Route Origin Authorization

$ rpki-client -vvf rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa
File:                     AS9228.roa (raw, json)
Hash identifier:          Pg+w78J+5OT9CWmeDDYgpvo0nlelvOj9feQ0Htpovv8=
Subject key identifier:   43:68:FA:31:3E:47:13:C6:1D:29:06:11:6B:38:8E:AA:07:7B:24:6A
Certificate issuer:       /CN=A91862140000/serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
Certificate serial:       5E93BCF74DD81E2D10F59984386AE7A5B6993425
Authority key identifier: 41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
Subject info access:      rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa
Signing time:             Mon 18 May 2026 03:35:48 +0000
ROA not before:           Mon 18 May 2026 03:30:48 +0000
ROA not after:            Mon 17 May 2027 03:35:48 +0000
asID:                     9228
IP address blocks:        203.77.224.0/19 maxlen: 24
                          2401:7d00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl
                          rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 18 Jun 2026 03:08:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:93:bc:f7:4d:d8:1e:2d:10:f5:99:84:38:6a:e7:a5:b6:99:34:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=419A85CDF8A430516946869D1C492037D6BC6E9E
        Validity
            Not Before: May 18 03:30:48 2026 GMT
            Not After : May 17 03:35:48 2027 GMT
        Subject: CN=4368FA313E4713C61D2906116B388EAA077B246A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e4:72:08:bb:a2:ac:e9:43:6e:07:6b:4c:00:
                    6c:21:95:fe:9f:80:3b:59:84:53:79:00:9d:6b:e2:
                    6d:d9:4d:07:06:1e:ce:4b:0a:70:8a:0b:3d:2f:55:
                    03:bc:98:b3:29:a5:db:54:d3:8a:8e:fb:c5:9b:99:
                    b1:97:ea:5b:5f:b5:71:bd:51:e9:c0:2d:a8:6d:df:
                    1c:89:7a:ba:75:96:56:64:b8:fa:47:41:f8:28:09:
                    2d:f5:32:2f:0f:36:c4:f2:d2:39:1c:d5:2e:2e:ee:
                    af:ba:f3:74:fc:ca:a5:8e:8c:76:65:e2:b1:93:c6:
                    4f:a6:e2:72:51:fa:1f:2e:df:fc:66:7e:4b:7b:e2:
                    af:53:e4:75:80:bc:c2:29:2e:3a:fc:4f:a3:de:91:
                    49:e2:1e:1c:b1:2a:85:8b:99:09:c6:3c:46:20:34:
                    b0:33:b6:3b:b4:0a:3a:08:cb:4c:63:b2:28:60:1c:
                    ba:32:fb:02:81:86:5a:0b:e0:0a:7b:4f:3c:06:23:
                    df:f7:76:5e:24:ca:49:19:dc:db:f9:17:0d:41:58:
                    a2:8c:41:02:f7:44:a0:5e:c4:d9:f4:83:8f:5d:f5:
                    2a:f2:55:04:9e:e9:8d:13:dd:1b:a9:eb:66:01:16:
                    de:9e:4e:b9:be:68:30:3f:dc:d8:72:9f:11:d5:4d:
                    4f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:68:FA:31:3E:47:13:C6:1D:29:06:11:6B:38:8E:AA:07:7B:24:6A
            X509v3 Authority Key Identifier:
                keyid:41:9A:85:CD:F8:A4:30:51:69:46:86:9D:1C:49:20:37:D6:BC:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/419A85CDF8A430516946869D1C492037D6BC6E9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QZqFzfikMFFpRoadHEkgN9a8bp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.idnic.net/repo/IDNIC/1/AS9228.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.77.224.0/19
                IPv6:
                  2401:7d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:78:bc:9d:01:92:af:d3:91:79:37:d1:06:f3:a9:78:74:8d:
         3c:f2:91:93:7e:ec:52:bf:e6:a6:4a:a8:02:1c:c8:a4:d5:6a:
         10:e2:39:f3:38:ac:bf:d5:2b:33:c0:7c:12:84:e9:63:da:2d:
         a0:27:94:fc:3e:a4:c2:28:67:d2:89:96:38:00:d7:04:0a:36:
         bf:d0:28:4d:8a:39:f7:12:1c:c9:5b:3e:66:bb:c8:10:39:0b:
         d8:df:11:55:f9:5c:a9:13:1f:24:0e:0b:3f:f9:e7:75:51:d3:
         a4:87:8a:87:92:b5:c7:a9:29:6a:ae:18:6b:88:23:6c:97:f4:
         bc:b9:c9:a1:d5:82:95:b0:ea:eb:54:31:9e:84:53:2f:ec:b5:
         35:ee:ec:55:cd:21:00:53:46:20:07:c4:77:21:ac:96:83:49:
         a1:a9:52:e6:09:7b:8b:1c:d6:13:f8:61:ba:f0:3f:2e:44:f1:
         c9:aa:1a:13:d9:ef:35:14:2a:2a:20:f1:9c:f9:ae:09:e4:73:
         e7:55:ea:dc:85:9f:df:8b:d1:55:e8:ac:84:ac:46:a3:74:86:
         65:b0:a0:9d:29:b2:c7:6c:a7:b0:74:89:a6:64:e6:70:4f:7e:
         de:50:bb:69:48:9c:90:37:5b:18:dc:14:2d:70:14:71:e6:ec:
         e8:86:c9:e5
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUXpO8903YHi0Q9ZmEOGrnpbaZNCUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyg0MTlBODVDREY4
QTQzMDUxNjk0Njg2OUQxQzQ5MjAzN0Q2QkM2RTlFMB4XDTI2MDUxODAzMzA0OFoX
DTI3MDUxNzAzMzU0OFowMzExMC8GA1UEAxMoNDM2OEZBMzEzRTQ3MTNDNjFEMjkw
NjExNkIzODhFQUEwNzdCMjQ2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANvkcgi7oqzpQ24Ha0wAbCGV/p+AO1mEU3kAnWvibdlNBwYezksKcIoLPS9V
A7yYsyml21TTio77xZuZsZfqW1+1cb1R6cAtqG3fHIl6unWWVmS4+kdB+CgJLfUy
Lw82xPLSORzVLi7ur7rzdPzKpY6MdmXisZPGT6biclH6Hy7f/GZ+S3vir1PkdYC8
wikuOvxPo96RSeIeHLEqhYuZCcY8RiA0sDO2O7QKOgjLTGOyKGAcujL7AoGGWgvg
CntPPAYj3/d2XiTKSRnc2/kXDUFYooxBAvdEoF7E2fSDj131KvJVBJ7pjRPdG6nr
ZgEW3p5Oub5oMD/c2HKfEdVNT3kCAwEAAaOCAdkwggHVMB0GA1UdDgQWBBRDaPox
PkcTxh0pBhFrOI6qB3skajAfBgNVHSMEGDAWgBRBmoXN+KQwUWlGhp0cSSA31rxu
njAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0fBGAwXjBcoFqgWIZWcnN5bmM6Ly9ycGtp
LXJzeW5jLmlkbmljLm5ldC9yZXBvL0lETklDLzEvNDE5QTg1Q0RGOEE0MzA1MTY5
NDY4NjlEMUM0OTIwMzdENkJDNkU5RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsG
AQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VG
NTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvUVpxRnpmaWtNRkZwUm9hZEhFa2dO
OWE4YnA0LmNlcjBQBggrBgEFBQcBCwREMEIwQAYIKwYBBQUHMAuGNHJzeW5jOi8v
cnBraS1yc3luYy5pZG5pYy5uZXQvcmVwby9JRE5JQy8xL0FTOTIyOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEw
BgMEBctN4DANBAIAAjAHAwUAJAF9ADANBgkqhkiG9w0BAQsFAAOCAQEACni8nQGS
r9OReTfRBvOpeHSNPPKRk37sUr/mpkqoAhzIpNVqEOI58zisv9UrM8B8EoTpY9ot
oCeU/D6kwihn0omWOADXBAo2v9AoTYo59xIcyVs+ZrvIEDkL2N8RVflcqRMfJA4L
P/nndVHTpIeKh5K1x6kpaq4Ya4gjbJf0vLnJodWClbDq61QxnoRTL+y1Ne7sVc0h
AFNGIAfEdyGsloNJoalS5gl7ixzWE/hhuvA/LkTxyaoaE9nvNRQqKiDxnPmuCeRz
51Xq3IWf34vRVeishKxGo3SGZbCgnSmyx2ynsHSJpmTmcE9+3lC7aUickDdbGNwU
LXAUcebs6IbJ5Q==
-----END CERTIFICATE-----