Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
File:                     3138352e35382e38352e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          L31mJEEr/x82/o/4RRTuiINPEyRyMWaEByoQYqA3jmQ=
Subject key identifier:   5B:F9:46:00:13:E8:5A:4B:31:BE:A3:21:A5:18:EF:09:17:D5:CB:16
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       6A61D383B85DC089800001B357CF3185D1BF87B7
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 01 Sep 2023 11:14:33 +0000
ROA not before:           Fri 01 Sep 2023 11:09:33 +0000
ROA not after:            Fri 30 Aug 2024 11:14:33 +0000
asID:                     42427
IP address blocks:        185.58.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:61:d3:83:b8:5d:c0:89:80:00:01:b3:57:cf:31:85:d1:bf:87:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Sep  1 11:09:33 2023 GMT
            Not After : Aug 30 11:14:33 2024 GMT
        Subject: CN=5BF9460013E85A4B31BEA321A518EF0917D5CB16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:12:f6:b6:01:1b:2a:38:6e:f7:c1:65:4b:ca:
                    d0:35:f9:7d:7e:31:24:3d:d6:ee:23:5f:2b:01:57:
                    97:dc:24:50:9c:34:90:5f:fb:b1:00:8e:37:3d:4e:
                    27:f5:2e:dc:46:69:66:f4:ec:bc:5c:17:50:63:12:
                    df:ca:6c:07:d2:ed:28:73:63:36:88:f7:f9:5f:8a:
                    1e:82:b5:b4:ea:ac:1b:75:da:41:3a:83:dd:83:44:
                    fa:15:27:53:b2:01:72:16:ca:f8:51:c0:ea:16:bb:
                    dc:59:dd:b8:be:0d:4d:de:2a:6f:9e:28:72:80:e1:
                    37:55:b3:9f:b4:96:51:f3:e7:bd:24:a4:5a:62:50:
                    0c:01:04:12:62:0b:ec:28:60:44:6d:d4:51:75:67:
                    98:ab:fd:ff:2f:94:0f:e0:6d:95:e8:99:85:5a:6b:
                    09:c8:e8:6b:60:6c:0c:44:07:fa:71:33:c5:a3:f8:
                    ff:82:30:40:86:45:4d:65:b2:fc:8a:10:a5:4f:9c:
                    77:97:41:54:85:cd:b8:54:50:5b:01:d4:60:4c:0b:
                    b4:14:d9:71:51:18:24:f0:5b:83:08:31:3d:68:04:
                    de:0e:78:3e:4d:aa:4f:d4:6e:c2:3e:54:42:8a:71:
                    70:95:c3:c5:66:c5:b0:a2:d4:64:bb:67:fa:29:4e:
                    78:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F9:46:00:13:E8:5A:4B:31:BE:A3:21:A5:18:EF:09:17:D5:CB:16
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3138352e35382e38352e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:16:c8:24:c2:e8:ac:73:80:d4:02:bb:2f:90:e5:52:85:ed:
         ef:dc:e5:66:ae:2b:b8:a5:97:17:d1:f3:81:9d:78:3f:23:7f:
         98:30:08:7b:8f:63:75:96:49:f4:17:60:ee:72:48:85:5d:4c:
         fd:d6:d5:39:d7:1b:e3:2f:80:6c:e9:6f:f9:5d:a0:bb:5d:3d:
         1f:99:ed:e2:e1:24:93:33:52:b4:c2:a5:83:b2:49:58:b6:35:
         d0:26:07:84:45:24:35:1e:f2:49:44:76:27:31:89:1b:45:3b:
         1c:10:4a:68:7d:7d:b0:c0:f8:4b:a0:57:7b:8a:4e:13:fc:19:
         a3:94:f6:ae:69:49:d9:87:90:6d:86:d0:65:d2:97:05:10:e9:
         ea:48:2f:3d:ca:47:7f:a7:e7:f9:70:b3:52:bc:14:84:15:37:
         c9:71:4f:77:75:c5:45:54:f7:ef:6b:e5:0a:6b:d6:be:5b:ef:
         75:b2:d6:02:12:9e:3f:f9:b3:00:cf:32:44:07:c9:8d:ac:b1:
         28:11:9c:03:11:1a:8f:9a:dd:55:f4:73:24:88:5d:25:de:b0:
         13:46:61:08:d4:6e:bf:44:96:4d:7d:46:26:d6:9a:4b:ce:5e:
         5f:8a:47:77:1a:59:a0:17:d3:a3:2d:33:b7:41:02:e4:a5:37:
         a2:9f:18:e1
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUamHTg7hdwImAAAGzV88xhdG/h7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA5MDExMTA5MzNaFw0yNDA4MzAxMTE0MzNaMDMxMTAvBgNV
BAMTKDVCRjk0NjAwMTNFODVBNEIzMUJFQTMyMUE1MThFRjA5MTdENUNCMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkEva2ARsqOG73wWVLytA1+X1+
MSQ91u4jXysBV5fcJFCcNJBf+7EAjjc9Tif1LtxGaWb07LxcF1BjEt/KbAfS7Shz
YzaI9/lfih6CtbTqrBt12kE6g92DRPoVJ1OyAXIWyvhRwOoWu9xZ3bi+DU3eKm+e
KHKA4TdVs5+0llHz570kpFpiUAwBBBJiC+woYERt1FF1Z5ir/f8vlA/gbZXomYVa
awnI6GtgbAxEB/pxM8Wj+P+CMECGRU1lsvyKEKVPnHeXQVSFzbhUUFsB1GBMC7QU
2XFRGCTwW4MIMT1oBN4OeD5Nqk/UbsI+VEKKcXCVw8VmxbCi1GS7Z/opTngBAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUW/lGABPoWksxvqMhpRjvCRfVyxYwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zMTM4MzUyZTM1MzgyZTM4MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTpVMA0GCSqGSIb3DQEBCwUAA4IBAQBq
Fsgkwuisc4DUArsvkOVShe3v3OVmriu4pZcX0fOBnXg/I3+YMAh7j2N1lkn0F2Du
ckiFXUz91tU51xvjL4Bs6W/5XaC7XT0fme3i4SSTM1K0wqWDsklYtjXQJgeERSQ1
HvJJRHYnMYkbRTscEEpofX2wwPhLoFd7ik4T/BmjlPauaUnZh5BthtBl0pcFEOnq
SC89ykd/p+f5cLNSvBSEFTfJcU93dcVFVPfva+UKa9a+W+91stYCEp4/+bMAzzJE
B8mNrLEoEZwDERqPmt1V9HMkiF0l3rATRmEI1G6/RJZNfUYm1ppLzl5fikd3Glmg
F9OjLTO3QQLkpTeinxjh
-----END CERTIFICATE-----