Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203134363138.roa
File:                     326130323a356265303a393a3a2f34382d3438203d3e203134363138.roa (raw, json)
Hash identifier:          yhLY5CsnbXs9BBxKSEu2TLlf8PwHyxrNSoXWDEiH8Hs=
Subject key identifier:   0F:C2:9D:9E:81:01:A2:0D:1D:72:5C:A6:A6:60:1E:37:50:EE:23:7B
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       4E925EAE85CB27B6E8AFD2710821842CD93E712D
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203134363138.roa
Signing time:             Thu 23 May 2024 23:37:41 +0000
ROA not before:           Thu 23 May 2024 23:32:41 +0000
ROA not after:            Thu 22 May 2025 23:37:41 +0000
asID:                     14618
IP address blocks:        2a02:5be0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:92:5e:ae:85:cb:27:b6:e8:af:d2:71:08:21:84:2c:d9:3e:71:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: May 23 23:32:41 2024 GMT
            Not After : May 22 23:37:41 2025 GMT
        Subject: CN=0FC29D9E8101A20D1D725CA6A6601E3750EE237B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e3:67:bf:6d:2a:1a:54:a7:05:69:ef:5e:a6:
                    2e:9a:b5:07:a9:f8:20:87:cb:2c:d7:81:c0:34:68:
                    5e:4a:84:52:64:fe:44:bf:83:bd:5e:0c:25:63:ee:
                    b4:34:a4:76:91:ec:f6:ee:b6:4c:fc:7c:49:2a:fb:
                    d7:ae:de:d5:1b:32:b6:8e:ec:29:63:fe:e1:26:4f:
                    f3:6b:50:d5:03:42:37:f5:ad:65:13:2d:7c:34:0e:
                    3e:21:cd:00:50:98:cb:66:e7:2a:e1:2f:b8:cd:ad:
                    71:7f:9d:ac:49:e5:8c:e8:fc:1d:2e:c0:4a:fc:ef:
                    d2:2b:14:8f:7a:1c:88:12:3b:02:69:cc:ac:6c:2a:
                    09:da:7c:d8:9e:6e:72:bc:c4:9e:47:91:3c:a6:6c:
                    e2:d8:74:73:06:a3:7f:a7:f4:dc:01:78:21:9e:98:
                    56:e0:fc:61:08:84:7b:0d:c5:3d:85:2d:f1:5e:b9:
                    53:0b:0d:ad:ab:a1:79:36:6c:6b:84:01:85:24:92:
                    b3:d8:98:fa:bb:9d:8b:37:14:1b:bc:91:fe:b2:15:
                    b8:69:0f:0a:4e:4b:21:a7:4e:9a:e7:12:e1:7a:c2:
                    95:b2:77:a4:d6:6b:3b:a8:61:51:4e:cd:13:47:cc:
                    b7:c6:6c:87:43:65:eb:56:a9:05:9a:d1:5a:62:a9:
                    09:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C2:9D:9E:81:01:A2:0D:1D:72:5C:A6:A6:60:1E:37:50:EE:23:7B
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/326130323a356265303a393a3a2f34382d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:5be0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:7f:39:75:db:8b:47:f1:f0:82:3c:5c:7e:23:17:d0:c7:6b:
         1c:5a:5e:69:59:53:16:1e:f8:97:50:e1:ca:39:5a:ba:cb:1a:
         dc:57:cb:08:1f:41:60:e2:71:44:b8:73:b6:b9:d1:dc:c7:9e:
         5f:df:f4:3a:6b:8a:95:77:91:6e:21:c5:52:cd:64:23:be:70:
         ef:b9:f1:47:54:49:ec:21:c2:82:53:76:f9:c0:aa:d3:2d:15:
         39:1c:f6:b6:3e:f9:b8:f8:37:37:9c:4e:7d:e8:63:81:da:34:
         4b:9a:4d:00:53:dc:7d:b3:61:9f:76:2e:cd:c3:8c:dc:ac:d6:
         a4:df:fb:5b:7d:8e:76:d7:1e:5e:77:7e:26:43:30:78:69:46:
         4c:5b:2e:53:f2:3c:be:0d:12:09:57:a8:40:09:8e:6c:e9:6c:
         d9:87:57:6e:3e:f3:b4:ec:34:79:1f:ef:7b:a9:bc:82:a8:1a:
         32:6e:f3:fa:5b:ca:f0:84:bd:15:5c:d6:3a:66:77:25:e8:15:
         97:e1:89:2f:36:fc:13:12:6e:56:f2:ea:10:e2:87:88:22:4b:
         68:5a:b8:82:e1:40:8c:26:4c:ab:25:b1:b4:6d:e4:3f:dc:7a:
         c0:31:d1:31:b3:08:3f:9e:bf:de:9d:f4:cb:be:1f:c1:2e:3b:
         c9:8e:71:b9
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIUTpJeroXLJ7bor9JxCCGELNk+cS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yNDA1MjMyMzMyNDFaFw0yNTA1MjIyMzM3NDFaMDMxMTAvBgNV
BAMTKDBGQzI5RDlFODEwMUEyMEQxRDcyNUNBNkE2NjAxRTM3NTBFRTIzN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV42e/bSoaVKcFae9epi6atQep
+CCHyyzXgcA0aF5KhFJk/kS/g71eDCVj7rQ0pHaR7Pbutkz8fEkq+9eu3tUbMraO
7Clj/uEmT/NrUNUDQjf1rWUTLXw0Dj4hzQBQmMtm5yrhL7jNrXF/naxJ5Yzo/B0u
wEr879IrFI96HIgSOwJpzKxsKgnafNiebnK8xJ5HkTymbOLYdHMGo3+n9NwBeCGe
mFbg/GEIhHsNxT2FLfFeuVMLDa2roXk2bGuEAYUkkrPYmPq7nYs3FBu8kf6yFbhp
DwpOSyGnTprnEuF6wpWyd6TWazuoYVFOzRNHzLfGbIdDZetWqQWa0VpiqQkdAgMB
AAGjggH9MIIB+TAdBgNVHQ4EFgQUD8KdnoEBog0dclympmAeN1DuI3swHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzMvMzI2MTMwMzIzYTM1NjI2NTMwM2EzOTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAlvgAAkwDQYJKoZIhvcNAQEL
BQADggEBAHR/OXXbi0fx8II8XH4jF9DHaxxaXmlZUxYe+JdQ4co5WrrLGtxXywgf
QWDicUS4c7a50dzHnl/f9DpripV3kW4hxVLNZCO+cO+58UdUSewhwoJTdvnAqtMt
FTkc9rY++bj4NzecTn3oY4HaNEuaTQBT3H2zYZ92Ls3DjNys1qTf+1t9jnbXHl53
fiZDMHhpRkxbLlPyPL4NEglXqEAJjmzpbNmHV24+87TsNHkf73upvIKoGjJu8/pb
yvCEvRVc1jpmdyXoFZfhiS82/BMSblby6hDih4giS2hauILhQIwmTKslsbRt5D/c
esAx0TGzCD+ev96d9Mu+H8EuO8mOcbk=
-----END CERTIFICATE-----