Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS133039.roa
File:                     AS133039.roa (raw, json)
Hash identifier:          Th3M/o5g7m4YksYFFbOCaWlEhKjJyPUqHJQbiuYYgDk=
Subject key identifier:   41:B4:0F:2F:7B:B2:0E:4A:D6:80:68:43:60:89:D5:44:86:C9:90:2F
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       2C08996794397B0025856BF5B201A81C04AA9296
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS133039.roa
Signing time:             Mon 18 May 2026 03:44:06 +0000
ROA not before:           Mon 18 May 2026 03:39:06 +0000
ROA not after:            Mon 17 May 2027 03:44:06 +0000
asID:                     133039
IP address blocks:        2001:df6:5e40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 03:08:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:08:99:67:94:39:7b:00:25:85:6b:f5:b2:01:a8:1c:04:aa:92:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May 18 03:39:06 2026 GMT
            Not After : May 17 03:44:06 2027 GMT
        Subject: CN=41B40F2F7BB20E4AD68068436089D54486C9902F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e8:b2:a8:18:29:dd:2f:80:a1:e5:32:43:a3:
                    30:92:76:3f:67:fa:00:2d:12:0b:ab:48:09:57:56:
                    0c:dc:c2:20:d2:df:01:34:56:69:50:33:e3:2e:ad:
                    12:18:e4:8f:a7:27:40:50:13:79:2d:3a:e5:6e:b8:
                    cd:75:47:85:79:3d:db:84:cc:f6:b2:87:13:c1:df:
                    15:e2:f9:dc:df:32:40:a6:3e:93:cf:03:45:6e:f9:
                    0e:ea:38:26:f9:f6:2d:79:33:8e:ea:14:82:66:89:
                    81:fe:f3:26:25:8b:70:e5:91:e1:f4:b8:49:d5:9e:
                    5f:d7:9f:6a:d4:34:c5:c2:2e:7f:e8:24:f0:97:73:
                    8b:58:bb:4b:30:aa:de:ad:31:b3:14:df:5f:ea:18:
                    fe:e8:75:23:62:97:b1:91:e9:52:c8:24:4f:9f:65:
                    79:85:85:81:ec:98:f5:bd:8c:ad:53:bd:79:02:4f:
                    88:8d:61:0e:bf:71:af:c2:e3:69:a1:95:c0:08:18:
                    73:84:e0:f2:38:2a:17:19:f8:81:25:c3:ac:33:87:
                    2d:c6:e8:05:dd:de:b6:0e:e5:e9:13:12:bf:08:12:
                    89:15:2f:f7:61:88:c3:5c:43:95:73:4a:f1:d7:79:
                    34:15:c0:90:f8:99:ce:7c:87:59:cc:a5:7a:c1:82:
                    e8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B4:0F:2F:7B:B2:0E:4A:D6:80:68:43:60:89:D5:44:86:C9:90:2F
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS133039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df6:5e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:21:b2:39:18:92:c8:44:da:f0:08:ac:1a:2c:c3:70:2e:08:
         23:d3:55:43:a4:6f:77:01:fa:52:4a:47:13:f8:9d:f7:a9:08:
         ec:d9:49:87:b3:e6:55:e6:15:e9:90:e3:9c:6c:2e:b8:fd:d4:
         f8:a9:e9:20:3c:30:cd:6a:c2:e7:62:ff:11:03:a4:42:fc:58:
         3c:3d:15:ae:08:a2:cc:8e:b0:fc:a4:f8:a0:9e:e2:ab:19:4f:
         f1:f3:1b:0b:0e:aa:19:52:64:dc:55:bb:9c:d2:21:12:48:3a:
         5e:39:3a:58:94:24:69:d1:70:e9:23:22:29:d1:c3:f6:33:06:
         c0:6d:31:18:cb:87:cb:94:6b:cd:7f:f4:c1:c0:87:91:c4:39:
         d4:75:71:69:4a:35:df:fe:15:2b:d7:8d:f3:c0:7c:4c:04:87:
         3f:d9:fd:dd:9c:d6:f8:d1:83:d7:97:20:42:24:a4:11:c7:a4:
         e3:5f:fa:2d:ef:46:91:4a:b5:37:e5:23:f6:e0:3d:dc:af:b6:
         d4:72:64:51:f7:b0:1e:03:c2:6d:df:de:5a:cf:fe:9a:6d:52:
         1b:53:89:b1:bc:95:79:f4:97:d7:d6:52:2f:06:7e:95:a8:0d:
         36:57:4c:f2:3c:e4:6f:c9:c8:ed:10:9e:35:94:00:27:ca:81:
         10:31:1a:23
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIULAiZZ5Q5ewAlhWv1sgGoHASqkpYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUxODAzMzkwNloX
DTI3MDUxNzAzNDQwNlowMzExMC8GA1UEAxMoNDFCNDBGMkY3QkIyMEU0QUQ2ODA2
ODQzNjA4OUQ1NDQ4NkM5OTAyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPosqgYKd0vgKHlMkOjMJJ2P2f6AC0SC6tICVdWDNzCINLfATRWaVAz4y6t
Ehjkj6cnQFATeS065W64zXVHhXk924TM9rKHE8HfFeL53N8yQKY+k88DRW75Duo4
Jvn2LXkzjuoUgmaJgf7zJiWLcOWR4fS4SdWeX9efatQ0xcIuf+gk8Jdzi1i7SzCq
3q0xsxTfX+oY/uh1I2KXsZHpUsgkT59leYWFgeyY9b2MrVO9eQJPiI1hDr9xr8Lj
aaGVwAgYc4Tg8jgqFxn4gSXDrDOHLcboBd3etg7l6RMSvwgSiRUv92GIw1xDlXNK
8dd5NBXAkPiZznyHWcylesGC6CcCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRBtA8v
e7IOStaAaENgidVEhsmQLzAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTMzMDM5LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAIAEN9l5AMA0GCSqGSIb3DQEBCwUAA4IBAQAVIbI5GJLIRNrwCKwaLMNw
Lggj01VDpG93AfpSSkcT+J33qQjs2UmHs+ZV5hXpkOOcbC64/dT4qekgPDDNasLn
Yv8RA6RC/Fg8PRWuCKLMjrD8pPignuKrGU/x8xsLDqoZUmTcVbuc0iESSDpeOTpY
lCRp0XDpIyIp0cP2MwbAbTEYy4fLlGvNf/TBwIeRxDnUdXFpSjXf/hUr143zwHxM
BIc/2f3dnNb40YPXlyBCJKQRx6TjX/ot70aRSrU35SP24D3cr7bUcmRR97AeA8Jt
395az/6abVIbU4mxvJV59JfX1lIvBn6VqA02V0zyPORvycjtEJ41lAAnyoEQMRoj
-----END CERTIFICATE-----