c4:f0:
                    b2:d2:bd:f5:91:b8:f9:ef:ce:0f:62:0b:c8:ed:fa:
                    c3:56:c0:99:ad:95:ac:a7:b3:27:23:6c:6a:76:4d:
                    d9:b3:c4:93:1b:57:33:e1:dc:ee:47:68:4a:26:ef:
                    6c:9c:6a:b8:26:ea:81:b2:80:fa:8a:7b:d5:1c:f7:
                    85:6f:ac:37:7a:37:22:c4:0d:4b:67:38:70:c4:5f:
                    b1:0a:ea:6f:c6:a9:0d:09:0b:a9:b6:a5:d4:cf:0c:
                    3d:aa:cc:ae:6b:6b:d2:55:78:42:16:30:97:5f:e3:
                    83:3d:ea:a7:9c:b9:2d:f9:33:13:b7:cc:ca:9c:69:
                    e2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D1:F3:89:8A:09:FA:77:E2:01:C5:01:7A:B2:93:52:CC:6A:92:74
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS147089.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.173.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:a0:da:a7:4c:a6:1a:ff:c1:ca:0e:9d:e6:c5:27:06:b8:56:
         5b:b8:23:64:9d:26:27:de:aa:f4:48:2a:9b:5e:8b:61:07:fd:
         c8:d9:5e:a4:ff:22:e5:ba:88:f1:dc:42:fe:b1:25:d5:c7:7e:
         eb:4b:e2:86:1a:74:f4:14:6d:c6:ee:b0:26:87:00:80:d5:6f:
         be:1f:56:b1:9d:57:fc:94:75:5e:c6:a3:fb:ff:2e:96:dd:bd:
         f8:d1:b1:d1:10:19:bd:18:d0:63:68:ef:7d:f2:b1:0e:34:86:
         fc:ba:7c:aa:46:df:3c:2e:49:78:b7:c0:a0:00:50:0a:43:82:
         d7:be:e6:72:58:45:7a:fb:a8:07:b2:25:7f:a4:2c:c1:23:8c:
         8a:04:bf:f1:cd:3e:81:30:9f:58:f6:90:76:67:49:97:ad:ec:
         48:81:1c:df:74:0c:4d:40:a2:4a:fe:ae:42:a8:d5:74:9f:60:
         6f:03:2e:44:ff:5e:09:6d:61:74:ac:f1:ab:6f:1e:c0:54:61:
         56:87:be:86:84:ee:9a:1c:1b:3e:17:a1:89:00:1a:9f:39:f1:
         22:d4:0c:1c:13:54:5f:3b:dc:44:6c:3e:35:6d:7b:55:77:84:
         d3:55:53:11:d4:0f:cd:f9:c0:d2:4d:3f:ee:4f:c2:16:e3:b9:
         98:38:bd:e3
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUPYYO+G9PpnRHtpEPFgBNmPzHr4cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTU0NFoX
DTI3MDUwMTA5MjA0NFowMzExMC8GA1UEAxMoMzBEMUYzODk4QTA5RkE3N0UyMDFD
NTAxN0FCMjkzNTJDQzZBOTI3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKH2r9YYJbxIimflDXgAgAjp02k2y3jbBNSKCmA9fleUCRiBaEk2NeCVDRoW
fOVmkQKvF8xDvK9R4DP5dp8YQmNow2JTs+SZOdw4WQOJLA70ARg6qH969efgKqZw
6qBtVbjdRz3/x4eVo6rhtR/3p09h67YGsh1v7NXf7rcdzq3w/nwDb8TwstK99ZG4
+e/OD2ILyO36w1bAma2VrKezJyNsanZN2bPEkxtXM+Hc7kdoSibvbJxquCbqgbKA
+op71Rz3hW+sN3o3IsQNS2c4cMRfsQrqb8apDQkLqbal1M8MParMrmtr0lV4QhYw
l1/jgz3qp5y5LfkzE7fMypxp4jcCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQw0fOJ
ign6d+IBxQF6spNSzGqSdDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ3MDg5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ63oMA0GCSqGSIb3DQEBCwUAA4IBAQAtoNqnTKYa/8HKDp3mxScGuFZb
uCNknSYn3qr0SCqbXothB/3I2V6k/yLluojx3EL+sSXVx37rS+KGGnT0FG3G7rAm
hwCA1W++H1axnVf8lHVexqP7/y6W3b340bHREBm9GNBjaO998rEONIb8unyqRt88
Lkl4t8CgAFAKQ4LXvuZyWEV6+6gHsiV/pCzBI4yKBL/xzT6BMJ9Y9pB2Z0mXrexI
gRzfdAxNQKJK/q5CqNV0n2BvAy5E/14JbWF0rPGrbx7AVGFWh76GhO6aHBs+F6GJ
ABqfOfEi1AwcE1RfO9xEbD41bXtVd4TTVVMR1A/N+cDSTT/uT8IW47mYOL3j
-----END CERTIFICATE-----