Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS24521.roa
File:                     AS24521.roa (raw, json)
Hash identifier:          6TNV0eNaSDhdlaBvIdxLammi13GaxXsAdpUdtpiKQfo=
Subject key identifier:   C3:E3:C5:DB:70:23:63:A1:89:01:10:6C:C0:D1:92:0A:8D:0E:F7:6D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       0465963A8FA346F22551CE399A06DA773CB076AB
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS24521.roa
Signing time:             Sat 02 May 2026 18:40:45 +0000
ROA not before:           Sat 02 May 2026 18:35:45 +0000
ROA not after:            Sat 01 May 2027 18:40:45 +0000
asID:                     24521
IP address blocks:        175.184.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:65:96:3a:8f:a3:46:f2:25:51:ce:39:9a:06:da:77:3c:b0:76:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 18:35:45 2026 GMT
            Not After : May  1 18:40:45 2027 GMT
        Subject: CN=C3E3C5DB702363A18901106CC0D1920A8D0EF76D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1a:67:7a:51:eb:a2:e4:95:9e:17:a2:8b:be:
                    5a:4e:be:b5:2f:2b:c2:9c:26:b9:80:2b:cb:90:33:
                    e5:d6:92:23:ac:04:23:a2:d9:22:10:91:a5:a3:22:
                    bd:a0:c5:f1:65:14:b6:85:33:04:33:f9:d0:77:44:
                    1f:6c:22:41:77:64:5b:d9:5c:de:3a:33:b6:54:81:
                    ab:e7:2b:64:88:30:39:e1:f8:c8:32:0d:6a:3f:e9:
                    e6:83:59:66:b8:9b:5f:d7:3f:5f:ff:50:ae:c8:47:
                    ea:11:01:56:61:9e:8e:d7:4a:30:49:f6:5a:9f:8e:
                    35:5b:b1:25:5c:e0:a5:11:66:84:bc:75:ce:f0:5e:
                    2f:86:90:cc:af:7c:43:59:21:74:96:91:bc:be:24:
                    f2:6c:eb:2a:30:28:e2:0f:25:38:96:82:af:dd:fe:
                    94:0b:80:8e:7f:fd:8a:a3:53:f2:d2:c5:dc:db:55:
                    6c:2c:71:20:e4:56:93:b8:19:6e:38:98:a4:bf:b2:
                    96:1f:07:85:b1:5f:56:e0:fe:4a:f0:21:97:39:6f:
                    f4:31:db:cb:5a:db:33:16:cf:cd:f9:8a:f5:55:33:
                    ad:57:d9:fc:32:09:30:a6:eb:f3:56:2e:e5:42:6d:
                    5d:34:70:2a:34:3b:d2:2a:d2:b3:e2:c1:20:b9:9c:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E3:C5:DB:70:23:63:A1:89:01:10:6C:C0:D1:92:0A:8D:0E:F7:6D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS24521.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.184.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:05:42:a9:11:8f:08:ae:97:6d:09:df:e7:b7:82:62:62:3e:
         60:aa:cc:63:7a:76:54:31:13:d5:c8:2a:60:4f:5f:75:f8:41:
         16:6b:9c:b4:c6:c5:11:6d:0c:f6:14:4c:b6:23:a3:60:0d:48:
         9e:94:5f:2f:4d:29:64:0d:f1:49:03:43:44:55:cd:6a:ed:da:
         ba:39:d4:6e:39:6f:8c:7d:c2:d3:09:29:2b:92:b4:f8:72:bc:
         96:ee:1a:fe:10:8f:ab:58:46:38:93:a9:0f:fa:e8:3f:b7:83:
         df:cf:42:ad:00:93:ad:0f:61:6c:92:7b:30:9d:b7:3d:c5:96:
         47:ea:f9:aa:c9:d3:0b:7f:d8:c9:2f:6d:fd:eb:09:4f:99:9c:
         14:21:3f:03:ae:34:a5:3e:8f:eb:36:88:99:7a:b3:8a:d7:e6:
         ac:93:25:22:71:c0:59:b7:29:88:e7:dd:23:1e:34:d7:29:4d:
         62:fd:2d:51:cf:3d:2b:84:a3:e6:2a:4a:0f:8d:52:f5:7e:36:
         cf:3c:1a:aa:e7:26:12:43:17:eb:81:3d:25:56:ce:98:66:b1:
         62:a1:97:45:8f:84:af:7c:f0:37:8a:07:b9:0a:7b:e9:f1:09:
         7a:d8:c3:fb:10:bf:ea:ab:70:a7:25:c6:82:6b:66:b4:4e:8c:
         6c:ca:2d:e7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUBGWWOo+jRvIlUc45mgbadzywdqswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjE4MzU0NVoX
DTI3MDUwMTE4NDA0NVowMzExMC8GA1UEAxMoQzNFM0M1REI3MDIzNjNBMTg5MDEx
MDZDQzBEMTkyMEE4RDBFRjc2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcaZ3pR66LklZ4Xoou+Wk6+tS8rwpwmuYAry5Az5daSI6wEI6LZIhCRpaMi
vaDF8WUUtoUzBDP50HdEH2wiQXdkW9lc3joztlSBq+crZIgwOeH4yDINaj/p5oNZ
ZribX9c/X/9QrshH6hEBVmGejtdKMEn2Wp+ONVuxJVzgpRFmhLx1zvBeL4aQzK98
Q1khdJaRvL4k8mzrKjAo4g8lOJaCr93+lAuAjn/9iqNT8tLF3NtVbCxxIORWk7gZ
bjiYpL+ylh8HhbFfVuD+SvAhlzlv9DHby1rbMxbPzfmK9VUzrVfZ/DIJMKbr81Yu
5UJtXTRwKjQ70irSs+LBILmcKRMCAwEAAaOCAcswggHHMB0GA1UdDgQWBBTD48Xb
cCNjoYkBEGzA0ZIKjQ73bTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMjQ1MjEucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKvuOwwDQYJKoZIhvcNAQELBQADggEBAIoFQqkRjwiul20J3+e3gmJiPmCq
zGN6dlQxE9XIKmBPX3X4QRZrnLTGxRFtDPYUTLYjo2ANSJ6UXy9NKWQN8UkDQ0RV
zWrt2ro51G45b4x9wtMJKSuStPhyvJbuGv4Qj6tYRjiTqQ/66D+3g9/PQq0Ak60P
YWySezCdtz3Flkfq+arJ0wt/2Mkvbf3rCU+ZnBQhPwOuNKU+j+s2iJl6s4rX5qyT
JSJxwFm3KYjn3SMeNNcpTWL9LVHPPSuEo+YqSg+NUvV+Ns88GqrnJhJDF+uBPSVW
zphmsWKhl0WPhK988DeKB7kKe+nxCXrYw/sQv+qrcKclxoJrZrROjGzKLec=
-----END CERTIFICATE-----