Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
File:                     3139332e372e3230342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          MmgIyR73WlehdKezTZ7m7o4J8sPfvOsWS399H8z7PMs=
Subject key identifier:   2C:31:63:42:02:85:B1:93:38:D4:6A:6F:88:75:F1:B8:F3:10:3E:22
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       12F3C78D454E981171A545FEFFAB42FA0982EFFD
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 04 Jul 2025 12:05:02 +0000
ROA not before:           Fri 04 Jul 2025 12:00:02 +0000
ROA not after:            Fri 03 Jul 2026 12:05:02 +0000
asID:                     42427
IP address blocks:        193.7.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 14:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f3:c7:8d:45:4e:98:11:71:a5:45:fe:ff:ab:42:fa:09:82:ef:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jul  4 12:00:02 2025 GMT
            Not After : Jul  3 12:05:02 2026 GMT
        Subject: CN=2C3163420285B19338D46A6F8875F1B8F3103E22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b4:ca:e6:9e:0a:60:4b:87:69:e0:14:78:4a:
                    56:d0:b8:c0:09:b3:a3:38:a4:66:41:32:66:45:2d:
                    30:0e:8b:7a:2a:7f:ba:b5:67:94:a4:ec:59:fb:3e:
                    20:35:d4:d6:18:25:8c:a1:20:d0:f4:73:82:9e:55:
                    e7:b7:3a:42:63:c5:9a:56:0d:1c:36:33:3a:19:fa:
                    54:49:b4:c3:62:43:cd:fd:83:f0:5d:fa:42:82:24:
                    fd:c9:2a:ef:e3:07:6c:5f:75:14:07:eb:cc:e4:b9:
                    86:62:3a:c4:d9:22:b2:67:49:ad:bd:bf:4a:92:68:
                    bb:c6:f0:d1:b7:b9:b0:cd:40:4f:6c:76:c1:a7:30:
                    49:a0:f0:d0:3c:d1:31:51:d9:3e:ee:b9:b3:67:b8:
                    c5:fc:d6:ee:e3:d9:24:d5:f3:a6:6b:9b:38:9e:59:
                    27:cf:25:24:d6:bb:5b:02:a7:ca:be:7b:e8:be:2f:
                    e7:45:ff:ea:f1:ae:df:1d:d5:00:75:f3:a5:95:17:
                    b3:5f:3a:f1:8b:ae:bf:27:4e:0b:7f:32:b5:99:a0:
                    12:0c:79:c8:d6:fa:bc:44:b9:40:54:a8:0c:1e:fb:
                    4b:27:8e:5d:9c:c8:93:d3:c1:1b:c3:5f:df:a5:4c:
                    d5:e9:aa:d0:61:ab:38:1e:e0:d4:dc:1e:52:bf:c5:
                    51:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:31:63:42:02:85:B1:93:38:D4:6A:6F:88:75:F1:B8:F3:10:3E:22
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:a6:d5:38:6f:fe:fe:7a:9a:a5:ed:fe:fb:70:b5:e2:82:6f:
         f9:e9:7a:5e:83:b2:74:90:6c:83:a1:db:00:89:55:d8:17:51:
         14:53:cf:8f:cd:0d:30:59:46:5a:94:16:da:5a:10:47:ba:d5:
         f7:63:d3:62:9f:73:34:d9:af:74:91:5c:17:df:29:6e:f1:33:
         06:a6:15:2d:73:04:00:5d:9d:31:38:f7:2f:de:0e:fb:a8:32:
         0c:d5:53:11:de:f2:9b:35:8f:a2:25:d8:fc:5b:b3:3c:27:b9:
         f7:82:e6:72:e7:b1:2c:7d:d7:da:16:9a:92:62:d9:42:fa:55:
         e1:fa:d2:a9:b1:df:fc:dc:a9:00:40:6d:13:34:8a:49:96:fe:
         45:f3:c1:08:c9:44:07:4e:a5:7c:d0:ef:63:4c:c5:4e:b5:7e:
         68:37:7b:a3:89:d2:51:39:13:b2:e9:cf:ee:da:f8:94:5b:a9:
         85:95:be:dc:e8:e3:3a:97:b2:6b:83:99:16:f6:7d:d9:10:8d:
         dd:67:36:cf:36:8c:e7:76:76:dc:9d:be:bf:4b:a9:89:fe:d7:
         01:37:c8:55:2f:00:c3:92:6d:44:0c:76:63:68:3b:8f:a5:60:
         04:08:a0:14:01:0f:5f:e8:9c:06:10:35:e1:63:6d:ec:b7:00:
         3d:78:ea:2b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUEvPHjUVOmBFxpUX+/6tC+gmC7/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNTA3MDQxMjAwMDJaFw0yNjA3MDMxMjA1MDJaMDMxMTAvBgNV
BAMTKDJDMzE2MzQyMDI4NUIxOTMzOEQ0NkE2Rjg4NzVGMUI4RjMxMDNFMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwtMrmngpgS4dp4BR4SlbQuMAJ
s6M4pGZBMmZFLTAOi3oqf7q1Z5Sk7Fn7PiA11NYYJYyhIND0c4KeVee3OkJjxZpW
DRw2MzoZ+lRJtMNiQ839g/Bd+kKCJP3JKu/jB2xfdRQH68zkuYZiOsTZIrJnSa29
v0qSaLvG8NG3ubDNQE9sdsGnMEmg8NA80TFR2T7uubNnuMX81u7j2STV86Zrmzie
WSfPJSTWu1sCp8q+e+i+L+dF/+rxrt8d1QB186WVF7NfOvGLrr8nTgt/MrWZoBIM
ecjW+rxEuUBUqAwe+0snjl2cyJPTwRvDX9+lTNXpqtBhqzge4NTcHlK/xVFnAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQULDFjQgKFsZM41GpviHXxuPMQPiIwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfMMA0GCSqGSIb3DQEBCwUAA4IBAQCH
ptU4b/7+epql7f77cLXigm/56Xpeg7J0kGyDodsAiVXYF1EUU8+PzQ0wWUZalBba
WhBHutX3Y9Nin3M02a90kVwX3ylu8TMGphUtcwQAXZ0xOPcv3g77qDIM1VMR3vKb
NY+iJdj8W7M8J7n3guZy57EsfdfaFpqSYtlC+lXh+tKpsd/83KkAQG0TNIpJlv5F
88EIyUQHTqV80O9jTMVOtX5oN3ujidJROROy6c/u2viUW6mFlb7c6OM6l7Jrg5kW
9n3ZEI3dZzbPNozndnbcnb6/S6mJ/tcBN8hVLwDDkm1EDHZjaDuPpWAECKAUAQ9f
6JwGEDXhY23stwA9eOor
-----END CERTIFICATE-----