Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS135072.roa
File:                     AS135072.roa (raw, json)
Hash identifier:          8asgknd/MKxqpE2+6ToSTrEFjzc0gGUeddjPXbGjD00=
Subject key identifier:   1B:B6:4F:7D:50:90:00:9C:9F:BB:74:BF:27:A1:C7:59:16:EF:64:AD
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       258B42049F0D6DCCEEB7D669FA805AFE99271F61
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS135072.roa
Signing time:             Sat 02 May 2026 21:23:11 +0000
ROA not before:           Sat 02 May 2026 21:18:11 +0000
ROA not after:            Sat 01 May 2027 21:23:11 +0000
asID:                     135072
IP address blocks:        198.15.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:8b:42:04:9f:0d:6d:cc:ee:b7:d6:69:fa:80:5a:fe:99:27:1f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  2 21:18:11 2026 GMT
            Not After : May  1 21:23:11 2027 GMT
        Subject: CN=1BB64F7D5090009C9FBB74BF27A1C75916EF64AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:87:31:23:45:f2:2f:d6:f5:7f:8a:3d:6e:9d:
                    9d:bb:61:f2:bd:18:83:d5:0b:1b:b6:f0:77:81:06:
                    1a:4b:2d:bf:3d:9e:cb:78:1e:94:47:c8:9d:6f:09:
                    6e:4c:2e:42:82:65:c4:bc:9e:2b:41:21:b3:b5:2c:
                    2a:b9:13:4b:53:48:62:fa:c9:a2:82:bf:d8:f3:9a:
                    66:39:52:97:0f:13:b0:49:bb:20:d3:10:9a:76:07:
                    4c:e7:c5:ac:b6:06:77:b6:2a:22:d3:31:df:69:59:
                    f0:57:28:62:d9:ba:64:c3:be:46:6c:08:3e:b0:ab:
                    5a:6a:92:4f:91:e0:05:ac:c1:20:ca:7f:f8:3e:08:
                    25:a1:71:a6:79:bb:c5:95:27:66:ea:d6:ec:04:5d:
                    ce:8c:18:34:ab:36:01:fc:1f:92:ba:d7:25:24:b9:
                    b1:36:8e:89:96:b1:d8:66:e6:b1:23:62:50:a4:29:
                    bc:da:70:3b:2d:1f:ef:0d:17:a2:20:70:57:ab:ac:
                    4b:58:14:1f:58:39:7c:ce:c5:2c:ee:47:b6:a2:4a:
                    b9:ee:ec:35:08:e2:ce:c2:08:1a:a2:ff:33:fe:1f:
                    a3:fe:24:7a:a7:2c:08:77:b4:35:bd:88:a8:31:4b:
                    e4:83:6a:94:85:91:c4:5b:56:19:1c:d4:84:c5:a7:
                    3b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B6:4F:7D:50:90:00:9C:9F:BB:74:BF:27:A1:C7:59:16:EF:64:AD
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS135072.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.15.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9c:20:66:ad:1a:16:78:2c:d4:66:a8:1f:c3:c3:cd:3d:92:
         d2:83:ba:c9:ce:72:21:5a:47:c7:e9:12:da:e6:85:00:03:1a:
         91:91:b8:db:ab:82:15:bd:ae:d9:84:59:20:e8:1b:11:a2:86:
         b0:75:0d:e9:a4:b4:d7:f7:e0:ad:90:e6:b2:a2:b6:dd:3a:da:
         64:90:04:c9:bf:47:54:f0:2e:79:59:d2:c6:87:8f:a5:e4:bc:
         d5:ca:b2:44:ba:f0:57:7d:b9:1f:06:43:5b:c5:6f:6e:ff:d2:
         d7:41:a4:c9:ca:00:c7:0d:52:9c:8e:01:88:84:8d:0c:a3:35:
         cc:c5:22:33:ff:37:40:d1:b8:aa:48:3e:15:b8:f5:b2:1b:9e:
         dc:56:62:f8:38:1a:b6:d2:73:19:c4:d2:b5:3a:fa:97:92:7f:
         03:9f:7f:f9:12:f5:e7:99:a3:dc:6f:4a:d0:66:b9:f9:eb:0c:
         43:db:8d:9c:ff:74:18:56:c5:f4:f3:f7:18:51:69:c9:1c:db:
         4f:a1:00:ac:0a:75:32:37:7a:29:1d:c0:72:e9:d1:34:e2:77:
         08:89:0f:8e:da:c1:bd:08:6b:d3:55:be:9a:f0:7f:07:fa:ea:
         84:49:c5:68:ce:2a:7f:75:d6:02:6d:52:34:33:01:98:4b:97:
         6c:0f:e8:f3
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUJYtCBJ8Nbczut9Zp+oBa/pknH2EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMjIxMTgxMVoX
DTI3MDUwMTIxMjMxMVowMzExMC8GA1UEAxMoMUJCNjRGN0Q1MDkwMDA5QzlGQkI3
NEJGMjdBMUM3NTkxNkVGNjRBRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOiHMSNF8i/W9X+KPW6dnbth8r0Yg9ULG7bwd4EGGkstvz2ey3gelEfInW8J
bkwuQoJlxLyeK0Ehs7UsKrkTS1NIYvrJooK/2POaZjlSlw8TsEm7INMQmnYHTOfF
rLYGd7YqItMx32lZ8FcoYtm6ZMO+RmwIPrCrWmqST5HgBazBIMp/+D4IJaFxpnm7
xZUnZurW7ARdzowYNKs2AfwfkrrXJSS5sTaOiZax2GbmsSNiUKQpvNpwOy0f7w0X
oiBwV6usS1gUH1g5fM7FLO5HtqJKue7sNQjizsIIGqL/M/4fo/4keqcsCHe0Nb2I
qDFL5INqlIWRxFtWGRzUhMWnO5sCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQbtk99
UJAAnJ+7dL8nocdZFu9krTAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM1MDcyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAxg8cMA0GCSqGSIb3DQEBCwUAA4IBAQAonCBmrRoWeCzUZqgfw8PNPZLS
g7rJznIhWkfH6RLa5oUAAxqRkbjbq4IVva7ZhFkg6BsRooawdQ3ppLTX9+CtkOay
orbdOtpkkATJv0dU8C55WdLGh4+l5LzVyrJEuvBXfbkfBkNbxW9u/9LXQaTJygDH
DVKcjgGIhI0MozXMxSIz/zdA0biqSD4VuPWyG57cVmL4OBq20nMZxNK1OvqXkn8D
n3/5EvXnmaPcb0rQZrn56wxD242c/3QYVsX08/cYUWnJHNtPoQCsCnUyN3opHcBy
6dE04ncIiQ+O2sG9CGvTVb6a8H8H+uqEScVozip/ddYCbVI0MwGYS5dsD+jz
-----END CERTIFICATE-----