Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
File:                     326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa (raw, json)
Hash identifier:          608CbYrDjcvLNLlINr6BXby1AUO7NJtBuzPbdHTgFhs=
Subject key identifier:   54:96:88:E5:AA:44:98:E2:F9:DD:8D:28:F8:58:DD:8C:D0:1D:A5:3D
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       614950177B239AC96B403D539EB2F579D8492DA6
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa
Signing time:             Thu 17 Aug 2023 10:03:48 +0000
ROA not before:           Thu 17 Aug 2023 09:58:48 +0000
ROA not after:            Thu 15 Aug 2024 10:03:48 +0000
asID:                     16509
IP address blocks:        2a02:5be0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:49:50:17:7b:23:9a:c9:6b:40:3d:53:9e:b2:f5:79:d8:49:2d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Aug 17 09:58:48 2023 GMT
            Not After : Aug 15 10:03:48 2024 GMT
        Subject: CN=549688E5AA4498E2F9DD8D28F858DD8CD01DA53D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:5b:00:34:65:d0:f9:79:57:b4:53:10:2c:
                    37:d1:48:05:f1:50:a7:b3:14:33:29:de:bb:88:b1:
                    c0:d3:4f:fc:1e:63:3c:39:dc:bf:15:40:44:84:20:
                    0a:ea:f0:88:15:d0:df:9f:c7:84:e1:06:5d:70:f9:
                    57:9f:40:11:04:66:cf:ea:16:db:b6:6d:72:78:8f:
                    fe:eb:82:23:fa:cb:b3:58:88:d3:bb:62:56:8a:b5:
                    3a:b7:b8:12:96:3e:60:ce:34:36:8a:51:ec:1c:ec:
                    09:fc:33:bb:a3:b2:d6:d8:01:54:47:90:2c:c7:3f:
                    51:b9:79:c1:df:94:4e:92:12:fd:8b:98:93:d9:7b:
                    91:19:e7:8d:bd:50:40:cd:5c:f4:60:e6:9c:24:20:
                    e0:03:7e:22:bc:05:0d:8d:d6:70:e3:a7:45:32:4d:
                    8c:87:5f:17:81:99:31:d2:f3:06:94:ae:30:92:82:
                    91:58:1e:07:e7:08:65:4f:3b:b5:5d:7e:5b:3b:df:
                    f1:a6:f9:fe:83:8a:9a:a6:95:3b:1c:20:d9:1e:dc:
                    24:43:79:b8:64:90:80:87:c5:24:a2:62:3a:39:28:
                    43:b1:cd:e4:ac:75:4c:21:55:77:1f:46:1a:98:bb:
                    fd:d5:4e:e3:05:a6:46:60:4e:c2:03:d7:5e:2d:e3:
                    a0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:96:88:E5:AA:44:98:E2:F9:DD:8D:28:F8:58:DD:8C:D0:1D:A5:3D
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a373a3a2f34382d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:97:60:4b:d0:a9:f4:df:ba:26:53:c0:19:4a:cb:78:23:a8:
         18:7a:89:06:70:d2:1d:c7:e8:c1:23:bf:12:57:fd:f4:33:63:
         68:d2:11:a3:94:07:87:b3:b2:ed:58:c3:d7:dd:78:53:3e:3d:
         8d:da:9e:72:d1:3d:8e:2a:0c:8b:36:7f:d8:9a:61:d6:d8:e5:
         c0:74:32:2e:e0:19:b7:94:ea:75:7a:7c:7a:88:04:3a:7a:3f:
         66:05:be:47:b6:70:dd:22:44:a5:90:c5:a9:06:44:bf:bd:8c:
         dc:d5:b7:60:4b:08:f9:06:82:cc:11:a9:f1:6f:f9:25:8f:43:
         c1:e8:dd:7e:53:48:54:06:08:a6:4c:f1:b7:52:b6:04:44:bc:
         14:43:3f:1c:8e:16:3f:c6:ad:7c:16:08:24:83:68:d1:42:5d:
         1e:8c:37:da:86:50:ae:19:19:1a:58:70:62:3e:0c:85:ee:be:
         79:af:4d:76:c8:53:83:ca:94:40:ed:83:f0:38:48:d4:ae:17:
         f9:22:2a:f4:95:d2:9c:78:27:36:b4:3c:8e:86:93:bb:c8:fa:
         b9:f4:8a:f4:15:55:f0:3d:e1:80:e0:0d:5c:e6:c0:9d:50:ce:
         38:65:b3:a2:ff:ba:74:45:25:c8:b8:ff:3d:e3:6c:78:a7:02:
         ab:7f:98:ce
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUYUlQF3sjmslrQD1TnrL1edhJLaYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA4MTcwOTU4NDhaFw0yNDA4MTUxMDAzNDhaMDMxMTAvBgNV
BAMTKDU0OTY4OEU1QUE0NDk4RTJGOUREOEQyOEY4NThERDhDRDAxREE1M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwLVsANGXQ+XlXtFMQLDfRSAXx
UKezFDMp3ruIscDTT/weYzw53L8VQESEIArq8IgV0N+fx4ThBl1w+VefQBEEZs/q
Ftu2bXJ4j/7rgiP6y7NYiNO7YlaKtTq3uBKWPmDONDaKUewc7An8M7ujstbYAVRH
kCzHP1G5ecHflE6SEv2LmJPZe5EZ5429UEDNXPRg5pwkIOADfiK8BQ2N1nDjp0Uy
TYyHXxeBmTHS8waUrjCSgpFYHgfnCGVPO7Vdfls73/Gm+f6DipqmlTscINke3CRD
ebhkkICHxSSiYjo5KEOxzeSsdUwhVXcfRhqYu/3VTuMFpkZgTsID114t46BTAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUVJaI5apEmOL53Y0o+FjdjNAdpT0wHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzNzNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAcwDQYJKoZIhvcNAQEL
BQADggEBADiXYEvQqfTfuiZTwBlKy3gjqBh6iQZw0h3H6MEjvxJX/fQzY2jSEaOU
B4ezsu1Yw9fdeFM+PY3annLRPY4qDIs2f9iaYdbY5cB0Mi7gGbeU6nV6fHqIBDp6
P2YFvke2cN0iRKWQxakGRL+9jNzVt2BLCPkGgswRqfFv+SWPQ8Ho3X5TSFQGCKZM
8bdStgREvBRDPxyOFj/GrXwWCCSDaNFCXR6MN9qGUK4ZGRpYcGI+DIXuvnmvTXbI
U4PKlEDtg/A4SNSuF/kiKvSV0px4Jza0PI6Gk7vI+rn0ivQVVfA94YDgDVzmwJ1Q
zjhls6L/unRFJci4/z3jbHinAqt/mM4=
-----END CERTIFICATE-----