Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/1/AS134129.roa
File:                     AS134129.roa (raw, json)
Hash identifier:          UFB5QQOa/G13ILr2rkMvCcZsVtgybpGDDonCwgw6YYA=
Subject key identifier:   BD:4F:0B:B0:56:83:AC:5C:AE:C2:0D:E3:EF:FC:9C:D8:A0:99:13:FC
Certificate issuer:       /CN=A91862140000/serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
Certificate serial:       7EC2FCBF48447C2C6EAA1DA3B336B033EF9F54ED
Authority key identifier: 60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS134129.roa
Signing time:             Mon 30 Mar 2026 02:42:17 +0000
ROA not before:           Mon 30 Mar 2026 02:37:17 +0000
ROA not after:            Mon 29 Mar 2027 02:42:17 +0000
asID:                     134129
IP address blocks:        165.99.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 20 Apr 2026 18:51:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:c2:fc:bf:48:44:7c:2c:6e:aa:1d:a3:b3:36:b0:33:ef:9f:54:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=60F8BE9C16625C424B269EE06C64A83BAB8506D4
        Validity
            Not Before: Mar 30 02:37:17 2026 GMT
            Not After : Mar 29 02:42:17 2027 GMT
        Subject: CN=BD4F0BB05683AC5CAEC20DE3EFFC9CD8A09913FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:72:c1:f6:eb:2e:a0:13:4e:12:67:8d:94:19:
                    7d:1e:2a:a2:da:b5:56:cd:33:00:8f:55:7e:28:36:
                    c1:fa:bb:09:60:cd:48:46:c8:c3:1f:ec:fe:af:a1:
                    1c:5d:fb:f2:a8:6b:1e:d0:2a:1b:80:6d:af:7f:0f:
                    b5:71:29:8d:d4:eb:fa:08:3b:78:0a:41:dd:4c:f1:
                    d3:c2:3c:1b:44:42:55:0c:a5:8a:90:04:b9:31:79:
                    fb:0b:e2:b1:34:70:23:e7:ca:dd:e8:0b:72:af:96:
                    92:d4:ca:2f:31:d2:ae:05:d5:81:f0:35:35:de:4a:
                    72:87:be:56:44:56:24:6f:1a:48:25:63:59:7a:d4:
                    3d:6a:0f:41:3a:ca:52:fa:ae:f5:3b:5a:9a:94:16:
                    64:09:d4:07:0d:54:ff:19:ba:34:56:96:18:26:96:
                    8c:b9:07:f9:b0:50:3a:a6:4b:b8:60:25:5e:97:c6:
                    40:34:35:c4:1a:27:2a:de:ed:44:37:ed:ec:b7:a3:
                    d1:30:ff:68:bb:fd:d2:8a:01:ec:ba:f7:0e:55:91:
                    36:18:19:c1:61:81:1d:72:aa:18:ee:27:9d:6a:90:
                    a3:11:1f:06:9b:12:0a:5f:37:25:73:77:48:e8:c7:
                    37:05:3a:67:18:15:1b:3d:45:ad:bf:6c:a3:0d:cc:
                    d5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:4F:0B:B0:56:83:AC:5C:AE:C2:0D:E3:EF:FC:9C:D8:A0:99:13:FC
            X509v3 Authority Key Identifier:
                keyid:60:F8:BE:9C:16:62:5C:42:4B:26:9E:E0:6C:64:A8:3B:AB:85:06:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/60F8BE9C16625C424B269EE06C64A83BAB8506D4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/YPi-nBZiXEJLJp7gbGSoO6uFBtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/1/AS134129.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:99:ab:84:cd:8c:97:d8:d2:06:2b:8d:8b:d1:c8:04:97:59:
         97:62:a8:94:cb:da:60:39:01:53:22:16:29:83:cd:ac:a1:d8:
         6f:f3:f5:e8:81:6d:fa:5f:ed:e8:e4:db:9b:0c:45:1a:29:82:
         ea:3e:39:24:ed:18:a8:fd:d7:b0:b5:91:47:87:33:2f:94:ba:
         82:32:bd:b7:b8:0a:29:5a:66:21:64:a5:92:13:f5:c0:cd:12:
         7b:aa:a3:8d:fa:6a:9b:61:0b:0e:34:75:eb:d5:93:34:f3:c4:
         fb:4a:af:2c:47:d8:83:f3:58:f8:16:1f:68:7e:5d:1a:7b:7a:
         7d:32:ce:8b:d7:40:9c:e6:3b:31:fc:de:fb:3c:16:ad:4e:8e:
         1f:0c:46:93:90:d6:f8:1b:03:a9:33:e7:27:d9:3e:27:56:4b:
         47:7c:a4:76:11:fa:3d:4a:91:77:bf:7f:cb:db:52:0f:13:dd:
         b0:4a:17:0c:64:1b:9d:0f:7a:33:1b:6e:5a:61:a5:cd:f9:cf:
         39:d8:77:ce:95:bf:ca:da:07:46:b0:75:d0:12:24:7b:92:d8:
         f3:93:76:cf:4d:57:b3:2a:16:5d:be:b3:42:37:7a:a7:f5:10:
         d7:1a:e4:1f:a2:21:58:bc:2c:1f:9c:88:fb:c9:38:69:c5:68:
         f0:cd:d0:7b
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUfsL8v0hEfCxuqh2jszawM++fVO0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg2MEY4QkU5QzE2
NjI1QzQyNEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0MB4XDTI2MDMzMDAyMzcxN1oX
DTI3MDMyOTAyNDIxN1owMzExMC8GA1UEAxMoQkQ0RjBCQjA1NjgzQUM1Q0FFQzIw
REUzRUZGQzlDRDhBMDk5MTNGQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9ywfbrLqATThJnjZQZfR4qotq1Vs0zAI9Vfig2wfq7CWDNSEbIwx/s/q+h
HF378qhrHtAqG4Btr38PtXEpjdTr+gg7eApB3Uzx08I8G0RCVQylipAEuTF5+wvi
sTRwI+fK3egLcq+WktTKLzHSrgXVgfA1Nd5Kcoe+VkRWJG8aSCVjWXrUPWoPQTrK
Uvqu9TtampQWZAnUBw1U/xm6NFaWGCaWjLkH+bBQOqZLuGAlXpfGQDQ1xBonKt7t
RDft7Lej0TD/aLv90ooB7Lr3DlWRNhgZwWGBHXKqGO4nnWqQoxEfBpsSCl83JXN3
SOjHNwU6ZxgVGz1Frb9sow3M1YECAwEAAaOCAdAwggHMMB0GA1UdDgQWBBS9Twuw
VoOsXK7CDePv/JzYoJkT/DAfBgNVHSMEGDAWgBRg+L6cFmJcQksmnuBsZKg7q4UG
1DAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS82MEY4QkU5QzE2NjI1QzQy
NEIyNjlFRTA2QzY0QTgzQkFCODUwNkQ0LmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CM0Ey
NEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9ZUGktbkJaaVhFSkxKcDdnYkdT
b082dUZCdFEuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMS9BUzEzNDEyOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAaVjwDANBgkqhkiG9w0BAQsFAAOCAQEAK5mrhM2Ml9jSBiuNi9HI
BJdZl2KolMvaYDkBUyIWKYPNrKHYb/P16IFt+l/t6OTbmwxFGimC6j45JO0YqP3X
sLWRR4czL5S6gjK9t7gKKVpmIWSlkhP1wM0Se6qjjfpqm2ELDjR169WTNPPE+0qv
LEfYg/NY+BYfaH5dGnt6fTLOi9dAnOY7Mfze+zwWrU6OHwxGk5DW+BsDqTPnJ9k+
J1ZLR3ykdhH6PUqRd79/y9tSDxPdsEoXDGQbnQ96MxtuWmGlzfnPOdh3zpW/ytoH
RrB10BIke5LY85N2z01XsyoWXb6zQjd6p/UQ1xrkH6IhWLwsH5yI+8k4acVo8M3Q
ew==
-----END CERTIFICATE-----