Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa
File:                     326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa (raw, json)
Hash identifier:          88Mqh5cNGX0ArgWpajg5n5FG2l60fkOyINrat83jFzw=
Subject key identifier:   C4:D0:2F:10:6F:E2:41:41:E2:41:7C:C9:92:A7:0C:8F:5D:BA:21:08
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       3951E403B910E6B51B22B7A25C5DCAB643B6A555
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa
Signing time:             Fri 04 Jul 2025 12:05:12 +0000
ROA not before:           Fri 04 Jul 2025 12:00:12 +0000
ROA not after:            Fri 03 Jul 2026 12:05:12 +0000
asID:                     42427
IP address blocks:        2a02:5be0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:54:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:51:e4:03:b9:10:e6:b5:1b:22:b7:a2:5c:5d:ca:b6:43:b6:a5:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Jul  4 12:00:12 2025 GMT
            Not After : Jul  3 12:05:12 2026 GMT
        Subject: CN=C4D02F106FE24141E2417CC992A70C8F5DBA2108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1f:fa:43:62:12:d5:e8:4b:d6:3c:1a:c5:10:
                    34:cc:3a:e5:a3:c3:24:04:03:9c:61:a3:18:fd:1f:
                    54:f0:d2:5b:6f:f7:cb:f0:77:34:a8:57:62:a2:5a:
                    08:b6:5a:ff:8e:08:19:2e:bf:3a:67:62:62:be:c0:
                    52:96:da:df:c9:4f:f5:86:c6:c6:cb:e8:fc:bb:a6:
                    df:19:c6:ee:71:77:8d:fb:bc:8f:35:4a:89:ee:a8:
                    a7:50:e1:43:1b:e7:08:00:a9:5b:bf:f3:c9:1b:bf:
                    77:72:a0:b8:0a:42:c9:fd:37:3c:16:a6:0c:d3:28:
                    a7:58:4c:4b:0e:76:11:bb:94:33:e6:6c:ee:68:58:
                    0b:9e:36:84:5c:11:1d:91:20:20:4e:69:4c:41:fc:
                    3c:9c:d7:d3:32:b0:68:57:ac:7e:78:cf:06:5f:58:
                    c0:24:25:ec:8a:ee:00:b6:6d:a0:9a:db:12:ff:04:
                    f4:c3:6f:35:17:30:28:18:74:65:6e:82:14:69:b9:
                    d6:64:f6:71:64:36:3c:bf:1a:3d:fc:11:c3:96:c5:
                    98:60:e0:32:b1:fc:d7:e9:c6:80:25:5b:02:e9:7b:
                    d2:ca:6a:8d:20:71:7c:77:c5:6b:7f:f0:f7:bd:fb:
                    3e:b7:38:17:6a:a8:96:5b:2c:dc:ec:02:90:13:8a:
                    7c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D0:2F:10:6F:E2:41:41:E2:41:7C:C9:92:A7:0C:8F:5D:BA:21:08
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a313a3a2f34382d3438203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:9d:15:54:f6:8f:13:30:be:b7:66:3a:35:f2:0b:eb:c2:d8:
         57:30:cf:b4:51:a7:21:7a:4b:88:84:f4:ba:79:49:d7:99:f6:
         fc:b3:65:d6:15:23:09:fe:8c:ee:21:7c:2b:d3:15:34:bb:96:
         92:2c:8a:6a:b4:e0:f5:6b:89:a0:99:1a:80:fc:b1:96:6e:e4:
         84:cc:ee:7a:48:9d:56:8a:3f:7f:72:89:18:0f:d9:e0:65:4b:
         18:3d:67:25:17:bc:d3:30:6c:c9:6e:c8:a6:f8:85:98:5f:26:
         68:46:13:18:19:a5:4c:15:eb:c9:97:ab:0c:ab:95:c4:88:e5:
         e5:80:3a:e4:01:eb:cb:5b:df:f7:52:c3:71:1c:6c:a5:48:eb:
         8e:01:6a:8d:e9:96:cd:62:e4:37:08:a8:01:50:a7:d6:7b:15:
         58:26:07:e4:98:7e:f5:3e:fb:7d:9f:cb:a5:11:01:21:a9:cd:
         6f:0d:39:24:c7:2d:19:fd:20:52:2c:a5:80:1b:b9:fb:af:5d:
         32:6b:1e:4a:35:48:51:46:23:80:04:a4:3f:70:a9:a0:25:8e:
         4b:fe:fc:67:39:12:58:c6:ac:0d:8c:4e:bc:05:b4:dc:51:98:
         55:5c:07:dc:dc:33:84:84:b1:5d:22:11:24:ed:e6:c7:bd:01:
         0e:32:ce:76
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUOVHkA7kQ5rUbIreiXF3KtkO2pVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNTA3MDQxMjAwMTJaFw0yNjA3MDMxMjA1MTJaMDMxMTAvBgNV
BAMTKEM0RDAyRjEwNkZFMjQxNDFFMjQxN0NDOTkyQTcwQzhGNURCQTIxMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8H/pDYhLV6EvWPBrFEDTMOuWj
wyQEA5xhoxj9H1Tw0ltv98vwdzSoV2KiWgi2Wv+OCBkuvzpnYmK+wFKW2t/JT/WG
xsbL6Py7pt8Zxu5xd437vI81SonuqKdQ4UMb5wgAqVu/88kbv3dyoLgKQsn9NzwW
pgzTKKdYTEsOdhG7lDPmbO5oWAueNoRcER2RICBOaUxB/Dyc19MysGhXrH54zwZf
WMAkJeyK7gC2baCa2xL/BPTDbzUXMCgYdGVughRpudZk9nFkNjy/Gj38EcOWxZhg
4DKx/NfpxoAlWwLpe9LKao0gcXx3xWt/8Pe9+z63OBdqqJZbLNzsApATinw1AgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUxNAvEG/iQUHiQXzJkqcMj126IQgwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzMTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDM0MzIzNDMyMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAEwDQYJKoZIhvcNAQEL
BQADggEBAIGdFVT2jxMwvrdmOjXyC+vC2Fcwz7RRpyF6S4iE9Lp5SdeZ9vyzZdYV
Iwn+jO4hfCvTFTS7lpIsimq04PVriaCZGoD8sZZu5ITM7npInVaKP39yiRgP2eBl
Sxg9ZyUXvNMwbMluyKb4hZhfJmhGExgZpUwV68mXqwyrlcSI5eWAOuQB68tb3/dS
w3EcbKVI644Bao3pls1i5DcIqAFQp9Z7FVgmB+SYfvU++32fy6URASGpzW8NOSTH
LRn9IFIspYAbufuvXTJrHko1SFFGI4AEpD9wqaAljkv+/Gc5EljGrA2MTrwFtNxR
mFVcB9zcM4SEsV0iESTt5se9AQ4yznY=
-----END CERTIFICATE-----