Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS46044.roa
File:                     AS46044.roa (raw, json)
Hash identifier:          HJmH7gD+DTm+GE/1EhOmg2wZNwph0RhGGmdnQb8oFe0=
Subject key identifier:   0B:A9:FE:95:A8:68:09:2A:70:7E:6E:D8:65:09:A6:C1:82:FB:28:38
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       3BC452BA2092106FD625B9EEECC94A128E50D3CD
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS46044.roa
Signing time:             Sat 02 May 2026 08:35:13 +0000
ROA not before:           Sat 02 May 2026 08:30:13 +0000
ROA not after:            Sat 01 May 2027 08:35:13 +0000
asID:                     46044
IP address blocks:        111.223.252.0/22 maxlen: 24
                          2405:9940::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:c4:52:ba:20:92:10:6f:d6:25:b9:ee:ec:c9:4a:12:8e:50:d3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:13 2026 GMT
            Not After : May  1 08:35:13 2027 GMT
        Subject: CN=0BA9FE95A868092A707E6ED86509A6C182FB2838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:00:24:05:e3:87:84:a4:20:d1:a6:0a:77:e3:
                    d0:02:8c:e2:bc:17:52:1c:49:b1:d8:b5:5b:36:0f:
                    ab:7d:da:b2:f2:0e:74:f8:dd:95:7d:f8:10:47:54:
                    55:63:46:61:51:d2:98:fa:4a:a8:69:03:3a:17:04:
                    f9:11:ac:8b:61:04:c8:9e:06:d9:cd:cd:ef:3f:6b:
                    7f:e5:a4:f9:9b:82:35:e3:bb:bc:69:17:bd:18:6f:
                    6d:5e:53:88:bc:79:6b:69:14:95:10:b8:ed:6b:58:
                    a0:52:0d:82:ef:fa:99:38:3f:1d:bd:1e:7e:de:9e:
                    2d:8e:70:74:16:59:83:e1:7b:79:8d:d2:b0:db:4e:
                    41:26:da:f5:3c:de:59:d9:88:f7:4f:45:65:12:d6:
                    8b:2e:e2:65:95:b3:de:af:a7:f3:ef:6b:99:0f:62:
                    75:7a:e3:83:24:ea:53:b5:a2:74:e1:33:85:80:89:
                    bd:d3:1b:90:48:69:00:cd:e9:74:58:a5:56:7e:87:
                    ad:17:36:e1:16:8f:35:c3:ac:cb:11:d9:07:d7:31:
                    8d:9e:52:ea:bb:c0:a7:56:09:28:ff:8b:7e:3e:4f:
                    a4:d7:76:d5:e7:bc:d1:44:7d:23:e4:93:44:ef:56:
                    ab:93:8f:0c:67:2b:f1:8b:30:76:b7:4e:39:40:e2:
                    6e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A9:FE:95:A8:68:09:2A:70:7E:6E:D8:65:09:A6:C1:82:FB:28:38
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS46044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.223.252.0/22
                IPv6:
                  2405:9940::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:19:90:99:c7:40:39:e9:7f:ff:d7:08:b0:8e:86:65:a4:a5:
         1d:a0:a6:a9:58:00:b6:f3:45:73:6b:59:9b:6d:c4:c8:99:1a:
         da:78:a2:86:fb:43:f0:2f:de:9f:a1:5b:16:ab:2c:b3:de:9a:
         a4:07:7a:77:00:09:99:56:7d:9d:1a:9e:13:73:50:d8:95:1b:
         58:56:09:b8:5a:5a:a7:46:ab:b0:b3:9b:6c:f8:bc:18:8a:11:
         9d:34:47:aa:37:78:95:98:14:e8:f6:4b:8b:c7:a4:ae:57:65:
         bf:7c:e5:b0:ed:59:e7:df:f1:f3:c8:af:05:e0:01:d4:d7:a7:
         75:bb:71:0f:c7:7f:23:44:31:54:94:82:4a:3f:38:44:f0:f7:
         eb:78:e7:1d:8a:cb:30:0f:c8:3a:d9:a6:78:e8:db:4e:16:95:
         02:21:9a:48:ab:e2:a5:31:e1:98:06:bb:12:86:cb:11:22:7f:
         93:9d:d0:83:3f:a7:98:36:32:1b:d2:6f:2f:79:d9:17:bb:a7:
         16:84:fe:ef:a4:10:63:24:9e:b8:be:a1:1f:34:a2:da:ed:6e:
         e9:52:90:35:97:90:60:1d:f4:93:2b:73:f7:41:53:51:47:2c:
         72:d8:06:cb:86:0a:72:e7:a5:54:c5:9b:2f:88:26:79:e6:95:
         0f:24:14:01
-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgIUO8RSuiCSEG/WJbnu7MlKEo5Q080wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzAxM1oX
DTI3MDUwMTA4MzUxM1owMzExMC8GA1UEAxMoMEJBOUZFOTVBODY4MDkyQTcwN0U2
RUQ4NjUwOUE2QzE4MkZCMjgzODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsAJAXjh4SkINGmCnfj0AKM4rwXUhxJsdi1WzYPq33asvIOdPjdlX34EEdU
VWNGYVHSmPpKqGkDOhcE+RGsi2EEyJ4G2c3N7z9rf+Wk+ZuCNeO7vGkXvRhvbV5T
iLx5a2kUlRC47WtYoFINgu/6mTg/Hb0eft6eLY5wdBZZg+F7eY3SsNtOQSba9Tze
WdmI909FZRLWiy7iZZWz3q+n8+9rmQ9idXrjgyTqU7WidOEzhYCJvdMbkEhpAM3p
dFilVn6HrRc24RaPNcOsyxHZB9cxjZ5S6rvAp1YJKP+Lfj5PpNd21ee80UR9I+ST
RO9Wq5OPDGcr8YswdrdOOUDiblMCAwEAAaOCAdowggHWMB0GA1UdDgQWBBQLqf6V
qGgJKnB+bthlCabBgvsoODAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNDYwNDQucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgAB
MAYDBAJv3/wwDQQCAAIwBwMFACQFmUAwDQYJKoZIhvcNAQELBQADggEBAAQZkJnH
QDnpf//XCLCOhmWkpR2gpqlYALbzRXNrWZttxMiZGtp4oob7Q/Av3p+hWxarLLPe
mqQHencACZlWfZ0anhNzUNiVG1hWCbhaWqdGq7Czm2z4vBiKEZ00R6o3eJWYFOj2
S4vHpK5XZb985bDtWeff8fPIrwXgAdTXp3W7cQ/HfyNEMVSUgko/OETw9+t45x2K
yzAPyDrZpnjo204WlQIhmkir4qUx4ZgGuxKGyxEif5Od0IM/p5g2MhvSby952Re7
pxaE/u+kEGMknri+oR80otrtbulSkDWXkGAd9JMrc/dBU1FHLHLYBsuGCnLnpVTF
my+IJnnmlQ8kFAE=
-----END CERTIFICATE-----