Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
File:                     3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa (raw, json)
Hash identifier:          UC4fcIxC57X0WQOWt1PA/l9hsi16QhPa9mORMeVjnmM=
Subject key identifier:   F7:4E:76:86:C0:BD:DC:B1:91:A6:38:FE:D1:31:AD:90:25:B0:5A:55
Certificate issuer:       /CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
Certificate serial:       5543FD4D7E8F5F370EFFAEAF9EA3237592C1ADD9
Authority key identifier: D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
Signing time:             Fri 04 Jul 2025 12:05:03 +0000
ROA not before:           Fri 04 Jul 2025 12:00:03 +0000
ROA not after:            Fri 03 Jul 2026 12:05:03 +0000
asID:                     39588
IP address blocks:        194.104.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 02:40:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:43:fd:4d:7e:8f:5f:37:0e:ff:ae:af:9e:a3:23:75:92:c1:ad:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
        Validity
            Not Before: Jul  4 12:00:03 2025 GMT
            Not After : Jul  3 12:05:03 2026 GMT
        Subject: CN=F74E7686C0BDDCB191A638FED131AD9025B05A55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:f3:a2:55:1f:4a:73:81:aa:b4:e4:89:f2:
                    09:be:2d:69:e3:21:23:2d:05:6d:d8:17:4d:aa:d8:
                    b0:cf:c0:9e:96:ff:b3:e2:73:53:7c:e8:e8:62:83:
                    a8:d4:a4:70:a5:74:c1:c8:27:a6:9b:40:fe:eb:0e:
                    34:01:63:ba:86:a0:2c:f9:70:50:dc:fc:f0:ad:f4:
                    fa:cd:80:ce:35:e0:61:42:41:15:77:5e:cd:b0:57:
                    92:61:17:f8:1d:9b:db:7b:bf:e6:0c:ee:ff:20:2e:
                    4f:82:38:0f:84:68:44:67:23:b0:17:d7:1d:52:57:
                    1a:6b:43:22:de:9a:2d:23:b8:5b:cb:31:ad:83:cf:
                    00:40:61:62:bb:89:3c:0c:36:a9:d2:18:f2:b0:97:
                    69:4b:55:df:bb:b3:5f:8e:fd:f0:fb:cd:cf:26:89:
                    1f:a5:ec:c7:1a:e3:e2:fb:1c:3f:9e:e8:a6:f0:a8:
                    6c:96:7e:a5:85:f1:51:71:e4:af:69:d8:21:f9:e6:
                    fa:32:be:3d:67:95:ef:97:38:a2:46:20:78:e0:70:
                    dc:7a:44:fa:54:a2:60:ee:e1:10:98:29:76:5c:60:
                    6c:c9:34:6f:92:12:ed:dd:e4:f2:87:f8:7b:8f:aa:
                    ae:ec:d7:3b:58:43:ad:53:d5:28:97:20:2d:0c:d8:
                    54:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4E:76:86:C0:BD:DC:B1:91:A6:38:FE:D1:31:AD:90:25:B0:5A:55
            X509v3 Authority Key Identifier:
                keyid:D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:7c:3d:2c:1d:91:b4:c7:42:47:2c:bd:48:ca:1f:38:d3:69:
         d6:03:c1:30:1f:f8:5a:cf:72:8b:ec:88:27:3c:20:f4:78:a8:
         70:cd:d1:3a:a5:5b:3c:de:24:e3:51:42:4c:9b:9d:44:52:55:
         06:37:fc:b8:1d:a8:a5:11:58:4d:6b:51:7d:b4:d1:de:7c:51:
         6b:b1:5e:97:d5:34:e4:f3:85:8f:45:8a:ae:b3:ee:72:45:5d:
         e7:4d:80:74:a6:e5:6e:4e:01:6f:49:fe:4e:d3:3c:8b:68:d1:
         7a:1e:b7:f5:2b:80:47:2a:8f:7c:d8:2b:57:61:c5:73:f7:89:
         0a:c5:bc:71:bc:40:d7:e3:39:07:68:1c:05:05:14:df:58:67:
         6f:21:d3:9f:cc:4e:ce:8e:74:f4:e3:7a:5a:21:bd:cc:b1:4a:
         11:68:1d:4a:16:a9:9b:b4:01:1d:59:76:ae:80:aa:5a:f3:e2:
         b7:e8:d1:f2:59:26:40:5c:bc:ba:da:e3:17:3c:7b:0c:0e:92:
         81:f7:05:3e:5c:6d:94:85:21:af:47:05:c1:ac:2b:01:83:e1:
         20:69:c8:c2:e7:c7:1e:b9:d0:af:c2:88:b5:20:d3:9b:aa:8d:
         f0:c1:1d:6a:54:10:a2:6e:89:93:90:50:09:f9:cc:13:58:14:
         fa:7f:32:fa
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUVUP9TX6PXzcO/66vnqMjdZLBrdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQwNTgxY2E5ZGRhY2E5ZTExMDE2NWIxMWRkMjgyMGRk
N2Y1MzJjMDAeFw0yNTA3MDQxMjAwMDNaFw0yNjA3MDMxMjA1MDNaMDMxMTAvBgNV
BAMTKEY3NEU3Njg2QzBCRERDQjE5MUE2MzhGRUQxMzFBRDkwMjVCMDVBNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxvOiVR9Kc4GqtOSJ8gm+LWnj
ISMtBW3YF02q2LDPwJ6W/7Pic1N86Ohig6jUpHCldMHIJ6abQP7rDjQBY7qGoCz5
cFDc/PCt9PrNgM414GFCQRV3Xs2wV5JhF/gdm9t7v+YM7v8gLk+COA+EaERnI7AX
1x1SVxprQyLemi0juFvLMa2DzwBAYWK7iTwMNqnSGPKwl2lLVd+7s1+O/fD7zc8m
iR+l7Mca4+L7HD+e6KbwqGyWfqWF8VFx5K9p2CH55voyvj1nle+XOKJGIHjgcNx6
RPpUomDu4RCYKXZcYGzJNG+SEu3d5PKH+HuPqq7s1ztYQ61T1SiXIC0M2FQ1AgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQU9052hsC93LGRpjj+0TGtkCWwWlUwHwYDVR0j
BBgwFoAU1AWByp3ayp4RAWWxHdKCDdf1MsAwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzEvRDQwNTgxQ0E5RERBQ0E5RTExMDE2NUIxMUREMjgy
MEREN0Y1MzJDMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFBV0J5cDNheXA0
UkFXV3hIZEtDRGRmMU1zQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzEvMzEzOTM0MmUzMTMwMzQyZTMxMzAzODJlMzAyZjMyMzMyZDMyMzMy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCaGwwDQYJKoZIhvcNAQELBQAD
ggEBAJJ8PSwdkbTHQkcsvUjKHzjTadYDwTAf+FrPcovsiCc8IPR4qHDN0TqlWzze
JONRQkybnURSVQY3/LgdqKURWE1rUX200d58UWuxXpfVNOTzhY9Fiq6z7nJFXedN
gHSm5W5OAW9J/k7TPIto0Xoet/UrgEcqj3zYK1dhxXP3iQrFvHG8QNfjOQdoHAUF
FN9YZ28h05/MTs6OdPTjelohvcyxShFoHUoWqZu0AR1Zdq6Aqlrz4rfo0fJZJkBc
vLra4xc8ewwOkoH3BT5cbZSFIa9HBcGsKwGD4SBpyMLnxx650K/CiLUg05uqjfDB
HWpUEKJuiZOQUAn5zBNYFPp/Mvo=
-----END CERTIFICATE-----