Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          svptK9h46Br5qxmgcYM21UpciU5rfu6H4Ow7Lkw1kZ8=
Subject key identifier:   3A:3B:71:85:46:AD:48:D3:C3:66:1B:99:32:CD:93:F5:A9:55:A2:3B
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1DD40568F412C33B65643DB11ED58786D1971C21
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 01 Sep 2023 11:14:33 +0000
ROA not before:           Fri 01 Sep 2023 11:09:33 +0000
ROA not after:            Fri 30 Aug 2024 11:14:33 +0000
asID:                     42427
IP address blocks:        185.58.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:d4:05:68:f4:12:c3:3b:65:64:3d:b1:1e:d5:87:86:d1:97:1c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Sep  1 11:09:33 2023 GMT
            Not After : Aug 30 11:14:33 2024 GMT
        Subject: CN=3A3B718546AD48D3C3661B9932CD93F5A955A23B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2b:ce:f5:60:a5:f6:6a:6d:e7:5b:b3:b8:e4:
                    91:62:9b:de:47:47:c8:63:ce:0c:60:46:e6:92:ab:
                    2a:8f:ca:ab:d5:a1:b9:cd:dd:c3:42:4e:d6:bd:c1:
                    b5:04:f2:86:c8:ac:6b:fd:5c:cc:72:06:15:09:ac:
                    65:a3:98:b3:6e:b7:eb:1b:31:86:06:62:3b:7c:cb:
                    5a:92:7d:33:73:9e:a3:2e:d3:ff:0b:f9:c9:fc:ab:
                    30:5c:7f:42:0c:5a:d8:36:d8:bf:6f:e1:cd:e0:dd:
                    f2:36:b8:fc:1e:0f:dc:1f:50:ef:f3:f2:27:73:8a:
                    87:61:29:9e:7a:7d:76:0a:83:e6:5d:eb:c9:44:62:
                    da:24:2d:ab:47:36:73:95:a5:4a:1e:2d:56:89:1e:
                    87:98:f4:ec:f5:8e:52:96:ab:8e:1d:78:d7:9b:d4:
                    d7:af:cd:0f:dc:84:10:30:99:2d:16:94:06:43:10:
                    7a:a6:a1:0f:c4:9a:95:7d:4a:1a:68:ee:aa:0e:e8:
                    5d:a5:1a:b8:3f:af:ca:ea:1b:38:34:d7:26:0d:c3:
                    85:ab:91:07:1d:2b:7b:28:ec:95:a4:ce:4b:27:cd:
                    83:a5:07:83:94:17:c7:d5:9b:87:a2:8c:d2:4d:cc:
                    43:36:35:86:5a:4f:8e:80:41:d7:86:6e:3c:06:90:
                    31:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3B:71:85:46:AD:48:D3:C3:66:1B:99:32:CD:93:F5:A9:55:A2:3B
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:aa:06:cc:7c:5a:51:a3:39:b7:ef:b9:c2:bf:e0:f9:b9:53:
         67:0a:a3:52:6b:4d:43:56:0b:14:49:0e:f2:1a:29:50:7c:de:
         de:10:cf:0e:32:d5:77:5a:06:e9:5b:60:e3:98:7b:08:d4:24:
         c0:88:1e:e0:ee:e0:91:36:ee:a1:7c:e9:67:f2:50:56:fc:75:
         b1:81:cc:c6:5d:93:43:1d:d2:b6:90:9f:73:38:e3:0d:6b:1b:
         47:f5:f6:93:ed:ac:6c:e1:f9:dc:b0:5e:43:50:61:0c:6a:e9:
         9d:a9:5f:00:79:03:96:f2:6a:90:1a:da:36:19:40:7e:f1:ae:
         02:b8:25:ed:6d:42:1d:d6:b3:2f:ca:da:59:8a:da:a5:5b:69:
         66:e6:eb:f5:7b:6d:1e:99:12:93:79:bf:f3:a7:04:e7:ca:16:
         5b:e5:3f:80:1c:a0:07:7b:c0:d8:6d:eb:65:1a:e9:c6:1e:4b:
         fc:83:e9:48:1c:19:c7:e4:4a:0d:ec:6d:c5:87:d5:0c:2d:85:
         86:4f:b2:b0:ea:81:d6:25:2f:f8:bf:08:ca:52:57:c0:a0:a2:
         97:88:9f:83:4e:a5:1f:b9:65:3d:0f:a4:a4:40:49:cd:91:f5:
         54:35:36:20:f6:0a:6d:7a:f0:d8:ce:ae:f1:5d:9a:a5:bf:c3:
         2d:51:f2:31
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUHdQFaPQSwztlZD2xHtWHhtGXHCEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA5MDExMTA5MzNaFw0yNDA4MzAxMTE0MzNaMDMxMTAvBgNV
BAMTKDNBM0I3MTg1NDZBRDQ4RDNDMzY2MUI5OTMyQ0Q5M0Y1QTk1NUEyM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHK871YKX2am3nW7O45JFim95H
R8hjzgxgRuaSqyqPyqvVobnN3cNCTta9wbUE8obIrGv9XMxyBhUJrGWjmLNut+sb
MYYGYjt8y1qSfTNznqMu0/8L+cn8qzBcf0IMWtg22L9v4c3g3fI2uPweD9wfUO/z
8idziodhKZ56fXYKg+Zd68lEYtokLatHNnOVpUoeLVaJHoeY9Oz1jlKWq44deNeb
1NevzQ/chBAwmS0WlAZDEHqmoQ/EmpV9Shpo7qoO6F2lGrg/r8rqGzg01yYNw4Wr
kQcdK3so7JWkzksnzYOlB4OUF8fVm4eijNJNzEM2NYZaT46AQdeGbjwGkDG5AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUOjtxhUatSNPDZhuZMs2T9alVojswHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpUMA0GCSqGSIb3DQEBCwUAA4IBAQBW
qgbMfFpRozm377nCv+D5uVNnCqNSa01DVgsUSQ7yGilQfN7eEM8OMtV3WgbpW2Dj
mHsI1CTAiB7g7uCRNu6hfOln8lBW/HWxgczGXZNDHdK2kJ9zOOMNaxtH9faT7axs
4fncsF5DUGEMaumdqV8AeQOW8mqQGto2GUB+8a4CuCXtbUId1rMvytpZitqlW2lm
5uv1e20emRKTeb/zpwTnyhZb5T+AHKAHe8DYbetlGunGHkv8g+lIHBnH5EoN7G3F
h9UMLYWGT7Kw6oHWJS/4vwjKUlfAoKKXiJ+DTqUfuWU9D6SkQEnNkfVUNTYg9gpt
evDYzq7xXZqlv8MtUfIx
-----END CERTIFICATE-----