Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS63878.roa
File:                     AS63878.roa (raw, json)
Hash identifier:          p6NfyThPdeszsFR4m7oYIZFPYa3szg3Ix/zjgP/TDIg=
Subject key identifier:   FC:06:46:A0:22:82:11:44:29:AA:EF:FD:BA:33:55:11:FB:7C:C3:58
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       78985A0647DF79F9F4235EDBE6F558AFF13D738E
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS63878.roa
Signing time:             Sat 02 May 2026 21:31:13 +0000
ROA not before:           Sat 02 May 2026 21:26:13 +0000
ROA not after:            Sat 01 May 2027 21:31:13 +0000
asID:                     63878
IP address blocks:        2400:46e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 04 May 2026 01:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:98:5a:06:47:df:79:f9:f4:23:5e:db:e6:f5:58:af:f1:3d:73:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  2 21:26:13 2026 GMT
            Not After : May  1 21:31:13 2027 GMT
        Subject: CN=FC0646A02282114429AAEFFDBA335511FB7CC358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e7:d4:20:d0:0d:cb:b1:9f:57:af:9c:e1:f0:
                    98:92:cd:ec:c5:7d:94:d0:49:30:cd:d2:29:5d:2e:
                    80:40:9e:bd:1e:28:11:96:d0:9a:60:40:61:cd:73:
                    7a:20:c8:e6:32:8b:04:ac:2a:81:3b:f0:25:f5:8a:
                    e9:88:42:37:6f:46:a5:c7:88:35:59:2d:03:6a:70:
                    e3:0b:23:e8:4e:45:f9:8a:71:4b:29:f6:9a:bf:50:
                    9f:c9:1e:cf:b6:2f:65:ea:a5:b1:3a:eb:72:25:ec:
                    fb:f3:1e:e8:d0:65:7a:80:a3:dc:d1:83:b5:97:09:
                    d1:f0:85:36:a1:06:cf:9e:83:a5:75:58:f2:9e:46:
                    a4:b4:b4:25:d4:eb:7d:d9:11:2e:c8:5e:3e:52:64:
                    dd:a0:6a:8c:a7:40:30:ea:92:cf:19:d5:4e:74:83:
                    40:e4:71:12:05:6b:a2:03:52:70:d5:8f:64:53:28:
                    ea:4a:d6:ff:14:bf:ce:77:ad:a9:08:c3:2b:76:ac:
                    3d:ae:3f:58:ba:5f:76:50:29:a4:c6:3c:6a:ef:6f:
                    0e:5f:00:32:1c:a7:98:48:a3:43:89:8b:6b:f3:fc:
                    27:3c:d8:e1:22:b9:17:b6:56:1d:b8:a8:71:86:0e:
                    a0:00:c4:77:98:b0:bc:01:5c:1d:ac:1c:52:b7:c9:
                    5b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:06:46:A0:22:82:11:44:29:AA:EF:FD:BA:33:55:11:FB:7C:C3:58
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS63878.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:46e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:bf:6f:c4:62:3d:a9:3a:27:06:ea:1c:4e:f3:a7:09:f8:10:
         66:c4:0d:7f:fc:b4:ac:42:3d:b9:3c:c8:f3:39:01:a9:56:81:
         5f:8f:62:08:8b:33:fb:8f:f4:7d:c3:a6:ac:e7:1b:a8:4b:9c:
         51:a9:84:1c:e9:ea:98:78:04:4b:e0:aa:1e:d2:eb:76:81:6e:
         07:49:49:45:19:89:11:23:a7:4d:a8:87:db:30:69:0f:bc:80:
         70:20:7c:d8:22:41:b2:73:1d:47:15:75:a5:b4:3f:98:58:d3:
         a5:e4:92:2f:e9:78:7a:95:92:6e:74:04:ec:bb:9d:0a:0c:f0:
         2e:86:b7:15:17:d1:65:ec:eb:41:f2:56:39:b6:f6:18:07:9b:
         b6:47:d2:98:4d:0e:07:c1:9e:2b:33:73:37:e0:23:70:73:5b:
         67:a5:e5:56:cb:f6:f7:a1:ad:d6:7d:d2:2a:2d:00:37:39:96:
         e4:06:02:98:74:b8:2a:09:09:d5:24:e9:2f:71:5b:a7:ee:2c:
         41:36:75:86:99:3e:1e:b3:3f:a1:75:48:c0:e2:d8:06:2b:79:
         cb:92:74:c8:35:8f:c5:70:98:81:67:c0:33:55:ad:86:e7:af:
         e4:26:1f:fc:70:91:a9:55:b7:db:ae:52:c1:9b:91:d3:79:c5:
         b0:19:d2:c6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUeJhaBkffefn0I17b5vVYr/E9c44wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMjIxMjYxM1oX
DTI3MDUwMTIxMzExM1owMzExMC8GA1UEAxMoRkMwNjQ2QTAyMjgyMTE0NDI5QUFF
RkZEQkEzMzU1MTFGQjdDQzM1ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTn1CDQDcuxn1evnOHwmJLN7MV9lNBJMM3SKV0ugECevR4oEZbQmmBAYc1z
eiDI5jKLBKwqgTvwJfWK6YhCN29GpceINVktA2pw4wsj6E5F+YpxSyn2mr9Qn8ke
z7YvZeqlsTrrciXs+/Me6NBleoCj3NGDtZcJ0fCFNqEGz56DpXVY8p5GpLS0JdTr
fdkRLshePlJk3aBqjKdAMOqSzxnVTnSDQORxEgVrogNScNWPZFMo6krW/xS/znet
qQjDK3asPa4/WLpfdlAppMY8au9vDl8AMhynmEijQ4mLa/P8JzzY4SK5F7ZWHbio
cYYOoADEd5iwvAFcHawcUrfJW0MCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBT8Bkag
IoIRRCmq7/26M1UR+3zDWDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNjM4Nzgucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAkAEbgMA0GCSqGSIb3DQEBCwUAA4IBAQCjv2/EYj2pOicG6hxO86cJ+BBm
xA1//LSsQj25PMjzOQGpVoFfj2IIizP7j/R9w6as5xuoS5xRqYQc6eqYeARL4Koe
0ut2gW4HSUlFGYkRI6dNqIfbMGkPvIBwIHzYIkGycx1HFXWltD+YWNOl5JIv6Xh6
lZJudATsu50KDPAuhrcVF9Fl7OtB8lY5tvYYB5u2R9KYTQ4HwZ4rM3M34CNwc1tn
peVWy/b3oa3WfdIqLQA3OZbkBgKYdLgqCQnVJOkvcVun7ixBNnWGmT4esz+hdUjA
4tgGK3nLknTINY/FcJiBZ8AzVa2G56/kJh/8cJGpVbfbrlLBm5HTecWwGdLG
-----END CERTIFICATE-----