Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS58378.roa
File:                     AS58378.roa (raw, json)
Hash identifier:          Cy9fVI98RVmu2PRXsx06gzLjQkdbs6XKnajqs/1fgOA=
Subject key identifier:   45:D0:DE:9A:44:BB:54:34:7F:FA:59:4A:E7:15:69:5E:E0:AE:DF:8D
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       17E37E5BBACA2F62A989F031CF503C442F52719B
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS58378.roa
Signing time:             Sat 02 May 2026 17:00:57 +0000
ROA not before:           Sat 02 May 2026 16:55:57 +0000
ROA not after:            Sat 01 May 2027 17:00:57 +0000
asID:                     58378
IP address blocks:        124.109.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:e3:7e:5b:ba:ca:2f:62:a9:89:f0:31:cf:50:3c:44:2f:52:71:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 16:55:57 2026 GMT
            Not After : May  1 17:00:57 2027 GMT
        Subject: CN=45D0DE9A44BB54347FFA594AE715695EE0AEDF8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f1:fd:51:5a:b9:d6:95:f7:ec:54:18:ed:a0:
                    6a:5b:49:76:5e:38:48:32:0d:db:8f:8d:e5:4b:41:
                    0f:d1:e7:aa:aa:0e:cf:f2:50:c1:d9:92:ad:94:fc:
                    ea:d6:f4:b7:be:50:a0:55:9e:f1:c9:4e:3f:0e:8e:
                    16:13:71:9b:9d:d9:fc:f4:0c:f3:37:d3:cc:c7:07:
                    49:53:32:32:69:a3:8a:4e:21:c1:0b:1a:54:22:8c:
                    3c:54:c1:a5:6b:fa:c6:6a:e0:45:16:f6:15:50:de:
                    5f:7e:72:3a:b8:dc:58:32:33:9c:9d:e0:8a:6a:c5:
                    86:f6:18:5c:b0:ed:81:95:18:dc:d5:6d:7f:17:d2:
                    cd:f1:14:af:d0:d7:5d:1e:bb:19:c6:7b:95:fb:bc:
                    b5:a2:18:f3:31:2b:b6:7f:eb:01:33:96:55:f3:61:
                    cb:f6:6c:35:09:07:ef:53:6b:47:f0:f7:a6:d9:b6:
                    7f:65:33:1b:00:02:73:58:dd:2d:c2:7a:71:3d:bb:
                    ca:3d:91:29:ee:8d:34:46:de:ce:3a:e3:44:8f:58:
                    11:f8:0f:95:df:7f:2d:43:8c:cf:5c:41:2c:b9:85:
                    56:7e:29:70:43:01:57:63:8a:0a:7b:5f:0b:4b:2e:
                    d8:9c:d3:2a:bf:6c:fb:b9:39:64:2a:72:4c:4c:06:
                    20:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D0:DE:9A:44:BB:54:34:7F:FA:59:4A:E7:15:69:5E:E0:AE:DF:8D
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS58378.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.109.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:89:d4:9b:fa:ec:bf:5d:cd:f3:82:a5:95:48:21:d0:bc:ed:
         09:42:4d:94:a9:c5:98:58:96:7f:0e:c7:90:e8:7e:be:9f:2a:
         ca:f8:a6:97:0f:af:82:5c:6d:ed:ad:fa:b9:1f:93:7c:c4:63:
         5d:08:a7:3c:ba:d5:aa:3b:30:e5:52:45:02:54:19:59:94:51:
         ec:3f:25:28:44:8b:f3:67:5d:a5:f9:a1:e6:ca:db:ad:7b:5a:
         91:f7:85:7c:8a:09:84:7c:47:35:34:11:7f:f2:39:19:90:c9:
         79:98:cf:cb:dc:65:f5:dd:5b:9c:32:d0:33:87:e1:ac:ca:a2:
         ec:19:60:a1:eb:fc:38:47:fc:c1:af:cb:29:c9:8a:ff:d4:d3:
         6e:4f:2f:e0:d5:6a:f5:93:3e:50:8d:58:2c:ee:40:04:b8:e6:
         ce:9a:82:bc:d6:a1:9d:2b:f1:e1:c2:02:70:7a:31:1a:97:63:
         ff:1a:20:3c:dc:6b:3d:09:76:d0:d1:72:d9:a0:e2:69:c8:77:
         80:7f:43:fe:10:8b:da:fa:8e:f3:b0:81:ac:47:f8:f6:30:da:
         28:cc:bf:66:c6:d8:1a:39:1c:47:2e:28:2a:f3:71:f0:e7:48:
         2e:76:92:bc:c8:a3:4e:55:05:52:c9:37:cb:82:dc:a5:31:74:
         f3:85:e5:b2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUF+N+W7rKL2KpifAxz1A8RC9ScZswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjE2NTU1N1oX
DTI3MDUwMTE3MDA1N1owMzExMC8GA1UEAxMoNDVEMERFOUE0NEJCNTQzNDdGRkE1
OTRBRTcxNTY5NUVFMEFFREY4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLx/VFaudaV9+xUGO2galtJdl44SDIN24+N5UtBD9HnqqoOz/JQwdmSrZT8
6tb0t75QoFWe8clOPw6OFhNxm53Z/PQM8zfTzMcHSVMyMmmjik4hwQsaVCKMPFTB
pWv6xmrgRRb2FVDeX35yOrjcWDIznJ3gimrFhvYYXLDtgZUY3NVtfxfSzfEUr9DX
XR67GcZ7lfu8taIY8zErtn/rATOWVfNhy/ZsNQkH71NrR/D3ptm2f2UzGwACc1jd
LcJ6cT27yj2RKe6NNEbezjrjRI9YEfgPld9/LUOMz1xBLLmFVn4pcEMBV2OKCntf
C0su2JzTKr9s+7k5ZCpyTEwGIDECAwEAAaOCAcswggHHMB0GA1UdDgQWBBRF0N6a
RLtUNH/6WUrnFWle4K7fjTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNTgzNzgucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAB8bRcwDQYJKoZIhvcNAQELBQADggEBAJ6J1Jv67L9dzfOCpZVIIdC87QlC
TZSpxZhYln8Ox5Dofr6fKsr4ppcPr4Jcbe2t+rkfk3zEY10Ipzy61ao7MOVSRQJU
GVmUUew/JShEi/NnXaX5oebK2617WpH3hXyKCYR8RzU0EX/yORmQyXmYz8vcZfXd
W5wy0DOH4azKouwZYKHr/DhH/MGvyynJiv/U025PL+DVavWTPlCNWCzuQAS45s6a
grzWoZ0r8eHCAnB6MRqXY/8aIDzcaz0JdtDRctmg4mnId4B/Q/4Qi9r6jvOwgaxH
+PYw2ijMv2bG2Bo5HEcuKCrzcfDnSC52krzIo05VBVLJN8uC3KUxdPOF5bI=
-----END CERTIFICATE-----