Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS140454.roa
File:                     AS140454.roa (raw, json)
Hash identifier:          K7w8MpykQZ0a+Pn9/KJI2ZdR16ZLLz7b64lUhQh9TTY=
Subject key identifier:   27:1D:45:09:B3:CE:F0:84:32:1F:68:D2:D4:0B:97:A5:5A:68:B0:A0
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       4E03B4301F6BC9F0F6467FECA6614A662CBB0BE9
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140454.roa
Signing time:             Thu 04 Jun 2026 07:47:07 +0000
ROA not before:           Thu 04 Jun 2026 07:42:07 +0000
ROA not after:            Thu 03 Jun 2027 07:47:07 +0000
asID:                     140454
IP address blocks:        103.153.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 03:08:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:03:b4:30:1f:6b:c9:f0:f6:46:7f:ec:a6:61:4a:66:2c:bb:0b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: Jun  4 07:42:07 2026 GMT
            Not After : Jun  3 07:47:07 2027 GMT
        Subject: CN=271D4509B3CEF084321F68D2D40B97A55A68B0A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4b:e3:cf:99:37:88:77:6b:46:cb:01:ab:39:
                    42:9f:fd:8b:45:a6:77:90:be:69:07:9b:54:d0:38:
                    3d:d8:45:45:25:6c:1a:55:7c:ae:fa:2a:3f:26:74:
                    17:13:72:08:2e:af:eb:19:2b:fb:66:a4:f6:cc:e0:
                    b7:9b:2b:5f:15:f1:e5:8e:67:82:d9:4c:03:e7:74:
                    21:1f:53:56:c3:f3:de:56:a0:6a:f4:61:e6:a8:87:
                    48:fe:fa:5f:d4:f7:02:12:1d:50:ce:c1:72:bc:0b:
                    7e:96:95:f9:50:90:4b:45:ff:f9:a2:77:79:f2:53:
                    70:44:12:60:0b:7b:db:0b:e2:a4:dc:a0:36:24:47:
                    40:3f:8b:6e:bc:20:18:20:ce:a7:1e:f3:83:2e:46:
                    c9:d8:8a:2b:c9:88:b6:97:8d:b4:6a:0f:1b:0e:86:
                    3f:76:ce:4b:75:c3:58:8b:ee:78:08:95:7c:a3:41:
                    d4:49:0f:0a:a1:41:00:8d:d8:af:91:dd:c4:ca:24:
                    f2:88:71:c5:8a:20:7c:91:47:ee:5a:74:06:ca:29:
                    62:3e:41:d4:95:71:f6:52:8d:1f:9e:80:43:21:d4:
                    8f:12:97:4a:41:bd:90:e5:29:0b:54:aa:c1:63:02:
                    35:47:f9:e7:58:05:42:ac:c6:ff:c8:83:fb:e8:17:
                    3d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1D:45:09:B3:CE:F0:84:32:1F:68:D2:D4:0B:97:A5:5A:68:B0:A0
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS140454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:7f:38:0b:ff:3e:fb:c0:e8:cc:8d:70:04:d1:20:45:34:65:
         0a:d6:2f:1f:f9:57:29:37:85:ff:53:bd:63:a9:2f:42:be:18:
         6c:62:f6:13:74:82:af:f3:df:63:b0:4f:d7:d5:1a:ab:33:3a:
         5d:ed:8c:32:7a:6b:cd:68:19:eb:e4:65:fc:5f:c8:0b:35:c4:
         26:8d:80:96:c0:ca:bc:5d:d9:f5:6a:85:c2:23:23:ec:46:2d:
         a6:2e:ae:c1:29:d4:c8:1a:48:e6:a1:f0:cb:a9:38:ab:80:44:
         ac:b9:f3:c3:f0:71:34:2f:5b:56:6e:81:fa:1f:70:38:c8:f7:
         da:8d:da:08:bf:bd:8a:96:c6:c1:89:d3:1c:73:67:9a:4e:4a:
         61:e8:ff:c4:15:c9:5f:44:fb:b2:09:8b:11:f3:99:8d:07:79:
         9a:e8:6a:34:c9:4d:b2:b1:75:c5:e7:a1:12:c1:b9:d8:8c:28:
         33:87:f8:fc:3d:ed:b0:6c:64:5a:0a:52:6d:59:2d:55:7f:64:
         26:92:95:87:e6:d3:25:be:72:59:61:61:5e:5a:48:f0:87:5b:
         9c:7e:ce:70:c6:04:81:88:01:b0:da:c6:d4:dc:fa:99:a6:2d:
         8d:12:6b:9d:92:be:59:57:03:68:4d:9e:fb:9f:f7:6a:1b:23:
         2d:ed:1d:39
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIUTgO0MB9ryfD2Rn/spmFKZiy7C+kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDYwNDA3NDIwN1oX
DTI3MDYwMzA3NDcwN1owMzExMC8GA1UEAxMoMjcxRDQ1MDlCM0NFRjA4NDMyMUY2
OEQyRDQwQjk3QTU1QTY4QjBBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFL48+ZN4h3a0bLAas5Qp/9i0Wmd5C+aQebVNA4PdhFRSVsGlV8rvoqPyZ0
FxNyCC6v6xkr+2ak9szgt5srXxXx5Y5ngtlMA+d0IR9TVsPz3lagavRh5qiHSP76
X9T3AhIdUM7BcrwLfpaV+VCQS0X/+aJ3efJTcEQSYAt72wvipNygNiRHQD+Lbrwg
GCDOpx7zgy5GydiKK8mItpeNtGoPGw6GP3bOS3XDWIvueAiVfKNB1EkPCqFBAI3Y
r5HdxMok8ohxxYogfJFH7lp0BsopYj5B1JVx9lKNH56AQyHUjxKXSkG9kOUpC1Sq
wWMCNUf551gFQqzG/8iD++gXPZkCAwEAAaOCAcwwggHIMB0GA1UdDgQWBBQnHUUJ
s87whDIfaNLUC5elWmiwoDAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBSBggrBgEFBQcBCwRGMEQwQgYIKwYBBQUHMAuGNnJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTMTQwNDU0LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIA
ATAGAwQAZ5koMA0GCSqGSIb3DQEBCwUAA4IBAQCAfzgL/z77wOjMjXAE0SBFNGUK
1i8f+VcpN4X/U71jqS9CvhhsYvYTdIKv899jsE/X1RqrMzpd7YwyemvNaBnr5GX8
X8gLNcQmjYCWwMq8Xdn1aoXCIyPsRi2mLq7BKdTIGkjmofDLqTirgESsufPD8HE0
L1tWboH6H3A4yPfajdoIv72KlsbBidMcc2eaTkph6P/EFclfRPuyCYsR85mNB3ma
6Go0yU2ysXXF56ESwbnYjCgzh/j8Pe2wbGRaClJtWS1Vf2QmkpWH5tMlvnJZYWFe
Wkjwh1ucfs5wxgSBiAGw2sbU3PqZpi2NEmudkr5ZVwNoTZ77n/dqGyMt7R05
-----END CERTIFICATE-----