Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140410.roa
File:                     AS140410.roa (raw, json)
Hash identifier:          n85isvWdvX83SA1pfpB7qhjZ/q3/ESbdFN5QDTALBmk=
Subject key identifier:   C9:85:03:05:25:07:FA:9B:6D:68:C7:78:2E:59:91:39:8C:9A:9C:D8
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       22FAB97AD12C42D5E9B54B3DD1F9CB504B24212D
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140410.roa
Signing time:             Sun 03 May 2026 08:15:07 +0000
ROA not before:           Sun 03 May 2026 08:10:07 +0000
ROA not after:            Sun 02 May 2027 08:15:07 +0000
asID:                     140410
IP address blocks:        103.151.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fa:b9:7a:d1:2c:42:d5:e9:b5:4b:3d:d1:f9:cb:50:4b:24:21:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 08:10:07 2026 GMT
            Not After : May  2 08:15:07 2027 GMT
        Subject: CN=C98503052507FA9B6D68C7782E5991398C9A9CD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:76:b9:62:68:96:af:b6:89:1a:61:27:a5:
                    bb:08:74:10:20:ce:13:3a:56:70:52:8c:8c:82:b4:
                    6f:1e:ec:77:ff:57:94:6a:6c:5c:95:0f:a8:e5:0b:
                    aa:df:48:f4:e2:0f:92:a0:ca:69:63:23:28:a7:f8:
                    62:7c:b8:1b:be:7e:21:57:08:b5:a1:ad:4d:1f:cd:
                    69:bb:10:fd:2b:86:6d:9c:dc:cf:b4:ba:dc:e7:e8:
                    1f:00:89:e2:ea:d7:3c:c0:08:dd:9c:54:14:c0:8f:
                    33:f9:a9:bb:02:c4:a4:fa:fb:51:0b:0e:1b:8c:4d:
                    60:49:4f:fa:c2:7b:11:db:62:6a:14:6b:98:23:2b:
                    2b:a4:35:1f:87:2a:be:92:a7:be:69:c9:13:56:66:
                    02:c2:8b:45:d4:17:1b:17:e5:d3:9f:96:92:b6:bd:
                    51:1f:49:12:93:ed:aa:15:cd:48:5b:5b:86:2a:3b:
                    29:f2:2e:7e:d0:64:13:2b:25:0f:eb:1b:08:f1:54:
                    2a:56:96:f1:91:45:b8:d0:89:24:7f:66:81:ff:b9:
                    ee:8b:67:ea:0b:5d:a9:bb:6b:3e:0c:6b:73:67:9e:
                    6b:d9:cd:13:97:65:f8:07:04:ce:ac:e1:7b:b0:33:
                    b8:b9:06:2c:dd:70:8b:04:a1:e2:6c:65:86:e4:4a:
                    ca:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:85:03:05:25:07:FA:9B:6D:68:C7:78:2E:59:91:39:8C:9A:9C:D8
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140410.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0b:c7:39:38:60:ce:97:e2:2d:18:37:74:5f:5c:5c:3c:2e:
         d9:86:8f:0f:1e:ea:7c:9e:8d:3c:44:da:33:83:93:fa:75:57:
         c7:e6:b4:73:32:1f:c5:6c:97:39:1b:c3:bc:a5:92:72:f0:fb:
         f7:c1:4b:a6:36:cb:0c:bf:68:a5:61:c6:f7:1d:28:ba:1f:12:
         52:4d:78:b4:f4:1e:d6:e6:ef:50:fe:63:23:84:00:df:e6:f0:
         bc:53:7d:8a:01:c6:84:10:fe:73:2c:11:29:15:e7:a4:64:59:
         94:80:c2:d5:72:87:8b:a7:d6:a6:f0:ad:39:cd:22:ac:3f:c8:
         5d:8e:ab:cc:c9:b9:1c:1b:32:6d:09:a6:80:f3:11:9a:c6:b7:
         fe:3d:ef:2d:a1:4f:de:be:ea:c3:d8:48:68:67:db:ca:d5:a6:
         61:9d:95:52:4b:ca:61:2c:ca:d9:3b:11:3b:0c:c8:86:f4:5f:
         6b:b5:1f:b2:18:ed:7d:ce:f1:c6:86:f0:0c:91:b1:2d:3b:b6:
         b2:ab:f6:01:60:b1:fb:c4:6e:97:31:d1:c9:f4:74:eb:2d:06:
         35:28:36:98:e9:24:ce:a7:a3:cf:25:e9:e8:93:f8:63:14:f8:
         d4:99:50:2e:f5:0f:8d:fb:27:93:8a:f5:81:31:8c:46:a6:e4:
         ef:ff:fc:7f
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUIvq5etEsQtXptUs90fnLUEskIS0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzA4MTAwN1oX
DTI3MDUwMjA4MTUwN1owMzExMC8GA1UEAxMoQzk4NTAzMDUyNTA3RkE5QjZENjhD
Nzc4MkU1OTkxMzk4QzlBOUNEODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMOdrliaJavtokaYSeluwh0ECDOEzpWcFKMjIK0bx7sd/9XlGpsXJUPqOUL
qt9I9OIPkqDKaWMjKKf4Yny4G75+IVcItaGtTR/NabsQ/SuGbZzcz7S63OfoHwCJ
4urXPMAI3ZxUFMCPM/mpuwLEpPr7UQsOG4xNYElP+sJ7EdtiahRrmCMrK6Q1H4cq
vpKnvmnJE1ZmAsKLRdQXGxfl05+Wkra9UR9JEpPtqhXNSFtbhio7KfIuftBkEysl
D+sbCPFUKlaW8ZFFuNCJJH9mgf+57otn6gtdqbtrPgxrc2eea9nNE5dl+AcEzqzh
e7AzuLkGLN1wiwSh4mxlhuRKyj8CAwEAAaOCAcwwggHIMB0GA1UdDgQWBBTJhQMF
JQf6m21ox3guWZE5jJqc2DAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwNDEwLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ5c/MA0GCSqGSIb3DQEBCwUAA4IBAQCjC8c5OGDOl+ItGDd0X1xcPC7Z
ho8PHup8no08RNozg5P6dVfH5rRzMh/FbJc5G8O8pZJy8Pv3wUumNssMv2ilYcb3
HSi6HxJSTXi09B7W5u9Q/mMjhADf5vC8U32KAcaEEP5zLBEpFeekZFmUgMLVcoeL
p9am8K05zSKsP8hdjqvMybkcGzJtCaaA8xGaxrf+Pe8toU/evurD2EhoZ9vK1aZh
nZVSS8phLMrZOxE7DMiG9F9rtR+yGO19zvHGhvAMkbEtO7ayq/YBYLH7xG6XMdHJ
9HTrLQY1KDaY6STOp6PPJenok/hjFPjUmVAu9Q+N+yeTivWBMYxGpuTv//x/
-----END CERTIFICATE-----