Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa
File:                     3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          QPau9b+L7QhlZgWmYj+zSSb/pnT/QSjQEz3r9or72ho=
Subject key identifier:   02:B2:AC:20:17:E2:BE:43:27:EF:C7:7B:5A:FA:06:C6:30:CC:05:F5
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       1D68A9371B8C92E36B5D72F81B456A1DE299CEAA
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 04 Jul 2025 12:05:11 +0000
ROA not before:           Fri 04 Jul 2025 12:00:11 +0000
ROA not after:            Fri 03 Jul 2026 12:05:11 +0000
asID:                     42427
IP address blocks:        195.130.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:68:a9:37:1b:8c:92:e3:6b:5d:72:f8:1b:45:6a:1d:e2:99:ce:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul  4 12:00:11 2025 GMT
            Not After : Jul  3 12:05:11 2026 GMT
        Subject: CN=02B2AC2017E2BE4327EFC77B5AFA06C630CC05F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:87:f4:d6:a1:4a:6e:a6:b2:b6:a9:c2:5e:5a:
                    48:3a:f5:82:52:08:cb:1d:e6:0f:6b:4b:23:30:b5:
                    81:8d:e4:b6:c3:d6:ee:a9:07:cc:5a:bd:be:d4:55:
                    d7:63:c5:2c:87:6e:97:07:21:89:a3:7a:d9:9c:71:
                    6c:0c:8f:d6:1e:e1:10:c8:70:c1:c3:34:f0:92:9d:
                    9b:e3:ea:c2:5b:fa:52:7f:92:32:56:74:b6:c7:3c:
                    28:28:40:22:fa:01:eb:0b:15:4c:c8:68:7c:aa:71:
                    ae:cc:eb:79:64:2d:ee:25:16:78:1a:92:74:69:54:
                    24:72:a0:fc:39:c8:5b:a1:4c:ae:66:49:35:da:90:
                    84:8a:46:9c:5c:30:5e:36:de:c9:43:6e:d8:e2:31:
                    e2:d5:5d:3a:0d:ef:f8:08:ee:a3:01:d2:47:84:39:
                    92:91:d6:40:00:ea:a8:88:ed:01:51:24:47:6b:49:
                    5d:e7:16:fa:cf:22:df:07:5f:ce:50:7d:16:b0:4c:
                    bf:e9:9f:d1:da:d4:61:21:2f:cd:68:e4:5a:29:38:
                    4c:bb:4f:5c:df:80:3c:22:f0:df:b0:e4:8b:27:f6:
                    82:46:69:f0:c1:11:f6:67:d5:ad:99:40:79:5c:73:
                    56:c8:c3:9b:a5:4e:e3:93:ae:dd:90:48:71:55:c7:
                    b3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:B2:AC:20:17:E2:BE:43:27:EF:C7:7B:5A:FA:06:C6:30:CC:05:F5
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/3139352e3133302e3231372e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:fd:3b:7e:34:cc:e3:25:64:94:05:7c:b0:1d:85:b7:85:7e:
         62:5b:32:95:3f:d9:47:03:8c:91:00:20:5e:f0:73:db:ec:ec:
         7c:9c:eb:b2:dd:60:90:66:57:06:e2:b5:af:22:4b:e2:a3:c0:
         67:03:36:48:df:58:cf:83:0c:29:06:34:d3:d9:db:47:b1:5b:
         80:19:3a:48:41:e8:c7:bc:4d:0f:7d:7a:c6:e5:67:82:aa:ed:
         3c:88:01:5a:66:45:b8:d3:73:10:91:90:6c:0b:21:7e:85:41:
         c7:36:fa:f6:c7:62:03:c1:ec:e3:a3:85:cf:e3:bb:50:ec:fe:
         83:97:e0:4c:7f:ca:a3:e9:31:e8:56:be:c4:6b:1d:b3:85:d5:
         56:68:91:86:58:ba:47:ab:3d:9c:33:c6:ea:43:98:32:42:4a:
         97:dc:11:34:47:ee:9d:ec:87:c4:b7:f2:3e:8b:94:cc:bc:78:
         ad:ad:a4:40:df:0a:a1:f9:be:0b:1f:71:d7:14:c5:bf:d1:96:
         57:1e:ef:51:37:b2:0b:35:b2:fa:f5:2a:e8:3a:73:0d:f0:eb:
         49:82:be:c4:88:34:24:a9:45:79:98:1e:ec:2a:50:d2:fd:85:
         cd:42:31:e7:fd:27:8c:7f:1f:86:78:76:52:4f:7f:7a:7f:d9:
         c7:22:1e:bf
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUHWipNxuMkuNrXXL4G0VqHeKZzqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA3MDQxMjAwMTFaFw0yNjA3MDMxMjA1MTFaMDMxMTAvBgNV
BAMTKDAyQjJBQzIwMTdFMkJFNDMyN0VGQzc3QjVBRkEwNkM2MzBDQzA1RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGh/TWoUpuprK2qcJeWkg69YJS
CMsd5g9rSyMwtYGN5LbD1u6pB8xavb7UVddjxSyHbpcHIYmjetmccWwMj9Ye4RDI
cMHDNPCSnZvj6sJb+lJ/kjJWdLbHPCgoQCL6AesLFUzIaHyqca7M63lkLe4lFnga
knRpVCRyoPw5yFuhTK5mSTXakISKRpxcMF423slDbtjiMeLVXToN7/gI7qMB0keE
OZKR1kAA6qiI7QFRJEdrSV3nFvrPIt8HX85QfRawTL/pn9Ha1GEhL81o5FopOEy7
T1zfgDwi8N+w5Isn9oJGafDBEfZn1a2ZQHlcc1bIw5ulTuOTrt2QSHFVx7PBAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUArKsIBfivkMn78d7WvoGxjDMBfUwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzEzOTM1MmUzMTMzMzAyZTMyMzEzNzJlMzAyZjMyMzQyZDMyMzQy
MDNkM2UyMDM0MzIzNDMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDgtkwDQYJKoZIhvcNAQELBQAD
ggEBACD9O340zOMlZJQFfLAdhbeFfmJbMpU/2UcDjJEAIF7wc9vs7Hyc67LdYJBm
Vwbita8iS+KjwGcDNkjfWM+DDCkGNNPZ20exW4AZOkhB6Me8TQ99esblZ4Kq7TyI
AVpmRbjTcxCRkGwLIX6FQcc2+vbHYgPB7OOjhc/ju1Ds/oOX4Ex/yqPpMehWvsRr
HbOF1VZokYZYukerPZwzxupDmDJCSpfcETRH7p3sh8S38j6LlMy8eK2tpEDfCqH5
vgsfcdcUxb/Rllce71E3sgs1svr1Kug6cw3w60mCvsSINCSpRXmYHuwqUNL9hc1C
Mef9J4x/H4Z4dlJPf3p/2cciHr8=
-----END CERTIFICATE-----