Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS58822.roa
File:                     AS58822.roa (raw, json)
Hash identifier:          Usg65GAihz2BwqaUbNlJQN98V8s8sEzHswG5Pw++QYc=
Subject key identifier:   23:22:DC:43:54:32:E0:50:F4:F2:01:03:29:D3:20:E9:39:5D:54:FD
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       079F68DA1BA934B773A322DF71EE804F5EEE4C2D
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS58822.roa
Signing time:             Sat 02 May 2026 08:35:59 +0000
ROA not before:           Sat 02 May 2026 08:30:59 +0000
ROA not after:            Sat 01 May 2027 08:35:59 +0000
asID:                     58822
IP address blocks:        103.242.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:58:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:9f:68:da:1b:a9:34:b7:73:a3:22:df:71:ee:80:4f:5e:ee:4c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 08:30:59 2026 GMT
            Not After : May  1 08:35:59 2027 GMT
        Subject: CN=2322DC435432E050F4F2010329D320E9395D54FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:21:ee:f5:86:58:45:b4:ed:b9:e0:85:f8:21:
                    f8:5d:08:b8:d2:43:4f:4a:65:98:80:c3:27:dc:00:
                    e2:5d:0f:a7:7c:96:ba:3d:a0:74:ec:aa:02:ba:cc:
                    92:28:77:69:64:f3:2b:88:00:54:b9:a7:98:fc:14:
                    47:ba:af:84:c2:87:8a:4c:8d:22:56:4e:b3:ff:db:
                    49:dd:a0:82:df:13:78:c0:ca:0c:d2:30:f2:55:6f:
                    2e:c7:8f:5e:08:8b:96:9a:d4:18:5d:fb:55:e6:ed:
                    a2:cb:ea:eb:16:29:86:d7:00:2f:25:d1:d6:7f:c7:
                    5e:e2:de:98:64:10:5f:04:ed:12:10:5d:51:6a:e8:
                    15:30:83:11:b4:b4:49:a8:c7:43:6e:e1:3f:a4:26:
                    6e:33:c8:b0:6d:ff:ae:b6:19:21:ee:f1:b1:73:ec:
                    b9:bb:cc:cf:7e:e5:40:c5:c1:35:cb:f3:42:19:ff:
                    9d:b5:b0:09:ab:3d:c4:80:55:76:62:09:91:3b:76:
                    8d:30:f5:c2:62:be:50:5a:06:1a:c1:f4:3d:1b:11:
                    67:83:fc:21:f7:b4:20:be:53:94:e7:f8:73:aa:d9:
                    48:c0:d1:dd:f0:fd:d1:1c:9f:83:d0:dd:c4:0b:4b:
                    ce:78:49:a1:b7:2a:67:db:a6:b5:1f:1c:f6:1d:81:
                    b5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:22:DC:43:54:32:E0:50:F4:F2:01:03:29:D3:20:E9:39:5D:54:FD
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS58822.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.242.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:a6:61:f5:a9:85:e8:05:53:bf:cd:9a:6b:36:d2:b0:71:62:
         1a:f4:34:6a:fb:79:3e:d2:31:c7:fe:07:22:1f:6b:9a:e1:e1:
         11:0c:70:89:49:60:97:b6:79:6e:7b:5a:a6:bf:6a:23:f9:e4:
         46:87:9c:0b:e4:18:f2:3a:4e:6b:43:8c:1b:f2:2b:02:c1:b5:
         a8:c2:d5:20:d7:38:28:23:ce:3d:19:e0:dd:12:76:ea:b0:b0:
         53:40:45:6a:0a:b9:f2:cd:d9:d6:0d:5a:dd:b5:58:8a:8e:ca:
         6d:17:26:e0:99:67:06:46:17:ea:24:c6:d9:f4:68:6f:0c:a5:
         ba:51:03:a4:d0:b2:99:1f:ab:57:65:74:75:5a:ab:83:5c:f6:
         aa:7d:34:8e:47:19:f4:df:ad:dc:42:2b:c6:bf:33:8f:34:c2:
         aa:f2:ea:3c:5d:23:a8:f4:81:d2:95:54:68:d5:08:da:53:d8:
         73:8a:fd:c0:61:f1:fd:31:42:67:7c:6b:9f:71:a9:61:39:6a:
         f4:10:ba:e3:49:d3:be:31:b6:1d:29:7b:ab:c7:cc:10:46:fe:
         f1:49:84:ed:f2:fb:e3:ad:08:b1:d5:af:1e:cd:b2:04:c6:a5:
         eb:b1:a8:58:76:b1:fc:ab:cb:38:78:7a:d2:da:71:d7:2b:46:
         90:e4:45:1e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUB59o2hupNLdzoyLfce6AT17uTC0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjA4MzA1OVoX
DTI3MDUwMTA4MzU1OVowMzExMC8GA1UEAxMoMjMyMkRDNDM1NDMyRTA1MEY0RjIw
MTAzMjlEMzIwRTkzOTVENTRGRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYh7vWGWEW07bnghfgh+F0IuNJDT0plmIDDJ9wA4l0Pp3yWuj2gdOyqArrM
kih3aWTzK4gAVLmnmPwUR7qvhMKHikyNIlZOs//bSd2ggt8TeMDKDNIw8lVvLseP
XgiLlprUGF37Vebtosvq6xYphtcALyXR1n/HXuLemGQQXwTtEhBdUWroFTCDEbS0
SajHQ27hP6QmbjPIsG3/rrYZIe7xsXPsubvMz37lQMXBNcvzQhn/nbWwCas9xIBV
dmIJkTt2jTD1wmK+UFoGGsH0PRsRZ4P8Ife0IL5TlOf4c6rZSMDR3fD90Ryfg9Dd
xAtLznhJobcqZ9umtR8c9h2BtRUCAwEAAaOCAcswggHHMB0GA1UdDgQWBBQjItxD
VDLgUPTyAQMp0yDpOV1U/TAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNTg4MjIucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFn8nwwDQYJKoZIhvcNAQELBQADggEBAEWmYfWphegFU7/Nmms20rBxYhr0
NGr7eT7SMcf+ByIfa5rh4REMcIlJYJe2eW57Wqa/aiP55EaHnAvkGPI6TmtDjBvy
KwLBtajC1SDXOCgjzj0Z4N0SduqwsFNARWoKufLN2dYNWt21WIqOym0XJuCZZwZG
F+okxtn0aG8MpbpRA6TQspkfq1dldHVaq4Nc9qp9NI5HGfTfrdxCK8a/M480wqry
6jxdI6j0gdKVVGjVCNpT2HOK/cBh8f0xQmd8a59xqWE5avQQuuNJ074xth0pe6vH
zBBG/vFJhO3y++OtCLHVrx7NsgTGpeuxqFh2sfyryzh4etLacdcrRpDkRR4=
-----END CERTIFICATE-----