Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS137287.roa
File:                     AS137287.roa (raw, json)
Hash identifier:          HwO3O3JgBCSOfa71doLf8afZCWjDPOeOmzC9VInzk0I=
Subject key identifier:   1F:55:7D:E4:98:49:70:5D:29:AE:0E:9E:C2:13:22:12:78:89:8E:2A
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       295FB0C0AE9B74BF37041F482DE1CE806D576D87
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS137287.roa
Signing time:             Sun 03 May 2026 01:33:15 +0000
ROA not before:           Sun 03 May 2026 01:28:15 +0000
ROA not after:            Sun 02 May 2027 01:33:15 +0000
asID:                     137287
IP address blocks:        103.105.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:5f:b0:c0:ae:9b:74:bf:37:04:1f:48:2d:e1:ce:80:6d:57:6d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 01:28:15 2026 GMT
            Not After : May  2 01:33:15 2027 GMT
        Subject: CN=1F557DE49849705D29AE0E9EC213221278898E2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:1d:fe:6c:df:da:9e:ca:3a:af:9f:2d:56:24:
                    05:62:bb:a3:4e:43:71:47:73:a6:31:48:9a:f3:3c:
                    d0:42:af:ce:f3:d9:6a:16:68:77:d6:c6:7f:23:b3:
                    c1:ac:f6:1b:9a:f9:50:e0:1c:8a:91:42:62:3f:e7:
                    84:d3:3d:25:e5:eb:5d:2f:28:87:42:d9:7b:e1:03:
                    32:2c:8c:9a:e2:0d:48:82:37:43:c1:cb:ff:50:71:
                    1c:8e:9a:e6:ec:6b:dd:ed:bd:a7:af:ed:63:f8:55:
                    6f:e2:cd:3e:ef:79:0c:f5:5c:fb:56:b5:39:75:a9:
                    b8:89:3e:0c:ec:ee:55:8e:a1:c9:c1:78:f7:0e:cf:
                    64:54:f0:6c:9b:55:2d:e0:d1:a0:c7:48:62:07:d3:
                    c5:f9:c6:68:15:95:37:cd:20:2c:8c:63:77:7f:ef:
                    22:a2:81:61:6a:30:2d:c2:b2:de:ee:41:33:ff:4d:
                    94:92:9f:d1:25:85:42:59:dd:bd:76:e4:65:df:5e:
                    1b:a5:cb:8f:26:5d:c2:87:0e:b5:fc:75:c5:b5:09:
                    0a:78:d1:b1:04:60:b3:23:4d:04:59:ad:e5:6b:10:
                    f2:af:9b:81:78:46:fa:97:5c:35:a3:79:71:b2:38:
                    d5:4b:72:76:91:5c:c2:93:3a:a8:02:1a:27:5f:da:
                    27:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:55:7D:E4:98:49:70:5D:29:AE:0E:9E:C2:13:22:12:78:89:8E:2A
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS137287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.105.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:4b:ae:9d:84:d5:68:4b:c1:48:22:c1:b3:07:41:95:e4:c9:
         52:89:a7:bd:6d:80:ce:f7:11:9a:1a:e7:05:af:cf:f2:b2:91:
         a6:cb:80:a6:79:33:46:b8:a2:f9:c7:1d:3c:84:ec:0b:15:9a:
         09:22:2b:34:76:5f:bd:e9:22:a1:84:b6:46:63:29:35:68:88:
         72:d6:c2:ab:64:21:68:7b:f8:cb:b3:b5:09:5c:89:b3:b7:e4:
         9c:d7:25:ed:b4:70:f9:53:58:d2:74:11:a0:14:9e:3a:8a:d8:
         8d:ed:41:03:2c:3c:0e:0d:7a:ef:06:36:5f:30:3b:58:a8:c5:
         17:65:70:51:47:7f:dd:78:ac:52:26:59:ca:ab:e3:c7:0a:c3:
         9d:a8:80:57:2e:c2:87:03:ab:49:7c:bc:6d:d5:7e:18:ce:b9:
         4e:81:87:f0:24:b8:b7:ab:df:04:56:59:20:f5:f1:a3:47:1b:
         db:09:85:39:04:dc:3e:74:14:2b:45:5e:97:36:a4:d7:2b:8e:
         4d:e1:cd:89:35:9c:72:12:8e:2b:50:02:2c:d6:b0:ba:cc:ad:
         2f:40:11:c1:cb:b8:a7:e5:c3:66:d4:f8:84:b2:0b:91:d3:20:
         c9:cf:f3:ac:07:3c:22:bc:df:eb:e6:67:2c:a4:72:5e:67:1c:
         2b:9f:11:d8
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUKV+wwK6bdL83BB9ILeHOgG1XbYcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzAxMjgxNVoX
DTI3MDUwMjAxMzMxNVowMzExMC8GA1UEAxMoMUY1NTdERTQ5ODQ5NzA1RDI5QUUw
RTlFQzIxMzIyMTI3ODg5OEUyQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOgd/mzf2p7KOq+fLVYkBWK7o05DcUdzpjFImvM80EKvzvPZahZod9bGfyOz
waz2G5r5UOAcipFCYj/nhNM9JeXrXS8oh0LZe+EDMiyMmuINSII3Q8HL/1BxHI6a
5uxr3e29p6/tY/hVb+LNPu95DPVc+1a1OXWpuIk+DOzuVY6hycF49w7PZFTwbJtV
LeDRoMdIYgfTxfnGaBWVN80gLIxjd3/vIqKBYWowLcKy3u5BM/9NlJKf0SWFQlnd
vXbkZd9eG6XLjyZdwocOtfx1xbUJCnjRsQRgsyNNBFmt5WsQ8q+bgXhG+pdcNaN5
cbI41UtydpFcwpM6qAIaJ1/aJzkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQfVX3k
mElwXSmuDp7CEyISeImOKjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM3Mjg3LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ2nEMA0GCSqGSIb3DQEBCwUAA4IBAQAPS66dhNVoS8FIIsGzB0GV5MlS
iae9bYDO9xGaGucFr8/yspGmy4CmeTNGuKL5xx08hOwLFZoJIis0dl+96SKhhLZG
Yyk1aIhy1sKrZCFoe/jLs7UJXImzt+Sc1yXttHD5U1jSdBGgFJ46itiN7UEDLDwO
DXrvBjZfMDtYqMUXZXBRR3/deKxSJlnKq+PHCsOdqIBXLsKHA6tJfLxt1X4YzrlO
gYfwJLi3q98EVlkg9fGjRxvbCYU5BNw+dBQrRV6XNqTXK45N4c2JNZxyEo4rUAIs
1rC6zK0vQBHBy7in5cNm1PiEsguR0yDJz/OsBzwivN/r5mcspHJeZxwrnxHY
-----END CERTIFICATE-----