Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS142350.roa
File:                     AS142350.roa (raw, json)
Hash identifier:          IVB0y2Ki26n3XjUjbT1IvMkZXdrHK5RaFIFSsb+c0lI=
Subject key identifier:   27:25:CF:8F:B1:ED:53:1E:8C:DF:DD:43:A0:47:33:47:19:DB:0C:6A
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       52148724520DE87F15FCF53125408E572A59AC1F
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS142350.roa
Signing time:             Sat 13 Sep 2025 04:43:31 +0000
ROA not before:           Sat 13 Sep 2025 04:38:31 +0000
ROA not after:            Sat 12 Sep 2026 04:43:31 +0000
asID:                     142350
IP address blocks:        157.66.226.0/23 maxlen: 24
                          157.66.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 03:04:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:14:87:24:52:0d:e8:7f:15:fc:f5:31:25:40:8e:57:2a:59:ac:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Sep 13 04:38:31 2025 GMT
            Not After : Sep 12 04:43:31 2026 GMT
        Subject: CN=2725CF8FB1ED531E8CDFDD43A047334719DB0C6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:86:7c:11:08:d8:30:92:63:fe:cb:e2:3f:42:
                    9f:9c:5e:c9:90:66:45:f5:a8:1a:f5:1b:39:68:88:
                    29:ff:0d:21:0d:fa:69:44:0c:fa:f9:60:64:ff:6f:
                    98:62:3b:63:cc:04:cb:2b:aa:74:34:64:8f:b0:17:
                    28:d7:e4:ef:2f:2c:52:8c:ef:ec:91:97:19:3b:2e:
                    9e:cb:f8:d5:50:00:cd:d5:b5:ae:10:79:57:ef:8c:
                    9f:48:74:73:40:d5:42:c8:45:2a:80:3c:5a:96:64:
                    7c:41:d5:84:b9:8e:d4:99:5f:ec:09:70:f1:3f:c1:
                    15:32:55:33:02:37:d4:10:c4:ff:95:94:80:10:fe:
                    bb:d8:85:e2:f0:d1:70:a8:7e:3f:c4:6e:10:35:2d:
                    c9:9a:a6:2c:ac:0e:9a:ea:2a:f8:f0:ab:91:44:ae:
                    62:14:8b:b5:e8:4a:86:89:3e:8e:7e:9b:f3:ea:ac:
                    58:81:a7:ed:8b:94:5b:70:93:82:a8:b3:bd:a2:8c:
                    72:dc:63:95:ab:a2:5f:e1:af:79:87:e6:b4:d7:4d:
                    bb:e2:93:9a:8b:2c:70:7b:61:03:76:5c:24:4f:bb:
                    1b:0b:ea:f5:19:f1:03:ed:c5:eb:1f:84:65:32:d8:
                    af:7f:0c:99:d5:2d:30:dd:c0:8f:e7:6d:0d:63:9d:
                    65:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:25:CF:8F:B1:ED:53:1E:8C:DF:DD:43:A0:47:33:47:19:DB:0C:6A
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS142350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:1e:3a:69:e2:fc:55:ed:d0:eb:b5:16:b8:70:bf:06:23:ef:
         f4:2f:ef:20:e9:b6:1b:62:a7:ec:78:2e:e2:f2:f9:03:dd:57:
         e6:12:22:c7:98:41:bd:bf:2b:eb:05:ce:e4:aa:55:ad:f6:78:
         0f:05:81:17:ec:0a:39:76:0e:e3:43:24:51:b3:d1:8f:34:ce:
         75:de:2f:01:ca:c2:c8:e2:7b:c7:a6:a6:c1:24:47:8f:d4:39:
         17:2f:b8:bb:3d:a0:ff:b3:cc:0c:36:51:39:c4:2d:f0:f1:75:
         22:09:01:49:b1:39:84:e7:d1:d0:98:a3:5c:47:3b:9c:31:18:
         87:e0:c5:8b:fa:6d:1a:c5:78:f6:c0:9c:cb:21:c6:53:0a:ed:
         f1:3e:18:e1:32:59:61:f5:1b:f2:53:d3:4d:6f:f0:d6:de:c5:
         f2:72:37:dd:8f:90:42:0c:f8:52:9c:f3:71:8f:8d:5f:84:54:
         e0:f7:53:78:d7:05:7f:63:3c:60:e8:d6:21:88:16:37:c3:f3:
         de:80:40:4b:ad:a8:c0:13:f6:73:16:ad:4c:71:99:b3:1a:0b:
         32:84:b9:11:4a:10:cb:ca:36:49:fc:20:f8:bc:4f:5f:04:bd:
         1f:40:73:b9:91:57:e7:b1:9c:46:1b:52:ff:46:05:95:92:71:
         6d:05:d6:21
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUUhSHJFIN6H8V/PUxJUCOVypZrB8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI1MDkxMzA0MzgzMVoX
DTI2MDkxMjA0NDMzMVowMzExMC8GA1UEAxMoMjcyNUNGOEZCMUVENTMxRThDREZE
RDQzQTA0NzMzNDcxOURCMEM2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+GfBEI2DCSY/7L4j9Cn5xeyZBmRfWoGvUbOWiIKf8NIQ36aUQM+vlgZP9v
mGI7Y8wEyyuqdDRkj7AXKNfk7y8sUozv7JGXGTsunsv41VAAzdW1rhB5V++Mn0h0
c0DVQshFKoA8WpZkfEHVhLmO1Jlf7Alw8T/BFTJVMwI31BDE/5WUgBD+u9iF4vDR
cKh+P8RuEDUtyZqmLKwOmuoq+PCrkUSuYhSLtehKhok+jn6b8+qsWIGn7YuUW3CT
gqizvaKMctxjlauiX+GveYfmtNdNu+KTmosscHthA3ZcJE+7Gwvq9RnxA+3F6x+E
ZTLYr38MmdUtMN3Aj+dtDWOdZX8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBQnJc+P
se1THozf3UOgRzNHGdsMajAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzE0MjM1MC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAZ1C4jANBgkqhkiG9w0BAQsFAAOCAQEAGB46aeL8Ve3Q67UWuHC/
BiPv9C/vIOm2G2Kn7Hgu4vL5A91X5hIix5hBvb8r6wXO5KpVrfZ4DwWBF+wKOXYO
40MkUbPRjzTOdd4vAcrCyOJ7x6amwSRHj9Q5Fy+4uz2g/7PMDDZROcQt8PF1IgkB
SbE5hOfR0JijXEc7nDEYh+DFi/ptGsV49sCcyyHGUwrt8T4Y4TJZYfUb8lPTTW/w
1t7F8nI33Y+QQgz4UpzzcY+NX4RU4PdTeNcFf2M8YOjWIYgWN8Pz3oBAS62owBP2
cxatTHGZsxoLMoS5EUoQy8o2Sfwg+LxPXwS9H0BzuZFX57GcRhtS/0YFlZJxbQXW
IQ==
-----END CERTIFICATE-----