Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A916C75D0000/2/32332e3138352e3230382e302f32342d3234203d3e203338313336.roa
File:                     32332e3138352e3230382e302f32342d3234203d3e203338313336.roa (raw, json)
Hash identifier:          mwOhVB4q2b0XYK1MaljZx1X5kaxpf+LRL9/MNcj2ktg=
Subject key identifier:   3A:BA:8A:06:EA:3D:91:BB:EA:47:1C:6B:56:29:AE:8B:BA:96:50:3F
Certificate issuer:       /CN=99a8a036db180b64125153f106415e2e3ef7311f0a42df79ea
Certificate serial:       445AEA3E06605191FAE14FA5CC79F79F87E0887D
Authority key identifier: C7:84:C6:6C:57:6C:24:CC:FC:12:68:B5:37:3A:FC:A0:DC:4D:0E:1C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/37fe8a4a-3fd3-4ba0-9423-f957bd58bca4/99a8a036db180b64125153f106415e2e3ef7311f0a42df79ea.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A916C75D0000/2/32332e3138352e3230382e302f32342d3234203d3e203338313336.roa
Signing time:             Wed 19 Jun 2024 13:03:56 +0000
ROA not before:           Wed 19 Jun 2024 12:58:56 +0000
ROA not after:            Wed 18 Jun 2025 13:03:56 +0000
asID:                     38136
IP address blocks:        23.185.208.0/24 maxlen: 24

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:5a:ea:3e:06:60:51:91:fa:e1:4f:a5:cc:79:f7:9f:87:e0:88:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99a8a036db180b64125153f106415e2e3ef7311f0a42df79ea
        Validity
            Not Before: Jun 19 12:58:56 2024 GMT
            Not After : Jun 18 13:03:56 2025 GMT
        Subject: CN=3ABA8A06EA3D91BBEA471C6B5629AE8BBA96503F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:da:86:de:13:bb:41:38:53:08:42:06:2e:ee:
                    56:45:9a:0b:f3:df:2f:c6:aa:cf:04:c8:a8:1c:c4:
                    65:2f:79:f6:20:ff:d0:5b:d4:76:83:4a:26:69:90:
                    4a:33:a1:cb:ec:63:49:1b:d2:89:fe:5c:40:37:26:
                    5f:1b:75:c3:a1:3a:2d:c1:24:e3:6e:15:5a:af:25:
                    38:0b:60:79:a8:99:ac:b9:1f:36:94:eb:03:b9:b1:
                    ff:8b:8c:30:7a:93:b1:4b:6c:24:64:f5:d2:84:33:
                    33:93:cf:2b:07:36:99:69:ad:1b:b9:e3:a6:6c:5f:
                    cc:51:94:2c:13:79:5a:9f:59:e8:dd:8e:f7:eb:93:
                    d9:0a:4d:cf:47:9b:76:8d:37:2e:86:da:43:1e:dd:
                    a9:2b:36:aa:8d:b5:35:ef:fd:46:e4:b7:bc:27:62:
                    d6:df:09:2c:16:81:e7:c7:38:0c:19:e9:c7:6e:8f:
                    3e:3d:af:8f:2a:3e:dd:41:4d:b2:00:74:46:ba:46:
                    28:8f:20:f1:a7:ed:9c:ed:7a:6b:d7:d3:d0:7d:8f:
                    48:e7:40:65:29:7d:76:a2:76:5e:69:be:26:cd:29:
                    b8:7e:5c:3e:bd:e6:b9:49:16:66:e0:1a:8e:56:4a:
                    2f:48:cf:73:5d:be:48:0b:58:67:0f:ad:89:0c:b9:
                    d7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BA:8A:06:EA:3D:91:BB:EA:47:1C:6B:56:29:AE:8B:BA:96:50:3F
            X509v3 Authority Key Identifier:
                keyid:C7:84:C6:6C:57:6C:24:CC:FC:12:68:B5:37:3A:FC:A0:DC:4D:0E:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A916C75D0000/2/C784C66C576C24CCFC1268B5373AFCA0DC4D0E1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/37fe8a4a-3fd3-4ba0-9423-f957bd58bca4/99a8a036db180b64125153f106415e2e3ef7311f0a42df79ea.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A916C75D0000/2/32332e3138352e3230382e302f32342d3234203d3e203338313336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.185.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:55:40:ba:ec:dc:9f:b3:ca:88:07:ea:e5:1c:8a:54:ec:af:
         25:34:a1:32:58:70:5d:1c:be:19:24:93:22:16:72:7e:b1:b0:
         12:2a:8b:d1:d7:ee:49:19:c9:73:b8:4f:01:4b:45:84:ff:e5:
         83:cb:43:21:af:e8:ec:49:6e:87:13:1b:74:b6:7b:2c:41:4d:
         b6:e6:5f:98:50:d3:f3:cf:2a:94:ce:d1:bf:e9:b1:01:a5:9e:
         8d:5c:81:76:0c:b7:4d:b8:e4:6c:44:ed:3e:42:73:7e:ce:ec:
         6c:f8:10:36:83:ed:f2:aa:9b:1c:9f:ae:12:9d:01:e2:a9:91:
         95:a6:8e:45:3c:e0:cd:1a:23:8f:76:f6:67:eb:cd:51:b2:d4:
         7f:fa:3b:e1:d1:ec:47:79:c1:1f:0b:99:44:43:68:8b:5f:e9:
         d2:04:80:ba:38:e6:71:96:c9:6b:25:98:43:38:b3:57:a0:e3:
         59:c2:0b:1d:fb:1f:ef:ff:9c:cf:5a:c0:7d:88:d3:ac:c0:b8:
         75:6d:f6:c6:ec:f3:c1:63:6d:b6:f3:df:ce:7c:de:24:ac:47:
         49:57:dc:02:73:44:cf:70:69:7f:28:18:90:42:ea:ad:f7:92:
         4f:68:78:ae:3f:04:7b:70:77:70:e5:ab:e6:35:36:b5:66:80:
         e0:c2:ae:08
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIURFrqPgZgUZH64U+lzHn3n4fgiH0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTlhOGEwMzZkYjE4MGI2NDEyNTE1M2YxMDY0MTVlMmUz
ZWY3MzExZjBhNDJkZjc5ZWEwHhcNMjQwNjE5MTI1ODU2WhcNMjUwNjE4MTMwMzU2
WjAzMTEwLwYDVQQDEygzQUJBOEEwNkVBM0Q5MUJCRUE0NzFDNkI1NjI5QUU4QkJB
OTY1MDNGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09qG3hO7QThT
CEIGLu5WRZoL898vxqrPBMioHMRlL3n2IP/QW9R2g0omaZBKM6HL7GNJG9KJ/lxA
NyZfG3XDoTotwSTjbhVaryU4C2B5qJmsuR82lOsDubH/i4wwepOxS2wkZPXShDMz
k88rBzaZaa0bueOmbF/MUZQsE3lan1no3Y7365PZCk3PR5t2jTcuhtpDHt2pKzaq
jbU17/1G5Le8J2LW3wksFoHnxzgMGenHbo8+Pa+PKj7dQU2yAHRGukYojyDxp+2c
7Xpr19PQfY9I50BlKX12onZeab4mzSm4flw+vea5SRZm4BqOVkovSM9zXb5IC1hn
D62JDLnXmQIDAQABo4IChzCCAoMwHQYDVR0OBBYEFDq6igbqPZG76kcca1Yprou6
llA/MB8GA1UdIwQYMBaAFMeExmxXbCTM/BJotTc6/KDcTQ4cMA4GA1UdDwEB/wQE
AwIHgDByBgNVHR8EazBpMGegZaBjhmFyc3luYzovL3Jwa2kuc3ViLmFwbmljLm5l
dC9yZXBvc2l0b3J5L0E5MTZDNzVEMDAwMC8yL0M3ODRDNjZDNTc2QzI0Q0NGQzEy
NjhCNTM3M0FGQ0EwREM0RDBFMUMuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYI
KwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmlu
LXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUy
MWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8zN2ZlOGE0YS0zZmQz
LTRiYTAtOTQyMy1mOTU3YmQ1OGJjYTQvOTlhOGEwMzZkYjE4MGI2NDEyNTE1M2Yx
MDY0MTVlMmUzZWY3MzExZjBhNDJkZjc5ZWEuY2VyMIGLBggrBgEFBQcBCwR/MH0w
ewYIKwYBBQUHMAuGb3JzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxNkM3NUQwMDAwLzIvMzIzMzJlMzEzODM1MmUzMjMwMzgyZTMwMmYzMjM0
MmQzMjM0MjAzZDNlMjAzMzM4MzEzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAF7nQMA0GCSqGSIb3
DQEBCwUAA4IBAQBGVUC67Nyfs8qIB+rlHIpU7K8lNKEyWHBdHL4ZJJMiFnJ+sbAS
KovR1+5JGclzuE8BS0WE/+WDy0Mhr+jsSW6HExt0tnssQU225l+YUNPzzyqUztG/
6bEBpZ6NXIF2DLdNuORsRO0+QnN+zuxs+BA2g+3yqpscn64SnQHiqZGVpo5FPODN
GiOPdvZn681RstR/+jvh0exHecEfC5lEQ2iLX+nSBIC6OOZxlslrJZhDOLNXoONZ
wgsd+x/v/5zPWsB9iNOswLh1bfbG7PPBY22289/OfN4krEdJV9wCc0TPcGl/KBiQ
Quqt95JPaHiuPwR7cHdw5avmNTa1ZoDgwq4I
-----END CERTIFICATE-----
Generated at Thu Aug 15 00:04:00 2024 by rpki-client on console-fra.rpki-client.org