Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS45316.roa
File:                     AS45316.roa (raw, json)
Hash identifier:          TZk5Tw+Qvej5a0Ve9f/j2jBtPVaShsuUlpRrE+EeRsk=
Subject key identifier:   88:B2:03:29:B5:8A:92:D1:24:78:D7:3A:44:02:40:1E:5E:8F:6F:AB
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       492344EA9F6993A39241DF2EEED8ABC1676BC020
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS45316.roa
Signing time:             Sun 03 May 2026 15:10:45 +0000
ROA not before:           Sun 03 May 2026 15:05:45 +0000
ROA not after:            Sun 02 May 2027 15:10:45 +0000
asID:                     45316
IP address blocks:        43.252.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:23:44:ea:9f:69:93:a3:92:41:df:2e:ee:d8:ab:c1:67:6b:c0:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May  3 15:05:45 2026 GMT
            Not After : May  2 15:10:45 2027 GMT
        Subject: CN=88B20329B58A92D12478D73A4402401E5E8F6FAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5a:60:5d:55:33:1f:c5:f7:f0:99:ec:52:7e:
                    34:86:d3:45:d0:66:a3:fd:f8:db:de:7a:af:d0:04:
                    f1:8d:16:f9:3a:b7:49:5f:7e:d9:03:4a:7c:59:cb:
                    d8:b7:00:03:aa:56:f4:6f:70:71:ae:1d:de:1a:71:
                    e5:75:4a:7a:7e:8d:d1:77:de:1c:3a:40:f7:1e:c9:
                    51:fa:46:be:57:f6:08:8b:82:f1:3d:16:dd:ea:9a:
                    6a:f6:5f:61:35:df:81:78:55:aa:fd:89:bb:c8:9e:
                    b9:4d:4c:ad:fb:3e:49:d9:83:f8:8b:f0:d2:20:20:
                    9e:a8:5b:39:01:d0:9f:25:36:16:48:a0:d2:bd:a5:
                    dc:10:56:6d:8a:81:f2:f4:0b:95:4f:5e:3a:65:cc:
                    e1:ea:bc:f4:9c:56:9b:f6:3c:fe:50:85:76:ea:1b:
                    aa:04:b4:ac:3e:75:0f:88:67:7a:4a:8a:22:98:9f:
                    12:0d:04:f3:83:5a:5a:7d:3e:23:c7:12:42:a0:06:
                    73:4a:9b:30:a0:ae:22:07:24:da:37:04:9e:25:7a:
                    70:27:f9:c2:25:df:0a:7b:4e:47:12:19:b3:0f:1a:
                    4d:c5:95:7d:3a:4a:26:63:0d:db:e9:f9:14:af:00:
                    72:ab:72:29:d7:2b:d1:d7:bc:fc:7b:60:3b:e2:12:
                    d6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B2:03:29:B5:8A:92:D1:24:78:D7:3A:44:02:40:1E:5E:8F:6F:AB
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS45316.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.252.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:42:a8:3c:a8:45:24:91:85:f6:4a:75:8d:10:d3:26:71:b0:
         fc:eb:72:a3:b3:22:01:39:7b:2e:21:5f:4b:35:7a:61:8a:bd:
         f2:d6:00:47:40:60:38:39:0f:77:d7:fc:6e:de:e4:55:dc:e0:
         88:97:0f:c0:bc:38:15:5e:cd:18:d1:d7:1d:d2:5d:20:bd:d1:
         e2:82:bc:a0:d1:57:7a:61:ea:2f:6e:a8:62:59:1a:18:6b:a0:
         59:20:48:a8:2e:96:3e:e3:2f:1c:d3:e5:06:f4:11:5c:66:de:
         2f:75:28:c0:52:6b:aa:69:24:be:64:95:3c:74:24:1f:b1:54:
         f1:a9:db:ad:99:0a:4e:b2:a9:01:cf:9b:14:e5:47:28:0f:7f:
         bc:c7:36:f6:7a:64:b7:6c:35:ac:63:0d:ea:15:81:cb:99:44:
         36:ae:f6:81:c7:7f:03:e4:c5:60:9c:ff:b2:27:c1:11:3d:bf:
         61:ba:8a:78:52:b5:13:a8:b0:62:92:67:ea:18:81:7b:ad:de:
         94:07:61:6a:b8:47:b2:3e:be:88:5b:ec:ba:c9:41:81:ea:59:
         0d:01:4e:6f:e2:08:4b:b0:f4:ea:37:d9:82:f0:d6:83:a4:5e:
         5c:a2:c3:2c:da:51:84:b9:b0:95:c8:31:37:4f:bb:a6:bc:5e:
         c2:58:97:0d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIUSSNE6p9pk6OSQd8u7tirwWdrwCAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUwMzE1MDU0NVoX
DTI3MDUwMjE1MTA0NVowMzExMC8GA1UEAxMoODhCMjAzMjlCNThBOTJEMTI0NzhE
NzNBNDQwMjQwMUU1RThGNkZBQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdaYF1VMx/F9/CZ7FJ+NIbTRdBmo/342956r9AE8Y0W+Tq3SV9+2QNKfFnL
2LcAA6pW9G9wca4d3hpx5XVKen6N0XfeHDpA9x7JUfpGvlf2CIuC8T0W3eqaavZf
YTXfgXhVqv2Ju8ieuU1Mrfs+SdmD+Ivw0iAgnqhbOQHQnyU2Fkig0r2l3BBWbYqB
8vQLlU9eOmXM4eq89JxWm/Y8/lCFduobqgS0rD51D4hnekqKIpifEg0E84NaWn0+
I8cSQqAGc0qbMKCuIgck2jcEniV6cCf5wiXfCntORxIZsw8aTcWVfTpKJmMN2+n5
FK8AcqtyKdcr0de8/HtgO+IS1lMCAwEAAaOCAcswggHHMB0GA1UdDgQWBBSIsgMp
tYqS0SR41zpEAkAeXo9vqzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBRBggrBgEFBQcBCwRFMEMwQQYIKwYBBQUHMAuGNXJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTNDUzMTYucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr/O8wDQYJKoZIhvcNAQELBQADggEBAB9CqDyoRSSRhfZKdY0Q0yZxsPzr
cqOzIgE5ey4hX0s1emGKvfLWAEdAYDg5D3fX/G7e5FXc4IiXD8C8OBVezRjR1x3S
XSC90eKCvKDRV3ph6i9uqGJZGhhroFkgSKgulj7jLxzT5Qb0EVxm3i91KMBSa6pp
JL5klTx0JB+xVPGp262ZCk6yqQHPmxTlRygPf7zHNvZ6ZLdsNaxjDeoVgcuZRDau
9oHHfwPkxWCc/7InwRE9v2G6inhStROosGKSZ+oYgXut3pQHYWq4R7I+vohb7LrJ
QYHqWQ0BTm/iCEuw9Oo32YLw1oOkXlyiwyzaUYS5sJXIMTdPu6a8XsJYlw0=
-----END CERTIFICATE-----