Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
File:                     3134372e32382e33392e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          /FQYtWKtwkFVcmSvg3dsNJKOhc18ZbdlfQ+9Ts/vdSU=
Subject key identifier:   70:34:B4:D8:28:AE:AD:EC:67:2C:47:0E:34:83:10:A3:39:82:49:66
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       5A6B077073AA4A5A95DE9DD9D075B71A442381D1
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa
Signing time:             Fri 17 May 2024 18:33:52 +0000
ROA not before:           Fri 17 May 2024 18:28:52 +0000
ROA not after:            Fri 16 May 2025 18:33:52 +0000
asID:                     16509
IP address blocks:        147.28.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:6b:07:70:73:aa:4a:5a:95:de:9d:d9:d0:75:b7:1a:44:23:81:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 17 18:28:52 2024 GMT
            Not After : May 16 18:33:52 2025 GMT
        Subject: CN=7034B4D828AEADEC672C470E348310A339824966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c6:7b:dd:1f:42:48:19:70:b5:d8:29:3b:63:
                    45:d9:1f:d3:38:85:98:33:e7:87:fc:65:dc:a9:20:
                    cf:a9:0f:77:92:91:7b:27:ca:cb:f4:df:74:20:fe:
                    76:2b:26:36:4f:14:a1:3c:53:3a:88:00:08:58:96:
                    6b:ea:30:f3:f8:55:f7:d6:45:40:27:74:b9:cf:a0:
                    51:d3:1e:ab:c1:ce:f8:cd:17:a6:6e:04:ce:3c:63:
                    fe:e7:d8:30:0f:30:52:09:5c:df:f4:5e:d1:65:7f:
                    36:d7:40:2f:6d:36:c7:db:64:8a:3b:9d:d6:8a:d3:
                    1e:bd:d7:ce:19:91:d6:67:a2:99:43:f2:78:72:28:
                    fa:20:1d:6d:b1:6e:da:71:6f:04:e3:d9:c6:ba:7f:
                    6a:05:3c:7c:36:24:84:77:2d:87:89:92:eb:9a:2e:
                    6a:63:ce:ec:05:75:88:61:9a:10:c9:27:e2:4f:c0:
                    b3:a9:6f:3b:a5:5d:9f:32:84:a7:58:d9:06:b0:26:
                    d2:8d:15:2e:96:cb:ce:82:c0:98:f9:d3:89:9b:50:
                    81:4a:6d:89:8f:4a:bc:e9:43:0c:32:d0:87:b1:cf:
                    7d:4d:93:4f:5a:3c:79:74:e9:97:8b:d1:fd:7e:5c:
                    d7:19:51:82:fe:e2:46:81:24:0c:56:04:2c:92:f3:
                    60:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:34:B4:D8:28:AE:AD:EC:67:2C:47:0E:34:83:10:A3:39:82:49:66
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3134372e32382e33392e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.28.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f5:ed:d3:b9:ee:f9:f3:40:d4:86:66:8d:06:ce:34:8f:8e:
         64:72:77:f2:7f:4f:8b:cc:5e:46:cc:21:cc:12:7a:c6:27:cf:
         68:57:72:e8:fe:72:f8:7b:b4:bb:bd:09:b3:39:2c:54:c2:0c:
         7b:5d:1c:85:f4:5f:9f:ab:42:a5:eb:69:0b:b3:07:ca:bd:6c:
         fd:16:fe:0c:e3:ca:45:85:35:8c:7e:ea:02:d5:b2:6d:2a:1e:
         b2:9b:5f:a2:57:b6:1d:c6:89:bd:03:fb:71:fa:af:49:db:13:
         fd:3c:37:38:96:7f:11:63:f8:dd:a3:d8:c0:7f:47:d0:fe:33:
         da:31:a9:d5:77:91:21:0f:17:67:39:47:e5:0e:dc:f8:ae:75:
         37:64:ee:30:ae:9e:74:45:16:07:b1:71:26:b4:88:73:4c:c9:
         56:bf:70:e6:e0:d8:97:7c:5c:77:1d:ef:ed:f8:31:a2:80:3f:
         27:fa:8d:9c:04:97:7c:ad:3e:a6:e1:c5:74:5f:9a:5c:c5:8b:
         41:2e:eb:5f:d2:30:c4:64:72:04:49:62:e0:2b:54:f1:2a:f4:
         70:1c:c6:e4:8f:0d:39:c3:90:f2:d3:7b:90:18:4a:ce:7f:35:
         a2:16:a5:67:21:8a:48:9f:a7:62:22:cd:c2:80:17:b7:ba:f8:
         bd:b8:16:63
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUWmsHcHOqSlqV3p3Z0HW3GkQjgdEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA1MTcxODI4NTJaFw0yNTA1MTYxODMzNTJaMDMxMTAvBgNV
BAMTKDcwMzRCNEQ4MjhBRUFERUM2NzJDNDcwRTM0ODMxMEEzMzk4MjQ5NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVxnvdH0JIGXC12Ck7Y0XZH9M4
hZgz54f8ZdypIM+pD3eSkXsnysv033Qg/nYrJjZPFKE8UzqIAAhYlmvqMPP4VffW
RUAndLnPoFHTHqvBzvjNF6ZuBM48Y/7n2DAPMFIJXN/0XtFlfzbXQC9tNsfbZIo7
ndaK0x69184ZkdZnoplD8nhyKPogHW2xbtpxbwTj2ca6f2oFPHw2JIR3LYeJkuua
LmpjzuwFdYhhmhDJJ+JPwLOpbzulXZ8yhKdY2QawJtKNFS6Wy86CwJj504mbUIFK
bYmPSrzpQwwy0Iexz31Nk09aPHl06ZeL0f1+XNcZUYL+4kaBJAxWBCyS82BHAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUcDS02CiurexnLEcONIMQozmCSWYwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM0MzcyZTMyMzgyZTMzMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMTM2MzUzMDM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkxwnMA0GCSqGSIb3DQEBCwUAA4IBAQAo
9e3Tue7580DUhmaNBs40j45kcnfyf0+LzF5GzCHMEnrGJ89oV3Lo/nL4e7S7vQmz
OSxUwgx7XRyF9F+fq0Kl62kLswfKvWz9Fv4M48pFhTWMfuoC1bJtKh6ym1+iV7Yd
xom9A/tx+q9J2xP9PDc4ln8RY/jdo9jAf0fQ/jPaManVd5EhDxdnOUflDtz4rnU3
ZO4wrp50RRYHsXEmtIhzTMlWv3Dm4NiXfFx3He/t+DGigD8n+o2cBJd8rT6m4cV0
X5pcxYtBLutf0jDEZHIESWLgK1TxKvRwHMbkjw05w5Dy03uQGErOfzWiFqVnIYpI
n6diIs3CgBe3uvi9uBZj
-----END CERTIFICATE-----