Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS142354.roa
File:                     AS142354.roa (raw, json)
Hash identifier:          c8GJhzw9AzshlREuLdIt45vlqQD6ncHTAufxNolujt0=
Subject key identifier:   05:27:BD:2A:BB:9C:EC:B3:42:05:C6:A0:82:B5:DD:25:06:7D:2B:85
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5BA726076854063C785D188CDC6F6DA03B5A5340
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142354.roa
Signing time:             Sun 03 May 2026 05:56:06 +0000
ROA not before:           Sun 03 May 2026 05:51:06 +0000
ROA not after:            Sun 02 May 2027 05:56:06 +0000
asID:                     142354
IP address blocks:        103.169.224.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:a7:26:07:68:54:06:3c:78:5d:18:8c:dc:6f:6d:a0:3b:5a:53:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 05:51:06 2026 GMT
            Not After : May  2 05:56:06 2027 GMT
        Subject: CN=0527BD2ABB9CECB34205C6A082B5DD25067D2B85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:06:7b:ba:a4:aa:90:c2:3f:35:9b:d8:0d:
                    5a:a1:83:12:28:e2:c2:88:9e:fb:49:19:7b:b8:da:
                    4f:6b:e5:f3:18:d6:7d:a6:88:c9:df:4b:1e:41:b3:
                    1e:8c:f9:e7:a8:57:e8:5e:95:1e:9d:53:ac:d9:1e:
                    d0:38:1a:b8:f9:e4:a0:58:64:0e:89:71:97:1b:6b:
                    c1:0f:dd:a9:ee:da:96:31:58:a4:7d:f4:c2:8b:3d:
                    ad:b5:c5:bb:7c:df:4a:9f:f1:d9:3c:92:2f:a1:12:
                    3e:13:d4:6a:24:f4:cf:7b:ca:e9:62:e9:36:e1:f5:
                    56:c8:e3:e8:51:ae:51:f8:87:08:5e:c1:51:bb:bb:
                    b0:a3:9d:a4:e4:8a:0d:9a:18:9c:50:17:55:39:5e:
                    13:02:6e:67:e1:ae:6e:d0:60:93:a7:34:0d:41:ee:
                    c7:7d:e5:da:ee:19:f5:71:e1:1e:62:ed:97:5b:86:
                    be:59:84:93:21:9e:57:1c:6d:63:69:cd:90:08:6d:
                    75:51:1e:ab:6e:08:73:53:5a:35:17:cd:7e:f5:69:
                    4c:da:ff:e1:0f:6e:fd:08:5e:75:5a:ac:39:0f:4a:
                    d3:70:33:2f:c7:a3:1c:79:4f:a8:3f:d6:80:d6:c9:
                    bf:88:74:f4:39:69:5f:fd:b6:10:02:d5:34:b1:59:
                    73:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:27:BD:2A:BB:9C:EC:B3:42:05:C6:A0:82:B5:DD:25:06:7D:2B:85
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS142354.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.169.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:64:ec:75:3c:d9:e0:06:9b:8a:fe:c1:86:bf:e7:03:09:58:
         4d:3f:c6:59:94:ff:96:06:2c:cd:3a:e9:ae:62:c6:cb:71:94:
         ce:bf:19:01:ce:b1:93:74:e4:13:43:cb:d2:22:59:16:b2:42:
         cc:9f:34:93:f9:81:19:ef:47:7e:52:88:11:9a:56:7f:df:6f:
         b0:7b:57:4b:49:7f:bd:cc:ce:ed:bf:38:9c:6f:f9:07:2f:03:
         a7:34:3a:2c:3d:66:83:03:42:c9:e8:4a:c2:6b:c5:e9:9a:5a:
         64:5b:d0:6a:0d:de:36:36:7d:19:36:b6:5c:97:a7:2d:c0:4c:
         7b:e5:c2:4a:d9:61:e5:8d:69:21:34:11:e8:87:14:8c:39:65:
         63:f6:27:0e:be:c7:28:47:18:c3:dc:6f:88:9c:37:9e:c8:8e:
         9f:91:58:32:f9:12:6f:48:72:bc:dd:ed:75:4c:f1:78:a7:e4:
         7e:ed:0a:57:99:30:91:aa:61:3e:18:66:a5:53:2c:f3:f0:2c:
         e3:ab:df:d3:5b:c8:20:b2:7b:6b:93:b3:e6:d1:82:3c:42:01:
         5c:56:60:7b:1a:b6:7e:d8:d8:8e:e0:8b:c1:68:00:8b:de:a1:
         99:a7:5c:d3:04:de:e2:3e:28:5d:a5:e3:25:ac:86:d0:6e:47:
         b7:08:b3:48
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUW6cmB2hUBjx4XRiM3G9toDtaU0AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzA1NTEwNloX
DTI3MDUwMjA1NTYwNlowMzExMC8GA1UEAxMoMDUyN0JEMkFCQjlDRUNCMzQyMDVD
NkEwODJCNUREMjUwNjdEMkI4NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0MBnu6pKqQwj81m9gNWqGDEijiwoie+0kZe7jaT2vl8xjWfaaIyd9LHkGz
Hoz556hX6F6VHp1TrNke0DgauPnkoFhkDolxlxtrwQ/dqe7aljFYpH30wos9rbXF
u3zfSp/x2TySL6ESPhPUaiT0z3vK6WLpNuH1Vsjj6FGuUfiHCF7BUbu7sKOdpOSK
DZoYnFAXVTleEwJuZ+GubtBgk6c0DUHux33l2u4Z9XHhHmLtl1uGvlmEkyGeVxxt
Y2nNkAhtdVEeq24Ic1NaNRfNfvVpTNr/4Q9u/QhedVqsOQ9K03AzL8ejHHlPqD/W
gNbJv4h09DlpX/22EALVNLFZcxkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQFJ70q
u5zss0IFxqCCtd0lBn0rhTAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQyMzU0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQBZ6ngMA0GCSqGSIb3DQEBCwUAA4IBAQBSZOx1PNngBpuK/sGGv+cDCVhN
P8ZZlP+WBizNOumuYsbLcZTOvxkBzrGTdOQTQ8vSIlkWskLMnzST+YEZ70d+UogR
mlZ/32+we1dLSX+9zM7tvzicb/kHLwOnNDosPWaDA0LJ6ErCa8XpmlpkW9BqDd42
Nn0ZNrZcl6ctwEx75cJK2WHljWkhNBHohxSMOWVj9icOvscoRxjD3G+InDeeyI6f
kVgy+RJvSHK83e11TPF4p+R+7QpXmTCRqmE+GGalUyzz8Czjq9/TW8ggsntrk7Pm
0YI8QgFcVmB7GrZ+2NiO4IvBaACL3qGZp1zTBN7iPihdpeMlrIbQbke3CLNI
-----END CERTIFICATE-----