Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/0/AS138829.roa
File:                     AS138829.roa (raw, json)
Hash identifier:          nPeEENqAGsfkgtU5/2T+/XHE1UqIhg0TvErChSihAb8=
Subject key identifier:   66:03:63:62:87:BA:FA:66:67:21:34:41:BD:36:63:C1:FB:58:35:47
Certificate issuer:       /CN=A91862140000/serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
Certificate serial:       7020258AF143166BD00782F90DD32D35A4EDDC00
Authority key identifier: 7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138829.roa
Signing time:             Sun 03 May 2026 04:30:09 +0000
ROA not before:           Sun 03 May 2026 04:25:09 +0000
ROA not after:            Sun 02 May 2027 04:30:09 +0000
asID:                     138829
IP address blocks:        157.66.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 07:47:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:20:25:8a:f1:43:16:6b:d0:07:82:f9:0d:d3:2d:35:a4:ed:dc:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=7DF4349534441AF11A65DDD3588F74DC59C2D362
        Validity
            Not Before: May  3 04:25:09 2026 GMT
            Not After : May  2 04:30:09 2027 GMT
        Subject: CN=6603636287BAFA6667213441BD3663C1FB583547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fc:2b:8a:89:ed:33:3a:54:05:73:a9:f7:da:
                    c7:d9:c8:17:c5:7c:ae:64:65:c1:1c:4d:8e:72:7b:
                    64:cf:80:17:6e:76:2f:ef:7b:b1:46:e0:f0:3d:36:
                    4a:6e:8d:8e:88:15:87:96:ad:b0:da:16:2a:ca:7f:
                    ea:d1:12:6c:9f:07:b2:23:37:89:fd:11:ec:4f:7e:
                    ed:bc:ae:16:36:60:91:65:2b:9f:2b:2c:b2:24:71:
                    cc:0b:34:c6:cd:29:ed:c2:29:6a:ee:69:d4:4e:c6:
                    7b:8e:0f:e1:55:f9:5d:71:c2:0b:24:dc:2b:f3:1c:
                    e4:5e:4b:df:86:a7:62:8f:33:80:be:9a:ae:37:48:
                    06:32:19:e8:4d:27:18:59:52:14:05:31:9a:bd:28:
                    7c:4d:db:67:36:aa:ec:a5:70:1e:78:41:75:d1:62:
                    7a:e2:b9:36:0a:50:71:ae:b0:c5:07:20:dc:85:e3:
                    a6:21:83:b7:36:02:2c:ac:31:96:09:ff:83:e7:6b:
                    ea:30:f3:e7:8d:d4:db:44:00:17:77:22:fe:66:8f:
                    36:b2:61:d5:ad:7a:b3:c1:39:2e:0e:31:d8:d8:eb:
                    6c:69:eb:b3:e6:e2:c6:d1:cc:0b:d6:be:1d:94:92:
                    c4:b2:fc:6d:cb:42:cd:8b:ef:e3:3b:cb:49:04:78:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:03:63:62:87:BA:FA:66:67:21:34:41:BD:36:63:C1:FB:58:35:47
            X509v3 Authority Key Identifier:
                keyid:7D:F4:34:95:34:44:1A:F1:1A:65:DD:D3:58:8F:74:DC:59:C2:D3:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/7DF4349534441AF11A65DDD3588F74DC59C2D362.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ffQ0lTREGvEaZd3TWI903FnC02I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/0/AS138829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:b5:79:50:2e:86:0e:d1:36:cb:f2:a3:bb:8e:af:92:e6:d2:
         05:40:b2:dd:84:c3:b9:08:26:78:a1:78:ba:41:96:a8:43:e0:
         4d:af:7a:8e:19:74:26:15:03:f5:5e:de:3e:c9:03:f5:a0:62:
         e9:78:86:7e:e1:25:56:d2:d9:60:49:6f:eb:09:39:64:55:8b:
         8a:b5:9e:81:5c:99:a0:2e:73:ea:06:c4:77:1c:d1:c4:ce:ed:
         01:dc:e1:42:88:38:6d:d4:88:bf:13:4b:f8:67:f2:8d:d7:aa:
         56:d2:46:5b:0f:ee:86:d4:0c:c5:53:27:d3:e7:d9:b4:c0:65:
         d8:1a:42:31:e4:fc:c5:74:5c:ba:9e:51:91:74:c2:5f:78:09:
         ba:68:c7:0c:85:53:23:3f:c6:54:76:f5:18:f1:51:ae:52:9a:
         f9:80:5f:13:d5:c3:3d:bb:1c:aa:92:8d:72:18:a2:a6:b7:9d:
         1f:a4:1a:87:9e:37:ba:8b:3a:be:ca:6d:88:b7:ce:1f:f4:d2:
         9f:5c:25:17:94:d3:9f:c5:6e:8f:2b:80:2e:81:e7:5a:3b:a7:
         3a:1d:14:0a:38:aa:f4:bd:e8:2b:bc:c3:f4:d3:20:49:35:0a:
         2b:d8:e1:5d:1a:a9:c6:7c:af:df:4b:20:61:8b:84:28:c3:19:
         05:3f:62:19
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUcCAlivFDFmvQB4L5DdMtNaTt3AAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg3REY0MzQ5NTM0
NDQxQUYxMUE2NURERDM1ODhGNzREQzU5QzJEMzYyMB4XDTI2MDUwMzA0MjUwOVoX
DTI3MDUwMjA0MzAwOVowMzExMC8GA1UEAxMoNjYwMzYzNjI4N0JBRkE2NjY3MjEz
NDQxQkQzNjYzQzFGQjU4MzU0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKH8K4qJ7TM6VAVzqffax9nIF8V8rmRlwRxNjnJ7ZM+AF252L+97sUbg8D02
Sm6NjogVh5atsNoWKsp/6tESbJ8HsiM3if0R7E9+7byuFjZgkWUrnysssiRxzAs0
xs0p7cIpau5p1E7Ge44P4VX5XXHCCyTcK/Mc5F5L34anYo8zgL6arjdIBjIZ6E0n
GFlSFAUxmr0ofE3bZzaq7KVwHnhBddFieuK5NgpQca6wxQcg3IXjpiGDtzYCLKwx
lgn/g+dr6jDz543U20QAF3ci/maPNrJh1a16s8E5Lg4x2NjrbGnrs+bixtHMC9a+
HZSSxLL8bctCzYvv4zvLSQR4bskCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRmA2Ni
h7r6ZmchNEG9NmPB+1g1RzAfBgNVHSMEGDAWgBR99DSVNEQa8Rpl3dNYj3TcWcLT
YjAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzAvN0RGNDM0OTUzNDQ0MUFGMTFB
NjVEREQzNTg4Rjc0REM1OUMyRDM2Mi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRG
MjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvZmZRMGxUUkVHdkVhWmQzVFdJOTAz
Rm5DMDJJLmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8wL0FTMTM4ODI5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAnUIHMA0GCSqGSIb3DQEBCwUAA4IBAQAftXlQLoYO0TbL8qO7jq+S5tIF
QLLdhMO5CCZ4oXi6QZaoQ+BNr3qOGXQmFQP1Xt4+yQP1oGLpeIZ+4SVW0tlgSW/r
CTlkVYuKtZ6BXJmgLnPqBsR3HNHEzu0B3OFCiDht1Ii/E0v4Z/KN16pW0kZbD+6G
1AzFUyfT59m0wGXYGkIx5PzFdFy6nlGRdMJfeAm6aMcMhVMjP8ZUdvUY8VGuUpr5
gF8T1cM9uxyqko1yGKKmt50fpBqHnje6izq+ym2It84f9NKfXCUXlNOfxW6PK4Au
gedaO6c6HRQKOKr0vegrvMP00yBJNQor2OFdGqnGfK/fSyBhi4QowxkFP2IZ
-----END CERTIFICATE-----