Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
File:                     3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa (raw, json)
Hash identifier:          s6GpFm++Td2vziv7b8evt+nq8qsZvz/bpd1yFaiS6N4=
Subject key identifier:   D1:C3:6C:85:2C:D8:2E:7B:4F:60:1F:C8:DE:AC:F7:5C:34:08:F7:42
Certificate issuer:       /CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
Certificate serial:       76535B21D500B69CCF16B54F9D97B96A389DA846
Authority key identifier: D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa
Signing time:             Fri 02 Aug 2024 11:24:33 +0000
ROA not before:           Fri 02 Aug 2024 11:19:33 +0000
ROA not after:            Fri 01 Aug 2025 11:24:33 +0000
asID:                     39588
IP address blocks:        194.104.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl
                          rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:53:5b:21:d5:00:b6:9c:cf:16:b5:4f:9d:97:b9:6a:38:9d:a8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40581ca9ddaca9e110165b11dd2820dd7f532c0
        Validity
            Not Before: Aug  2 11:19:33 2024 GMT
            Not After : Aug  1 11:24:33 2025 GMT
        Subject: CN=D1C36C852CD82E7B4F601FC8DEACF75C3408F742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c2:29:64:5a:d4:bf:23:7c:f2:16:a0:02:1c:
                    31:ae:31:48:a6:3b:5c:d4:87:89:aa:52:fa:35:7b:
                    da:90:c1:25:72:69:3a:3c:cf:26:0e:4b:f5:49:ab:
                    34:7c:a1:ce:e7:08:6e:b0:ff:b9:1e:bd:97:57:fb:
                    7c:57:d1:cb:f0:cc:38:33:a8:07:11:60:7f:ae:93:
                    32:30:3f:2a:71:1e:d1:5c:ac:e5:f6:1a:98:f9:85:
                    66:9a:46:a8:36:e1:eb:1e:0f:ef:db:9a:c0:ae:fb:
                    3c:db:16:2e:63:31:55:a0:b7:92:93:06:6a:94:97:
                    98:96:42:b1:1c:da:33:15:8c:c0:fb:5f:4a:12:1b:
                    19:1f:41:a5:0a:89:2c:89:7d:0e:f6:93:cf:c0:db:
                    1d:e5:66:82:88:35:2e:58:2c:38:85:16:d8:fa:58:
                    ed:bf:14:31:ec:f6:7e:d0:d1:f9:58:ef:b9:77:2a:
                    40:6d:ec:d2:f7:23:fd:9d:a2:70:63:b2:3e:6e:dc:
                    f8:d8:ec:3b:2f:40:92:da:e1:70:91:af:6b:b4:ce:
                    3c:c7:1a:d0:29:f2:ef:26:1d:c7:b7:1d:7b:a9:29:
                    a3:1f:93:14:18:b0:2a:07:31:64:af:f8:01:70:9b:
                    86:95:36:50:77:e9:fc:4b:68:ff:e1:1f:fc:42:cb:
                    2d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C3:6C:85:2C:D8:2E:7B:4F:60:1F:C8:DE:AC:F7:5C:34:08:F7:42
            X509v3 Authority Key Identifier:
                keyid:D4:05:81:CA:9D:DA:CA:9E:11:01:65:B1:1D:D2:82:0D:D7:F5:32:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/D40581CA9DDACA9E110165B11DD2820DD7F532C0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AWByp3ayp4RAWWxHdKCDdf1MsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A9192A980000/1/3139342e3130342e3130382e302f32332d3233203d3e203339353838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:4a:96:8e:41:48:cc:90:80:26:36:85:ff:ee:ef:f8:df:8b:
         11:51:80:66:80:f7:d1:15:a2:b5:d2:b2:1f:70:1b:d3:29:cd:
         00:10:c3:9c:e0:77:81:9c:82:9e:c7:72:d6:38:d4:42:bd:b2:
         18:1b:ae:a6:28:ca:4a:0e:f1:4e:d1:02:01:65:54:3e:62:b7:
         8d:0d:43:24:5a:f0:fa:21:bf:a2:8a:81:68:5f:ff:3a:59:5a:
         5c:93:ad:ed:5a:d6:b6:e0:a5:2f:39:df:30:90:73:17:6a:3a:
         4a:2f:a2:83:b2:ee:f0:23:a2:3f:38:7f:b1:52:fd:2a:a1:39:
         c3:b2:ae:ca:7f:94:2a:9a:bf:40:9b:6e:1e:88:0e:14:96:e1:
         33:98:06:01:7a:a2:0d:81:1d:3c:ed:c6:f4:77:2e:d0:40:16:
         32:9a:ae:72:ac:53:7d:2b:68:63:7f:07:48:14:58:5b:5d:1c:
         1d:b2:80:a5:72:2b:bb:8c:02:f7:d3:cf:fd:84:09:2a:56:37:
         d3:33:34:91:9c:99:30:2f:f2:6a:91:d1:c6:86:1c:c9:32:36:
         85:40:c6:3a:35:8d:e2:e6:e8:d4:12:0c:8e:7a:e2:e6:00:16:
         93:63:c4:60:3b:3e:03:5c:33:4c:b9:64:9b:9c:76:04:c6:db:
         dd:7d:80:bd
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUdlNbIdUAtpzPFrVPnZe5ajidqEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQwNTgxY2E5ZGRhY2E5ZTExMDE2NWIxMWRkMjgyMGRk
N2Y1MzJjMDAeFw0yNDA4MDIxMTE5MzNaFw0yNTA4MDExMTI0MzNaMDMxMTAvBgNV
BAMTKEQxQzM2Qzg1MkNEODJFN0I0RjYwMUZDOERFQUNGNzVDMzQwOEY3NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUwilkWtS/I3zyFqACHDGuMUim
O1zUh4mqUvo1e9qQwSVyaTo8zyYOS/VJqzR8oc7nCG6w/7kevZdX+3xX0cvwzDgz
qAcRYH+ukzIwPypxHtFcrOX2Gpj5hWaaRqg24eseD+/bmsCu+zzbFi5jMVWgt5KT
BmqUl5iWQrEc2jMVjMD7X0oSGxkfQaUKiSyJfQ72k8/A2x3lZoKINS5YLDiFFtj6
WO2/FDHs9n7Q0flY77l3KkBt7NL3I/2donBjsj5u3PjY7DsvQJLa4XCRr2u0zjzH
GtAp8u8mHce3HXupKaMfkxQYsCoHMWSv+AFwm4aVNlB36fxLaP/hH/xCyy3JAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQU0cNshSzYLntPYB/I3qz3XDQI90IwHwYDVR0j
BBgwFoAU1AWByp3ayp4RAWWxHdKCDdf1MsAwDgYDVR0PAQH/BAQDAgeAMHIGA1Ud
HwRrMGkwZ6BloGOGYXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRv
cnkvQTkxOTJBOTgwMDAwLzEvRDQwNTgxQ0E5RERBQ0E5RTExMDE2NUIxMUREMjgy
MEREN0Y1MzJDMC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3lu
YzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFBV0J5cDNheXA0
UkFXV3hIZEtDRGRmMU1zQS5jZXIwgY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUH
MAuGcXJzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTJB
OTgwMDAwLzEvMzEzOTM0MmUzMTMwMzQyZTMxMzAzODJlMzAyZjMyMzMyZDMyMzMy
MDNkM2UyMDMzMzkzNTM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCaGwwDQYJKoZIhvcNAQELBQAD
ggEBACtKlo5BSMyQgCY2hf/u7/jfixFRgGaA99EVorXSsh9wG9MpzQAQw5zgd4Gc
gp7HctY41EK9shgbrqYoykoO8U7RAgFlVD5it40NQyRa8Pohv6KKgWhf/zpZWlyT
re1a1rbgpS853zCQcxdqOkovooOy7vAjoj84f7FS/SqhOcOyrsp/lCqav0Cbbh6I
DhSW4TOYBgF6og2BHTztxvR3LtBAFjKarnKsU30raGN/B0gUWFtdHB2ygKVyK7uM
AvfTz/2ECSpWN9MzNJGcmTAv8mqR0caGHMkyNoVAxjo1jeLm6NQSDI564uYAFpNj
xGA7PgNcM0y5ZJucdgTG2919gL0=
-----END CERTIFICATE-----