Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136445.roa
File:                     AS136445.roa (raw, json)
Hash identifier:          hhMF0WP6VArG1SrPeAn7vpVe5JPRFGg+BsS5lucUAEk=
Subject key identifier:   BF:6D:48:6C:2E:4D:B5:A8:18:01:3A:89:35:5F:C3:53:2F:2E:3D:3B
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       2B176BCAD850A8051F0DD29A4809EC9C72ED9283
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136445.roa
Signing time:             Tue 08 Jul 2025 02:40:06 +0000
ROA not before:           Tue 08 Jul 2025 02:35:06 +0000
ROA not after:            Tue 07 Jul 2026 02:40:06 +0000
asID:                     136445
IP address blocks:        163.227.224.0/24 maxlen: 24
                          2001:df5:7dc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 24 Jul 2025 00:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:17:6b:ca:d8:50:a8:05:1f:0d:d2:9a:48:09:ec:9c:72:ed:92:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Jul  8 02:35:06 2025 GMT
            Not After : Jul  7 02:40:06 2026 GMT
        Subject: CN=BF6D486C2E4DB5A818013A89355FC3532F2E3D3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c6:a0:53:b0:aa:ad:d4:e7:44:5c:9c:75:1d:
                    41:47:07:79:ea:c1:88:fd:76:2f:07:cf:a3:66:9b:
                    56:11:82:ce:89:6c:7c:e7:10:e5:e5:46:9c:7f:41:
                    f4:38:0b:fc:f9:fa:e6:4e:81:17:ec:e7:76:e2:4b:
                    b7:bc:6f:94:e8:ce:3e:9a:a1:f5:dd:94:48:ea:f0:
                    b8:42:3e:03:f0:e2:af:1d:63:b4:6e:8b:79:7c:be:
                    51:f8:42:34:d4:4f:a1:5e:94:c9:8d:3c:70:52:84:
                    25:1c:6a:10:de:1c:35:db:25:07:36:b3:36:eb:04:
                    05:68:69:9e:05:93:61:a2:4f:e3:70:c8:92:14:e7:
                    4e:5e:5c:59:c4:50:fe:25:80:3e:1f:91:ef:06:46:
                    f0:89:17:61:ec:a4:13:49:db:f4:07:20:8b:bc:0d:
                    03:13:3d:f1:76:63:6a:9c:02:06:0c:02:67:86:85:
                    1e:94:82:a2:74:b9:bc:2e:50:3b:de:ec:a9:b4:de:
                    8b:8b:91:01:c3:4c:d8:72:34:a4:56:76:8e:0a:7a:
                    b9:12:fc:fa:05:2b:89:60:f4:57:4c:00:62:e1:6f:
                    ea:15:c6:e8:94:82:cf:6b:5c:4c:08:86:91:19:f7:
                    41:c7:56:18:18:85:1d:9d:8d:b5:00:80:5f:66:b9:
                    bd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6D:48:6C:2E:4D:B5:A8:18:01:3A:89:35:5F:C3:53:2F:2E:3D:3B
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.227.224.0/24
                IPv6:
                  2001:df5:7dc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:7f:c1:12:ef:ed:33:e5:ef:1d:99:eb:46:f8:89:fb:46:d4:
         60:34:33:47:f0:aa:6b:b5:1d:0a:e0:8a:f9:58:97:c2:6c:4a:
         f9:c7:80:d2:4c:41:b4:d4:0a:45:b8:57:8a:70:45:a0:03:aa:
         1a:fe:54:2e:91:dc:0b:35:d5:aa:4d:94:8e:06:78:69:35:50:
         63:b1:c2:ab:c5:06:34:fb:f3:42:8c:a6:97:e0:12:ea:4f:04:
         aa:c6:83:ae:83:55:22:b7:cc:a1:59:fb:7e:36:b1:6d:bf:c7:
         7d:c9:b6:f4:75:cf:12:a1:c2:9e:19:8c:d0:b2:84:1e:e9:83:
         60:ff:f9:5e:ad:22:5a:36:9e:49:1e:c4:3a:38:e5:66:5c:76:
         4b:45:f8:a1:04:bc:43:a8:4c:98:6b:4c:c1:4a:c6:e8:36:06:
         08:29:e7:2e:b2:ea:e8:00:5b:61:c3:74:42:4e:a1:16:96:80:
         f4:07:1e:35:2d:31:01:52:b0:38:6f:1d:14:17:92:92:e8:7b:
         46:5a:95:31:86:37:a7:33:8d:af:60:54:69:ff:d2:a9:3e:01:
         18:4d:92:4f:a4:76:0a:b1:85:76:03:b6:83:98:fc:68:68:6b:
         c9:ce:6a:47:f1:c1:18:9a:db:01:78:e4:86:f6:f3:a4:89:1d:
         cc:b3:ea:96
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIUKxdrythQqAUfDdKaSAnsnHLtkoMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MDcwODAyMzUwNloX
DTI2MDcwNzAyNDAwNlowMzExMC8GA1UEAxMoQkY2RDQ4NkMyRTREQjVBODE4MDEz
QTg5MzU1RkMzNTMyRjJFM0QzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnGoFOwqq3U50RcnHUdQUcHeerBiP12LwfPo2abVhGCzolsfOcQ5eVGnH9B
9DgL/Pn65k6BF+znduJLt7xvlOjOPpqh9d2USOrwuEI+A/Dirx1jtG6LeXy+UfhC
NNRPoV6UyY08cFKEJRxqEN4cNdslBzazNusEBWhpngWTYaJP43DIkhTnTl5cWcRQ
/iWAPh+R7wZG8IkXYeykE0nb9Acgi7wNAxM98XZjapwCBgwCZ4aFHpSConS5vC5Q
O97sqbTei4uRAcNM2HI0pFZ2jgp6uRL8+gUriWD0V0wAYuFv6hXG6JSCz2tcTAiG
kRn3QcdWGBiFHZ2NtQCAX2a5vX0CAwEAAaOCAeEwggHdMB0GA1UdDgQWBBS/bUhs
Lk21qBgBOok1X8NTLy49OzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzNjQ0NS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8w
DAQCAAEwBgMEAKPj4DAPBAIAAjAJAwcAIAEN9X3AMA0GCSqGSIb3DQEBCwUAA4IB
AQB0f8ES7+0z5e8dmetG+In7RtRgNDNH8KprtR0K4Ir5WJfCbEr5x4DSTEG01ApF
uFeKcEWgA6oa/lQukdwLNdWqTZSOBnhpNVBjscKrxQY0+/NCjKaX4BLqTwSqxoOu
g1Uit8yhWft+NrFtv8d9ybb0dc8SocKeGYzQsoQe6YNg//lerSJaNp5JHsQ6OOVm
XHZLRfihBLxDqEyYa0zBSsboNgYIKecusuroAFthw3RCTqEWloD0Bx41LTEBUrA4
bx0UF5KS6HtGWpUxhjenM42vYFRp/9KpPgEYTZJPpHYKsYV2A7aDmPxoaGvJzmpH
8cEYmtsBeOSG9vOkiR3Ms+qW
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:56:31 2025 by rpki-client