Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38352e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          YptUbPg6hj4XzXJCzgIBDbMR2pUTmLnAAR1IRqX3PRY=
Subject key identifier:   8A:88:19:14:22:FF:26:2B:8C:E6:D4:48:03:0A:68:00:0A:9F:03:CC
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       77862EFA98727909AB93DE1ECE1B2EF1819DA795
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 04 Jul 2025 12:05:11 +0000
ROA not before:           Fri 04 Jul 2025 12:00:11 +0000
ROA not after:            Fri 03 Jul 2026 12:05:11 +0000
asID:                     42427
IP address blocks:        185.58.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:86:2e:fa:98:72:79:09:ab:93:de:1e:ce:1b:2e:f1:81:9d:a7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul  4 12:00:11 2025 GMT
            Not After : Jul  3 12:05:11 2026 GMT
        Subject: CN=8A88191422FF262B8CE6D448030A68000A9F03CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:61:2f:af:1b:a5:3c:75:51:b7:ee:03:d8:25:
                    32:76:27:82:5d:20:fe:15:3d:91:0d:9b:43:5d:fa:
                    91:2c:ab:eb:a5:de:be:35:32:29:78:7e:24:c2:2b:
                    ee:08:bd:47:b0:8f:93:0c:9a:ca:e4:66:13:38:09:
                    a7:83:da:4b:cf:90:4b:83:a8:8d:80:e0:9d:ae:a7:
                    4a:35:58:88:f5:70:ab:93:3a:7f:91:85:75:7e:18:
                    85:7a:00:a5:06:85:04:6e:6e:23:98:4d:c2:63:f5:
                    09:66:02:16:f0:62:ab:37:7a:9a:51:b1:3e:5b:53:
                    cd:85:29:3c:4f:ec:dc:bd:a2:13:e7:d3:a7:ea:f0:
                    32:f7:ff:2a:ce:f2:bf:5d:fc:32:ca:9a:a8:9d:93:
                    ee:64:bb:92:dc:28:81:54:ed:5e:6e:7c:c9:62:5c:
                    17:41:91:bc:cc:7a:34:c1:bc:f3:7b:1a:e5:ba:54:
                    a6:10:46:cd:5e:63:32:dc:bc:10:26:7e:76:99:88:
                    80:03:e5:64:1d:69:10:1b:dd:7d:a6:ef:50:99:b4:
                    65:4e:e5:0c:98:48:1c:44:b3:ef:cb:4f:92:91:ae:
                    a7:b6:fb:20:21:02:8f:62:46:65:6a:e2:7f:21:b0:
                    d3:c1:e4:7f:ef:31:dc:91:f3:ff:3c:c6:82:05:b1:
                    7b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:88:19:14:22:FF:26:2B:8C:E6:D4:48:03:0A:68:00:0A:9F:03:CC
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c7:4f:39:0d:81:a8:f5:ea:03:d1:c5:2b:d6:f7:d0:38:a8:
         1c:10:cd:79:58:d4:c0:70:49:a5:c5:83:ae:75:0a:37:26:0e:
         97:51:ab:d6:f1:62:7a:13:33:d7:c4:c0:42:ff:7d:38:0f:ca:
         e2:6b:48:ea:b3:89:84:5d:71:6c:eb:8e:b3:db:51:54:5b:35:
         66:4e:f8:4b:18:2f:0f:3f:00:4d:ad:aa:8e:e0:37:a3:3b:42:
         43:41:5d:ec:1e:67:4e:e7:36:a4:3e:b8:b2:55:b4:cb:e0:04:
         f4:99:4f:35:66:6f:40:bf:b2:0f:99:f1:7f:93:d1:55:06:ec:
         4f:6c:41:5d:84:53:18:e5:60:dc:80:db:0f:8b:be:14:b7:0b:
         dd:13:53:6f:88:4e:cb:84:b2:5b:06:a7:9a:7d:50:45:a9:79:
         9a:ef:3c:d2:d3:27:49:45:4a:78:c0:3f:29:a2:75:db:d5:30:
         7f:1b:c5:a8:ab:4f:ab:24:5a:49:9e:65:95:c1:46:90:da:d4:
         de:6c:93:c9:64:70:4b:d5:41:ca:e7:ed:00:b4:ca:31:28:a3:
         f3:8b:55:16:20:c0:24:bc:e0:c4:89:59:b1:99:a7:cc:0f:ec:
         ec:c3:8a:76:fd:e6:be:7e:4f:6b:e0:21:9f:20:0c:b1:2d:82:
         df:ea:24:ad
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUd4Yu+phyeQmrk94ezhsu8YGdp5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA3MDQxMjAwMTFaFw0yNjA3MDMxMjA1MTFaMDMxMTAvBgNV
BAMTKDhBODgxOTE0MjJGRjI2MkI4Q0U2RDQ0ODAzMEE2ODAwMEE5RjAzQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3YS+vG6U8dVG37gPYJTJ2J4Jd
IP4VPZENm0Nd+pEsq+ul3r41Mil4fiTCK+4IvUewj5MMmsrkZhM4CaeD2kvPkEuD
qI2A4J2up0o1WIj1cKuTOn+RhXV+GIV6AKUGhQRubiOYTcJj9QlmAhbwYqs3eppR
sT5bU82FKTxP7Ny9ohPn06fq8DL3/yrO8r9d/DLKmqidk+5ku5LcKIFU7V5ufMli
XBdBkbzMejTBvPN7GuW6VKYQRs1eYzLcvBAmfnaZiIAD5WQdaRAb3X2m71CZtGVO
5QyYSBxEs+/LT5KRrqe2+yAhAo9iRmVq4n8hsNPB5H/vMdyR8/88xoIFsXuhAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUiogZFCL/JiuM5tRIAwpoAAqfA8wwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpVMA0GCSqGSIb3DQEBCwUAA4IBAQBy
x085DYGo9eoD0cUr1vfQOKgcEM15WNTAcEmlxYOudQo3Jg6XUavW8WJ6EzPXxMBC
/304D8ria0jqs4mEXXFs646z21FUWzVmTvhLGC8PPwBNraqO4DejO0JDQV3sHmdO
5zakPriyVbTL4AT0mU81Zm9Av7IPmfF/k9FVBuxPbEFdhFMY5WDcgNsPi74Utwvd
E1NviE7LhLJbBqeafVBFqXma7zzS0ydJRUp4wD8ponXb1TB/G8Woq0+rJFpJnmWV
wUaQ2tTebJPJZHBL1UHK5+0AtMoxKKPzi1UWIMAkvODEiVmxmafMD+zsw4p2/ea+
fk9r4CGfIAyxLYLf6iSt
-----END CERTIFICATE-----