Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa
File:                     3134372e32382e33362e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          YMgcOgpn/oNtwEyYJp5JLm1bPTPK3LgiBo2iIY1WEWo=
Subject key identifier:   43:7F:7E:8F:F9:35:F0:3C:7D:04:14:57:63:61:EA:C6:54:88:CB:C3
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       3AA62B7BD010CF237508DF3FAED896A548ED2CC5
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa
Signing time:             Fri 04 Jul 2025 12:05:10 +0000
ROA not before:           Fri 04 Jul 2025 12:00:10 +0000
ROA not after:            Fri 03 Jul 2026 12:05:10 +0000
asID:                     14618
IP address blocks:        147.28.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:a6:2b:7b:d0:10:cf:23:75:08:df:3f:ae:d8:96:a5:48:ed:2c:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul  4 12:00:10 2025 GMT
            Not After : Jul  3 12:05:10 2026 GMT
        Subject: CN=437F7E8FF935F03C7D0414576361EAC65488CBC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:70:9f:ab:7b:22:a1:e1:e5:97:f6:aa:fc:d2:
                    43:49:fe:9c:db:88:81:dd:40:07:f9:28:ed:57:0a:
                    04:23:71:81:28:91:5e:48:54:6c:51:1d:81:71:85:
                    d8:53:9e:59:d5:7a:c8:da:79:bc:b6:5c:49:3c:69:
                    8c:6a:4b:53:c9:d3:ce:7b:51:18:13:81:65:1e:11:
                    35:eb:6a:60:c5:91:99:a1:b8:ba:42:2e:49:9e:72:
                    0f:98:b3:91:3b:ce:26:cd:22:9e:4c:cd:15:a0:9e:
                    d6:58:1c:a3:69:d1:73:17:85:2a:ee:d3:9f:d3:d7:
                    d6:83:26:5c:f3:09:ef:77:c1:a2:1d:35:f1:42:62:
                    8e:13:db:54:14:89:d9:a9:73:f1:f2:d2:45:ad:58:
                    d6:18:b3:87:29:2d:c8:5e:04:0c:63:1e:39:c0:91:
                    5f:c7:7d:f6:2c:7e:b4:81:bd:34:37:c4:47:7b:9f:
                    47:ae:8f:26:ff:cb:d6:8a:7d:bd:cc:c7:8a:83:7a:
                    ec:c4:be:52:2b:14:da:d0:be:bb:cc:ea:8d:bb:ae:
                    f0:a3:9a:b7:21:55:d6:27:6e:01:16:47:17:24:19:
                    f8:fb:97:77:2d:62:19:4f:d9:74:29:e8:9a:b7:0c:
                    de:57:2a:11:ec:0d:bc:b4:0a:6a:88:f0:77:d9:29:
                    6b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7F:7E:8F:F9:35:F0:3C:7D:04:14:57:63:61:EA:C6:54:88:CB:C3
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33362e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:17:81:28:71:f7:99:22:23:b8:2c:b7:c9:25:ad:60:2f:6f:
         ad:23:d5:90:18:94:05:f6:3c:13:9a:fb:27:56:c4:bb:75:0d:
         3d:7c:be:11:4a:3c:b4:f7:39:53:5d:9d:e0:6b:da:9c:79:33:
         45:2a:85:53:95:6a:60:dc:c2:75:b7:70:0b:46:c3:02:a5:f4:
         ab:c5:58:98:29:a1:65:1a:27:ec:94:86:43:f0:1b:91:78:13:
         7e:96:87:48:c7:b6:b0:70:f8:30:d6:e5:12:8a:b7:81:30:45:
         97:21:01:9e:30:bd:bb:31:2d:b5:bf:fe:c0:4e:56:18:d1:b5:
         a9:40:58:c1:42:47:e8:5d:49:ad:11:80:5a:88:8d:dc:ac:84:
         31:ad:3a:71:88:2d:7e:f4:c6:b8:45:dd:21:89:52:84:7f:95:
         dd:04:d5:d2:cd:d9:51:78:cb:30:60:10:41:61:de:f8:c5:42:
         30:2e:28:d7:5d:e7:4b:d0:72:85:eb:04:40:37:fa:ca:67:ae:
         73:52:33:d1:3b:26:4b:2c:76:e6:f8:90:39:cf:6a:1c:74:a6:
         71:a1:17:f1:07:e5:f2:77:24:2a:15:4a:2f:96:97:6d:8a:06:
         93:6e:8e:26:49:e7:46:20:81:16:cd:13:b5:6e:73:58:e8:ce:
         b3:84:75:b1
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUOqYre9AQzyN1CN8/rtiWpUjtLMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA3MDQxMjAwMTBaFw0yNjA3MDMxMjA1MTBaMDMxMTAvBgNV
BAMTKDQzN0Y3RThGRjkzNUYwM0M3RDA0MTQ1NzYzNjFFQUM2NTQ4OENCQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjcJ+reyKh4eWX9qr80kNJ/pzb
iIHdQAf5KO1XCgQjcYEokV5IVGxRHYFxhdhTnlnVesjaeby2XEk8aYxqS1PJ0857
URgTgWUeETXramDFkZmhuLpCLkmecg+Ys5E7zibNIp5MzRWgntZYHKNp0XMXhSru
05/T19aDJlzzCe93waIdNfFCYo4T21QUidmpc/Hy0kWtWNYYs4cpLcheBAxjHjnA
kV/HffYsfrSBvTQ3xEd7n0eujyb/y9aKfb3Mx4qDeuzEvlIrFNrQvrvM6o27rvCj
mrchVdYnbgEWRxckGfj7l3ctYhlP2XQp6Jq3DN5XKhHsDby0CmqI8HfZKWuzAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUQ39+j/k18Dx9BBRXY2HqxlSIy8MwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM0MzYzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwkMA0GCSqGSIb3DQEBCwUAA4IBAQBN
F4EocfeZIiO4LLfJJa1gL2+tI9WQGJQF9jwTmvsnVsS7dQ09fL4RSjy09zlTXZ3g
a9qceTNFKoVTlWpg3MJ1t3ALRsMCpfSrxViYKaFlGifslIZD8BuReBN+lodIx7aw
cPgw1uUSireBMEWXIQGeML27MS21v/7ATlYY0bWpQFjBQkfoXUmtEYBaiI3crIQx
rTpxiC1+9Ma4Rd0hiVKEf5XdBNXSzdlReMswYBBBYd74xUIwLijXXedL0HKF6wRA
N/rKZ65zUjPROyZLLHbm+JA5z2ocdKZxoRfxB+XydyQqFUovlpdtigaTbo4mSedG
IIEWzRO1bnNY6M6zhHWx
-----END CERTIFICATE-----