Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa
File:                     AS9228.roa (raw, json)
Hash identifier:          buDV9IRioA27daDoAwJsP6DqY4wUeKwndWEi3m83ZiY=
Subject key identifier:   67:FF:B1:B6:70:56:E3:24:7A:C6:B2:C6:8B:7A:38:E7:EC:D1:D1:4F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2E93780CD592A2EA13DCB2CDCDD069F8442A58C0
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa
Signing time:             Tue 12 May 2026 06:47:07 +0000
ROA not before:           Tue 12 May 2026 06:42:07 +0000
ROA not after:            Tue 11 May 2027 06:47:07 +0000
asID:                     9228
IP address blocks:        203.77.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 May 2026 09:32:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:93:78:0c:d5:92:a2:ea:13:dc:b2:cd:cd:d0:69:f8:44:2a:58:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May 12 06:42:07 2026 GMT
            Not After : May 11 06:47:07 2027 GMT
        Subject: CN=67FFB1B67056E3247AC6B2C68B7A38E7ECD1D14F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0a:89:08:b2:c8:b1:7d:be:73:46:b1:c1:93:
                    c4:12:ee:d3:c3:5d:bb:91:17:77:ac:17:53:b5:54:
                    19:cb:c0:0c:10:e4:e9:4a:3c:ae:0a:c3:dc:73:b9:
                    70:1d:02:76:a3:bf:36:7b:46:79:fe:43:5a:13:a9:
                    2a:9b:52:a2:2a:48:77:69:37:3b:0f:55:d8:b1:7d:
                    2a:24:1e:0e:a1:c9:0e:9f:88:6d:9f:2a:30:20:47:
                    00:9f:6e:40:4a:39:d7:6d:63:b2:1f:5a:15:e4:8a:
                    bf:11:4d:c8:f8:d3:c7:a7:2e:e4:88:d9:f2:b8:c1:
                    fe:d1:d1:1e:e2:71:3c:77:c7:01:f0:87:87:4f:44:
                    b5:ab:aa:30:05:65:4c:74:87:8d:08:81:df:2c:0a:
                    d7:4c:e3:14:ca:d2:07:74:ed:d5:83:00:62:1f:26:
                    3d:a6:a0:f7:71:bb:31:27:69:1a:19:cd:e3:89:ce:
                    ad:e0:19:5e:50:04:d7:16:ab:cd:c1:8f:fd:5c:a2:
                    83:5a:bc:bf:98:2c:76:95:92:3e:eb:7a:c4:16:33:
                    38:87:db:d1:29:79:9f:dd:31:bd:3e:a7:9d:20:df:
                    5c:eb:4a:22:ee:f4:93:3f:fe:31:79:20:3b:85:b5:
                    53:d4:ad:66:a7:62:97:4f:00:b7:d1:52:fc:43:80:
                    b9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FF:B1:B6:70:56:E3:24:7A:C6:B2:C6:8B:7A:38:E7:EC:D1:D1:4F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.77.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         70:07:c1:13:04:07:f1:e0:78:bc:fc:92:45:de:f3:ad:63:e0:
         bc:74:b3:8d:9b:6e:b2:9e:fc:7e:70:8d:dd:10:96:79:68:84:
         e0:f5:aa:51:19:1b:13:a7:30:fa:0d:7b:c1:28:5b:6c:f5:39:
         c1:07:42:aa:11:01:13:4b:e2:7e:b9:19:a1:8b:38:bc:ab:0b:
         10:95:df:93:65:07:51:c1:bc:51:5f:f8:52:5c:63:36:64:62:
         c3:a5:8d:09:df:d9:d5:62:94:02:71:30:5d:f3:a4:64:f6:7d:
         f0:d6:b0:d8:d1:cd:2e:5f:c9:8e:18:21:a1:a7:6f:79:c8:b8:
         b4:f2:1f:c6:cf:8a:6e:c4:3c:eb:73:c5:cd:69:f4:c2:01:7a:
         a4:b9:a8:f9:fa:3b:80:77:c6:15:ec:fd:6d:49:3b:41:20:ee:
         b4:7a:11:6f:6f:bb:cd:0a:e9:ea:d3:df:28:fd:d2:2a:82:04:
         68:50:c1:07:16:78:c1:35:6a:ae:ec:07:58:6c:16:51:ee:bb:
         4a:38:3b:d1:87:ac:ac:e1:3c:88:af:1e:a6:40:4c:11:51:de:
         19:4a:a1:0e:89:93:ce:49:99:ec:1d:9e:c6:c2:a6:73:f0:c0:
         ec:36:3e:00:28:8d:9d:96:e8:65:c1:46:16:da:7e:8b:88:c7:
         62:6c:06:e6
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIULpN4DNWSouoT3LLNzdBp+EQqWMAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUxMjA2NDIwN1oX
DTI3MDUxMTA2NDcwN1owMzExMC8GA1UEAxMoNjdGRkIxQjY3MDU2RTMyNDdBQzZC
MkM2OEI3QTM4RTdFQ0QxRDE0RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM8KiQiyyLF9vnNGscGTxBLu08Ndu5EXd6wXU7VUGcvADBDk6Uo8rgrD3HO5
cB0CdqO/NntGef5DWhOpKptSoipId2k3Ow9V2LF9KiQeDqHJDp+IbZ8qMCBHAJ9u
QEo5121jsh9aFeSKvxFNyPjTx6cu5IjZ8rjB/tHRHuJxPHfHAfCHh09EtauqMAVl
THSHjQiB3ywK10zjFMrSB3Tt1YMAYh8mPaag93G7MSdpGhnN44nOreAZXlAE1xar
zcGP/Vyig1q8v5gsdpWSPut6xBYzOIfb0Sl5n90xvT6nnSDfXOtKIu70kz/+MXkg
O4W1U9StZqdil08At9FS/EOAubECAwEAAaOCAcowggHGMB0GA1UdDgQWBBRn/7G2
cFbjJHrGssaLejjn7NHRTzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBQBggrBgEFBQcBCwREMEIwQAYIKwYBBQUHMAuGNHJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTOTIyOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBctN4DANBgkqhkiG9w0BAQsFAAOCAQEAcAfBEwQH8eB4vPySRd7zrWPgvHSz
jZtusp78fnCN3RCWeWiE4PWqURkbE6cw+g17wShbbPU5wQdCqhEBE0vifrkZoYs4
vKsLEJXfk2UHUcG8UV/4UlxjNmRiw6WNCd/Z1WKUAnEwXfOkZPZ98Naw2NHNLl/J
jhghoadveci4tPIfxs+KbsQ863PFzWn0wgF6pLmo+fo7gHfGFez9bUk7QSDutHoR
b2+7zQrp6tPfKP3SKoIEaFDBBxZ4wTVqruwHWGwWUe67Sjg70YesrOE8iK8epkBM
EVHeGUqhDomTzkmZ7B2exsKmc/DA7DY+ACiNnZboZcFGFtp+i4jHYmwG5g==
-----END CERTIFICATE-----