Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141984.roa
File:                     AS141984.roa (raw, json)
Hash identifier:          eZ6tnOX8spekKizMy+uMOfacdMe9mqDERhOy3O7JSxg=
Subject key identifier:   A3:5D:85:73:5F:58:87:0B:CD:A4:DC:F5:D5:EF:5D:1C:C8:5F:04:F8
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       0BA75865C1EEB594C94072DA95407C3FF491EDE0
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141984.roa
Signing time:             Tue 24 Mar 2026 08:00:00 +0000
ROA not before:           Tue 24 Mar 2026 07:55:00 +0000
ROA not after:            Tue 23 Mar 2027 08:00:00 +0000
asID:                     141984
IP address blocks:        2400:cfa0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 29 Mar 2026 06:12:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a7:58:65:c1:ee:b5:94:c9:40:72:da:95:40:7c:3f:f4:91:ed:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Mar 24 07:55:00 2026 GMT
            Not After : Mar 23 08:00:00 2027 GMT
        Subject: CN=A35D85735F58870BCDA4DCF5D5EF5D1CC85F04F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ad:a2:3d:72:ea:ae:8d:c0:ae:01:84:e8:68:
                    47:6a:d8:68:d4:38:f8:7b:95:0b:b5:65:1d:71:af:
                    8c:fb:19:d0:01:64:8f:43:27:bd:0f:a6:64:87:e3:
                    89:3c:26:ff:43:ef:06:a5:2e:e4:be:1f:85:d7:63:
                    6c:07:26:c8:28:c9:b8:91:df:d8:a6:ac:6c:c2:55:
                    86:58:98:86:33:68:30:f2:99:4d:02:74:20:52:3a:
                    7c:9a:7f:48:b8:bc:f7:ce:44:e9:3c:b0:2c:25:4d:
                    97:60:b9:c0:4b:06:6d:ef:5f:32:09:e7:6d:e2:30:
                    91:2e:f0:f0:09:17:92:6f:8f:6d:05:5e:52:71:24:
                    b7:dd:b5:08:a1:de:ae:32:06:4f:7c:9d:26:85:14:
                    6a:39:ea:ef:1f:20:16:f7:bb:ae:d4:f8:2c:3f:37:
                    51:89:b7:c3:70:cc:88:6d:72:d0:a2:94:5b:69:9f:
                    62:c4:1b:d1:2b:eb:1d:52:7e:3f:4e:f2:e1:54:f2:
                    39:98:e0:15:f2:53:ea:81:ac:8b:61:e2:30:30:f0:
                    e4:85:19:98:b1:c2:4b:46:88:aa:f2:79:86:89:5a:
                    d0:d2:2a:60:03:f8:a0:c4:ef:e9:02:af:00:24:5e:
                    3d:73:e8:44:53:b6:54:28:d7:a9:63:5c:91:a9:57:
                    1e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5D:85:73:5F:58:87:0B:CD:A4:DC:F5:D5:EF:5D:1C:C8:5F:04:F8
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS141984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:cfa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:b5:8c:f5:6e:ad:46:ff:dc:aa:b5:b7:66:c3:75:9e:77:40:
         bd:1b:05:78:08:f7:3c:c8:ea:52:3f:44:6d:b6:b7:39:f2:fc:
         e4:a2:a0:0d:95:ce:78:e8:2e:b8:1a:f7:2d:32:23:4f:cc:a6:
         d6:5c:00:87:12:47:59:e6:60:63:50:0b:24:92:d0:2c:89:6a:
         78:cc:51:8c:ba:35:76:64:8a:5d:9f:84:40:15:9c:06:34:f5:
         a0:92:18:81:3b:9d:f0:f7:5e:37:13:db:07:20:67:ca:45:bb:
         bd:58:d4:18:db:e9:30:58:1b:cd:a7:07:45:51:07:5d:be:e5:
         93:a3:e1:8f:83:33:3e:7c:5e:1d:7b:9b:74:0f:8e:ed:df:83:
         d5:f4:ff:d6:c9:9b:5f:5c:71:a6:91:61:11:7c:3b:5f:40:c3:
         26:c4:63:33:1f:34:5c:b0:6d:11:87:5a:75:38:82:c3:cc:eb:
         17:22:89:3b:75:1c:bc:fa:e0:ca:02:a5:50:de:5c:da:d3:ea:
         72:f3:4a:f3:c9:a0:1d:b8:9b:e7:c9:bb:f3:39:31:e3:fd:b8:
         e3:39:31:6c:82:0b:e6:11:ff:85:e0:c4:77:72:1a:15:19:25:
         92:96:5b:8c:91:82:41:b7:c7:3a:8b:93:6d:47:80:ee:cc:78:
         aa:be:5a:2d
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgIUC6dYZcHutZTJQHLalUB8P/SR7eAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI2MDMyNDA3NTUwMFoX
DTI3MDMyMzA4MDAwMFowMzExMC8GA1UEAxMoQTM1RDg1NzM1RjU4ODcwQkNEQTRE
Q0Y1RDVFRjVEMUNDODVGMDRGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGtoj1y6q6NwK4BhOhoR2rYaNQ4+HuVC7VlHXGvjPsZ0AFkj0MnvQ+mZIfj
iTwm/0PvBqUu5L4fhddjbAcmyCjJuJHf2KasbMJVhliYhjNoMPKZTQJ0IFI6fJp/
SLi8985E6TywLCVNl2C5wEsGbe9fMgnnbeIwkS7w8AkXkm+PbQVeUnEkt921CKHe
rjIGT3ydJoUUajnq7x8gFve7rtT4LD83UYm3w3DMiG1y0KKUW2mfYsQb0SvrHVJ+
P07y4VTyOZjgFfJT6oGsi2HiMDDw5IUZmLHCS0aIqvJ5hola0NIqYAP4oMTv6QKv
ACRePXPoRFO2VCjXqWNckalXHksCAwEAAaOCAdEwggHNMB0GA1UdDgQWBBSjXYVz
X1iHC82k3PXV710cyF8E+DAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzE0MTk4NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8w
DQQCAAIwBwMFACQAz6AwDQYJKoZIhvcNAQELBQADggEBACy1jPVurUb/3Kq1t2bD
dZ53QL0bBXgI9zzI6lI/RG22tzny/OSioA2VznjoLrga9y0yI0/MptZcAIcSR1nm
YGNQCySS0CyJanjMUYy6NXZkil2fhEAVnAY09aCSGIE7nfD3XjcT2wcgZ8pFu71Y
1Bjb6TBYG82nB0VRB12+5ZOj4Y+DMz58Xh17m3QPju3fg9X0/9bJm19ccaaRYRF8
O19AwybEYzMfNFywbRGHWnU4gsPM6xciiTt1HLz64MoCpVDeXNrT6nLzSvPJoB24
m+fJu/M5MeP9uOM5MWyCC+YR/4XgxHdyGhUZJZKWW4yRgkG3xzqLk21HgO7MeKq+
Wi0=
-----END CERTIFICATE-----