Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS38764.roa
File:                     AS38764.roa (raw, json)
Hash identifier:          Req1n3wzZn7nfoK/2DWVhTVw0kiX+/WaMa1jFGYqwac=
Subject key identifier:   A7:14:D6:F1:67:A2:50:7D:73:0E:82:B7:F5:FF:F9:B6:CD:B2:A5:F7
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       57DE1F0EB8B213F675FFD545930D75F5B74D9268
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS38764.roa
Signing time:             Sat 02 May 2026 09:22:17 +0000
ROA not before:           Sat 02 May 2026 09:17:17 +0000
ROA not after:            Sat 01 May 2027 09:22:17 +0000
asID:                     38764
IP address blocks:        120.29.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:de:1f:0e:b8:b2:13:f6:75:ff:d5:45:93:0d:75:f5:b7:4d:92:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:17:17 2026 GMT
            Not After : May  1 09:22:17 2027 GMT
        Subject: CN=A714D6F167A2507D730E82B7F5FFF9B6CDB2A5F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:20:7f:ed:72:4c:d0:bc:8b:42:05:f2:8a:2b:
                    e9:8e:fe:a2:cc:49:47:71:d8:07:77:86:95:72:3a:
                    2c:50:74:de:f1:7f:9d:b3:6d:1c:cd:80:4c:a2:67:
                    32:0d:26:ed:fa:89:4c:ce:da:b3:05:ec:57:a7:b3:
                    ab:bf:8d:0e:67:bb:bc:a8:0b:e6:ef:c1:da:38:9b:
                    dc:ee:1c:94:f4:5b:64:d7:7b:04:cd:f7:b7:c6:c3:
                    55:e5:83:13:7e:24:ef:a8:0c:96:be:f3:ba:b4:e1:
                    f9:d9:ec:c9:f2:f4:57:cc:01:7f:b0:8e:a2:51:8a:
                    4c:b1:de:ab:39:fc:fc:db:f0:37:c0:52:55:0d:52:
                    cd:3f:1e:d6:1f:5c:43:bc:f2:ac:21:a6:f5:68:2d:
                    b9:24:8a:4b:1b:34:da:26:08:b0:e8:64:3a:b5:10:
                    03:f1:a8:cf:74:f7:e7:b5:21:4f:ff:fa:55:fd:76:
                    61:54:4d:99:3e:7c:1b:0a:d9:3d:c9:a2:36:00:f3:
                    6b:73:72:72:50:34:a9:49:d5:a2:91:76:d6:77:b1:
                    22:0a:7c:6a:43:74:a0:74:59:ed:d5:be:e5:07:f5:
                    e6:26:42:32:f2:cd:1e:22:82:c5:b0:0f:05:c7:5d:
                    02:5a:24:cf:79:f6:74:22:8a:7c:00:45:39:79:f8:
                    f1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:14:D6:F1:67:A2:50:7D:73:0E:82:B7:F5:FF:F9:B6:CD:B2:A5:F7
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS38764.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:d8:32:ee:75:11:98:08:7a:e8:61:c7:bb:9b:71:6a:66:a8:
         26:da:f5:56:81:67:e8:77:ae:9c:12:21:cc:20:6f:1c:38:1b:
         42:47:b3:7a:74:9d:89:5d:5a:4c:9a:9e:f2:b1:4c:59:d5:96:
         ee:be:96:e0:36:65:33:fb:7b:8b:55:95:25:49:f8:03:b0:7c:
         34:79:a6:52:f6:e2:af:f0:a0:f3:8f:08:c5:3e:8a:2a:40:62:
         23:c8:71:0f:69:9e:0f:54:f9:70:01:94:d5:44:d0:7f:1e:58:
         16:c8:02:e5:50:a7:49:fd:32:5a:cb:5e:50:90:ba:11:24:5d:
         ce:8c:c9:4d:a4:fd:55:36:2c:1b:85:99:6b:6c:67:67:84:b1:
         5d:78:3f:c7:c7:46:fa:2c:b5:65:35:c9:7c:31:6c:21:d2:06:
         ac:e0:aa:28:4b:c6:5c:1f:d7:ab:4b:9f:a6:f2:87:90:b5:a5:
         c9:53:c2:ec:94:9e:db:59:78:eb:61:7b:2c:d2:6e:42:d6:9b:
         ba:a1:dc:79:88:8a:c1:97:d7:22:f7:f3:9c:9c:19:20:85:2b:
         34:7b:dc:64:b0:ab:c8:58:aa:ce:64:1f:75:d5:c5:d9:55:52:
         48:d4:89:23:dd:6d:00:de:9d:0c:1b:9f:7c:42:53:30:ad:02:
         89:5d:1c:b2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUV94fDriyE/Z1/9VFkw119bdNkmgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTcxN1oX
DTI3MDUwMTA5MjIxN1owMzExMC8GA1UEAxMoQTcxNEQ2RjE2N0EyNTA3RDczMEU4
MkI3RjVGRkY5QjZDREIyQTVGNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMgf+1yTNC8i0IF8oor6Y7+osxJR3HYB3eGlXI6LFB03vF/nbNtHM2ATKJn
Mg0m7fqJTM7aswXsV6ezq7+NDme7vKgL5u/B2jib3O4clPRbZNd7BM33t8bDVeWD
E34k76gMlr7zurTh+dnsyfL0V8wBf7COolGKTLHeqzn8/NvwN8BSVQ1SzT8e1h9c
Q7zyrCGm9WgtuSSKSxs02iYIsOhkOrUQA/Goz3T357UhT//6Vf12YVRNmT58GwrZ
PcmiNgDza3NyclA0qUnVopF21nexIgp8akN0oHRZ7dW+5Qf15iZCMvLNHiKCxbAP
BcddAlokz3n2dCKKfABFOXn48RkCAwEAAaOCAcswggHHMB0GA1UdDgQWBBSnFNbx
Z6JQfXMOgrf1//m2zbKl9zAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMzg3NjQucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAN4HeAwDQYJKoZIhvcNAQELBQADggEBAELYMu51EZgIeuhhx7ubcWpmqCba
9VaBZ+h3rpwSIcwgbxw4G0JHs3p0nYldWkyanvKxTFnVlu6+luA2ZTP7e4tVlSVJ
+AOwfDR5plL24q/woPOPCMU+iipAYiPIcQ9png9U+XABlNVE0H8eWBbIAuVQp0n9
MlrLXlCQuhEkXc6MyU2k/VU2LBuFmWtsZ2eEsV14P8fHRvostWU1yXwxbCHSBqzg
qihLxlwf16tLn6byh5C1pclTwuyUnttZeOtheyzSbkLWm7qh3HmIisGX1yL385yc
GSCFKzR73GSwq8hYqs5kH3XVxdlVUkjUiSPdbQDenQwbn3xCUzCtAoldHLI=
-----END CERTIFICATE-----