Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138842.roa
File:                     AS138842.roa (raw, json)
Hash identifier:          0JGzCi09gTIKe4bJ1NMSI0LSb8xM7PW5diNB4QDw3jY=
Subject key identifier:   E9:22:AB:5F:72:CF:F7:33:79:A6:4C:B1:0F:16:A7:B2:34:C0:09:A5
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       57A0F13FF7BB613211EECC7C1CFA2CAE982BABAE
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138842.roa
Signing time:             Wed 11 Mar 2026 07:00:00 +0000
ROA not before:           Wed 11 Mar 2026 06:55:00 +0000
ROA not after:            Wed 10 Mar 2027 07:00:00 +0000
asID:                     138842
IP address blocks:        103.155.106.0/23 maxlen: 24
                          103.176.26.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 29 Mar 2026 06:12:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a0:f1:3f:f7:bb:61:32:11:ee:cc:7c:1c:fa:2c:ae:98:2b:ab:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Mar 11 06:55:00 2026 GMT
            Not After : Mar 10 07:00:00 2027 GMT
        Subject: CN=E922AB5F72CFF73379A64CB10F16A7B234C009A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:63:bc:96:77:19:83:6b:ce:49:bf:e4:46:91:
                    c6:73:34:84:bf:54:db:ce:f0:e2:dc:f7:36:19:9c:
                    89:13:53:74:d6:e6:95:ff:fd:11:53:62:e2:05:5c:
                    98:2a:c8:15:0b:1a:cc:56:33:cc:80:be:0b:d2:d4:
                    79:d8:33:81:c9:86:29:9a:bb:69:c0:02:32:03:1d:
                    45:55:5e:f1:38:28:3d:1c:2d:17:6d:02:da:c5:f2:
                    b1:06:73:95:d5:ba:53:a1:f8:cf:e3:86:a8:2d:35:
                    78:39:3f:ea:21:19:a7:a8:f2:e2:c9:a8:53:2f:bb:
                    7d:20:1e:cb:ae:eb:c8:8f:2d:9f:0b:eb:73:41:70:
                    0e:39:9e:67:65:3c:d6:04:55:01:1b:17:24:3a:91:
                    c1:2f:7e:20:c3:c4:13:a7:85:23:48:7b:03:51:ec:
                    70:05:f2:ec:ad:b9:6c:15:2b:5c:ff:26:ba:c9:db:
                    af:91:c6:46:f8:f0:aa:a2:4c:79:ba:e0:cc:0d:1f:
                    cf:a7:1e:4e:37:c2:5c:f9:3c:15:01:f7:fd:05:0d:
                    bc:90:21:fb:45:82:98:fd:56:df:bd:27:3f:d3:a5:
                    f2:ca:ab:d1:54:e6:27:62:3d:77:6b:41:4b:2f:ab:
                    7e:e5:eb:71:47:26:8c:3f:1e:49:ad:8b:ba:4b:f1:
                    9f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:22:AB:5F:72:CF:F7:33:79:A6:4C:B1:0F:16:A7:B2:34:C0:09:A5
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS138842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.155.106.0/23
                  103.176.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:5f:ca:39:81:30:b5:36:43:89:19:9b:fd:ae:b5:93:7e:ed:
         86:cd:69:ae:d7:20:2c:67:fa:ac:6a:85:8b:31:a2:39:03:92:
         75:33:5f:97:8f:2f:67:50:dc:e2:51:4b:2f:0e:7d:37:fe:1e:
         1f:20:98:30:b5:ed:25:f7:1d:2a:f0:0e:3e:79:86:0b:f1:6a:
         96:8e:36:26:78:c6:14:50:41:9b:da:c1:da:96:2a:8d:75:74:
         02:8d:12:34:66:f3:4b:14:8a:a5:d2:f4:b9:27:3d:85:50:41:
         be:48:ea:ed:d6:5d:c6:c9:bd:a0:d1:86:4f:82:a1:37:f4:67:
         a4:03:7c:30:9a:a0:4f:68:b7:74:ac:08:35:e0:5f:8e:5b:6c:
         ba:f7:08:24:bb:c6:77:cc:46:4b:10:82:b5:9c:9d:24:17:b7:
         69:d7:b1:6f:39:60:d4:97:44:ec:36:0a:2b:eb:5b:fa:a6:a6:
         f6:99:9b:e3:21:dc:1c:ef:5e:02:f7:74:4f:08:7f:61:e9:81:
         03:a4:d4:fe:35:69:55:8d:48:dc:f4:ba:63:46:90:79:2a:59:
         d4:e8:d8:7b:64:fc:97:85:66:82:3b:b0:54:e6:9d:4a:b6:5c:
         2b:20:f5:74:e3:e3:b1:35:b1:a1:48:d3:e3:2a:6d:d4:32:1e:
         b4:32:f1:2c
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIUV6DxP/e7YTIR7sx8HPosrpgrq64wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI2MDMxMTA2NTUwMFoX
DTI3MDMxMDA3MDAwMFowMzExMC8GA1UEAxMoRTkyMkFCNUY3MkNGRjczMzc5QTY0
Q0IxMEYxNkE3QjIzNEMwMDlBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdjvJZ3GYNrzkm/5EaRxnM0hL9U287w4tz3NhmciRNTdNbmlf/9EVNi4gVc
mCrIFQsazFYzzIC+C9LUedgzgcmGKZq7acACMgMdRVVe8TgoPRwtF20C2sXysQZz
ldW6U6H4z+OGqC01eDk/6iEZp6jy4smoUy+7fSAey67ryI8tnwvrc0FwDjmeZ2U8
1gRVARsXJDqRwS9+IMPEE6eFI0h7A1HscAXy7K25bBUrXP8musnbr5HGRvjwqqJM
ebrgzA0fz6ceTjfCXPk8FQH3/QUNvJAh+0WCmP1W370nP9Ol8sqr0VTmJ2I9d2tB
Sy+rfuXrcUcmjD8eSa2Lukvxn88CAwEAAaOCAdYwggHSMB0GA1UdDgQWBBTpIqtf
cs/3M3mmTLEPFqeyNMAJpTAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzODg0Mi5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQw
EgQCAAEwDAMEAWebagMEAWewGjANBgkqhkiG9w0BAQsFAAOCAQEAhF/KOYEwtTZD
iRmb/a61k37ths1prtcgLGf6rGqFizGiOQOSdTNfl48vZ1Dc4lFLLw59N/4eHyCY
MLXtJfcdKvAOPnmGC/Fqlo42JnjGFFBBm9rB2pYqjXV0Ao0SNGbzSxSKpdL0uSc9
hVBBvkjq7dZdxsm9oNGGT4KhN/RnpAN8MJqgT2i3dKwINeBfjltsuvcIJLvGd8xG
SxCCtZydJBe3adexbzlg1JdE7DYKK+tb+qam9pmb4yHcHO9eAvd0Twh/YemBA6TU
/jVpVY1I3PS6Y0aQeSpZ1OjYe2T8l4VmgjuwVOadSrZcKyD1dOPjsTWxoUjT4ypt
1DIetDLxLA==
-----END CERTIFICATE-----