Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136844.roa
File:                     AS136844.roa (raw, json)
Hash identifier:          8OuccDY91Sn9ytDEWqIaYjOswGFqX+UyGZdrGbiwR7M=
Subject key identifier:   80:59:DF:2F:F1:5C:BD:C5:73:11:D6:AA:38:E6:16:7F:51:45:D2:97
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       06BD977957DCBA32A6D78BC4F30F715B8D72B1BF
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136844.roa
Signing time:             Tue 14 Oct 2025 03:00:00 +0000
ROA not before:           Tue 14 Oct 2025 02:55:00 +0000
ROA not after:            Tue 13 Oct 2026 03:00:00 +0000
asID:                     136844
IP address blocks:        103.100.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Oct 2025 14:07:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:bd:97:79:57:dc:ba:32:a6:d7:8b:c4:f3:0f:71:5b:8d:72:b1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000, serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Oct 14 02:55:00 2025 GMT
            Not After : Oct 13 03:00:00 2026 GMT
        Subject: CN=8059DF2FF15CBDC57311D6AA38E6167F5145D297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:af:96:20:bd:6d:20:0c:19:27:6a:bf:e2:f9:
                    1a:ec:8a:a3:ff:60:49:2e:2f:76:8c:aa:73:ac:04:
                    a2:2d:6a:57:5a:aa:8d:e6:40:0e:2f:e2:ee:4c:1d:
                    ca:53:f7:41:9c:d7:31:2b:ff:83:3b:29:f0:74:42:
                    b2:49:ab:52:74:0c:e1:a4:b0:60:b6:01:fd:ec:8e:
                    95:ed:e5:97:5b:22:e9:f8:5b:b4:20:43:15:c3:90:
                    ad:18:db:76:d7:22:72:24:19:f5:d6:a7:75:bb:c1:
                    31:b7:d7:c5:7a:ec:d6:7f:f5:07:93:80:22:67:3e:
                    81:31:b7:1b:e5:67:52:1c:ad:2d:fb:3d:ec:47:72:
                    bc:44:6b:dc:aa:1a:a4:b3:52:16:46:35:1d:78:eb:
                    c7:ea:37:80:1d:bc:74:32:b0:9d:5f:7b:57:c9:90:
                    8e:98:ed:5a:58:79:23:83:8c:4f:aa:bd:87:7b:ee:
                    41:15:b0:18:99:91:bc:8a:c0:f9:36:c5:ef:0d:71:
                    28:75:4d:60:5b:42:63:31:ce:94:82:13:6f:21:03:
                    e9:56:4a:34:0e:bd:ed:84:af:23:72:e8:77:93:70:
                    0b:0e:b3:9b:d6:c7:c8:00:67:db:4f:52:82:86:ef:
                    43:64:bb:9f:06:f9:88:20:04:61:79:ad:a3:2c:c5:
                    79:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:59:DF:2F:F1:5C:BD:C5:73:11:D6:AA:38:E6:16:7F:51:45:D2:97
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/AS136844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:81:44:59:4b:f9:f3:24:77:b4:33:c6:4b:c0:5b:d6:77:93:
         33:38:98:6a:5c:e0:f2:5f:4e:bf:4e:38:bd:74:95:a5:ea:90:
         90:f3:b2:66:5d:88:20:6e:3d:c3:a5:19:d1:65:cb:87:c8:4e:
         98:aa:58:1a:88:ba:8d:0d:46:37:a9:f4:80:99:5d:d8:4d:a0:
         05:da:2f:84:2e:82:15:a0:04:6b:0e:5f:aa:16:39:55:6a:d8:
         ee:e8:ad:c7:6e:28:1d:17:02:7c:c2:ea:64:d3:36:83:2c:14:
         16:8c:4b:72:eb:1d:0f:c6:9b:cf:25:43:76:6f:1a:04:81:c3:
         56:16:a5:f8:1d:f1:a2:dc:c9:9d:64:bf:3c:5c:46:4f:10:91:
         06:c7:64:06:2e:5a:b0:78:cc:04:87:18:7c:94:c2:57:35:db:
         a6:75:93:bb:cb:08:78:dc:3a:a6:49:6a:1d:43:e8:64:9d:c1:
         ca:de:ae:7c:d9:91:3e:ff:50:16:72:a1:5d:2e:b8:9f:c7:74:
         62:29:37:44:55:df:2e:8e:a9:88:62:81:2b:b8:ad:d0:0f:dc:
         50:ff:5f:af:b8:a0:b2:e5:bc:99:0b:71:72:64:4f:58:36:32:
         4e:0c:6c:97:9e:2c:43:e4:cc:24:5b:a2:b3:e0:18:1f:33:bd:
         ed:bd:d2:3d
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgIUBr2XeVfcujKm14vE8w9xW41ysb8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTI1MTAxNDAyNTUwMFoX
DTI2MTAxMzAzMDAwMFowMzExMC8GA1UEAxMoODA1OURGMkZGMTVDQkRDNTczMTFE
NkFBMzhFNjE2N0Y1MTQ1RDI5NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM+vliC9bSAMGSdqv+L5GuyKo/9gSS4vdoyqc6wEoi1qV1qqjeZADi/i7kwd
ylP3QZzXMSv/gzsp8HRCskmrUnQM4aSwYLYB/eyOle3ll1si6fhbtCBDFcOQrRjb
dtciciQZ9dandbvBMbfXxXrs1n/1B5OAImc+gTG3G+VnUhytLfs97EdyvERr3Koa
pLNSFkY1HXjrx+o3gB28dDKwnV97V8mQjpjtWlh5I4OMT6q9h3vuQRWwGJmRvIrA
+TbF7w1xKHVNYFtCYzHOlIITbyED6VZKNA697YSvI3Lod5NwCw6zm9bHyABn209S
gobvQ2S7nwb5iCAEYXmtoyzFeW8CAwEAAaOCAdAwggHMMB0GA1UdDgQWBBSAWd8v
8Vy9xXMR1qo45hZ/UUXSlzAfBgNVHSMEGDAWgBS6j3fSHlj+nJOaa3DiWFYX4YM3
azAOBgNVHQ8BAf8EBAMCB4AwaQYDVR0fBGIwYDBeoFygWoZYcnN5bmM6Ly9yZXBv
LXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9CQThGNzdEMjFFNThGRTlD
OTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCLmNybDB+BggrBgEFBQcBAQRyMHAwbgYI
KwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3
RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi91bzkzMGg1WV9weVRtbXR3NGxo
V0YtR0ROMnMuY2VyMFQGCCsGAQUFBwELBEgwRjBEBggrBgEFBQcwC4Y4cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vSUROSUMtSUQvMi9BUzEzNjg0NC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4w
DAQCAAEwBgMEAGdkwTANBgkqhkiG9w0BAQsFAAOCAQEAZYFEWUv58yR3tDPGS8Bb
1neTMziYalzg8l9Ov044vXSVpeqQkPOyZl2IIG49w6UZ0WXLh8hOmKpYGoi6jQ1G
N6n0gJld2E2gBdovhC6CFaAEaw5fqhY5VWrY7uitx24oHRcCfMLqZNM2gywUFoxL
cusdD8abzyVDdm8aBIHDVhal+B3xotzJnWS/PFxGTxCRBsdkBi5asHjMBIcYfJTC
VzXbpnWTu8sIeNw6pklqHUPoZJ3Byt6ufNmRPv9QFnKhXS64n8d0Yik3RFXfLo6p
iGKBK7it0A/cUP9fr7igsuW8mQtxcmRPWDYyTgxsl54sQ+TMJFuis+AYHzO97b3S
PQ==
-----END CERTIFICATE-----