Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38342e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          2dgmu3CCV2/ezWod1gSFvvgWZy0COrMutynEt8wb98k=
Subject key identifier:   04:4B:34:87:D5:68:91:A4:74:17:6C:67:0A:C5:39:F6:68:FB:B9:2F
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1A3843335F1E630EA84FA4DB2E968904E1307687
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 04 Jul 2025 12:05:11 +0000
ROA not before:           Fri 04 Jul 2025 12:00:11 +0000
ROA not after:            Fri 03 Jul 2026 12:05:11 +0000
asID:                     42427
IP address blocks:        185.58.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:38:43:33:5f:1e:63:0e:a8:4f:a4:db:2e:96:89:04:e1:30:76:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul  4 12:00:11 2025 GMT
            Not After : Jul  3 12:05:11 2026 GMT
        Subject: CN=044B3487D56891A474176C670AC539F668FBB92F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:60:bd:42:76:7e:92:af:11:f5:52:d8:0c:
                    fa:d3:df:e9:40:1a:cc:05:86:3b:65:31:b3:3a:b2:
                    63:e0:6c:1d:e4:32:7e:3f:d4:ba:74:66:67:bd:a4:
                    a9:b4:15:0f:eb:6f:ee:ca:bd:6a:3f:c7:c7:1b:d5:
                    36:b2:7b:6a:86:4d:b6:55:be:28:be:d9:a8:10:e2:
                    4b:57:54:fc:d2:1f:7a:d3:17:78:be:4b:91:66:db:
                    2b:e0:8e:5a:22:35:8f:c8:d6:59:63:d0:82:1b:0a:
                    e3:73:f3:02:20:6e:70:20:48:ea:6e:79:25:1f:5e:
                    0d:97:5c:18:1d:52:3a:e4:36:c1:c7:f3:f8:8f:82:
                    bc:4f:f5:e7:b3:be:ab:36:bc:47:a3:af:85:2a:7e:
                    c0:b5:e2:d1:a7:63:e5:75:36:65:07:1e:df:a0:1a:
                    8a:1b:32:e0:28:46:89:7b:84:36:4a:c7:f0:0f:63:
                    2e:5c:fb:2a:ba:fc:4b:56:70:b5:10:69:31:b8:39:
                    57:44:56:90:90:ab:14:00:b0:10:08:95:5b:1f:13:
                    d3:3d:b5:48:4f:db:40:d4:c3:82:d6:6b:82:62:90:
                    2a:c3:1c:b9:dc:6c:a0:dd:b0:16:83:57:2e:66:3c:
                    61:ad:e6:e5:c1:61:ec:62:66:37:9b:13:55:13:ac:
                    59:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4B:34:87:D5:68:91:A4:74:17:6C:67:0A:C5:39:F6:68:FB:B9:2F
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38342e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8e:90:ab:b0:e2:88:40:d9:80:4e:aa:60:71:27:92:29:62:
         65:cb:0a:54:fd:86:dc:94:df:c9:de:bc:fb:e8:e1:1e:b6:6d:
         52:2a:40:13:a6:31:31:ac:6a:a0:57:f7:9a:c7:e8:77:8f:5f:
         a7:b5:73:1a:86:92:7c:c3:eb:30:c9:79:51:d7:39:3a:ce:4e:
         bf:5c:d8:43:9a:7f:c9:ae:79:17:2d:a5:e0:47:79:8c:23:e7:
         c8:13:a3:0c:4c:a4:05:47:73:1d:9b:d3:97:66:40:d0:df:21:
         ef:6f:52:92:df:17:aa:e8:74:05:2f:4a:91:9f:ea:65:4e:04:
         41:04:8f:c5:ed:8f:69:44:6d:a1:43:49:8e:ad:70:d3:31:ea:
         59:ef:9e:78:c8:52:2d:bb:c3:ce:c5:5e:fe:12:cc:df:50:f7:
         99:94:b7:9b:37:8a:16:50:b2:85:ff:7f:10:6b:43:65:74:24:
         29:e4:a4:1d:8a:36:5e:18:7f:ea:b4:19:c8:ba:9e:18:5f:3e:
         7e:35:2d:c0:c4:2e:70:a3:fb:c1:b2:e3:f4:fb:28:b3:10:86:
         95:7a:74:32:9c:d7:93:e6:77:0a:31:ab:02:d3:5a:b6:df:ad:
         41:ca:82:7d:bf:82:a7:1b:f4:be:94:e2:ef:4c:80:dc:e5:c6:
         e8:aa:55:51
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUGjhDM18eYw6oT6TbLpaJBOEwdocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA3MDQxMjAwMTFaFw0yNjA3MDMxMjA1MTFaMDMxMTAvBgNV
BAMTKDA0NEIzNDg3RDU2ODkxQTQ3NDE3NkM2NzBBQzUzOUY2NjhGQkI5MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkkmC9QnZ+kq8R9VLYDPrT3+lA
GswFhjtlMbM6smPgbB3kMn4/1Lp0Zme9pKm0FQ/rb+7KvWo/x8cb1Taye2qGTbZV
vii+2agQ4ktXVPzSH3rTF3i+S5Fm2yvgjloiNY/I1llj0IIbCuNz8wIgbnAgSOpu
eSUfXg2XXBgdUjrkNsHH8/iPgrxP9eezvqs2vEejr4UqfsC14tGnY+V1NmUHHt+g
GoobMuAoRol7hDZKx/APYy5c+yq6/EtWcLUQaTG4OVdEVpCQqxQAsBAIlVsfE9M9
tUhP20DUw4LWa4JikCrDHLncbKDdsBaDVy5mPGGt5uXBYexiZjebE1UTrFklAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUBEs0h9VokaR0F2xnCsU59mj7uS8wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpUMA0GCSqGSIb3DQEBCwUAA4IBAQAs
jpCrsOKIQNmATqpgcSeSKWJlywpU/YbclN/J3rz76OEetm1SKkATpjExrGqgV/ea
x+h3j1+ntXMahpJ8w+swyXlR1zk6zk6/XNhDmn/JrnkXLaXgR3mMI+fIE6MMTKQF
R3Mdm9OXZkDQ3yHvb1KS3xeq6HQFL0qRn+plTgRBBI/F7Y9pRG2hQ0mOrXDTMepZ
7554yFItu8POxV7+EszfUPeZlLebN4oWULKF/38Qa0NldCQp5KQdijZeGH/qtBnI
up4YXz5+NS3AxC5wo/vBsuP0+yizEIaVenQynNeT5ncKMasC01q2361ByoJ9v4Kn
G/S+lOLvTIDc5cboqlVR
-----END CERTIFICATE-----