Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/3/39312e3232302e34322e302f32342d3234203d3e203432343237.roa
File:                     39312e3232302e34322e302f32342d3234203d3e203432343237.roa (raw, json)
Hash identifier:          yroMtflQ9AO1G/JG/Sh8ZL1UcpymuSCmRSHbPQVOIZw=
Subject key identifier:   98:AB:0E:12:37:91:92:53:2E:9B:3E:47:9D:81:33:9B:79:33:44:0C
Certificate issuer:       /CN=5ead10be7ec295336e4b5680e0d393b677c3649a
Certificate serial:       7002A8BE5AFDA53EE5BCC54752A803D16E59251E
Authority key identifier: 5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/3/39312e3232302e34322e302f32342d3234203d3e203432343237.roa
Signing time:             Fri 01 Sep 2023 11:14:34 +0000
ROA not before:           Fri 01 Sep 2023 11:09:34 +0000
ROA not after:            Fri 30 Aug 2024 11:14:34 +0000
asID:                     42427
IP address blocks:        91.220.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:02:a8:be:5a:fd:a5:3e:e5:bc:c5:47:52:a8:03:d1:6e:59:25:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ead10be7ec295336e4b5680e0d393b677c3649a
        Validity
            Not Before: Sep  1 11:09:34 2023 GMT
            Not After : Aug 30 11:14:34 2024 GMT
        Subject: CN=98AB0E12379192532E9B3E479D81339B7933440C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0a:f1:fb:ca:65:51:44:b4:4e:4b:fa:09:89:
                    d8:0a:aa:4e:b4:f0:75:b8:0e:e4:18:46:ce:b6:09:
                    79:c1:59:64:87:15:54:d1:5f:f0:12:05:51:98:92:
                    ca:28:36:ba:75:d7:37:e9:a1:08:45:36:e5:98:66:
                    64:52:1d:e5:8b:e9:46:23:fe:16:06:46:e9:fe:9c:
                    ec:57:0a:a2:47:2e:ec:04:f0:b4:37:ee:48:63:20:
                    00:d9:8a:b6:fa:a4:a4:bf:48:8f:43:d9:e8:70:68:
                    77:19:44:8b:f4:ba:c6:e7:2b:f3:e3:27:f3:e3:1f:
                    36:15:71:7e:30:81:94:de:fd:8a:cb:c6:6e:ce:ae:
                    27:49:3a:8f:07:73:bd:01:47:09:ee:98:3c:aa:00:
                    d4:e6:ab:35:b4:da:f2:95:75:98:ff:32:05:06:b1:
                    18:75:ca:22:40:c9:6f:a6:e4:b5:7b:36:b4:a2:9f:
                    29:2a:61:06:c8:7e:bd:eb:fa:19:9b:78:d0:27:bb:
                    46:c4:1c:7e:13:7a:ba:37:c8:3a:df:5c:37:e1:5f:
                    46:e6:15:15:30:7b:f5:60:41:f5:ce:1c:49:37:d6:
                    94:a6:06:ae:b8:6c:08:29:7d:60:b7:ed:1b:51:ed:
                    28:44:bc:a9:b0:f8:5c:a0:72:61:05:85:91:e8:36:
                    26:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AB:0E:12:37:91:92:53:2E:9B:3E:47:9D:81:33:9B:79:33:44:0C
            X509v3 Authority Key Identifier:
                keyid:5E:AD:10:BE:7E:C2:95:33:6E:4B:56:80:E0:D3:93:B6:77:C3:64:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/5EAD10BE7EC295336E4B5680E0D393B677C3649A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq0Qvn7ClTNuS1aA4NOTtnfDZJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/3/39312e3232302e34322e302f32342d3234203d3e203432343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:63:88:e7:66:13:9f:0c:a0:a6:bf:0c:3d:7c:f2:8c:2a:33:
         05:84:30:0f:3d:c4:81:65:85:ba:2c:17:a7:7c:e0:ab:d1:4c:
         1f:32:52:17:cb:b4:f3:52:df:83:c3:01:6d:d7:f7:b0:45:da:
         b0:52:6e:26:ef:ed:d0:a3:7e:b7:1e:11:f5:6e:84:3f:49:ec:
         b5:46:1a:e1:43:3d:34:85:60:36:e0:50:35:3d:57:51:ae:ef:
         04:cb:c6:de:99:86:c8:fc:12:a9:d9:8e:81:76:1a:a8:bb:95:
         98:c1:4d:8b:ac:78:d2:1d:7e:83:25:d5:bb:19:5d:f0:e6:93:
         dd:4d:ee:99:d3:23:8e:52:6f:20:d5:87:3a:50:90:64:1f:9a:
         03:10:99:b4:54:d1:8b:c9:92:8e:56:f9:7e:39:8f:07:17:05:
         bb:93:ce:b2:1c:56:26:c6:8b:3e:f0:01:fc:a8:09:2d:31:5c:
         53:b0:f6:43:49:9a:73:14:df:bc:b4:ec:f7:f1:d9:90:3b:a7:
         50:4d:73:46:65:9c:98:17:08:f0:88:a4:cf:2a:e9:7b:7e:5b:
         09:c1:07:35:31:e9:28:41:f9:e8:9f:b9:2f:40:0b:f7:cb:66:
         5f:ab:c9:98:2f:bb:3e:82:d0:50:17:04:55:88:10:17:d2:96:
         03:c0:f8:8b
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUcAKovlr9pT7lvMVHUqgD0W5ZJR4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWVhZDEwYmU3ZWMyOTUzMzZlNGI1NjgwZTBkMzkzYjY3
N2MzNjQ5YTAeFw0yMzA5MDExMTA5MzRaFw0yNDA4MzAxMTE0MzRaMDMxMTAvBgNV
BAMTKDk4QUIwRTEyMzc5MTkyNTMyRTlCM0U0NzlEODEzMzlCNzkzMzQ0MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQCvH7ymVRRLROS/oJidgKqk60
8HW4DuQYRs62CXnBWWSHFVTRX/ASBVGYksooNrp11zfpoQhFNuWYZmRSHeWL6UYj
/hYGRun+nOxXCqJHLuwE8LQ37khjIADZirb6pKS/SI9D2ehwaHcZRIv0usbnK/Pj
J/PjHzYVcX4wgZTe/YrLxm7OridJOo8Hc70BRwnumDyqANTmqzW02vKVdZj/MgUG
sRh1yiJAyW+m5LV7NrSinykqYQbIfr3r+hmbeNAnu0bEHH4Tero3yDrfXDfhX0bm
FRUwe/VgQfXOHEk31pSmBq64bAgpfWC37RtR7ShEvKmw+FygcmEFhZHoNiYjAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUmKsOEjeRklMumz5HnYEzm3kzRAwwHwYDVR0j
BBgwFoAUXq0Qvn7ClTNuS1aA4NOTtnfDZJowDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzMvNUVBRDEwQkU3RUMyOTUzMzZFNEI1NjgwRTBEMzkz
QjY3N0MzNjQ5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hxMFF2bjdDbFRO
dVMxYUE0Tk9UdG5mRFpKby5jZXIwgYkGCCsGAQUFBwELBH0wezB5BggrBgEFBQcw
C4ZtcnN5bmM6Ly9ycGtpLnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MkE5
ODAwMDAvMy8zOTMxMmUzMjMyMzAyZTM0MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDMyMzQzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wqMA0GCSqGSIb3DQEBCwUAA4IBAQCb
Y4jnZhOfDKCmvww9fPKMKjMFhDAPPcSBZYW6LBenfOCr0UwfMlIXy7TzUt+DwwFt
1/ewRdqwUm4m7+3Qo363HhH1boQ/Sey1RhrhQz00hWA24FA1PVdRru8Ey8bemYbI
/BKp2Y6Bdhqou5WYwU2LrHjSHX6DJdW7GV3w5pPdTe6Z0yOOUm8g1Yc6UJBkH5oD
EJm0VNGLyZKOVvl+OY8HFwW7k86yHFYmxos+8AH8qAktMVxTsPZDSZpzFN+8tOz3
8dmQO6dQTXNGZZyYFwjwiKTPKul7flsJwQc1MekoQfnon7kvQAv3y2Zfq8mYL7s+
gtBQFwRViBAX0pYDwPiL
-----END CERTIFICATE-----