Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS138106.roa
File:                     AS138106.roa (raw, json)
Hash identifier:          +FurmB+s9p1FjufcjmtZlpWaL/jMPZVotl2SgANn+2I=
Subject key identifier:   4D:35:84:A7:0B:53:59:6E:FD:3E:06:BB:4C:73:56:87:AE:1A:D5:72
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       0D95C0A55B94D371E7C9E829A922DC0AFFE715EC
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138106.roa
Signing time:             Sun 03 May 2026 15:10:52 +0000
ROA not before:           Sun 03 May 2026 15:05:52 +0000
ROA not after:            Sun 02 May 2027 15:10:52 +0000
asID:                     138106
IP address blocks:        103.126.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:95:c0:a5:5b:94:d3:71:e7:c9:e8:29:a9:22:dc:0a:ff:e7:15:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 15:05:52 2026 GMT
            Not After : May  2 15:10:52 2027 GMT
        Subject: CN=4D3584A70B53596EFD3E06BB4C735687AE1AD572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:93:35:93:36:8d:97:be:9d:19:b2:e9:7c:23:
                    9b:ce:2c:04:49:f3:38:d2:fc:69:e0:d9:4a:e1:40:
                    31:5d:49:18:b7:1b:6e:60:5b:f5:05:f7:59:e0:e4:
                    e6:98:31:ef:9e:44:36:fb:86:5a:06:b8:c7:ba:69:
                    c0:2b:36:f2:29:e2:ba:71:a3:21:27:10:97:11:b0:
                    db:6f:1e:f9:98:57:48:65:c9:1a:fe:ee:4b:e4:57:
                    57:ef:6d:4e:89:fe:2b:ca:72:10:09:31:72:c5:23:
                    22:c1:e8:d2:ee:26:c4:b1:48:77:ff:cd:13:ac:3b:
                    c4:be:0e:d2:a7:a6:c0:82:d7:8b:d5:0b:c1:c5:63:
                    67:2a:e2:46:3a:ba:6c:dc:9d:e6:44:e0:3b:99:4a:
                    06:1e:00:3e:d4:52:e6:b8:e5:68:8c:b2:8e:0a:38:
                    34:aa:11:8e:65:3e:5d:0d:eb:a0:80:91:a7:5d:92:
                    e8:4a:44:4a:fa:ad:f2:b7:73:c9:73:5e:26:f5:57:
                    14:14:7e:17:de:f4:21:c7:fb:1e:75:2f:97:26:9c:
                    5f:39:8f:4a:60:71:60:42:0f:46:9b:13:3e:25:86:
                    00:50:8a:8b:e1:dc:14:d4:5a:c5:ec:28:74:65:e0:
                    05:ff:9a:e5:ed:86:44:9a:a8:4b:3f:01:ae:b5:7f:
                    ff:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:35:84:A7:0B:53:59:6E:FD:3E:06:BB:4C:73:56:87:AE:1A:D5:72
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS138106.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.126.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:43:ec:0d:68:15:3d:8e:8d:ac:96:97:de:f8:ea:22:c6:76:
         a5:fe:3a:d5:70:05:f6:63:65:15:ce:dd:d9:b0:71:13:da:ad:
         a7:1a:77:65:e4:2d:f0:e5:3a:95:ab:3a:0a:a7:a2:d6:f6:78:
         fb:34:6b:8b:5e:62:08:5d:64:51:d7:23:f1:32:e7:95:8e:a3:
         83:8c:98:5e:65:99:dc:c7:5e:8d:a3:6b:2a:3e:b8:fd:63:49:
         7c:09:6a:4a:8e:52:9d:09:d1:d6:c0:db:7d:c4:de:a9:e3:14:
         9d:22:6f:11:56:82:7b:65:19:07:f6:20:16:5c:87:53:5e:c5:
         71:19:de:54:82:a4:2f:f6:71:08:79:5c:ad:b2:93:fe:2a:38:
         8e:8f:40:8f:0a:61:79:b7:26:9a:ae:2e:d4:28:a5:23:8a:e7:
         bc:21:52:74:ba:3d:75:c9:07:cc:bc:57:5e:59:5c:ea:58:33:
         83:9e:da:a3:1b:fa:96:7b:18:e5:48:45:98:49:fd:ff:d4:80:
         5a:17:9a:25:26:9f:c8:d3:47:34:e8:63:13:ba:56:d3:16:f5:
         2b:ff:1f:83:08:4c:2a:5a:32:ff:6f:1f:77:c2:ac:4d:2a:59:
         00:f1:ad:4e:38:ee:c9:98:4b:cc:71:ca:3a:0d:93:ad:3c:80:
         6f:0d:37:cc
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUDZXApVuU03HnyegpqSLcCv/nFewwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzE1MDU1MloX
DTI3MDUwMjE1MTA1MlowMzExMC8GA1UEAxMoNEQzNTg0QTcwQjUzNTk2RUZEM0Uw
NkJCNEM3MzU2ODdBRTFBRDU3MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOGTNZM2jZe+nRmy6Xwjm84sBEnzONL8aeDZSuFAMV1JGLcbbmBb9QX3WeDk
5pgx755ENvuGWga4x7ppwCs28iniunGjIScQlxGw228e+ZhXSGXJGv7uS+RXV+9t
Ton+K8pyEAkxcsUjIsHo0u4mxLFId//NE6w7xL4O0qemwILXi9ULwcVjZyriRjq6
bNyd5kTgO5lKBh4APtRS5rjlaIyyjgo4NKoRjmU+XQ3roICRp12S6EpESvqt8rdz
yXNeJvVXFBR+F970Icf7HnUvlyacXzmPSmBxYEIPRpsTPiWGAFCKi+HcFNRaxewo
dGXgBf+a5e2GRJqoSz8BrrV//9kCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBRNNYSn
C1NZbv0+BrtMc1aHrhrVcjAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTM4MTA2LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQCZ34IMA0GCSqGSIb3DQEBCwUAA4IBAQBnQ+wNaBU9jo2slpfe+Ooixnal
/jrVcAX2Y2UVzt3ZsHET2q2nGndl5C3w5TqVqzoKp6LW9nj7NGuLXmIIXWRR1yPx
MueVjqODjJheZZncx16No2sqPrj9Y0l8CWpKjlKdCdHWwNt9xN6p4xSdIm8RVoJ7
ZRkH9iAWXIdTXsVxGd5UgqQv9nEIeVytspP+KjiOj0CPCmF5tyaari7UKKUjiue8
IVJ0uj11yQfMvFdeWVzqWDODntqjG/qWexjlSEWYSf3/1IBaF5olJp/I00c06GMT
ulbTFvUr/x+DCEwqWjL/bx93wqxNKlkA8a1OOO7JmEvMcco6DZOtPIBvDTfM
-----END CERTIFICATE-----