Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS45708.roa
File:                     AS45708.roa (raw, json)
Hash identifier:          FbdqG0QJKTdSlqIIeNFTsUQcBMD4yJh2qsG3y/pzHIM=
Subject key identifier:   E2:A2:68:57:72:37:5B:A8:D1:58:9F:A9:6D:66:12:6E:50:B6:61:4C
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       345C73F0D9564605A74D0C46B816ACE0F74340F2
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS45708.roa
Signing time:             Sat 02 May 2026 09:22:25 +0000
ROA not before:           Sat 02 May 2026 09:17:25 +0000
ROA not after:            Sat 01 May 2027 09:22:25 +0000
asID:                     45708
IP address blocks:        112.140.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:5c:73:f0:d9:56:46:05:a7:4d:0c:46:b8:16:ac:e0:f7:43:40:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 09:17:25 2026 GMT
            Not After : May  1 09:22:25 2027 GMT
        Subject: CN=E2A2685772375BA8D1589FA96D66126E50B6614C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c1:fb:03:48:f8:5e:53:7f:d3:90:9b:49:f0:
                    f1:58:32:47:08:b2:2c:8a:2f:04:fc:96:d3:ec:81:
                    4f:50:62:31:7d:20:a2:51:3c:c5:a9:e6:02:b2:d5:
                    77:af:40:ae:b9:6d:8d:d8:e8:cd:f1:b9:0d:78:a5:
                    d7:cf:6d:a5:8c:21:69:e0:f6:aa:d6:3c:1f:dd:50:
                    34:1c:05:be:c0:bc:b9:d3:8f:48:1f:b6:32:dd:36:
                    e8:ee:fc:25:66:95:72:1f:91:cf:94:18:96:62:02:
                    e7:48:de:d1:e3:b5:e1:75:e6:41:f6:5c:db:ab:2d:
                    e5:9f:e0:34:d5:48:2f:e2:e8:ef:53:8d:3e:26:f5:
                    aa:f7:64:ec:c0:61:e9:e7:e4:43:67:dd:a5:39:c8:
                    3b:72:07:bf:75:71:ca:c8:d4:fe:34:a8:47:c3:8b:
                    d8:26:2a:98:64:f7:56:14:81:e7:c2:e4:58:50:e1:
                    a7:4b:06:fd:49:eb:7e:25:74:b6:6a:6b:81:97:3d:
                    37:bd:58:ee:18:9c:d2:2c:66:c1:b1:fb:72:75:8a:
                    d7:26:c3:77:f1:db:85:ac:dd:58:85:ad:e3:29:a1:
                    2a:59:02:a5:28:9c:ce:99:e1:f6:3f:68:7f:06:d7:
                    a9:b9:f8:be:85:de:27:1d:cd:c4:71:57:8d:d8:bc:
                    29:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A2:68:57:72:37:5B:A8:D1:58:9F:A9:6D:66:12:6E:50:B6:61:4C
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS45708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  112.140.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:69:7a:9c:9d:3c:3a:74:08:2a:2e:8d:00:1f:15:13:09:11:
         ee:f7:21:59:af:45:f5:03:26:58:d9:53:3f:ea:a3:f9:74:5b:
         aa:a0:28:57:7e:8a:f0:16:19:51:a7:b0:d0:09:2e:a9:17:75:
         58:9e:c1:10:75:dd:01:22:71:ac:95:3c:70:37:e2:8b:d2:85:
         96:dd:d8:1d:4a:4a:6d:e9:bf:a8:b2:90:7b:70:18:e2:29:2d:
         85:0a:0f:a1:a8:55:63:61:8f:90:28:96:8a:a3:4f:a0:f4:94:
         7a:f9:5d:81:d9:6d:73:de:92:66:0e:7e:56:b1:73:8c:fc:d3:
         09:c6:90:26:21:23:f1:85:b1:78:81:2f:99:b0:3c:4e:db:e2:
         7f:41:99:6a:e0:d1:26:3d:cc:bc:72:7a:f3:d3:c2:b8:0c:da:
         a0:7e:0c:1f:64:b1:94:40:2f:af:76:17:e1:54:e9:81:46:b1:
         4e:90:bc:5c:e9:d3:8b:7c:fe:de:74:b8:71:3d:dc:ff:f0:f6:
         89:9b:4d:b9:a8:81:9b:af:98:85:d7:ca:6f:3c:11:1b:61:4e:
         07:30:51:5f:49:ee:16:7e:6f:50:e0:37:9b:68:9d:39:c3:fa:
         2e:a8:d5:04:26:61:c4:11:5c:51:8c:08:d4:c6:3b:c5:a3:ad:
         69:10:67:9f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUNFxz8NlWRgWnTQxGuBas4PdDQPIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA5MTcyNVoX
DTI3MDUwMTA5MjIyNVowMzExMC8GA1UEAxMoRTJBMjY4NTc3MjM3NUJBOEQxNTg5
RkE5NkQ2NjEyNkU1MEI2NjE0QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJDB+wNI+F5Tf9OQm0nw8VgyRwiyLIovBPyW0+yBT1BiMX0golE8xanmArLV
d69ArrltjdjozfG5DXil189tpYwhaeD2qtY8H91QNBwFvsC8udOPSB+2Mt026O78
JWaVch+Rz5QYlmIC50je0eO14XXmQfZc26st5Z/gNNVIL+Lo71ONPib1qvdk7MBh
6efkQ2fdpTnIO3IHv3VxysjU/jSoR8OL2CYqmGT3VhSB58LkWFDhp0sG/UnrfiV0
tmprgZc9N71Y7hic0ixmwbH7cnWK1ybDd/HbhazdWIWt4ymhKlkCpSiczpnh9j9o
fwbXqbn4voXeJx3NxHFXjdi8KecCAwEAAaOCAcswggHHMB0GA1UdDgQWBBTiomhX
cjdbqNFYn6ltZhJuULZhTDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNDU3MDgucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANwjKAwDQYJKoZIhvcNAQELBQADggEBAFBpepydPDp0CCoujQAfFRMJEe73
IVmvRfUDJljZUz/qo/l0W6qgKFd+ivAWGVGnsNAJLqkXdViewRB13QEicayVPHA3
4ovShZbd2B1KSm3pv6iykHtwGOIpLYUKD6GoVWNhj5AoloqjT6D0lHr5XYHZbXPe
kmYOflaxc4z80wnGkCYhI/GFsXiBL5mwPE7b4n9BmWrg0SY9zLxyevPTwrgM2qB+
DB9ksZRAL692F+FU6YFGsU6QvFzp04t8/t50uHE93P/w9ombTbmogZuvmIXXym88
ERthTgcwUV9J7hZ+b1DgN5tonTnD+i6o1QQmYcQRXFGMCNTGO8WjrWkQZ58=
-----END CERTIFICATE-----