Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS147113.roa
File:                     AS147113.roa (raw, json)
Hash identifier:          7HtvmTzErYrrLHANcn3a6JbAXWdXqCLJ4GbCIIvZZtk=
Subject key identifier:   B9:23:C1:86:E1:10:AB:99:68:61:3F:70:71:07:F8:DD:A7:0B:6C:25
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       6B9F228E3F8FAB66801B209F282EFBE268914107
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS147113.roa
Signing time:             Sat 02 May 2026 09:20:34 +0000
ROA not before:           Sat 02 May 2026 09:15:34 +0000
ROA not after:            Sat 01 May 2027 09:20:34 +0000
asID:                     147113
IP address blocks:        103.173.72.0/24 maxlen: 24
                          103.177.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:9f:22:8e:3f:8f:ab:66:80:1b:20:9f:28:2e:fb:e2:68:91:41:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:15:34 2026 GMT
            Not After : May  1 09:20:34 2027 GMT
        Subject: CN=B923C186E110AB9968613F707107F8DDA70B6C25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:19:9f:f5:ac:4c:e3:04:97:77:d6:4b:48:b9:
                    72:76:96:9f:1d:c6:ff:b9:0f:7e:a4:c4:76:58:50:
                    17:29:57:51:c7:13:46:90:0c:71:98:9c:4d:99:f3:
                    cd:8b:9a:f5:1b:e6:98:24:5c:8c:e2:62:05:6a:b1:
                    8f:37:ac:9e:a6:fa:cf:ef:1d:55:76:a3:3f:f2:f2:
                    cc:c7:4a:84:24:20:59:56:61:9c:5d:ff:93:a3:57:
                    6b:60:7c:5c:30:28:d1:87:5d:87:2b:e0:fc:6c:35:
                    42:be:5b:37:a7:ea:4a:bd:bd:95:90:4e:8a:c0:89:
                    f1:b7:7d:cc:7f:dd:94:16:9a:85:65:30:9b:06:dd:
                    7a:85:6d:81:8f:1f:a7:24:f5:97:2f:0d:e8:10:36:
                    c6:ed:78:ab:91:09:a1:90:cb:44:cd:f7:17:83:1a:
                    b1:c7:01:8b:36:94:84:80:c7:52:d8:9c:49:13:6e:
                    18:d1:2a:61:16:e3:6f:3d:e4:28:7d:a3:39:cb:0c:
                    f8:82:47:a8:26:a7:c2:d7:78:d1:1b:8c:2a:34:df:
                    42:ca:68:f2:13:dc:7e:86:c3:c8:f3:25:0b:d6:85:
                    39:01:2c:75:42:6c:11:87:22:eb:8e:a6:4a:75:03:
                    3a:10:c7:04:10:10:c3:a7:dd:e0:5f:2a:54:72:8a:
                    ac:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:23:C1:86:E1:10:AB:99:68:61:3F:70:71:07:F8:DD:A7:0B:6C:25
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS147113.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.173.72.0/24
                  103.177.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:cf:bb:7b:b7:d7:f4:e0:d2:a8:5f:45:11:35:fa:63:ba:97:
         03:50:a7:16:a1:2a:89:7f:f4:c2:96:c0:b3:86:0f:c8:bd:1f:
         66:6a:38:4d:68:6a:1b:e5:1d:ef:00:2c:d7:e9:47:02:be:18:
         07:5d:57:c2:81:13:79:32:72:0c:8e:cb:9d:b9:31:25:89:a4:
         44:33:05:c6:e1:71:45:50:e3:c7:ce:70:1d:39:52:34:7c:ae:
         bb:d0:1f:e9:91:9c:12:f0:f4:62:2e:88:a4:d7:15:4b:88:87:
         bd:76:5a:c1:ef:9f:88:94:3b:28:ee:97:9b:87:c2:1c:52:4c:
         63:cd:78:ae:3e:ae:1f:28:87:69:2c:ef:1c:a4:ed:7b:88:74:
         f1:b6:42:f0:2a:8b:dc:ad:6e:8b:f1:18:12:80:1b:cc:ee:11:
         e2:b3:a1:ff:6f:11:14:0e:c4:65:1f:7f:2e:10:ab:5a:cc:1f:
         3a:6b:00:b0:68:f4:1c:cd:df:6c:f9:db:86:0d:b8:3a:ae:87:
         4c:13:35:bd:d8:cf:44:07:88:fe:2a:d7:7f:86:0c:f0:ff:d7:
         69:f7:ce:7a:9c:08:ac:e6:d1:be:65:ac:e6:70:c8:53:53:09:
         41:50:6d:eb:4f:7c:40:b5:79:90:2a:a7:8e:d1:eb:9f:63:30:
         18:48:e8:b7
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIUa58ijj+Pq2aAGyCfKC774miRQQcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTUzNFoX
DTI3MDUwMTA5MjAzNFowMzExMC8GA1UEAxMoQjkyM0MxODZFMTEwQUI5OTY4NjEz
RjcwNzEwN0Y4RERBNzBCNkMyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsZn/WsTOMEl3fWS0i5cnaWnx3G/7kPfqTEdlhQFylXUccTRpAMcZicTZnz
zYua9RvmmCRcjOJiBWqxjzesnqb6z+8dVXajP/LyzMdKhCQgWVZhnF3/k6NXa2B8
XDAo0Yddhyvg/Gw1Qr5bN6fqSr29lZBOisCJ8bd9zH/dlBaahWUwmwbdeoVtgY8f
pyT1ly8N6BA2xu14q5EJoZDLRM33F4MasccBizaUhIDHUticSRNuGNEqYRbjbz3k
KH2jOcsM+IJHqCanwtd40RuMKjTfQspo8hPcfobDyPMlC9aFOQEsdUJsEYci646m
SnUDOhDHBBAQw6fd4F8qVHKKrG0CAwEAAaOCAdIwggHOMB0GA1UdDgQWBBS5I8GG
4RCrmWhhP3BxB/jdpwtsJTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQ3MTEzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIA
ATAMAwQAZ61IAwQAZ7HHMA0GCSqGSIb3DQEBCwUAA4IBAQAzz7t7t9f04NKoX0UR
NfpjupcDUKcWoSqJf/TClsCzhg/IvR9majhNaGob5R3vACzX6UcCvhgHXVfCgRN5
MnIMjsuduTEliaREMwXG4XFFUOPHznAdOVI0fK670B/pkZwS8PRiLoik1xVLiIe9
dlrB75+IlDso7pebh8IcUkxjzXiuPq4fKIdpLO8cpO17iHTxtkLwKovcrW6L8RgS
gBvM7hHis6H/bxEUDsRlH38uEKtazB86awCwaPQczd9s+duGDbg6rodMEzW92M9E
B4j+Ktd/hgzw/9dp9856nAis5tG+ZazmcMhTUwlBUG3rT3xAtXmQKqeO0eufYzAY
SOi3
-----END CERTIFICATE-----