Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
File:                     3139332e372e3230372e302f32342d3234203d3e203630343932.roa (raw, json)
Hash identifier:          E9tvp90Kpr61hZSI7tBGjhyzBxdB/JF9I/2z8pLfS80=
Subject key identifier:   5F:8F:3F:F1:6E:36:55:CA:C9:E8:C1:35:82:10:31:39:7B:DF:20:8C
Certificate issuer:       /CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
Certificate serial:       7FBDD6038F1548AD0A35BCE9B9AF13143A2678FF
Authority key identifier: 21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa
Signing time:             Fri 04 Jul 2025 12:05:02 +0000
ROA not before:           Fri 04 Jul 2025 12:00:02 +0000
ROA not after:            Fri 03 Jul 2026 12:05:02 +0000
asID:                     60492
IP address blocks:        193.7.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 14:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:bd:d6:03:8f:15:48:ad:0a:35:bc:e9:b9:af:13:14:3a:26:78:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=211a048890969fa7d4b6aef8c020cda4444ec2e5
        Validity
            Not Before: Jul  4 12:00:02 2025 GMT
            Not After : Jul  3 12:05:02 2026 GMT
        Subject: CN=5F8F3FF16E3655CAC9E8C135821031397BDF208C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:88:df:3e:4b:53:53:2f:83:3a:79:ea:8c:
                    53:07:57:e2:4b:49:5f:08:d2:d5:7d:71:f2:2b:a9:
                    68:c7:40:17:55:a9:36:43:58:fe:19:c4:1f:25:95:
                    55:91:a8:8e:65:8c:e4:11:49:81:06:51:11:c6:93:
                    f5:51:56:f0:b5:b3:7e:72:52:72:36:31:35:3d:0f:
                    5b:42:2b:5b:49:f7:70:71:45:9e:cc:61:27:14:0a:
                    60:58:68:02:b1:fd:fa:44:d5:a0:d7:4b:32:17:52:
                    e8:0a:8d:6b:89:1c:ae:fa:70:87:43:55:bc:fb:f3:
                    93:8b:82:07:9f:cb:31:6e:05:6c:6b:ee:85:a5:cc:
                    89:e9:3f:62:4b:f2:2a:53:d3:37:b4:b7:0f:30:53:
                    84:e0:0b:75:b2:97:af:23:57:b3:9e:9d:e3:ec:1f:
                    42:86:76:07:a1:0e:63:9d:bc:93:71:63:c4:7d:32:
                    c6:4f:b5:03:02:12:e9:fb:22:43:84:59:b8:64:73:
                    f0:bb:2e:d9:76:3e:bb:18:07:08:b8:75:af:d3:b1:
                    7c:01:2f:eb:7c:06:20:8c:d0:dd:b8:07:fb:d0:b8:
                    c6:79:2d:24:35:a4:e3:64:2f:56:4d:b8:fb:f3:36:
                    c6:13:2e:5c:6e:8b:e5:9e:e0:51:30:6e:22:78:92:
                    b2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8F:3F:F1:6E:36:55:CA:C9:E8:C1:35:82:10:31:39:7B:DF:20:8C
            X509v3 Authority Key Identifier:
                keyid:21:1A:04:88:90:96:9F:A7:D4:B6:AE:F8:C0:20:CD:A4:44:4E:C2:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/211A048890969FA7D4B6AEF8C020CDA4444EC2E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRoEiJCWn6fUtq74wCDNpEROwuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/2/3139332e372e3230372e302f32342d3234203d3e203630343932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:24:c9:ca:93:dc:28:13:4c:d0:98:19:4f:8b:7b:97:01:48:
         d5:08:cb:ef:72:7e:33:91:66:f1:d0:fa:41:01:98:06:ed:34:
         83:b9:e6:f2:d5:7e:a5:23:2e:1c:b7:6a:39:e5:c7:c2:fd:e2:
         7f:b5:a1:b4:10:54:02:b9:9d:99:ef:42:c7:e2:db:8b:61:52:
         6c:46:3f:b0:b2:bc:79:0e:15:5f:20:84:35:38:17:5e:c2:63:
         ad:12:23:65:ab:a7:40:35:b9:8a:a0:c0:0f:84:88:99:ad:4e:
         d9:a3:39:6d:df:8d:7a:d5:40:06:a1:59:36:28:7e:90:fd:ff:
         69:59:7a:27:25:e5:54:f7:4b:32:4b:4b:18:39:10:79:cb:a5:
         be:c0:45:5b:6b:cd:88:fb:9f:ed:5a:cf:a1:6f:ce:69:4d:d9:
         0b:51:d2:5f:b1:4e:b1:f9:72:2d:30:7f:42:df:85:f8:27:9b:
         06:84:80:a9:29:a2:7c:6f:d9:98:81:6a:cd:0a:e9:6e:1b:6b:
         16:2c:e1:ab:3c:da:f0:4a:52:bc:0b:e8:8f:6e:ef:60:5b:b4:
         f3:9c:68:36:2f:60:ab:7c:dc:e6:8a:35:22:e5:39:06:70:3d:
         d0:78:08:e7:15:29:05:14:12:47:51:70:1a:de:ce:62:b5:61:
         4a:d3:13:cc
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUf73WA48VSK0KNbzpua8TFDomeP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjExYTA0ODg5MDk2OWZhN2Q0YjZhZWY4YzAyMGNkYTQ0
NDRlYzJlNTAeFw0yNTA3MDQxMjAwMDJaFw0yNjA3MDMxMjA1MDJaMDMxMTAvBgNV
BAMTKDVGOEYzRkYxNkUzNjU1Q0FDOUU4QzEzNTgyMTAzMTM5N0JERjIwOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxK4jfPktTUy+DOnnqjFMHV+JL
SV8I0tV9cfIrqWjHQBdVqTZDWP4ZxB8llVWRqI5ljOQRSYEGURHGk/VRVvC1s35y
UnI2MTU9D1tCK1tJ93BxRZ7MYScUCmBYaAKx/fpE1aDXSzIXUugKjWuJHK76cIdD
Vbz785OLggefyzFuBWxr7oWlzInpP2JL8ipT0ze0tw8wU4TgC3Wyl68jV7OenePs
H0KGdgehDmOdvJNxY8R9MsZPtQMCEun7IkOEWbhkc/C7Ltl2PrsYBwi4da/TsXwB
L+t8BiCM0N24B/vQuMZ5LSQ1pONkL1ZNuPvzNsYTLlxui+We4FEwbiJ4krIhAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUX48/8W42VcrJ6ME1ghAxOXvfIIwwHwYDVR0j
BBgwFoAUIRoEiJCWn6fUtq74wCDNpEROwuUwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzIvMjExQTA0ODg5MDk2OUZBN0Q0QjZBRUY4QzAyMENE
QTQ0NDRFQzJFNS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lSb0VpSkNXbjZm
VXRxNzR3Q0ROcEVST3d1VS5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMi8zMTM5MzMyZTM3MmUzMjMwMzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNjMwMzQzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfPMA0GCSqGSIb3DQEBCwUAA4IBAQAC
JMnKk9woE0zQmBlPi3uXAUjVCMvvcn4zkWbx0PpBAZgG7TSDueby1X6lIy4ct2o5
5cfC/eJ/taG0EFQCuZ2Z70LH4tuLYVJsRj+wsrx5DhVfIIQ1OBdewmOtEiNlq6dA
NbmKoMAPhIiZrU7Zozlt34161UAGoVk2KH6Q/f9pWXonJeVU90syS0sYORB5y6W+
wEVba82I+5/tWs+hb85pTdkLUdJfsU6x+XItMH9C34X4J5sGhICpKaJ8b9mYgWrN
CuluG2sWLOGrPNrwSlK8C+iPbu9gW7TznGg2L2CrfNzmijUi5TkGcD3QeAjnFSkF
FBJHUXAa3s5itWFK0xPM
-----END CERTIFICATE-----