Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS397763.roa
File:                     AS397763.roa (raw, json)
Hash identifier:          p2Ms5g4qblPNPNivkPPxoXWXqjbT4JIRpG7FZ+zGnlI=
Subject key identifier:   41:7A:52:61:C0:CA:B8:49:C6:00:52:20:E0:39:42:A4:A0:08:25:2F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       1160E26C6CE60D8E24CB9BADCC49C8884716FF7B
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS397763.roa
Signing time:             Sat 02 May 2026 09:19:29 +0000
ROA not before:           Sat 02 May 2026 09:14:29 +0000
ROA not after:            Sat 01 May 2027 09:19:29 +0000
asID:                     397763
IP address blocks:        103.114.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:60:e2:6c:6c:e6:0d:8e:24:cb:9b:ad:cc:49:c8:88:47:16:ff:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:14:29 2026 GMT
            Not After : May  1 09:19:29 2027 GMT
        Subject: CN=417A5261C0CAB849C6005220E03942A4A008252F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ef:07:aa:26:3c:ba:91:de:46:fe:5d:60:ea:
                    2d:5d:53:1c:4c:90:eb:7a:4b:a4:9f:e5:05:f7:54:
                    df:f0:b8:1c:5a:fe:09:dd:1a:a7:7d:58:11:75:7e:
                    db:5a:1a:20:e8:e1:b0:71:9f:b1:a9:92:5f:41:72:
                    de:59:7a:ee:b8:80:6e:99:82:36:f3:e3:07:c5:92:
                    f2:15:c5:1d:fb:71:3f:9e:3c:e6:7a:4a:75:67:32:
                    34:6d:dc:d4:21:3e:0e:3e:c6:77:d7:97:09:74:48:
                    0e:0b:39:ac:84:22:f5:b3:62:15:36:49:26:b2:50:
                    61:10:69:e1:99:00:a8:4b:45:1f:8b:c5:a8:c9:9a:
                    a0:44:bb:55:44:d1:ab:a2:43:e8:0c:87:f3:e2:cd:
                    dd:11:6c:3c:64:87:3f:0a:dd:e1:0b:ee:6b:66:87:
                    63:da:c0:f4:16:03:34:2e:d8:2c:87:d6:5d:85:89:
                    a0:10:d7:2b:ae:a3:bc:89:ec:04:13:21:55:54:89:
                    04:19:5a:b4:b8:c9:de:10:39:76:62:d8:58:f2:8c:
                    fd:30:e5:10:ee:c1:cf:7b:a3:80:d5:71:d1:11:76:
                    e8:75:f2:09:ed:d7:2f:29:d1:72:b9:ad:d0:fe:26:
                    e3:98:db:47:17:50:9c:d5:33:72:6e:76:71:66:c9:
                    2d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7A:52:61:C0:CA:B8:49:C6:00:52:20:E0:39:42:A4:A0:08:25:2F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS397763.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:39:e3:c0:d6:6a:72:bb:4c:3a:65:80:0c:2f:fd:9d:e3:47:
         ba:fc:cb:2d:c8:7c:7f:79:9c:ea:4f:ca:0f:46:c2:a3:82:d2:
         3d:c3:91:05:c8:40:95:c7:05:95:44:0f:3d:71:4a:b6:3b:29:
         dc:1a:26:78:30:d8:12:8b:1c:03:df:60:aa:cb:46:a3:cd:22:
         30:55:5f:5e:61:48:2a:d5:28:ce:97:59:d7:81:22:77:4b:66:
         64:a1:eb:5d:b7:c7:52:dc:47:00:ed:cb:f1:7d:0b:f1:fd:c1:
         07:08:7b:0a:d3:39:2b:4a:a1:59:b7:83:d9:5e:3e:27:2d:be:
         5a:20:22:37:f6:c2:2f:c9:1e:cb:ec:23:9e:e6:5a:e0:b8:98:
         ed:be:81:c1:19:eb:a3:ab:8d:a3:cb:3b:f1:7e:ff:95:7d:15:
         12:ef:70:41:c1:d0:6a:c2:93:88:0b:18:98:7b:a8:fd:53:3d:
         57:e9:a8:9c:d2:c4:1f:06:ec:6a:a4:96:c2:0c:c4:1c:42:35:
         b2:93:22:65:6d:1e:38:25:84:b4:68:3d:51:32:49:5e:a3:4b:
         40:66:66:93:49:52:9c:09:55:21:8e:7f:4c:b5:64:35:49:16:
         4a:e4:c9:aa:e5:ae:ce:b7:4e:b9:dd:5d:21:84:39:45:6b:33:
         13:a4:fd:52
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUEWDibGzmDY4ky5utzEnIiEcW/3swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTQyOVoX
DTI3MDUwMTA5MTkyOVowMzExMC8GA1UEAxMoNDE3QTUyNjFDMENBQjg0OUM2MDA1
MjIwRTAzOTQyQTRBMDA4MjUyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzvB6omPLqR3kb+XWDqLV1THEyQ63pLpJ/lBfdU3/C4HFr+Cd0ap31YEXV+
21oaIOjhsHGfsamSX0Fy3ll67riAbpmCNvPjB8WS8hXFHftxP5485npKdWcyNG3c
1CE+Dj7Gd9eXCXRIDgs5rIQi9bNiFTZJJrJQYRBp4ZkAqEtFH4vFqMmaoES7VUTR
q6JD6AyH8+LN3RFsPGSHPwrd4Qvua2aHY9rA9BYDNC7YLIfWXYWJoBDXK66jvIns
BBMhVVSJBBlatLjJ3hA5dmLYWPKM/TDlEO7Bz3ujgNVx0RF26HXyCe3XLynRcrmt
0P4m45jbRxdQnNUzcm52cWbJLSsCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRBelJh
wMq4ScYAUiDgOUKkoAglLzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMzk3NzYzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAnOePA1mpyu0w6ZYAML/2d40e6
/MstyHx/eZzqT8oPRsKjgtI9w5EFyECVxwWVRA89cUq2OyncGiZ4MNgSixwD32Cq
y0ajzSIwVV9eYUgq1SjOl1nXgSJ3S2Zkoetdt8dS3EcA7cvxfQvx/cEHCHsK0zkr
SqFZt4PZXj4nLb5aICI39sIvyR7L7COe5lrguJjtvoHBGeujq42jyzvxfv+VfRUS
73BBwdBqwpOICxiYe6j9Uz1X6aic0sQfBuxqpJbCDMQcQjWykyJlbR44JYS0aD1R
Mkleo0tAZmaTSVKcCVUhjn9MtWQ1SRZK5Mmq5a7Ot0653V0hhDlFazMTpP1S
-----END CERTIFICATE-----